Norwich Union Life in record fine for security breaches

AVIVA, the parent company of Norwich Union, has been fined £1.26m for exposing its customers to the risk of fraud.

The fine, the eighth largest issued by financial regulator the Financial Services Authority (FSA), follows a lengthy investigation into how fraudsters were able to impersonate customers and obtain sensitive details from Norwich Union call centres.

Policies totaling £3.3m were cashed in illegally last year as a result of the security lapse.

The FSA said that during its investigation it found that Norwich Union Life, which has its headquarters in York, had failed to properly assess the risk posed to its business by financial crime, including fraudsters seeking to obtain customers' confidential information.

“As a result its customers were more likely to fall victim to financial crimes such as identity theft,” it said in a statement.

Norwich Union Life was also accused of failing to address the issues swiftly after discovery.

In response Norwich Union, which co-operated fully with the FSA in return for a 30% discount on the fine, admitted that weaknesses in its internal controls had meant that 74 policies were fraudulently cashed in and 558 other policies placed at risk.

Mark Hodges, Norwich Union chief executive, said that customers could be assured that the insurer had taken the matter “extremely seriously” and that systems and controls had been reviewed.

“All of our seven million customers are protected by our promise that they will be fully reimbursed and will get help and support if they are innocent victims of fraud,” he added.

Although the penalty is significantly behind the £17m levied by the FSA against oil giant Shell it is the largest penalty to date for an information security failure.