HSBC is fined by the UK regulator over information security systems and controls failings in its insurance businesses
LONDON - The Financial Services Authority (FSA) has fined three firms from within the HSBC banking group more than £3 million for having inadequate systems and controls to protect their customers' confidential data.
The UK regulator says the failure to protect information from being lost or stolen contributed to customer data being lost in the mail on two occasions. HSBC Life UK was fined £1.6 million, HSBC Actuaries and Consultants was fined £875,000 and HSBC Insurance Brokers was fined a further £700,000.
During its investigation the FSA said it found large volumes of unencrypted or otherwise unprotected customer data was sent via post or courier to third parties. Other data was left vulnerable to loss or theft on open shelves or in unlocked filing cabinets. Internal members of staff were also found to be insufficiently briefed on the resultant risks of identity theft.
The three units were judged to have failed to put adequate procedures, systems or controls in place to manage financial crime risks, despite a warning in July 2007 from HSBC Group Insurance's compliance team. The following February, HSBC Life lost in the post an unencrypted CD containing the details of 180,000 policyholders.
More on Regulation
“You cannot have 80% of the market being just HFT,” says Ranjan
Dealers: we're 'sitting ducks' in Treasury market overrun by HFTs
Regulator will impose Basel III add-on if risks are not captured by LCR
G30 warns many banks are still lagging behind
Sign up for Risk.net email alerts
Catch up with the debate at OpRisk's flagship London conference
Sponsored video: Elseware
Oxford professor David Vines argues that the carrot is as important as the stick
Sponsored webinar: IBM
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.