Three HSBC companies have been fined a total of £3m by the
Financial Services Authority (FSA) for failing to protect customer
information, which led to two incidents of data going
missing.
HSBC Life UK was fined £1,610,000; HSBC Actuaries and
Consultants was fined £875,000; and HSBC Insurance Brokers was
fined £700,000. All these companies are part of HSBC's Insurance
business.
The FSA found that "large amounts" of unencrypted customer
details had been sent via post or courier to third parties.
"Despite increasing awareness of the need to protect people's
confidential details, all three firms failed to put in place
adequate procedures to manage their financial crime risks," said
the FSA. The failings were discovered over a year ago and the bank
said it has since fixed the problems.
In April 2007, HSBC Actuaries
lost an unencrypted floppy disc in the post, containing the
personal information of 1,917 pension scheme members.
HSBC Group Insurance's compliance team warned all three
companies in July about the failing, but in February 2008 HSBC Life
lost an unencrypted CD containing the details of 180,000 policy
holders in the post.
Margaret Cole, director of enforcement at the FSA, said the
breaches were very disappointing. "All three firms failed their
customers by being careless with personal details, which could have
ended up in the hands of criminals."
Clive Bannister, group managing director at HSBC Insurance,
said, "Keeping our customers' data confidential and secure is
vitally important to everyone at HSBC. We hold ourselves to the
highest standards, but it is clear that in these instances we have
fallen short, which we sincerely regret.
"While this is a serious matter, no customer reported any loss
from these failures and we are doing everything possible to prevent
a recurrence. We have implemented even more rigorous systems,
better checks and more training for our people. We believe our
customers can have confidence that we are doing everything we can
to protect their privacy."