The UK Financial Services Authority (FSA) has fined
Norwich Union Life £1.26 million (AUD 2.95M) for not having effective systems and
controls in place to protect customers’ confidential information and
manage its financial crime risks. These failings resulted in a number
of actual and attempted frauds against Norwich Union Life’s customers.
The
weaknesses in Norwich Union Life’s systems and controls allowed
fraudsters to use publicly available information including names and
dates of birth to impersonate customers and obtain sensitive customer
details from its call centres. They were also, in some cases able to
ask for confidential customer records such as addresses and bank
account details to be altered. The fraudsters then used the information
to request the surrender of 74 customers’ policies totalling £3.3
million in 2006.
During its investigation, the FSA
found that Norwich Union Life had failed to properly assess the risks
posed to its business by financial crime, including fraudsters seeking
to obtain customers’ confidential information. As a result, its
customers were more likely to fall victim to financial crimes such as
identity theft.
Norwich Union Life also failed to address the issues, highlighted by
the frauds, in an appropriate and timely manner even after they were
identified by its own compliance department.
