Insurer Unat Direct Insurance Management (Unat) has been fined £640,000 by the Financial Services Authority (FSA) for failing to complete checks, including data security, on its call centre providers.
The fine follows an FSA report in April expressing concern about the lack of security checks being carried out on outsourcers.
Unat, which is part of the American International Group, hired call centres to sell its products before making checks required by the FSA. It failed to check one call centre for as long as 250 days after it started selling insurance on its behalf, the FSA said.
Although it had a procedure in place to check whether call centres were authorised by the FSA and the extent of their data security it did not stop staff instructing the call centres to start selling to consumers before checks had been completed.
An FSA spokesman said businesses using call centres must check that they have good data security products and procedures. "Data security in call centres is very important for protecting customers, and we require firms using call centres to ensure they comply with data security requirements."
In its Data Security in Financial Services 2008 report published in April the FSA said it was a "major concern" that firms are not checking that outsourcing suppliers have the right IT security and policies in place.
"Very few firms proactively check how third parties vet their employees or the security arrangements in place to protect customer data," said the report.
A spokesperson at Unat said the company has now improved its controls.
"When we first identified these issues we informed the FSA and immediately undertook our own extensive investigation. We can confirm that we have since implemented improvements to ensure our controls in this area are working effectively."