It is never pleasant when your house is broken into, but it must be a downright hassle when the thing that is stolen is a laptop that happens to contain rather a lot of confidential client information for your firm. Unfortunately, for a Nationwide Building Society employee that is exactly what happened last year. Even more unfortunately for Nationwide, this lapse cost the firm an eye-watering £980,000.
The Financial Services Authority (FSA) slapped the fine on Nationwide when it discovered the building society had no idea that the laptop contained confidential customer information and failed to launch an investigation into the theft until three weeks later. Following its investigation, the FSA decided Nationwide ‘did not have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime’.
With continual warnings everywhere in the media about the risk of identity theft, the FSA has not looked kindly on Nationwide’s security breach, especially following the regulator’s own campaign on the importance of information security. The debacle has brought security and the cost of losing confidential information firmly to the forefront of the financial industry. It brings to light that many people now work from laptops outside their business and anyone could be vulnerable to having it stolen or lost.
A wake up call
David Hollingworth, mortgage specialist for London & Country, says the fine is a wake up call to all brokers. “You have to have precautions in place to stop people getting hold of very sensitive information and make systems as secure as possible. It’s not something that you can become blasé about. Brokers don’t need to carry all the ins and outs of their client bank with them and you have to think about what systems you have in place to prevent the loss of that information. Everyone can learn from this. Intermediaries shouldn’t ignore this situation simply because Nationwide is a seemingly huge institution.”
While Nationwide has 11 million customers, Rob Griffiths, associate director of the Association of Mortgage Intermediaries, backs the point that small firms should take security issues just as seriously as large lenders. “It is important client information that brokers hold, not only for clients, but their firm. Information taken off-site should be kept secure.”
Griffiths adds the back up of all information is vital for any business. “If brokers have paper-based files, they should back these up on their server and vice versa. If something goes wrong, they have a back up either way. It’s common sense really.”
However, not everyone feels that the FSA was justified in fining Nationwide so much. Thomas Reeh, chief executive of blackandwhite.co.uk, says: “I was surprised by the severity of the punishment. We live in a society where stuff like this happens. What are the chances of the thief using the data, even if they could get into it? I’d be very surprised if it wasn’t password protected. Our brokers work all over the country and deal with a lot of non-conforming customers. Typically, they are in the worst areas. It does worry me, but we take the best precautions possible.”
Reeh adds that a fine like Nationwide’s makes everyone question whether their security procedures are good enough, but that only so much can be done in light of changing work patterns. “Everyone has laptops these days, as you have to have a mobile office. Laptops are popular things to steal and Blackberrys pose just as much risk.”
Early settlement
Though the fine can be seen as excessive, the amount was actually reduced by 30 per cent from £1.4 million, because Nationwide agreed to settle with the FSA at an early stage. Robin Gordon-Walker, spokesman for the FSA, says the size of the fine is determined by various factors, including the degree of wrong doing, the size of the firm and the firm’s ability to pay. The fines go towards reducing the regulatory fees of financial firms classed in the same bracket in the forthcoming year.
Whatever the arguments against the fine, the FSA stands by the precedent it has set. Gordon-Walker states: “The fine is very much a statement to the industry. Any firm that has and keeps information on clients must take extreme care. It’s a message to all firms. What Nationwide did was more than a mistake.”
Nationwide has paid the price for its security lapses and the financial industry should take note. Every lender and broker should now be asking how secure their own client information is, both in and out of the office. This has shown how important it is for firms to know exactly what information they carry with them at all times, as the consequences of losing it could be very severe indeed.
