Data security a priority, says FSA
The UK’s FSA is urging banks to do more to protect customers' personal details
LONDON – The Financial Services Authority (FSA) is urging firms do more to help prevent their customers falling victim to identity fraud and other types of financial crime.
This warning follows an FSA review of systems and controls for data security at 39 firms including banks, building societies, insurance companies and financial advisers. Although there were examples of good practice across the industry, the FSA found that many firms were still underestimating the risk of data loss and fraud to their businesses, and especially to their customers.
Senior management were singled out for not recognising the value of their customers' data to fraudsters or that staff could pose a similar threat to data security as that posed by computer hackers and burglars. On occasions of significant data loss, firms seem more concerned about adverse media coverage than about being open and transparent with their customers, said the FSA. Following the review, one firm has been referred to enforcement.
Speaking at the FSA's annual conference on financial crime on April 24, Philip Robinson, director of its financial crime and intelligence division, said: "It is worrying that despite increased public awareness of the impact identity theft can have on customers, many firms are still not taking this risk seriously. Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe.
"Some firms have made progress by adopting good practice, while others need to do more in this area to ensure they are treating their customers fairly. Firms getting data security right is a key priority for the FSA, and we expect the industry to raise its standards.”
The review showed that many firms are not proactively checking that third-party suppliers vet their employees or have adequate security arrangements in place to prevent unnecessary access to customer data. It found that many large and medium-sized firms devote adequate resources to data security risk but place too much emphasis on IT controls and not enough on staff awareness and training or regular risk assessments. It also found that small firms were wholly reliant on compliance consultants, who did not understand the importance of data security within the firm.
Andy Nicholson, managing director, finance industry sector, BT Global Services, says: “The proliferation of banking channels has offered customers greater flexibility, but also raised the need for security systems to help customers avoid becoming victims of identity theft. Security is vitally important for banks and customers alike – customers naturally don’t want to become victims of fraud and banks need to be able to protect them. From our experience, some banks have already turned to centralised identity management, allowing them to identify the lifecycle for employees and customers, from initial registration through to access provisioning, access changes and de-provisioning. Effective security will always play a crucial role in a bank’s strategy, and the involvement of the FSA will act as a catalyst to improve security solutions and boost customer confidence.”
Examples of good practice found at the firms visited included: firms encrypting laptops and transferring data via secure internet links to third parties; masking financial details where they are not necessary for staff to do their jobs; and appointing a senior manager with overall responsibility for data security.
Nicholson says: “Banks should consider three specific approaches to effectively protect their customers: effective identity authentication – technologies such as two-factor authentification dramatically increases security without increasing complexity; fraud detection – services that identify unusual or uncharacteristic behaviour; and fully networked and integrated ID theft and fraud solutions to ensure different systems talk to each other for maximum security.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Integrated GRC solutions 2024: market update and vendor landscape
In the face of persistent digitisation challenges and the attendant transformation in business practices, many firms have been struggling to maintain governance and business continuity
Vendor spotlight: Dixtior AML transaction monitoring solutions
The Chartis Research report, AML transaction monitoring solutions, considers how, by working together, financial institutions, vendors and regulators can create more effective anti-money laundering (AML) systems.
Financial crime and compliance50 2024
The detailed analysis for the Financial crime and compliance50 considers firms’ technological advances and strategic direction to provide a complete view of how market leaders are driving transformation in this sector
Automating regulatory compliance and reporting
Flaws in the regulation of the banking sector have been addressed initially by Basel III, implemented last year. Financial institutions can comply with capital and liquidity requirements in a natively integrated yet modular environment by utilising…
Investment banks: the future of risk control
This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control
Op risk outlook 2022: the legal perspective
Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…
Emerging trends in op risk
Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…
Moving targets: the new rules of conduct risk
How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…