People involved in organised crime are applying for jobs in finance firms so they can commit fraud, the Financial Services Authority (FSA) has warned.
Banks are well-equipped against fraud, while others lag behind
The FSA is urging firms to make tighter checks before taking staff on.
And it also warned that the latest personal organisers and mobile phones can be connected to computers in order to steal corporate secrets.
Its latest report reveals crime groups are also often using companies to commit ID fraud.
Fraudsters get hold of an individual's details, which are used to acquire money, good and services.
The FSA looked at the security systems of 18 High Street banks, insurers, fund management firms and stock brokers.
The firms were chosen to give a cross section of the UK financial services industry.
How the firms dealt with external security threats such as hackers and scam operators was examined in detail.
In addition, firms were quizzed as to how they protected client information and ensure staff are who they say they are.
What employee checks finance firms should undertake
Verify school, university and employment record
Undertake credit and address checks
Check Bank of England terrorist lists
Check for County Court judgements
Random audit recruitment agency staff
Carry out vetting of contractors and overseas employees
Source: Financial Services Authority (FSA)
The report concluded that there was: "evidence that organised crime groups deliberately target financial services firms in order to place staff to commit financial crime, in particular identity theft."
Of particular concern to the report's authors was "poor standards of vetting," particularly when it came to using staff recruited by a contractor or recruitment agency.
One firm reported that a payment clerk had spied on a colleague when he entered his password and used the information to access a client's dormant bank account.
The employee then moved £80,000 from the dormant account into his own, using his colleague's password.
The FSA recommended that firms needed to step up their vetting procedures, including checking school, university and employment history of all employees, even those employed by a contractor.
According to the FSA while some major firms, particularly in the banking sector, are well-equipped to deal with fraudsters, other sectors and small and medium-sized firms are less well prepared.
"Firms should follow a preventative approach rather than reacting to a situation once it has happened which can be costly and damaging to reputation," said Philip Robinson, financial crime sector leader at the FSA.
"Having been the target of criminals in recent times, via the internet and other technologies, the major banks tend to have strong defences in place.
"But there is no room for complacency and criminals will seek to exploit vulnerable points where they can find them, including in other sectors or smaller firms."
A leading IT security group said that it was not surprised that the FSA had found holes in firms' security.
"Companies are focussing their spending on securing systems from external attack via sources such as the internet and are not sufficiently aware of the threat posed by people with internal access," Rob Cotton, chief executive of the NCC group said.
The FSA refused to name the 18 firms it had examined to compile its report, a spokeswoman said that this was due to reasons of confidentiality and to prevent alerting fraudsters to potential security loopholes.