FSA report highlights lax data controls

Poor data control is a serious and widespread problem in the financial services industry.

This is the conclusion of a report by the Financial Services Authority, Data security in financial services, which advises all firms to appoint senior data security managers and to test staff’s understanding of procedures.

Philip Robinson, director of the FSA’s financial crime and intelligence division, says: “It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking it seriously.”

The report says firms that fail to protect consumer information could face regulatory action.

It adds that one firm scrutinised by the report has already been referred to the regulator’s enforcement team for investigation.

The report found that while many medium to large firms have devoted sufficient resources to data protection, their focus is often centred on IT and neglects procedures, monitoring and staff training.

The report also discovered that small firms are generally unaware of the value of information to criminals and so have few if any measures to protect data.

Peter Hurst, chief executive of fraud prevention service CIFAS, says: “The review highlights the problems identified within small firms. They have a specific set of difficulties and the FSA has acknowledged this by preparing data security factsheets for them.”

All firms were revealed to have undervalued the need to vet staff at all levels to avoid information theft.

While most companies conducted adequate research on senior staff, junior employees, often with frequent access to sensitive data, were rarely vetted properly.

Hurst says: “The review is right to emphasise that data security extends far beyond IT controls and should start with the proper vetting of staff at all levels.”

The Council of Mortgage Lenders says that the recent revamp of the House Builders Federation’s code of conduct does not go far enough.

The HBF has rewritten its code to make the disclosure of all sales incentives on new developments mandatory for members.

The police has previously warned that fraudsters could exploit the incentives offered by builders that allow them to secure loans in excess of properties’ market values.

In the past the CML has expressed concern over the lack of transparency and the influence of incentives on the new-build valuation process.

A spokeswoman for the CML says: “We welcome the changes but there is still a long way to go. There must be a universal approach to make developers disclose incentives.”

But Stewart Baseley, executive chairman of the HBF, says: “We believe the amended code will provide assurance to buyers and lenders that discounts and incentives are transparent. We will continue to work with our members, lenders and the CML to help buyers get the support they need.”