On 22 July 2009 three HSBC companies: HSBC Life UK Ltd; HSBC Actuaries and Consultants Ltd; and HSBC Insurance Brokers Ltd, were fined £1.6m, £875,000, and £700,000 respectively by the UK Financial Services Authority (FSA). The fines are in response to those companies failing to have in place adequate systems and controls to protect customers' confidential information from being lost or stolen. In failing to have in place such systems and controls, the companies were in breach of the Data Protection Act 1998 and certain FSA principles of business, most notably Principle 3 that says, "A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems".
In April 2007 HSBC Actuaries lost an unencrypted floppy disk in the post containing confidential information in relation to 1,917 pension scheme members. In July 2007 all three companies were warned by the HSBC compliance team about the need for tighter security over confidential customer information. However, in February 2008 HSBC Life lost an unencrypted CD containing the details of 180,000 policyholders.
While the fines were reduced by 30% because the three companies co-operated fully with the FSA throughout the investigation and agreed to settle early, they reflect concerns about fraud and identity theft which could potentially stem from losing customer data. They also reflect the fact that adequate controls were not in place despite a warning being given to all companies concerned by the compliance department of the risks of transferring customer data by disk.
The fines are a warning to other companies regulated by the FSA that inadequate systems and controls to protect confidential information will not be tolerated. The director of enforcement at the FSA said, "In areas where we have previously warned firms of the need to improve, people can expect to see fines increase to deter others and change behaviour in the industry."
To view the FSA press release regarding this matter please click here and to view the FSA enforcement notices please use the following links: for HSBC Actuaries; for HSBC Life; and for HSBC Insurance Brokers.