Mondo Visione Worldwide Financial Markets Intelligence

FTSE Mondo Visione Exchanges Index:

CCData-468x60x2.jpg BT_Radianz_468x60_Jul23 FEAS 30th Anniversary Conference

UK’s Financial Services Authority Fines Stockbroking Firm £77,000 For Weak Data Security Controls

Date 17/06/2008

The Financial Services Authority (FSA) has fined Merchant Securities Group Limited (Merchant Securities) for not adequately protecting its customers from the risk of identity fraud. This is the first time the FSA has fined a stockbroking firm for weak data security controls.

Merchant Securities had inadequate procedures for verifying the identities of customers that contacted the firm by telephone. Instead, the firm relied on being able to recognise customers' voices and talking with them informally about personal matters such as holidays or hobbies. Personal account numbers which could be used, with a customer's name, to access account information were included in routine letters.

Furthermore, back up tapes containing unencrypted customer information were stored overnight in a bag at the home of a member of staff. Merchant Securities did not address the risk involved in its staff being able to use instant messaging and web based email. There was no evidence, during the FSA's investigation, that customer details had been lost or stolen.

Margaret Cole, Director of Enforcement at the FSA, said: "It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details. People have a right to expect their details to be kept secure and firms should be committed to treating their customers fairly in all aspects of their business.

"Reducing financial crime in the UK is a priority for the FSA and our recent data security report showed that many firms still need to do more to get it right. We will not wait until information has been lost or stolen before taking action against a firm. The level of the fine for a firm of this size should serve as a warning to others to take data security seriously."

Merchant Securities' failings came to light in September 2007, during a visit by the FSA, rather than through their own systems and controls. The visit was part of wider FSA thematic work to gather information on how firms identified and managed their data security risks.

Merchant Securities co-operated fully with the FSA and agreed to settle at an early stage of the FSA's investigation. It qualified for a 30% discount under the FSA's executive settlement procedure. Without the discount, the fine would have been £110,000.

MV 120 X 600 Hard to Reach BT_Radianz_120x600_Jul23.jpg FEAS_2025_MondioVisione_120x600-banner