A proposed ten-year ban for bank executives who leak data is under discussion in Russia
In recent discussions, senior bank managers could face removal from their roles if they are repeatedly implicated in data leaks. The debate centers on a draft law developed with input from the Central Bank of the Russian Federation. The proposal envisions a ten-year work ban for those involved in leaking confidential information, a measure authorities say would help curb data breaches at the highest levels of financial institutions.
According to the report, Russia saw a large number of data-leak incidents across its major financial institutions in 2023. The draft law also introduces new requirements governing the professional qualifications and commercial reputation of bank vice presidents, and it is currently moving through inter-ministerial review before potential adoption.
Should the bill become law, penalties for breaches of information-protection rules would extend beyond bank staff to employees across the insurance and pension fund sectors. Specifically, the bill calls for the dismissal of vice presidents responsible for information security in a credit institution for a period of ten years, provided the executive held the position at the time the leak occurred.
However, the National Financial Market Council has criticized the plan, highlighting concerns about a shortage of qualified specialists. Andrei Emelin, the council’s head, also warned that the current draft could lead to disqualification of senior executives even if they were not involved in the leak itself.
Officials note that in criminal and administrative law, penalties such as bans on holding certain positions are generally shorter than ten years. The NSFML emphasized this comparison while discussing potential reforms to the regime governing information-security breaches.
Earlier commentary from market analysts pointed to the widespread reach of telecommunication and data exposures, underscoring the ongoing pressures on Russia’s financial services sector to strengthen data protection and leadership accountability. Analysts and regulators alike stress the need for clear, enforceable standards that differentiate between culpable conduct and isolated incidents, while ensuring the sector maintains access to skilled information-security professionals.
As policy prospects unfold, observers in Russia’s financial landscape will be watching how the draft law balances deterrence with practical implications for talent availability and regulatory clarity. The outcome could shape how executives approach information governance and how institutions structure their leadership in risk and information security in the years ahead.
Notes: The discussion reflects ongoing shifts in the regulatory approach to data protection within Russia’s financial system and the broader push to align penalties with the severity of data-breach incidents. The dialogue continues as multiple government and industry bodies review the proposed provisions and their potential impact on the sector’s ability to attract and retain experienced leaders.