Financial Services Authority building
The FSA aims to "pierce the corporate veil" at retail banks

FSA threatens executives with fines

Senior management to be held accountable for security lapses at banks

Written by Tom Young

Computing, 09 Oct 2008

Board-level executives found responsible for information security lapses in retail banks are to be personally fined as part of a new drive to “pierce the corporate veil”.

The Financial Services Authority (FSA) is concerned that corporate fines are not incentive enough for banks to take adequate measures to protect customers’ information and wants to drive best practice by ensuring executives personally oversee security programmes.

The move is a key part of ensuring security compliance, according to Bill Sillett, manager of the retail department at the FSA.

“Protecting personal data is essential to reduce the level of financial crime,” he said. “This is a big shift in how we operate. There will be more fines for senior individuals in the future.”

The FSA regulates banks’ compliance with the Data Protection Act and the Financial Services and Markets Act, both of which contain legal obligations for banks to safeguard customers’ financial information.

The regulator is concerned that banks place too much emphasis on IT security as part of a cost-benefit risk analysis.

“With some large firms even if we fine them £20m it won’t have much of an impact ­ we hope targeting senior management will help solve that problem,” said Sillett.

The FSA has not yet levied any major fines on individuals, but will commit more resources to doing so in such cases in the future.

Sillett said the level of senior management to be targeted will depend on the case, but the FSA wants to avoid executives palming off overall security responsibilities onto the IT department.

Chief executives, compliance officers and board-level IT directors could all be held responsible.

The obligation of senior management for data protection issues is not a completely novel idea, according to Stewart Room, barrister with law firm Field Fisher Waterhouse.

“Directors and senior management are liable if a firm doesn’t comply with an enforcement notice from the Information Commissioner’s Office,” he said. “Regulators need to make sure they inflict real pain to ensure compliance.”

reader comments

related articles

Richard Thomas

Privacy watchdog to get new powers

Office will be given ability to spot check central government 22 Apr 2008

 

EU commits to finalise climate change legislation within the year

Leaders agree to a timeline that will see 2020 target to cut emissions by 20 per cent formally adopted next March, and threaten protectionist measures if post-Kyoto negotiations fail 14 Mar 2008

M&S rapped for Data Protection breach

This is not just data loss – this is your data loss 28 Jan 2008

MPs make calls for stronger data controls

High profile incidents such as that at HMRC have lead to calls for stronger data legislation 03 Jan 2008

related whitepapers

today's top stories

Management

Solid as a rock

From power cuts in Nigeria to severe server congestion in Lancashire, Lisa Kelly reports on the potential hazards facing three very different organisations and the steps they have taken to ensure their operations are robust enough to withstand them 02 Dec 2008

Security

Technology and privacy

Watch the final video in a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 02 Dec 2008

Management

IT staff desperate to keep their jobs

Most would work longer hours for less pay 02 Dec 2008

Software

VMware View 3 enhances virtual desktops

Virtual clients now take up less storage space and can be 'checked out' to a laptop 02 Dec 2008

Security

Technology and privacy

Watch part one of a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 01 Dec 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will the terrorist attacks in Mumbai affect your offshoring plans?

Will the terrorist attacks in Mumbai affect your offshoring plans?

Is India becoming a risky destination?

Previous poll results

> More polls

Latest audio and video articles

Padlocked CDVideo

Technology and privacy

Watch the final video in a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 02 Dec 2008

Podcast imageAudio

Computing podcast - Standard Life's offshoring plans; and the prospects for government IT

The insurance giant outlines its new outsourcing strategy; and we ask if the government's economic bailout will affect its IT plans 28 Nov 2008

> More audio and video

Latest in-depth articles

Parcel being packedFeatures

Case study: eSpares and business continuity

Online electricals business has managed to decrease its downtime 02 Dec 2008

Royal Blackburn HospitalFeatures

NHS trust recovers from server overdose

Virtualisation technology breathed new life into East Lancashire's cost-intensive system 02 Dec 2008

> More in depth articles

Advertisement

Primary Navigation