Why register?  |  Register  |  Login
Rackspace Managed Hosting
Home > News > Article
 Search

Financial services

FSA urges firms to revise data security

29 April 2008

The Financial Services Authority (FSA) has urged financial firms to change their attitudes on data security, following a review of systems and controls at 39 institutions.

Banks, building societies, insurance companies and financial advisers were included in the review, and the FSA found examples of good practice across the industry. However, it said many firms still underestimate the risk of data loss and fraud to their businesses, and especially their customers.

“Some firms have made progress by adopting good practice while others need to do more in this area to ensure that they are treating their customers fairly,” said Philip Robinson, director of the FSA’s financial crime and intelligence division. “Firms getting data security right is a key priority for the FSA and we expect the industry to raise its standards.”

Among the examples of good practice, the FSA found that financial firms are encrypting laptops and transferring data via secure Internet links to third parties. Companies also mask financial details where they are not necessary for staff to do their jobs, and have a senior manager with overall responsibility for data security.

However, many firms do not proactively check that third-party suppliers vet their employees or have adequate security arrangements in place to prevent unnecessary access to customer data. The FSA found that while many large and medium-sized firms devote adequate resources to data security risk, they place too much emphasis on IT controls and not enough on staff awareness and training or regular risk assessments. In addition, many small firms were wholly reliant on compliance consultants, who did not understand the importance of data security within the firm.

The FSA is plans to address data security risks through ongoing supervision. It is publishing a fact sheet to help senior management at small firms understand their data security responsibilities, and increasing its visits to small firms to review their systems and controls.

If you found this interesting, you may also want to review the following:

Review and add comments to this article:


Add comment:
    Add comment

Review comments:

There are currently no comments on this article