• Skip to primary navigation
  • Skip to main content
  • Skip to footer
The Evolution of ESG RegulationThe Evolution of ESG RegulationThe Evolution of ESG Regulation

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • CUBE's technology
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • RegNews
        • Brochures
        • Find

        • Compliance Corner
        • Compliance confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » FCA admits data breach

January 10, 2022

Estimated reading time: 2 minutes

FCA admits data breach: how can firms ensure they don’t make the same ‘mistake’?

In late February this year, the UK’s Financial Conduct Authority (FCA) issued a statement announcing that it had suffered a data breach.

In late February this year, the UK’s Financial Conduct Authority (FCA) issued a statement announcing that it had suffered a data breach. As the result of a Freedom of Information Act request, published in November 2019, the FCA had allowed the confidential information of 1,600 individual to be exposed and accessible to the general public. The publication of this information, it admitted, was a mistake*. Accordingly, it referred itself to the Information Commissioner’s Office (ICO).

The FCA’s breach was, no doubt, an embarrassing occurrence for a regulator that is responsible for ensuring that financial institutions handle their data in a safe and secure way. In fact, in 2016 the FCA issued Tesco Bank with a £16.4 million fine for failing to store its data securely**.

In the age of GDPR, EU Data Protection Authorities and regulations such as the California Consumer Privacy Act (CCPA), data security is key. In the last year alone, multi-national companies such as Capital One and British Airways have faced record fines from the ICO for data-related failings. British Airways was ordered to pay £183 million to the ICO after the data of 500,000 customers was compromised***. This amounted to almost 1.5% of its global turnover under the new penalty rules introduced by GDPR.

This isn’t just a concern for EU-based firms, GDPR transcends borders and, in some instances, can stretch to protecting EU citizens wherever they may be. Data protection is a global issue.

Regulators are tightening their powers and scrutinizing firms’ data management like never before (even if they fail to adhere to their own rules). The FCA certainly isn’t the first organization to have left data exposed, and undoubtedly it won’t be the last. Financial institutions must be alert to their obligations and implement systems that ensure their data management is watertight.

Firms must automate their compliance systems in order to understand requirements, be alert to when those requirements change, and implement new regulations at pace to avoid falling foul of the regulators. Implementing RegTech will be essential to avoiding crippling fines and the loss of customer trust.

Hear more about the CCPA

 

*Statement on FCA data breach, Financial Conduct Authority, 26 February 2020.

**FCA fines Tesco Bank £16.4m for failures in 2016 cyber attack, Financial Conduct Authority, 1 October 2018.

***Intention to fine British Airways £183.39m under GDPR for data breach, ICO, 8 July 2019.

Related resources
View all resources
Sylvia Yarbough whispers to a colleague about the key to customer complaints
Blogs

Compliance Confessionals – How does a CCO stay organized?

resilience
Blogs

Get ready for new digital resilience obligations

Department of Justice (DOJ) and new regulations
Blogs

The DOJ’s take on corporate criminal enforcement policies

Blogs

Why is a whistleblower policy important? 


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News US
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US