Preparing Markets for Russian Financial Retaliation

Financial sanctions imposed on Russia since its 2014 seizure of Crimea have hit President Vladimir Putin and his cronies where it hurts most—in the wallet. The most recent actions will freeze the U.S.-based assets of certain top Russian officials, arms dealers, and oligarchs in Putin’s orbit, as well as banning American citizens from conducting business with these individuals. This comes on top of other measures that have already made it harder for Russian entities to raise money on Western financial markets. Russian Eurobond issues in 2017, at $20.6 billion, were 55 percent lower than the $46.5 billion issued in 2013.

Russia’s well-documented bad behavior, from the confirmed use of a sophisticated Russian chemical agent to try to murder former Russian spy Sergei Skripal in England in March 2018 to the publication of further details about Russian interference in the 2016 U.S. election, are leading to talk about further measures to increase the financial pain on Moscow. Proposals range from publicizing the details of the billions of dollars Putin is believed to have stashed in overseas accounts, to removing Russian banks from the SWIFT system, which allows banks worldwide to share information on transactions—a step that would impose an effective financial embargo on Moscow.

I agree that Putin’s domestic repression, foreign aggression, and all-around kleptocracy deserve tougher responses than the West has offered so far; depriving this despicable regime of dollars, euros, pounds, and yen would be an appropriate option to consider. I wonder, though, whether any thought has been given to the potential for Russian retaliation, particularly measures that would draw on the cyber expertise and operational boldness they continue to flaunt.

Why Worry?

Putin and his regime might perceive any further obstacles to their access to international capital—whether caused by U.S. actions or the vagaries of financial markets—as the same sort of threat to their hold on power as post-Cold War efforts to promote democracy and good governance. To put the issue in Chinese terms, Moscow could see additional disruption of its access to Western capital, not to mention regime insiders’ ability to park their wealth in safe havens, as a “color revolution with financial characteristics.” Just as paranoia about Western democracy promotion has led to Russian retaliation in the form of cyber-based interference in U.S., French, German, UK and other elections, so might suspicions about a campaign to tighten the financial vise on Moscow lead to retribution in the financial sphere.

Manipulating or disrupting international financial markets would be a risky move. Putin’s Russia has shown remarkable risk tolerance though, and could feel further emboldened by its ability until now to weather Western reaction—or lack thereof—to brazen moves such as murdering enemies in Britain or tilting the U.S. electoral field. Moreover, visibly standing up to Western pressure and wrong-footing the “main enemy” (aka, the United States) remains a key element of Putin’s popular appeal and elite support.

The Russian intelligence and security services have already demonstrated their ability and willingness to disrupt other countries’ financial systems, as well as interest in collecting on—at least—U.S. banks and other economic actors. Kremlin-orchestrated cyber operations have disrupted the financial systems of Estonia (2007), Georgia (2008), and Ukraine (2017) with impunity—reflecting in part the continuing difficulty of establishing unambiguous attribution for on-line operations. Meanwhile, deep-cover agents of the SVR, Russia’s foreign intelligence service, have been tasked to collect on topics ranging from high-speed trading tactics on the New York Stock Exchange to the gold market.

What Are Some Vulnerabilities and Scenarios?

I suggest there are at least three potential areas of vulnerability in U.S. and other Western financial systems that Russian actors could exploit.

First, in what I consider the least malign area, Putin-linked actors could steal proprietary information from financial or other firms in an attempt to move securities markets. The Russians could use existing hacking efforts such as Fancy Bear—a cyber espionage group reportedly linked to the GRU military intelligence service—to collect such data, and they may be able to recruit insider help from the many Russian and other post-Soviet émigrés who help create trading algorithms and run other IT functions for U.S., UK, and other financial firms.[1] The GRU or SVR could use this information to conduct trades for the regime’s profit or, more deviously, try to undermine the share prices or creditworthiness of firms seen as enemies of Moscow’s interests, such as manufacturers of weapons systems sold to Ukraine or energy companies whose innovative technologies have undercut Russia’s own oil and gas exports.

Second, and moving up the scale of malignancy, the Russians could exploit financial markets’ vulnerability to “flash crashes.” In 2010, glitches in trading algorithms apparently caused the Dow Jones Industrial Average to drop 9 percent in five minutes, while a fake tweet in 2013 about a bomb explosion at the White House caused the S&P 500 Index to lose $136 billion in market value within five minutes. The accelerating speed and growing complexity of trading systems and markets would make it tough to attribute responsibility or even to understand what happened—especially if the markets were being disrupted by some other, unrelated event, such as war fears on the Korean Peninsula.

Finally, the most serious scenario could see Russian actors undermining the integrity of the IT systems where corporate, stock exchange, government, and personal financial records now reside. Moscow could view such a drastic step as a proportionate response to future Western efforts to block Russia’s—or Putin’s personal—access to global financial markets. Russia’s intelligence services are world leaders in the sophistication and reach of their cyber operations, and actors working for the GRU, SVR or FSB internal security agency almost certainly would be able to find vulnerabilities in the on-line security measures of most financial institutions.

When Should We Get Ready?

As one of Putin’s predecessors in the Kremlin, Vladimir Lenin, might ask at this juncture, what is to be done? I think the overarching themes are the same ones the United States and our allies have used on terrorism since 9/11—if you see something, say something and share threat information as much as possible.

Western intelligence and law enforcement agencies need to thoroughly explain Russia’s capabilities and possible motivations for manipulating global financial markets to the economic, diplomatic, legislative, and other top officials who make policy about Moscow’s access to these markets. The public record to date, though, reflects little if any discussion of this threat.

At the same time, information must be shared with leading financial players. Banks’ and securities exchanges’ efforts to protect critical data will be incomplete if these are based on incomplete information. Sharing of threat information—involving both public- and private-sector actors—should, moreover, be done across national borders. Financial markets and institutions are globally linked; the response and preparation for a threat to them must be global as well.

Finally, public- and private-sector actors need to prepare now for how they would respond to and remediate a Russian—or other—attack on the functioning and integrity of our financial infrastructure. The speed of financial transactions is constantly accelerating; banks and markets are growing ever more dependent on open cyber systems; and relations among states and non-state actors risk veering towards chaos. All of this may make “when” rather than “whether” the right question to ask with regard to a systemic Russian—or other—effort to hamstring the Western financial markets and institutions.

William Brooke Stallsmith is an intelligence analyst who has worked in the US Intelligence Community on economic espionage, counterintelligence, regional stability in Africa and the Near East, and international economic issues. He retired from the Central Intelligence Agency in 2007 as a member of the Senior Analytic Service. He earned an MBA from Columbia University and a BA from the University of Virginia.

[1] This is not a blanket condemnation of all Russian “quants” or other professionals as spies. Rather, I want to highlight that cultural, linguistic, or family ties might make increase the vulnerability of some individuals to recruitment pitches or extortion from Russian intelligence officers—as is true for any group of émigrés from an authoritarian country.