Finance watchdog found gaps in security strategies
Published: 25 April 2008 12:45 BST
The Financial Services Authority (FSA) has warned the banking industry to shape up their attitudes to securing sensitive data and customer information.
Following an audit of 39 banks, building societies, insurance companies and financial advisors, the regulatory watchdog called on financial services firms to adopt a more transparent stance towards customers, rather than fearing adverse media coverage when data breaches occur.
As a result of the audit, one firm has been referred to enforcement.
Full Disclosure campaign
silicon.com is aiming to make businesses and government take data security more seriously. Read more here.
Instances of bad security practice found in the audit included a lack of due diligence in checking third-party suppliers vet their employees or have adequate security arrangements, too much emphasis on IT controls at the expense of staff awareness and training; and in some areas, an over reliance on compliance consultants who did not understand the importance of data security.
One of the recommendations the FSA made as a result of the audit was that finance firms should appoint a senior manager with overall responsibility for data security.
Speaking at the FSA annual conference on financial crime, FSA director, financial crime and intelligence division Philip Robinson said: "It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously. Some firms have made progress by adopting good practice, while others need to do more in the area… we expect the industry to raise its standards. We will follow up on this [audit] with firms and will not hesitate to take action if future breaches are found."
The FSA audit is in conflict with another survey conducted by BT and YouGov on staff awareness about what to do when things go wrong. This report found staff in financial sector companies were 27 percentage points more likely to have a high awareness of their company's business continuity strategy than the cross-industry average.
BT Global Services finance industry sector MD Andy Nicholson said in a statement: "With an ever increasing regulatory environment, operational risk and business continuity planning must extend to every employee, business process and ICT asset."
Are rogue traders an inevitable evil?
HSBC loses 370,000 customers' details
Sepa fraud risk warning for businesses
Banks under attack: Phishing on the rise
Laptop theft breaks data protection law
HMRC data breach prompts password and PIN changes
Would you spot £1,000 missing from your account?
Working alongside Business Audit on integrated reviews you will cover a variety of areas, in a predominantly Windows NT/2000, UNIX, AS400 environment ...
Responsibilities include managing 3 teams covering internal audit, risk management, consultancy, quality assurance, policy control and business ...
The ICT department employs over 140 people and provides an extensive range of ICT-related services to over 5000 ICT users throughout the Council. ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Carol Wheatcroft
Will consumers always want free banking?
Targeted, bundled services will be the way to profit...
Steve Boyle
Are rogue traders an inevitable evil?
Opinion: Managers must increase diligence to beat fraud
Julian Goldsmith
Profile: Nottingham Building Society head of IT Jack Cutts
'On the wide accountancy'...
Steve Boyle
Why you should be outsourcing your data centres
Concentrate on the core business...
Bob McDowall
Fixed-income electronic trading faces bleak 2008
Trading platforms likely to draw in their horns for downturn
Steve Boyle
Banking can execute change in real-time
Opinion: Tools and techniques now exist to make it possible