The Financial Services Authority (FSA) has fined three HSBC firms over £3 million, for not having adequate systems and controls in place to protect their customers’ confidential details from being lost or stolen. HSBC Life UK (HSBC Life) was fined £1.61 million, HSBC Actuaries and Consultants (HSBC Actuaries) was fined £875,000, and HSBC Insurance Brokers (HSBC Insurance Brokers) was fined £700,000.
During its investigation into the firms’ data security systems and controls, FSA found that large amount of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen. In addition, staff were not given sufficient training on how to identify and manage risks, like identity theft.
Margaret Cole, director of enforcement at the FSA, said: All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.
All three firms agreed to settle at the early stage of the FSA’s investigation and qualified for a 30% discount. Without the discount, the fines would have been £1 million for HSBC Insurance Brokers, £1.25 million for HSBC Actuaries and £2.3 million for HSBC Life. The firms said that they are implementing a number of remedial actions to address the concerns raised, including contacting the customers concerned, improving their staff training and requiring that all electronic data in transit is encrypted.