A subsidiary of the giant Capita group has been fined by the Financial Services Authority (FSA) after some of its staff helped to defraud customers.
First fine by the regulator for poor anti-fraud controls
The frauds took place in 2004 at Capita Financial Administrators (CFA) which administers the customer accounts of unit trust companies.
The police are investigating how up to 26 customers lost £328,000 and attempts were made to steal a further £1.55m.
The FSA fined CFA £300,000 and said the frauds were "incredibly serious."
It is the first time that the regulator has fined a firm for having poor anti-fraud controls.
The FSA said it appeared the frauds were being carried out by a small number of colluding CFA staff.
They were assisted by administration checks that were so weak that fraudsters could change the addresses of customers on their accounts, instruct CFA to sell part of their holdings, confirm the sale in writing, and then ask the money to be transferred to a bank account run by the fraudster.
"The weaknesses in systems and controls contributed to the frauds," the FSA said.
"CFA did not ensure that procedures to mitigate fraud risk were adequately implemented and that fraud awareness training was appropriate."
Among the problems that the FSA investigators discovered were:
- A lack of checks to make sure that when clients changed their addresses, their signatures were real. They were then written to at both their old and new address to check the change was genuine, but CFA did not bother to chase up customers who failed to reply.
- A lack of password checks when customers called by phone to buy or sell units in their unit trusts. Instead, only the account number, name, address and date of birth were requested - information of which most was on annual statements that could easily be stolen in the internal or external post.
- An absence of checks on signatures to make sure that if a sell order came in by post, the order was valid. Indeed, CFA did not even keep some of the original signatures.
- An absence of signature checks on sales documents sent to customers to be signed and returned so as to validate a sale.
- A lack of checks on the authenticity of bank accounts to which the money was then transferred.
The FSA's report says security checks at the firm were so poor that it was the customers who first noticed attempts to steal their money.
And if they had not noticed that money was being stolen, there was a good chance the frauds would have gone on undetected.
The lost funds have since been restored by CFA.
The company said it fully accepted the FSA's ruling: "CFA took swift action to ensure that clients suffered no financial loss and undertook a comprehensive review of processes and procedures.
"The company has now changed its management team, improved controls and established a more robust governance structure" it said.
CFA used to be known as City Financial Group, but was bought by Capita in 2002.
The FSA pointed out that the fraud that had been discovered had nothing to do with the wider group.
As of last August, CFA, with headquarters in the City of London, had 126,000 customers whose assets totalled nearly £10bn.