The State Security Service may deprive the ‘big four’ audit companies of their licenses to work with Russian state secrets if they refuse to relocate data servers to Russia and limit access to them from abroad, a popular business daily reports.
Unnamed sources in two of the ‘big four’ companies (Deloitte, EY, PwC and KPMG) have told the Vedomosti newspaper that the FSB had revoked the license for working with state secrets from the Russian company K-konfident that, in turn, provided the services to KPMG. There was no official confirmation of this report from either side, but it led to further questioning and a source “close to the FSB” told Vedomosti that soon all four audit majors could lose their licenses for working with Russian state secrets.
According to the source, the security service seeks to change the auditors’ approach to data storage – Russia wants all data servers with information related to state secrets moved on Russian territory and they want the international companies to restrict the access to this data from their foreign branches and headquarters.
The source added that the Russian Federal Security Agency had been dissatisfied with the auditors’ handling of sensitive data for quite a long time, but the recently-passed laws give additional leverage to the security agents and it is likely that this time they will succeed.
Russian law on state secrets lists as such all information relating to the national defense and strategic industries, including such major sectors of the economy as weapons manufacture and nuclear energy. Especially important inventions and science breakthroughs are also listed as state secrets and so is all information about the discovered supplies and the production volume of strategic mineral resources.
The law also lists as classified the information on state financial policies towards foreign nations as well as any information on Russia’s financial sector if its early publication might harm national interests.
Sources in the auditing companies claimed that the new rules can give law enforcers an effective means of pressuring the auditors by impounding the data servers. They added that data storage was more expensive in Russia than abroad. However, the KPMG company told Vedomosti that it had already moved all data servers inside Russian borders and therefore expected no problems with prolongation of their licenses.
The newest Russian law, passed by the parliament in early July and coming into force on September 1, orders all internet companies collecting personal information from Russian citizens are obliged to store that data inside the country. The sponsors of the motion believe it is in tune with the current European policy of trying to legally protect online personal data.
The deputy chairman of the State Duma Committee on Information Policy, Leonid Levin, said the Russian law serves goals similar to those of the recent decision by European Court of Justice, which endorsed the so-called ‘right to be forgotten’, obliging Google to remove upon request links to personal data.
In mid-June this year MP Evgeny Fyodorov of the parliamentary majority party United Russia said he was readying a bill that would completely ban banning state-owned companies from using the services of US consulting firms and their subsidiaries. Fyodorov said the move would protect the Russian economy from direct foreign influence and hidden manipulation.