With all the focus on stress tests, Dodd-Frank, Basel III and other manifestations of financial services regulatory reform, some institutions might have put concerns about privacy and the security of customer information on the back burner.But, as my colleague Penny Crosman of Bank Systems & Technology reports, the U.K's The Financial Services Authority "has fired a warning shot across the financial industry's bows with regard to protecting customer data." The FSA fined the U.K. operation of Zurich Insurance £2,275,000 (about $3.5 million) for failing to have adequate systems and controls in place to prevent the loss of customers' confidential information. As Penny reports:
"According to the FSA, the fine is the highest levied to date on a single firm for data security failings. This punishment follows the loss of 46,000 customers' personal details, including identity information and in some cases bank account and credit card information, details about insured assets and security arrangements, through the year-long loss of a backup tape."
It seems odd that in the current high-scrutiny environment any insurance company would take any kind of chance regarding the security of customer information, but clearly operational risk management is a moving target. Read the full article about the FSA's ruling here.