Bank role for Wyllie

The Bank of England has a new look to its security. The Old Lady of Threadneedle Street has lifted her skirts and had her trusses redone, with the security system being refurbished to the tune of more than £10 million. The Bank that is the bastion of olde worlde values, where one still expects to find pencil-necked clerks hunched over leather-bound ledgers, goose quills in their hands, has installed one of the most advanced security systems in the world, to go with its equally modern IT system.

Alas, we cannot say any more about it. The control room is off-limits, and we’ll just have to take the word of the chief security advisor, Bill Wyllie, that it may be the most advanced control room in Europe, suitable for a central bank that takes security seriously and hasn’t suffered a theft, ever (see The Sewer Story).

Army intelligence, oil and beyond

Wyllie, no stranger to members of ASIS Chapter 208 — he’s deputy chairman — has climbed a steady path from his days in the army to where he is today. After a 17-year career in the Intelligence Corps, and an Arab interpretership under his belt, he went to the Middle East to join the oil business as a security manager, first in Bahrain and then in Yemen.

He enjoyed his time in the oil business, he says, because of the go-get-em attitude of the North American oil companies he was working for. “In the oil business, if they want to do something, they up and do it,” he says. “If it means spending money, they spend it.”

During his second assignment, in 1993, his company was “restructured”, and he found himself with a severance package and a one-way ticket back to England.

A real job

“I came back to the UK and wasn’t certain if I would apply for a job or take the consultancy route,” says Wyllie. “I decided to take up consultancy for a while, just until I got a job, but then the consultancy just took off, so I thought okay, this is it.” Six years later he was still gainfully employed, advising a range of clients in 22 countries around the world, in everything from kidnap negotiation in Central America to the oil industry in the former-Soviet Union and cash-in-transit in South Africa.

“Quite a bit of it was banking related,” he explains, preparing himself to launch into the story of how he was headhunted for the job at the Bank.

“I was soldiering away — at the time I was in Paris on a three-month contract looking at security in Nigeria,” he says. He received a phone call from a recruitment consultant, Peter French of SSR Group Services: “Peter asked me if I wanted a real job, but he was a bit cagey about it, as recruiters usually are.”

Wyllie was hesitant. “But then he told me who it was for, and I thought, I can’t imagine anything more fascinating than being chief security advisor to the Bank of England.” The rest is history. He was interviewed once by a board of three senior Bank executives and started work on 4 January 2000.

New beginnings

Wyllie inherited a team of seven highly-experienced security managers who support him in his main mission: “To look at every area in which the Bank is exposed to risk and either to give advice or to ensure that advice is already coming from somewhere else”.

In a practical sense, what does this mean? It means that Wyllie spends his time looking at a huge range of security issues, from physical protection to terrorist attacks on the Bank or its personnel, and IT security. “The Banks assets, in one sense, are its cash and gold, but in the other sense it is very much equally, if not more, its cyberspace assets and its people,” he says.

Of prime importance is the Bank’s reputation — damage to which could cause ripples to spread throughout the UK and world financial systems. To illustrate this, Wyllie gives a simple example. During the recent J18 riots in the City, he says, let’s suppose that an activist managed to gain access to the Bank (although it’s not clear how they could). As Wyllie explains, “Let’s say they got through the front door and got as far as the Governor’s office. And let’s say that someone took a photograph of them in front of the Governor’s office before they were ejected.”

Wyllie pauses to consider the ramifications: “Damage done? You might say, nil. But in reality, that photograph would go right around the world and appear in newspapers everywhere, with the headline, ‘Bank of England security compromised’.”

"You have to believe that the bad guys are out to get you. You have to go to work everyday and think, today is the day that someone is going to make a determined attack on us."

With all eyes are focussed on you as the leading financial authority in the world’s leading financial market, you have to keep everything under control.

“In security terms, the Bank is very jealous of its reputation. It cannot be seen to take a security hit, even if it means no loss,” he says. “Loss of reputation to the Bank is a loss of reputation to the country — the expression, ‘Safe as the Bank of England’ is supposed to mean something.”

“Expect the unexpected”

Wyllie’s philosophy of security could perhaps be summed up by the phrase, “expect the unexpected” — an approach to work that says, make security part of everything that you do, in the way that you make breathing part of life.

What is the difference between this job and others he has had? “The price of failure,” he replies. “The very worst thing that can happen if you are in the corporate environment is that your company goes out of business,” he replies, almost casually.

“If the Bank of England were to go out of business, however unlikely that might be, we would all have problems,” he says with a little laugh. “That’s the difference: the scale of the price for getting it wrong.”

Wyllie’s job is to think the unthinkable, to address the security issues before they are on the horizon. Ask him to dream up a scenario that could threaten the Bank, and he says it’s hard to imagine a credible one. Then he adds: “But then there are probably lots of chief executives who said that just before their companies went to the wall.”

He ponders a moment. “We are probably looking in the IT neck of the woods,” he replies, ruling out the theft of physical assets as impractical in the extreme: to take substantial amounts of gold, for instance, would be a physical impossibility because of the weight and volume of it all.

Catastrophic failures are probably pie in the sky as the Bank even has a contingency plan in case a jumbo jet were to crash into the roof.

But a serious loss of reputation brought about by a breach of IT security — this commands his attention. In this day of electronic money transfers, a successful security breach of those systems would have a serious effect on the national economy because people could lose faith in the currency. “You wouldn’t know where it would end.”

Fortunately it would not be an easy crime to commit: “It would be a very sophisticated thing to do, and I don’t personally believe it could be done,” he says. “In addition to employing some of the finest economists in the world, we also have some of the finest computer specialists.”

Chapter and verse

We turn to his role as vice chairman of the UK Chapter of ASIS, the American Society for Industrial Security. Ask him what he thinks he gets out of it and you get a strong reply:

“You don’t join professional associations for what you get out of them, but for what you can put into them,” he says. “I have got a hell of a lot out of the security profession over the years, and I am in ASIS to put something back.”

He is disappointed with people who claim not to join professional associations because they don’t get anything from them. “Whatever activity you are involved in, you have a duty to join to put something back in,” he insists.

“If you look at the Geoff Whitfields, John Smiths and David Burrills of this industry — they all contribute a heck of a lot... they are putting something back into the business from which they have gotten so much, because it’s almost a way of life.”