FSA calls for more robust safeguards of consumer data
Firms expected to review the effectiveness of their identity verification procedures, says FSA
In light of its findings from a recent survey of 20 companies that use the internet, telephone or other remote channels to interact with their customers on a regular basis, the UK Financial Services Authority (FSA) has issued a series of recommendations in its Financial Crime Newsletter for firms to improve controls on the authentication and safeguarding of their customer identities.
The survey was designed to assess the effectiveness of firms' procedures to verify the identity of customers, the effectiveness of firms' controls to protect the security data used for authentication and the impact of identity theft on firms. The FSA has recommended that firms should review the effectiveness of their identity verification procedures. The Authority says this can only be done effectively if they: establish a suitable and effective authentication process, protect the personal data held on customers so that it cannot be stolen and/or used to defraud consumers and firms, and help customers to become more security conscious. The FSA also gives examples of good practice guidelines in each of these three areas.
The main areas for improvement identified by the FSA include lack of customer identity verification, staff being given wide-ranging access to data, failure to encrypt databases containing security data and failure by firms to routinely prove their own identity before asking customers to authenticate themselves.
The FSA expects firms to take adequate measures to protect themselves and their customers by assessing the risks associated with using non-face-to-face means of communication. Firms also have a duty to implement appropriate systems and controls, comply with relevant legislation (for example, the Data Protection Act) and, when planning systems and controls to prevent fraud, to take into account the harm to customers and losses to the firm that could arise as a result of identity theft. Firms that use outsourcing or intermediaries are also expected to make sure that appropriate controls are in place throughout the delivery chain. The FSA notes that it has already taken enforcement action against firms where, for example, insufficient protection has been afforded to customer data and has highlighted that it will continue to do so where appropriate.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
Basel war on window-dressing may smooth liquidity, at a price
Changes to G-Sib charge could curb year-end repo volatility, but also cut balance sheet capacity
One year on, regulators still want a cure for bank runs
Broad support for higher outflow assumptions on uninsured deposits, but that won’t save insolvent banks
Watchlist and adverse media monitoring solutions 2024: market update and vendor landscape
This Chartis report updates Watchlist monitoring solutions 2022 and focuses on solutions for sanctions (name and transaction) screening and monitoring adverse media and its related elements
Basel Committee reviewing design of liquidity ratios
Focus on LCR and NSFR after Silicon Valley Bank and Credit Suisse, but assumptions may not change
Risk, portfolio margin, regulation: regtech to the rescue
A white paper outlining the complexity of setting the course for risk, margin and regulation
Prop shops recoil from EU’s ‘ill-fitting’ capital regime
Large proprietary trading firms complain they are subject to hand-me-down rules originally designed for banks
Revealed: the three EU banks applying for IMA approval
BNP Paribas, Deutsche Bank and Intesa Sanpaolo ask ECB to use internal models for FRTB
FCA presses UK non-banks to put their affairs in order
Greater scrutiny of wind-down plans by regulator could alter capital and liquidity requirements
Most read
- Basel Committee reviewing design of liquidity ratios
- Breaking out of the cells: banks’ long goodbye to spreadsheets
- Too soon to say good riddance to banks’ public enemy number one