Norwich Union Life, the Aviva-owned assurance company, has been rapped and fined £1.26m by the Financial Services Authority (FSA) for exposing its customers to the risk of fraud. The authority says it “let down its customers” by not having effective systems and controls in place to protect confidential information.
The FSA has found that Norwich Union Life had failed to properly assess the risks posed to its business by financial crime, including fraudsters seeking to obtain customers’ confidential information. As a result, its customers were more likely to fall victim to crimes such as identity theft.
It says the failings resulted in “a number of” actual and attempted frauds against Norwich Union Life’s customers. The weaknesses in its systems and controls allowed fraudsters to use publicly available information including names and dates of birth to impersonate customers and obtain sensitive customer details from its call centres.
In some cases they were able to ask for confidential customer records such as addresses and bank account details to be altered. Information was used to request the surrender of 74 customers’ policies, totalling £3.3m, last year.
FSA director of enforcement Margaret Cole says: “Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure.”
She adds that the failings happened at a time of increasing awareness across the UK about the importance of information security.
The FSA says Norwich Union Life has taken “remedial actions” including co-operating with the police to identify the fraudsters and reviewing its information security processes.