A UniCredit employee in China allegedly siphoned off about 100 million yuan (US$15 million) of clients’ money over three years by taking advantage of shared passwords and other internal security loopholes, according to people familiar with the matter. Local police and the China Banking and Insurance Regulatory Commission were informed late last year, and the regulator will levy a penalty in the coming months, the sources said, asking not to be identified because they are not authorised to speak publicly. The regulator has shared information on the matter with other banks, one of the sources said. “UniCredit regrets this incident and apologises to those affected. The safety and security of our clients’ assets is our primary concern and all efforts have been made to ensure that a similar malicious incident cannot reoccur,” a spokesman for the bank said, though he did not provide further details. “The group strictly complies with all rules and regulations in each market where it operates.” Chinese Lothario who dated 19 women stole car from girlfriend while she gave birth to his child The regulator said that it has uncovered an incident involving a foreign bank employee misusing their position and powers of employment for embezzlement. It did not identify the bank or the individual, and said it will disclose details and punishment at a later time. The alleged fraud – one of the biggest among foreign banks in China – could become the latest headache for the Italian lender’s chief executive Jean Pierre Mustier, who took over about three years ago and inherited problems that included a pile of bad debt and possible sanctions violations. UniCredit’s employee in China allegedly used a group supervisor’s password to access clients’ accounts without authorisation and fabricated transactions, the sources said. The employee used the money to buy flats in countries including the US, Greece and Japan, and intended to flip them at higher prices to repay UniCredit without raising any red flags, they said. No escape? Chinese VIP jail puts AI monitors in every cell ‘to make prison breaks impossible’ The employee allegedly confessed to the police after the bank detected that money was being illegally routed, they said. The people added that while Chinese banks have installed fingerprint and iris recognition technology in addition to password authorisations, UniCredit was still using only passwords. While 2018 saw record fines imposed by the China’s banking regulator, the agency focused mostly on local lenders as it tries to stamp out malpractice and corruption. Its chairman Guo Shuqing last year intensified his campaign to root out wrongdoing among the nation’s more than 4,000 lenders by penalising firms and removing senior executives.