The Financial Services Authority fined Norwich Union 1.26m yesterday for failing to have adequate checks and systems in place to prevent a 3.3m fraud that took place in its life assurance division two years ago.
The fraudsters managed to successfully cash in the life policies of 74 customers worth a total of 3.3m simply by using a selection of publicly available information, such as their dates of birth, names and addresses. In some cases, they also managed to get the call centre operative to change personal information, such as bank account details, on their systems.
The FSA said that it believed Norwich Union had failed to adequately assess the risks posed to its business by financial crime, claiming it had left its customers at greater risk of falling victim to identity theft and other financial fraud.
"Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure," said Margaret Cole, the FSA's director of enforcement. "It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft.
"This fine is a clear message that the FSA takes information security seriously and requires that firms do so too."
Norwich Union apologised for its mistakes, and said that it had acted to improve its systems immediately after discovering the fraud. All 74 policies have since been reinstated, and the group has worked with the police to help track down the fraudsters, resulting in 11 arrests. A full anti-fraud review has also been carried out within the company.
"We are sorry that this situation arose and apologised to the affected customers when this happened," said Mark Hodges, the chief executive of Norwich Union Life. "We have extensive procedures in place to protect our customers but in this instance weaknesses were exploited and we were the target of organised fraud. Whilst the number of customers affected is very small compared to the number of policies we manage overall, any breach in customer confidentiality is clearly unacceptable.
"Our customers can, however, be assured that we have taken this matter extremely seriously and have thoroughly reviewed our systems and controls as a result. All of our 7 million customers are protected by our promise that they will be fully reimbursed and will get help and support if they are the innocent victims of fraud."
The FSA said NU's fine had been reduced by 30 per cent due to its full co-operation with its inquiries, and due to the group's agreement to settle at an early stage. Without the discount, the fine would have been 1.8m.Reuse content