PJC Journal :: FSA fines BNP Paribas £350,000 for anti-fraud failures

Main Page

Photos

Archive

Enabling ID Fraud

Libertarian Party

This Month

Month Archive

August 2007
July 2007
May 2007

Year Archive

2008
2007

My blog is worth $211,137.96.
How much is your blog worth?

Should you like what you read here at PJC Journal and would like to assist with the running costs associated with this blog, please feel free to donate to its operation.

Recent Visitors

Yokel - Sun 05 Oct 2008 19:49 BST

zappa88 - Fri 19 Sep 2008 20:54 BST

Harry Hook - Wed 03 Sep 2008 01:31 BST

drug_treatment_center - Mon 01 Sep 2008 12:53 BST

IanPJ - Thu 21 Aug 2008 01:55 BST

Main Page » Enabling ID Fraud

Previous:	Banks shift blame for fraud to customers
Next:	PlusNet email accounts raided again.

FSA fines BNP Paribas £350,000 for anti-fraud failures

by IanPJ on Tue 15 May 2007 03:39 BST | Permanent Link | Cosmos

French investment bank BNP Paribas has been fined £350,000 by the UK's Financial Services Authority for systems and control failures at its London-based private banking unit that allowed a senior manager to steal £1.4 million from client accounts.

The employee, who worked at BNP Paribas Private Bank, managed to transfer the cash haul out of client accounts in 13 separate fraudulent transactions between February 2002 and March 2005 using forged signatures and instructions and by falsifying change of address documents.

During its investigation, the FSA found that a flaw in the bank's IT system allowed the senior employee to by-pass normal middle office processes, which meant that basic authorisation and signatory checks were not carried out on internal cash transfers between different customer accounts.

Furthermore, BNPP Private Bank did not have an effective review process for transactions over £10,000 from clients' accounts. The regulator also found that the bank's procedures were not clear about the role of senior management in checking significant transfers prior to payment.

Margaret Cole, FSA director of enforcement, comments: "BNPP Private Bank's failures exposed clients' accounts to the risk of fraud. This is unacceptable particularly with the overall increase in awareness around fraud and client money risks. Senior management must make sure their firms have robust systems and controls to reduce the risk of them being used to commit financial crime."

The bank also failed to improve its procedures for monitoring large transactions or carry out remedial action on a timely basis, says the FSA, despite being aware that some procedures required improvement as a result of an examination of its anti-money laundering systems and controls in August 2002.

The FSA says this is the first time a private bank has been fined for weaknesses in anti-fraud systems but warns that it is "raising its game" against firms with lax controls.

"This is a warning to other firms that we are raising our game in this area and expect them to follow suit. We will not hesitate to take action against any firm found wanting," says Cole. (source)

We are pleased to see the FSA finally finding its teeth and beginning to use them against Banks that allow fraud.

However, we see that this was an internally perpetrated fraud, rather than the more common ‘enabling of fraud’ by releasing or allowing to be released PII (Personally Identifiable Information) into the Internet zone, or even worse the rubbish bins.

We hope that in the future the FSA will be taking similar actions against Banks, Businesses and Public/Government Institutions for the crime of ‘enabling fraud’ in the same way as the internal fraud cases.

Such crimes are covered by The Serious Crime Act which states the following:

a person has been involved in serious crime in England and Wales if he—

has committed a serious offence in a country outside England and Wales

has facilitated the commission by another person of a serious offence in a country outside England and Wales; or
has conducted himself in a way that was likely to facilitate the commission by himself or another person of a serious offence in a country outside England and Wales (whether or not such an offence was committed).

a serious offence in a country outside England and Wales means an offence under the law of a country outside England and Wales which, at the time when the court is considering the application or matter in question would be an offence under the law of England and Wales if committed in or as regards England and Wales.

Therefore, if a Bank or Business is hacked, and that business is found to have inadequate security, or if its actions were negligent and allowed access (which includes dumping data in bins and laptop thefts), either in the UK or overseas, and credit card details or PII is stolen and subsequently used for fraud, then I contest that a crime has been committed, both by the hacker and the business.

These laws are not just for the little people.

If we see the FSA forcing such institutions to starve criminals of their source material, by investing in better security at the back end, we can only see the fraud rates diminish, which in turn will lower the argument for ID Cards of any kind.

Say NO to ID Cards, Say NO to the Database state.