Insurer Unat Direct Insurance Management (Unat) has been fined
£640,000 by the Financial Services
Authority (FSA) for
failing to complete checks, including data security, on its call
centre providers.
The fine follows an FSA report in April expressing concern about
the lack of security checks being carried out on outsourcers.
Unat, which is part of the American International Group, hired
call centres to sell its products before making checks required by
the FSA. It failed to check one call centre for as long as 250 days
after it started selling insurance on its behalf, the FSA said.
Although it had a procedure in place to check whether call
centres were authorised by the FSA and the extent of their data
security it did not stop staff instructing the call centres to
start selling to consumers before checks had been completed.
An FSA spokesman said businesses using call centres must check
that they have good data security products and procedures. "Data
security in call centres is very important for protecting
customers, and we require firms using call centres to ensure they
comply with data security requirements."
In its Data Security in Financial Services 2008 report published
in April the FSA said it was a "major concern" that firms are not
checking that outsourcing suppliers have the right IT security and
policies in place.
"Very few firms proactively check how third parties vet their
employees or the security arrangements in place to protect customer
data," said the report.
A spokesperson at Unat said the company has now improved its
controls.
"When we first identified these issues we informed the FSA and
immediately undertook our own extensive investigation. We can
confirm that we have since implemented improvements to ensure our
controls in this area are working effectively."