Norwich Union's failure to make necessary security changes led to huge payout
By Peter Carvill
Norwich Union has been forced to pay out over £4.5m after a Financial Services Authority (FSA) investigation revealed core failings in its security processes leading to over 600 cases of attempted fraud.
The FSA levied a fine of £1.26m against Norwich Union, and the company spent a further £3.3m reimbursing life policies for 74 customers.
The fraudulent cases first came to light in April 2006, and the subsequent investigation highlighted weaknesses in Norwich Union's caller identification system. In the process, the regulator recommended changes in May 2006. However, they were not followed up.
While the criminals' methodology had been identified by the end of July 2006, no changes were made to any of Norwich Union's procedures on the grounds that customer service would suffer.
As the scale of the fraud became apparent, the insurer identified several current and former directors of Norwich Union and its parent company, Aviva, who had been affected. In response, it implemented a four-point plan to combat fraud on these accounts despite knowing that the fraud was not limited to accounts held by directors or past directors of Aviva.
Of 74 policies surrendered to the criminals, just nine of them belonged to Aviva directors.
Peter Chadborn, principal for CBK, said: "It would be fair to say that companies in such a lather do not instil confidence for intermediaries."
Weaknesses in Norwich Union's security procedures led to criminals using information in the public domain to gain access to accounts. Once accessed, bank account details were amended and policies surrendered with the proceeds paid into them. According to the FSA, sensitive information was disclosed in nearly all of the 632 cases of attempted fraud.
David Ross, spokeperson at Norwich Union, said: "We cannot hide the fact that there were failings. We have taken on board what the FSA has said. The reality of the situation was that we were not good enough, despite the fact that our motivations were to make it easier for customers. In making it easier for customers we ultimately made it easier for fraudsters."
In its final notice, the FSA said that Norwich Union had failed to "take reasonable care to ensure it had effective systems and controls in place to enable it to respond in an appropriate and timely manner to the potential and actual risks arising from the series of actual and attempted frauds which occurred in mid-2006".
