On December 17, the UK Financial Services Authority (FSA) announced that it had fined Norwich Union Life (NUL) £1.26 million ($2.5 million) for not implementing effective systems and controls to protect confidential information and manage its risk of being a victim of financial crime in breach of FSA Principle 3.

The systems weaknesses meant that fraudsters were able to impersonate customers and obtain customer details from NUL’s call centers. They were then able to use this information to obtain the surrender of 74 customers' life policies totaling £3.3 million ($6.6 million).

The FSA found that NUL had failed to properly assess the risks posed to its business by financial crime and, as a result, its customers were more likely to fall victim to financial crimes such as identity theft.

NUL had also failed to address issues that were highlighted by NUL’s compliance department after the frauds were attempted or committed. The FSA stated that NUL had implemented a number of remedial actions and had co-operated fully with the FSA’s investigation. Further, all of the fraudulently surrendered insurance policies have been reinstated in full. Because NUL agreed to settle the FSA investigation at an early stage, they qualified for a 30% discount on the penalty assessed under the FSA's executive settlement procedure.