U.K. Bank Fined for Poor Fraud Prevention

The U.K. Financial Services Authority (FSA) has slapped a 350,000-pound (US$693,000) fine on private bank BNP Paribas after weaknesses in its antifraud IT systems and management controls allowed a senior staff member to fraudulently transfer 1.4 million pounds from clients’ accounts.

The senior employee made 13 fraudulent transactions between February 2002 and March 2005, using forged clients’ signatures and instructions and false change-of-address documents.

The FSA found that a flaw in the bank’s IT system had allowed the staff member to evade the normal middle office processes. This meant basic authorization and signatory checks were not carried out on internal cash transfers between different customer accounts.

It also found that the France-based bank’s procedures were not clear about the role of senior management in checking significant transfers before payment, and the bank did not have an effective review process for transactions of more than 10,000 pounds.

The fine—the first against a private bank for antifraud system weaknesses—follows a fine of nearly 1 million pounds imposed on the Nationwide Building Society for security failings after it lost a laptop containing confidential customer data.

FSA Director of Enforcement Margaret Cole said the failures had exposed clients’ accounts to the risk of fraud. “This is unacceptable, particularly with the overall increase in awareness around fraud and client money risks,” she said.

“Senior management must make sure their firms have robust systems and controls to reduce the risk of them being used to commit financial crime. This is a warning to other firms that we are raising our game in this area and expect them to follow suit. We will not hesitate to take action against any firm found wanting.”

No customers suffered financial loss, and BNP Paribas has since taken steps to correct the system failings, the FSA said.

—Tash Shifrin, Computerworld UK