Breaking finance and business news, tax information, jobs and more for finance directors and senior finance professionals.

These failings resulted in a number of actual and attempted frauds against Norwich Union Life's customers. Norwich Union Life is one of the UK's largest life insurance businesses with 6.8 million customers in the UK.

The weaknesses in Norwich Union Life's systems and controls allowed fraudsters to use publicly available information including names and dates of birth to impersonate customers and obtain sensitive customer details from its call centres.

In some cases they were able to ask for confidential customer records such as addresses and bank account details to be altered. The fraudsters then used the information to request the surrender of 74 customers' policies totalling £3.3 million in 2006.

Identity theft 

During its investigation, the FSA found that Norwich Union Life had failed to properly assess the risks posed to its business by financial crime, including fraudsters seeking to obtain customers' confidential information. As a result, its customers were more likely to fall victim to financial crimes such as identity theft.

Margaret Cole, director of enforcement, said that Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure.

"It is vital that firms have robust systems and controls in place to make sure that customers' details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft,” Cole added.

Remedial actions 

The FSA said that Norwich Union Life also failed to address the issues, highlighted by the frauds, in an appropriate and timely manner even after they were identified by its own compliance department.

The failings happened at a time of increasing awareness across the UK about the importance of information security.

Norwich Union Life co-operated fully with the FSA in the course of the investigation. It has taken a number of remedial actions including co-operating with the police to identify and arrest the fraudsters and carrying out a review of its information security processes. Norwich Union has reinstated all surrendered policies in full.

Mark Hodges, chief executive of Norwich Union Life, said, "We are sorry that this situation arose and apologised to the affected customers when this happened. We have extensive procedures in place to protect our customers but in this instance weaknesses were exploited and we were the target of organised fraud." 

Norwich Union Life agreed to settle at the early stage of the FSA's investigation and qualified for a 30 per cent discount under the FSA's executive settlement procedure. The fine would have been £1.8 million without the discount.

In the last two years, the FSA has fined BNPP Private Bank £350,000, Nationwide £980,000 and Capita Financial Administrators £300,000 for failings relating to information security lapses and fraud.

Related articles

• FSA bans insurance broker boss
• FSA reputation damaged after Northern Rock
• FSA warns lenders to prepare for the worst

Related links

• Financial Services Authority
• Final notice - Norwich Union Life
• Norwich Union