Protecting customers’ personal details has become a serious
issue, as one of the UK’s largest insurers, Norwich Union Life
(NUL), discovered to its cost in December 2007. Found by the UK’s
financial services watchdog, the Financial Services Authority
(FSA), to have failed to protect customers’ confidential
information and manage its financial crime risks, the insurer was
handed a £1.26 million ($2.5 million) fine.
“Norwich Union Life let down its customers by not taking
reasonable steps to keep their personal and financial information
safe and secure,” said FSA director of enforcement Margaret Cole.
“This fine is a clear message that the FSA takes information
security seriously and requires that firms do so too.”
The fine would have been £1.8 million had NUL not agreed to a
settlement in the early stages of the investigation.
Failure to assess risk
During its investigation, the FSA found that NUL had failed to
properly assess the risks posed to its business by financial crime,
including fraudsters seeking to obtain customers’ confidential
information. As a result of weaknesses in NUL’s systems and
controls, the FSA said, fraudsters were able to use publicly
available information including names and dates of birth to
impersonate customers and obtain sensitive customer details from
its call centres.
In some cases, criminals acquired confidential customer records
such as addresses and bank account details. They then used the
information to request the surrender of 74 customers’ policies
totalling £3.3 million in 2006, said the FSA. Policies of 558 other
customers were at risk. The FSA noted that NUL failed to address
issues highlighted by the frauds in an appropriate and timely
manner even after they were identified by its own compliance
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
In a statement, NUL CEO Mark Hodges said: “We have extensive
procedures in place to protect our customers but in this instance
weaknesses were exploited and we were the target of organised
NUL has reinstated all fraudulently surrendered policies in full.
Police have arrested 11 people involved in the frauds.