The Financial Services Authority has fined business process outsourcing firm Liberata Financial Services £525,000 for systems and controls failures.
The City watchdog settled its investigation with Liberata for process failures that led to 30,000 policyholders not receiving important financial information. As a result, 161 of those suffered a total loss of £17,500.
The FSA said there had been an "unacceptable risk" that any of the 1.3 million holders of policies processed by Liberata which provides IT services to life and pensions policy firms, including administration and reporting services, may not have received financial information important to investment decisions.
Liberata had acted “recklessly” in failing to heed warnings from its information systems that documents were not being produced, the FSA said.
In order to administer policies, Liberata migrates data about policyholders and their policies from its clients' systems onto its own systems. The FSA's report said Liberata uses a number of automated systems to administer policies, including its principle system called Amarta, which is a bespoke platform developed and maintained by the firm. Amarta automatically produces documents, such as annual statements, to be sent to policyholders and Liberata sends around 6.5 million documents a year using the system.
The system will produce an error message when, for example, there are gaps in data such as a missing address, or a policy holder dies. Staff, then, need to interpret this message, which is usually written in code, and make manual corrections.
But the process failed when the computer system sent out more messages than staff could cope with. The FSA report said Liberata did not provide staff with adequate procedures for how they should deal with error messages. "The firm's procedure was limited to a simplistic written instruction that staff should report error messages to the 'CIC administrator' or 'Amarta Developer Team' for further action. There were no instructions in place to inform staff - including the CIC administrator or the Amarta Developer Team - how they should resolve the errors and training for staff was inadequate."
Margaret Cole, director of enforcement at the FSA, said: “The failings by Liberata were particularly serious because they put policyholders at risk of not receiving important information about their savings and pensions products. This resulted in customers not being treated fairly.
"The fine we have imposed on Liberata acts as a clear signal to firms to ensure that there are appropriate systems and controls around processes and, where there are problems, that such problems are identified and resolved swiftly. Firms which fail to do this should be in no doubt that they run the risk of enforcement action."
The problems occurred between 2005 and 2007. Liberata has since made changes to its senior management and appointed external consultants to help review its document production system, said the regulator.
Liberata said it notified the FSA of data migration failings when they became apparent in March 2007 and consequently implemented a comprehensive review of its systems and controls.
The review “led to changes in the monitoring and management of document production and measures have been introduced to ensure that management information is acted on more effectively in future”.
“An action plan was then implemented in conjunction with clients, ensuring that all policyholders who suffered financial loss were compensated. Where appropriate, payments for distress and inconvenience have also been made,” it added.
In the FSA's recent "Information Security Breaches Survey", the regulator said 52 percent of firms were outsourcing or offshoring, but 31 percent of those deals did not have service level agreements in place.
Find your next job with computerworld UK jobs