The Financial Services Authority (FSA) has fined Norwich Union Life 1.26 million for not having effective systems and controls in place to protect customers’ confidential information and manage its financial crime risks.
These failings resulted in a number of actual and attempted frauds against Norwich Union Life’s customers.
The weaknesses in Norwich Union Life’s systems and controls allowed fraudsters to use publicly available information including names and dates of birth to impersonate customers and obtain sensitive customer details from its call centres.
Also, in some cases they were able to ask for confidential customer records such as addresses and bank account details to be altered. The fraudsters then used the information to request the surrender of 74 customers’ policies totalling 3.3 million in 2006.
During its investigation, the FSA found that Norwich Union Life had failed to properly assess the risks posed to its business by financial crime, including fraudsters seeking to obtain customers’ confidential information.
As a result, its customers were more likely to fall victim to financial crimes such as identity theft.
“Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure. This fine is a clear message that the FSA takes information security seriously and requires that firms do so too,” says Margaret Cole, director of enforcement, FSA.
Norwich Union Life also failed to address the issues, highlighted by the frauds, in an appropriate and timely manner even after they were identified by its own compliance department. The failings happened at a time of increasing awareness across the UK about the importance of information security.
Norwich Union Life agreed to settle at the early stage of the FSA’s investigation and qualified for a 30% discount under the FSA’s executive settlement procedure – without the discount, the fine would have been 1.8 million.