In years to come, it is possible that historians will see an arcane piece of banking regulation as one of the most significant weapons deployed against the shadowy world of computer crime.

The Basel II accord aims to force financial institutions to produce exact details of the commercial risks they face in the course of their business. It is producing the first gaps in the wall of silence that has often characterised the banks' relationship with computer crime.

IT security expert Professor Neil Barrett, an adviser to the National Hi-Tech Crime Unit (NHTCU), says that companies are still reluctant to reveal the truth about hacker attacks.

'Of the incidents that I dealt with in computer security that involved sums of between £250,000 and £750,000, only one in 25 were reported to the NHTCU,' he said.

Basel II is designed to allow organisations such as insurance providers to better understand the risks they are underwriting. The accord specifically mentions computer security and hacking incidents as operational risks that must be quantified.

Failure to do so will mean banks setting aside 20 per cent of their turnover to cover any unforeseen eventuality - meaning financiers have to be completely open or face the prospect of holding on to money that is not doing anything.

'It's all part of the governance movement that has arrived in the wake of Enron and WorldCom,' said Jay Heiser, principal analyst for computer security company TruSecure.

'The implications of this are practically infinite.'

Heiser says that behind Basel II is a loss of patience by regulatory authorities with the way banks carry out their affairs.

'The significance of Basel II is that it forces financial institutions to describe exactly how risky they are,' he said.

Many observers says that banks are playing down the significance of computer security in their operational risk because of the importance of information and computer networks. But IT security now sits at the heart of all financial operations.

'What Basel II means with specific regard to information security, is that companies have got to get their act together to show they are aware of all of the risks that they face,' said Barrett.

One of the aims of Basel II is to ensure the integrity of all the information an organisation bases its decisions upon.

Any weakness in computer security could mean a potential opportunity for an intruder to interfere with data.

'A company will have to be specific about the nature and the number of threats it is facing and to be clear about how it will respond to those threats,' said Barrett.

'Due to the changes in accounting practice there is now pressure from the auditing profession and the insurance industry for the banks to produce this information. In the case of the auditors, there are now legal requirements for them to make sure that the information they use is correct, so the pressure is now coming from all sides.'

Banks must collate three years of historical details of computer security breaches and risks into a database, which will be available to auditors and insurers when the regulations come into force in January 2007.

But UK banks are still reluctant to discuss their plans.

According to reliable sources, Royal Bank of Scotland is understood to have adopted Basel II's advanced model, which means it intends to supply information in all areas of its operational risk, including data security.

A spokeswoman at Lloyds TSB confirmed that it has also opted for the detailed advanced model.

But NatWest, Barclays and HSBC did not provide any information on their position.

Richard Hollis, director of the computer security company Orthus, says the Basel II accord demands that any historical database must be centralised and include all incidents suffered by a group - a requirement that has created enormous headaches for multinational organisations.

'The difficulty is that Basel II requires you to calculate operational risk and that is global,' he said.

'You have to do that from historical data and if you do not have that then you are in trouble.'

What is Basel II?

In January 2001, the Basel Committee on Banking Supervision issued a proposal for a New Basel Capital Accord that, once finalised, will replace the current 1988 Capital Accord.

Basel II is based on three 'pillars' that allow banks and supervisors to evaluate properly the various risks that institutions face:

• minimum capital requirements, which will update and refine the framework that was set out in the 1988 accord
• supervisory review of an institution's capital adequacy and internal assessment process
• market discipline through effective disclosure to encourage safe and sound banking practices