FSA recently fined Nationwide Building Society £980,000 for failing to have effective systems and controls to manage its information security risks. Nationwide is the UK's largest building society and holds confidential information for over 11 million customers.
The failings came to light following the theft of a laptop (containing customer confidential information) from a Nationwide employee's home last year. Even Nationwide reported the case to the police, Information Commissioner and FSA, it was not aware that the laptop contained confidential customer information and did not start an investigation until three weeks after the theft.
During its investigation, FSA found that the building society did not have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime. Unfortunately, Nationwide's failings occurred at a time of heightened awareness of information security issues as a result of government initiatives, increasing media coverage and an FSA campaign about the importance of information security.
For mitigating the seriousness of its failings, Nationwide has:
- implemented additional measures to increase security around Nationwide accounts including increased anti-fraud measures and monitoring of suspected fraudulent activity;
- disabled the remote access facility, preventing access from the stolen laptop to live Nationwide system;
- written to all customers explaining the loss of information and measures customers can take to minimize the risk of identity theft;
- confirmed that it will reimburse any customer who has suffered financial loss as a result of the theft;
- commissioned a independent and comprehensive review of its information security procedures and controls.
Loss of laptop did also happen in HK banking security but it seemed that HKMA took a more lenient regulatory approach.
No comments:
Post a Comment