Norwich Union Life fined £1.26m after identity fraud

The FSA said weaknesses in the insurance company's systems allowed fraudsters to use publicly available information including names and dates of birth to impersonate customers and obtain sensitive customer details from its call centres.

In some cases, fraudsters were able to ask for confidential customer records such as addresses and bank account details to be altered and then used the information to request the surrender of 74 customers' policies totalling £3.3m in 2006.

An FSA investigation found that Norwich Union Life had failed to properly assess the risks posed to its business by financial crime and as a result, its customers were more likely to fall victim to such crimes, including identity theft.

Margaret Cole, director of enforcement at the FSA, said: "Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure.

"It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft. This fine is a clear message that the FSA takes information security seriously and requires that firms do so too."

The FSA also discovered that Norwich Union failed to address fraud issues in an appropriate and timely manner even after they were identified by its own compliance department.

But Norwich Union Life has since cooperated with the FSA and police to identify and arrest the fraudsters. It has also carried out a review of its information security processes and reinstated all surrendered policies in full.

The insurance company agreed to settle at the early stage of the FSA's investigation and qualified for a 30% discount under the FSA's executive settlement procedure. Without the discount, the fine would have been £1.8m.

This article was first published on brandrepublic.com