Financial Services Authority building
The FSA aims to "pierce the corporate veil" at retail banks

FSA threatens executives with fines

Senior management to be held accountable for security lapses at banks

Written by Tom Young

Computing, 09 Oct 2008

Board-level executives found responsible for information security lapses in retail banks are to be personally fined as part of a new drive to “pierce the corporate veil”.

The Financial Services Authority (FSA) is concerned that corporate fines are not incentive enough for banks to take adequate measures to protect customers’ information and wants to drive best practice by ensuring executives personally oversee security programmes.

The move is a key part of ensuring security compliance, according to Bill Sillett, manager of the retail department at the FSA.

“Protecting personal data is essential to reduce the level of financial crime,” he said. “This is a big shift in how we operate. There will be more fines for senior individuals in the future.”

The FSA regulates banks’ compliance with the Data Protection Act and the Financial Services and Markets Act, both of which contain legal obligations for banks to safeguard customers’ financial information.

The regulator is concerned that banks place too much emphasis on IT security as part of a cost-benefit risk analysis.

“With some large firms even if we fine them £20m it won’t have much of an impact ­ we hope targeting senior management will help solve that problem,” said Sillett.

The FSA has not yet levied any major fines on individuals, but will commit more resources to doing so in such cases in the future.

Sillett said the level of senior management to be targeted will depend on the case, but the FSA wants to avoid executives palming off overall security responsibilities onto the IT department.

Chief executives, compliance officers and board-level IT directors could all be held responsible.

The obligation of senior management for data protection issues is not a completely novel idea, according to Stewart Room, barrister with law firm Field Fisher Waterhouse.

“Directors and senior management are liable if a firm doesn’t comply with an enforcement notice from the Information Commissioner’s Office,” he said. “Regulators need to make sure they inflict real pain to ensure compliance.”

reader comments

related articles

Richard Thomas

Privacy watchdog to get new powers

Office will be given ability to spot check central government 22 Apr 2008

 

EU commits to finalise climate change legislation within the year

Leaders agree to a timeline that will see 2020 target to cut emissions by 20 per cent formally adopted next March, and threaten protectionist measures if post-Kyoto negotiations fail 14 Mar 2008

M&S rapped for Data Protection breach

This is not just data loss – this is your data loss 28 Jan 2008

Communications

Intelligence agencies ignore security powers

Law requiring companies to hand over encryption keys not yet used by intelligence services 31 Jul 2008

related whitepapers

today's top stories

Communications

Nine priorities for 2009

Computing editor Bryan Glick looks at the workplace trends, policy issues, business drivers and technological developments that are most likely to influence IT agendas in the year ahead 07 Jan 2009

Software

Panning for data gold - a guide to information management

Progressive IT chiefs are teaming up with business leaders to provide users with compelling new ways to sift through and make sense of corporate data 06 Jan 2009

Communications

Review 2008: Top 10 most-read stories of the year

We reveal the 10 articles from 2008 that you read more than any others on Computing.co.uk during the year 02 Jan 2009

BackBytes

Flash teddy

A reader who didn't sign his name sent us a very useful compendium of amusing USB drives, from which we take this... 06 Jan 2009

Using business process management to thrive through the downturn

Our panel of experts discuss how to bridge the IT-business gap 06 Jan 2009

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Should the government cut costs by scrapping major IT projects?

Should the government cut costs by scrapping major IT projects?

Tell us what you think

Previous poll results

> More polls

Latest audio and video articles

Podcast imageAudio

Computing podcast - the highlights of 2008

The Computing team pick their personal favourites of the year 18 Dec 2008

Xperia X1Video

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1 12 Dec 2008

> More audio and video

Latest in-depth articles

panning for data goldFeatures

Panning for data gold - a guide to information management

Progressive IT chiefs are teaming up with business leaders to provide users with compelling new ways to sift through and make sense of corporate data 06 Jan 2009

Microsoft-YahooAnalysis

The stories that failed to materialise in 2008

vnunet.com looks at the events that were set to unfold this year but never did, and the likelihood that they will occur in 2009 02 Jan 2009

> More in depth articles

Advertisement

Primary Navigation