Have a UK Unit? Better Make Sure Your “I’s” are Dotted.

Bank Technology News | August, 2010

The UK’s banking regulators last week fined Societe Generale and Zurich in separate incidents involving lax transaction reporting and loosely stored customer data, the latest in a series of penalties handed out of the past few months by British banking watchdogs.

In the case of SocGen, the fine of about $2.2 million from the Financial Services Authority covers a three-year period in which the bank’s London unit failed to submit accurate reports for about 80 percent of its reportable transactions—covering all asset classes.

According to the FSA, the bank failed to report, or inaccurately reported, about 18.8 million of its 23.5 million reportable transactions, even though the regulator sent repeated reminders to all financial firms notifying them of obligations to submit data for reportable transactions by the close of business the day after a trade is executed. The FSA uses the data to search and investigate potential abuses such as insider trading and market manipulation.

SocGen also broke the FSA’s rules by not retaining and having available all relevant transaction reporting data. Financial institutions doing business in Britain are required to store all financial transaction data and make it available to the FSA for five years.

SocGen says it has commissioned a formal review of its processes and received a 30 percent discount on the fine for agreeing to settle at an early stage, bringing it down from about $2.8 million. Other banks recently fined by the FSA for reporting failures include Barclays, Credit Suisse and Commerzbank.

In another case, Zurich was fined just north of $3 million stemming from the loss of a backup data tape with details of more than 46,000 customers.

The tape, which was not encrypted, included information such as bank account and credit card data. The firm’s South African unit lost the tape during a transfer to a data storage center in that country during 2008—but because there was a lack of reporting lines, the FSA says the issue was not discovered by the institution’s UK unit for more than a year.

The agency says Zurich UK failed to take “reasonable care” to ensure systems and control for the South African outsourcing arrangement.

Zurich has commissioned a review of data security systems and has appointed an information security officer. Like SocGen, Zurich UK also took advantage of a 30 percent fine reduction by settling with the FSA early.