The Financial Services Authority has slapped a £350,000 fine on private bank BNP Paribas after weaknesses in its ant-fraud IT systems and management controls allowed a senior member of staff to fraudulently transfer £1.4m from clients’ accounts.
The senior employee made 13 fraudulent transactions between February 2002 and March 2005, using forged clients' signatures and instructions and false change of address documents.
The FSA found that a flaw in the bank's IT system had allowed the member of staff to evade the normal middle office processes. This meant basic authorisation and signatory checks were not carried out on internal cash transfers between different customer accounts.
It also found that the France-based bank's procedures were not clear about the role of senior management in checking significant transfers before payment and the bank did not have an effective review process for transactions of more than £10,000.
The fine – the first against a private bank for anti-fraud system weaknesses - follows a fine of nearly £1m imposed on the Nationwide building society for security failings after it lost a laptop containing confidential customer data.
FSA director of enforcement Margaret Cole said the failures had exposed clients' accounts to the risk of fraud. “This is unacceptable particularly with the overall increase in awareness around fraud and client money risks,” she said.
“Senior management must make sure their firms have robust systems and controls to reduce the risk of them being used to commit financial crime. This is a warning to other firms that we are raising our game in this area and expect them to follow suit. We will not hesitate to take action against any firm found wanting.”
No customers had suffered financial loss and BNP Paribas had since taken steps to correct the system failings, the FSA said.
Find your next job with computerworld UK jobs