Security for Central Banks and Currency Operations | CloseProtectionHire

The Bangladesh Bank SWIFT heist of February 2016 remains the most consequential financial infrastructure attack on record. Attackers attributed to North Korea’s Lazarus Group gained access to Bangladesh Bank’s SWIFT terminals, submitted 35 fraudulent payment orders totalling USD 951m to the Federal Reserve Bank of New York, and successfully transferred USD 81m to accounts in the Philippines before the fraud was detected. The US Department of Justice indicted Park Jin Hyok in September 2018 for the attack. USD 38m was subsequently recovered through Shinhan Bank. The remaining USD 43m was laundered through Filipino casino operations and has never been recovered.

Central bank security is a category of financial infrastructure protection that spans physical security of reserve assets, personnel security for senior officials, cyber-physical security for interbank messaging infrastructure, and operational security for currency production and distribution operations. The threat actors include state-sponsored groups targeting financial disruption or economic intelligence, organised crime groups targeting currency production and transit, and in some markets protest and activist targeting of governors and public-facing operations.

This guide covers the security framework for central bank operations across four domains: SWIFT and interbank messaging security, gold reserve and vault security, currency production and transit security, and personnel security for central bank officials.

SWIFT and Interbank Messaging Security

The Bangladesh Bank attack exposed a systemic vulnerability in how financial institutions managed their SWIFT terminal environments. Bangladesh Bank’s SWIFT connectivity was managed through a misconfigured network that connected the SWIFT messaging system to the bank’s internal internet-connected systems. The attackers exploited this to gain terminal access, authenticate their fraudulent messages, and delete the local records of the transactions before they could be detected.

The SWIFT Customer Security Programme (CSP), developed in direct response to Bangladesh Bank and subsequent attacks against other central banks, defines mandatory baseline controls for all institutions connected to the SWIFT network. As of 2022-2023, the three core mandatory controls are: Operator Account Management (ensuring SWIFT terminal operator accounts are individually assigned, audited, and revoked on personnel change); Security Updates (SWIFT interface software and supporting systems on a confirmed patch cycle); and Password Policy (SWIFT operator account passwords meeting minimum complexity and rotation standards).

The CSP Community Standard Attestation obligation requires all connected institutions to self-attest their compliance against the full mandatory control set annually. Non-compliant institutions are flagged to their counterparties and to regulators. For central banks in P1 cities – State Bank of Pakistan (Karachi), Bank Indonesia (Jakarta), Bank Negara Malaysia, and others – CSP compliance is both a baseline security requirement and a de facto condition of maintaining correspondent banking relationships.

Beyond the CSP, the physical security of SWIFT terminal environments matters. SWIFT terminals should be in access-controlled areas with no public or vendor access, on dedicated hardware not shared with general administrative systems, and covered by a change management process that documents every configuration modification. The Bangladesh Bank attack involved no physical intrusion – but a physical security failure that allowed an insider to access the terminal environment would have produced the same result.

Gold Reserve and Vault Security

The Bank of England holds approximately 400,000 gold bars in its London vaults – approximately 5,000 tonnes, making it the world’s second-largest gold custodian after the Federal Reserve Bank of New York. As at Q4 2023, the holding was estimated at over GBP 200bn at spot prices. The Reserve Bank of India reported 265 tonnes of domestic gold reserves in Fort Mumbai as at its 2023-24 annual report; 100 tonnes were repatriated from the Bank of England in 2024 as part of a strategic diversification.

Vault security at institutions of this scale operates on principles that differ significantly from commercial safe deposit facilities.

Physical access control uses multi-factor authentication – typically biometric identification combined with PIN and key card – with no single-factor override. The “four eyes” principle (two-person integrity) is mandatory for any vault access: no individual can enter the vault unaccompanied. This applies to internal staff, auditors, counterparty verification visits, and maintenance personnel. All visitors are supervised throughout their presence in the vault environment.

The physical barriers themselves are rated to LPCB SR3 or SR4 standards (LPCB Loss Prevention Certification Board, SR = Secured By Design Resistance Rating) for vault doors and access points. SR3 and SR4 ratings require sustained resistance to professional attack using diamond-tipped cutting tools, thermal lances, and hydraulic spreading tools for defined time periods (SR3: 5 minutes, SR4: 15 minutes, verified by LPCB independent testing).

CCTV coverage to BS 8418:2015 standards covers all access points, corridor routes, and vault floor areas, connected to an SBD-accredited Alarm Receiving Centre with 24/7 monitoring. Armed guard presence is standard at major gold vault facilities, coordinated with national police response capability for alarm escalation.

For central banks in P1 cities that hold domestic gold reserves – Bank Indonesia’s Jakarta vault, State Bank of Pakistan’s Karachi operations – the same principles apply, but the physical security delivery must be calibrated to the local threat environment rather than a London or New York baseline. Access control, CCTV, and response capability need to be assessed against what is achievable in the actual operating context.

Currency Production and Transit Security

The physical production of banknotes involves specialist security requirements that sit at the intersection of manufacturing security and high-value asset protection. De La Rue (the world’s largest commercial banknote printer, facilities at Gateshead, Overton, and Dunstable) is certified to ISO 14298 – the international standard for security printing management systems. ISO 14298 covers personnel vetting, physical security of print facilities, raw material and waste management, production batch tracking, and incident reporting.

Physical security at major print facilities includes: perimeter fencing to BS 1722 standards (chain link or palisade, rated to BS EN 1010 where applicable), intruder detection to BS EN 50131 Grade 3 across the site perimeter and internal production zones, CCTV to BS 8418:2015 with ARC monitoring, and SIA-regulated guarding with enhanced vetting (typically BS 7858 pre-employment screening to a higher tier than standard commercial premises).

