|
The Financial
Services Authority (FSA) has fined three arms of the HSBC brand
£3millon for information security failings.
The three HSBC firms were fined for not having adequate systems
and controls in place that would ensure the protection of customers’
confidential details from loss and theft.
On two occasions, customer data was lost in the post, which the
FSA said was contributed to by HSBC’s failings.
HSBC Life UK Limited, HSBC Actuaries and Consultants Limited and
HSBC Insurance Brokers Limited have been fined £1,610,000,
£875,000 and £700,000 respectively.
The FSA found during its investigations into the firm’s data
security systems and controls that large amounts of unencrypted
customer details had been sent via post or courier to third parties
by HSBC. Details were also left on open shelves or unlocked cabinets,
and staff were not given full training on the identification and
management of risks such as identity theft.
“These breaches are very disappointing,” commented Margaret
Cole, director of enforcement at the FSA. “All three firms
failed their customers by being careless with personal details which
could have ended up in the hands of criminals. It is also worrying
that increasing awareness around the importance of keeping personal
information safe and the dangers of fraud did not prompt the firms
to do more to protect their customers’ details.
“Fraud, particularly identity theft, is a major concern to
everyone and firms must ensure that their data security systems
and controls are constantly reviewed and updated to tackle this
growing threat.”
All three firms have qualified for a 30 per cent early settlement
agreement discount, which brought the fines down from £1million
for HSBC Insurance Brokers, £1.25million for HSBC Actuaries,
and £2.3million for HSBC Life.
HSBC released a statement saying the company is doing all it can
to prevent a recurrence of this issue. Clive Bannister, group managing
director of HSBC Insurance, said: “Keeping our customers’
data confidential and secure is vitally important to everyone at
HSBC. We hold ourselves to the highest standards, but it is clear
that in these instances we have fallen short, which we sincerely
regret.
“While this is a serious matter, no customer reported any
loss from these failures and we are doing everyone possible to prevent
a recurrence. We have implemented even more rigorous systems, better
checks and more training for our people. We believe our customers
can have confidence that we are doing everything we can to protect
their privacy.”
Jonathan Davies, regulatory partner at law firm Reynolds Porter
Chamberlain LLP (RPC), added that actuaries which are FSA authorised
could be fined for failures that do not relate to their FSA-regulated
business: “When the FSA fined HSBC Actuaries and Consultants
£875,000 it was for business practices that are not FSA regulated.
This should act as a stark reminder to any FSA authorised actuaries
that the FSA can look at their systems and controls covering all
their activities, not just those which are FSA regulated activities.”
- Pensions Age July 2009
Back
to 2009 news list
|
