FSA fines BNP Paribas £350,000 for anti-fraud failures

French investment
BNP Paribas has been fined £350,000 by the UK's Financial Services Authority for systems
and control failures at its London-based private banking unit that allowed a
senior manager to steal £1.4 million from client accounts.

The employee, who worked at BNP Paribas
Private Bank, managed to transfer the cash haul out of client accounts in 13
separate fraudulent transactions between February 2002 and March 2005 using
forged signatures and instructions and by falsifying change of address documents.

During its investigation, the FSA found that a flaw in the bank's IT system
allowed the senior employee to by-pass normal middle office processes, which
meant that basic authorisation and signatory checks were not carried out on
internal cash transfers between different customer accounts.

Furthermore, BNPP Private Bank did not have an effective review process for
transactions over £10,000 from clients' accounts. The regulator also found that
the bank's procedures were not clear about the role of senior management in
checking significant transfers prior to payment.

Margaret Cole, FSA director of enforcement, comments: “BNPP Private
Bank's failures exposed clients' accounts to the risk of fraud. This is
unacceptable particularly with the overall increase in awareness around fraud
and client money risks. Senior management must make sure their firms have
robust systems and controls to reduce the risk of them being used to commit
financial crime.”

The bank also failed to improve its procedures for monitoring large
transactions or carry out remedial action on a timely basis, says the FSA,
despite being aware that some procedures required improvement as a result of an
examination of its anti-money laundering systems and controls in August 2002.

The FSA says this is the first time a private bank has been fined for
weaknesses in anti-fraud systems but warns that it is “raising its
game” against firms with lax controls.

“This is a warning to other firms that we are raising our game in this
area and expect them to follow suit. We will not hesitate to take action
against any firm found wanting,” says Cole. (source)


We are pleased to see the FSA finally finding its teeth and
beginning to use them against Banks that allow fraud.

However, we see that this was an internally perpetrated
fraud, rather than the more common ‘enabling of fraud’ by releasing or allowing
to be released PII (Personally Identifiable
Information) into the Internet zone, or even worse the rubbish bins. 

We hope that in the future the FSA will be taking similar
actions against Banks, Businesses and Public/Government Institutions for the
crime of ‘enabling fraud’ in the same way as the internal fraud cases. 

Such crimes are covered by The Serious Crime Act which states the

a person
has been involved in serious crime in
England and Wales if he—

  • has committed a serious offence
    in a country outside
    England and Wales
  • has facilitated the commission
    by another person of a serious offence in a country outside
    England and Wales; or
  • has conducted himself in a way
    that was likely to facilitate the commission by himself or another person
    of a serious offence in a country outside
    England and Wales (whether or not such an
    offence was committed). 

a serious
offence in a country outside
England and Wales means an offence under the law of a
country outside
England and Wales which, at the time when the court
is considering the application or matter in question would be an offence under
the law of
England and Wales if committed in or as regards England and Wales.

Therefore, if a Bank or Business is hacked, and that
business is found to have inadequate security, or if its actions were negligent
and allowed access (which includes dumping data in bins and laptop thefts), either
in the UK or overseas, and credit card details or PII
is stolen and subsequently used for fraud, then I contest that a crime has been
committed, both by the hacker and the business.

These laws are not just for the little people. 

If we see the FSA forcing such institutions to starve
criminals of their source material, by investing in better security at the back
end, we can only see the fraud rates diminish, which in turn will lower the
argument for ID Cards of any kind.


Say NO to ID Cards, Say NO to the Database state.



About IanPJ

Ian Parker-Joseph, former Leader of the Libertarian Party UK, who currently heads PDPS Internet Hosting and the Personal Deed Poll Services company, has been an IT industry professional for over 20 years, providing Business Consulting, Programme and Project Management, specialising in the recovery of Projects that have failed in a process driven world. Ian’s experience is not limited to the UK, and he has successfully delivered projects in the Middle East, Africa, US, Russia, Poland, France and Germany. Working within different cultures, Ian has occupied high profile roles within multi-nationals such as Nortel and Cable & Wireless. These experiences have given Ian an excellent insight into world events, and the way that they can shape our own national future. His extensive overseas experiences have made him all too aware of how the UK interacts with its near neighbours, its place in the Commonwealth, and how our nation fits into the wider world. He is determined to rebuild many of the friendships and commercial relationships with other nations that have been sadly neglected over the years, and would like to see greater energy and food security in these countries, for the benefit of all. Ian is a vocal advocate of small government, individual freedom, low taxation and a minimum of regulation. Ian believes deeply and passionately in freedom and independence in all areas of life, and is now bringing his professional experiences to bear in the world of politics.
This entry was posted in Enabling ID Fraud. Bookmark the permalink.