The transit of new currency – from print facility to the issuing central bank, and from central bank to commercial bank distribution networks – is the highest-risk phase of the currency lifecycle. Cash-in-transit operations for high-value currency movements use LPCB SR3+ rated vehicles, sealed and tracked consignments, and armed escorts in jurisdictions where this is legally permitted. Route information is treated as classified: it is communicated to the minimum necessary parties on a need-to-know basis, and only immediately before transit. Historic route compromise – either through insider disclosure or systematic surveillance – has been a factor in several major currency theft operations.

In P1 markets, the currency transit security framework reflects both the elevated physical security threat and the specific challenges of operating in high-traffic urban environments. The State Bank of Pakistan’s note transport operations in Karachi, and Bank Indonesia’s distribution network in Jakarta, both operate in environments where road surveillance and organised criminal capability are higher than in developed market contexts.

Personnel Security: Governors and Senior Officials

Central bank governors hold prominent public roles with frequent media exposure, regular parliamentary and congressional appearances, and speech events at conferences and economic forums. The threat profile for this role is distinct from a corporate executive.

Protest targeting is the most common threat at major central banks in developed markets. The Bank of England experienced sustained protest at its Threadneedle Street entrance during the 2022-2023 cost-of-living controversy and has faced multiple Just Stop Oil actions. The European Central Bank has been the target of labour movement demonstrations in Frankfurt during Eurozone policy controversies. Pre-event venue advance, coordination with local police (City of London Police for the BoE, Frankfurt Police Presidium for the ECB), and CCTV monitoring of the approach routes are the standard response.

In P1 city contexts, the threat profile includes elements that do not apply to London or Frankfurt. The State Bank of Pakistan Governor operates in Karachi, which carries street crime and targeted criminal risk for high-profile individuals. The Bank Indonesia Governor operates in Jakarta, where political risk and civil unrest during economic policy controversy has historically been higher than in developed markets. Bank Negara Malaysia and the Central Bank of the Philippines both operate in environments where the governor’s public profile creates measurable personal security exposure during periods of financial stress.

Close protection for central bank governors in P1 markets typically combines a dedicated protective detail with: pre-event advance for all public appearances; vetted, security-aware ground transport; hotel security protocol for international travel; and coordination with national police or state security services where appropriate.

Senior officials conducting on-site supervisory examinations at commercial banks in P1 markets face a separate risk category. Regulatory examiners are visible authority figures. In markets with significant criminal finance or money laundering activity, the presence of an examiner at a specific institution can make them a target for approach operations – attempts to compromise or gather information about the regulatory investigation. Hotel and transit security appropriate for professional-class visitors in the relevant P1 market is the minimum standard for examiner travel.

Bank of Indonesia and State Bank of Pakistan: P1 City Contexts

Jakarta (Bank Indonesia): Bank Indonesia’s headquarters and primary operations are on Jalan M.H. Thamrin in Central Jakarta, one of the city’s commercial cores. The monsoon season (November to March) creates significant traffic disruption that affects ground transport security windows. Security programmes at BI reflect both the institution’s national profile and the physical security environment of Jakarta’s commercial district.

Karachi (State Bank of Pakistan): SBP headquarters on I.I. Chundrigar Road is in Karachi’s financial district. The city’s security environment – including targeted attacks on high-profile institutions and individuals, and the presence of sophisticated criminal networks – means that physical security at SBP and security arrangements for its officials are calibrated to a materially higher threat level than most South Asian central banks. Encrypted communications and device security disciplines are appropriate for any SBP official or counterparty conducting sensitive operations in the city.

Mumbai (Reserve Bank of India): RBI’s Fort branch in South Mumbai holds the primary domestic gold vault. The institution’s national profile means it operates with dedicated security infrastructure. International counterparties conducting gold verification visits should expect comprehensive security protocols and should provide advance notice of all visitor details.

For the broader financial sector security framework, including investment banking and commercial bank physical security, see our security for banking and financial institutions guide. For the private banking and wealth management security context, where HNWI client meeting environments and relationship manager travel to P1 cities create parallel security challenges, see our security for private banking and wealth management guide. For cash-in-transit operations – the physical movement of currency at the commercial and retail level below the central bank – including BS 7958:2015, SIA CIT licensing, SABRIC South Africa heist statistics, and EN 1522 armoured vehicle classification – see our cash-in-transit and CIT operations security guide.

Sources: US Department of Justice Press Release, September 2018 (Park Jin Hyok indictment, Lazarus Group / Bangladesh Bank SWIFT heist February 2016); SWIFT Customer Security Programme (CSP) mandatory controls, 2022-2023 version; Bank of England Annual Report 2023-24 (gold holdings, vault operations); Reserve Bank of India Annual Report 2023-24 (gold reserves, Fort Mumbai vault, Bank of England repatriation); De La Rue Annual Report 2023-24 (ISO 14298 certification, facility locations); ISO 14298:2021 “Graphic technology – Management of security printing processes”; LPCB Loss Prevention Standard LPS 1175: Issue 8 (SR3/SR4 rated physical barriers); BS 8418:2015 (CCTV monitoring); OSAC Country Reports: Pakistan 2024, Indonesia 2024; NCSC/CISA Joint Advisory on SWIFT Security, 2023.

James Whitfield is a Senior Security Consultant with experience advising financial infrastructure clients, central bank counterparties, and sovereign wealth institutions on physical security, personnel protection, and high-value asset protection programmes.