That is over 3 times last year! Figures released by Wolters Kluwer Financial Services under the Freedom of Information Act found that the FSA has already issued fines worth £941,500 directed at IFAs, during the first half of 2010, which is a significant increase from the £236,676 that IFAs coughed up to the City regulator in 2009.

Last year, IFA fines amounted to just 0.7 per cent of the total penalties. But this has now spiked to 1.5 per cent of total issued in 2010 so far.

Mary Stevens, regulatory editorial UK manger from Wolters Kluwer Financial Services, said: “Even though we are only part way through 2010 the fines percentage is well over double last years’ final total reflecting the FSA’s increased pressure on IFAs as it gears up for the retail distribution review implementation.”

Lee Werrell, CEO of CEI Compliance Consultancy said “The FSA fines are not always a measure of findings as many investigations take a long time to materialise or fizzle out. There is no doubt that S166 activity is increasing, and that is derived from many reasons. Many distributors still stick their head in the sand and pretend that it won’t happen to them but they need to be aware that S166 actions can cost them well into 6 figures for a modest organisation of only a few advisers. Prevention is always cheaper than cure.”

CEI have recently produced a Guide for Senior Managers on S166 Reports and this can be downloaded free from HERE.

With a bitter taste in my mouth I had suddenly come to realise that the consultancy work I was providing for agencies and consultancies, was being charged out for vastly inflated amounts: sometimes up to 200% over and above the rate I was being paid.

My initial thoughts are unprintable and I can see that for very short term jobs, then a premium may have to be charged to cover the initial sales involvement, the administration and the QA function if only using a small number of consultants.

On looking into the figures, realising that a consultant’s daily rate has been driven down by about a third over the last year, I have resolved to champion a better rate for consultants and providing an excellent service for the client at a realistic price.

I have calculated that, compared to some consultancies (not including the big 4) then costs can be cut by about 30% and thus giving an edge to my projects, whilst still using the same consultants who would do the same job for the same clients. The difference is that the consultants would earn a fair daily rate, the client would be paying a better rate and therefore look favourably for further work or alternatively get a longer contract agreement and everyone is happy.

If you want to join me in this development period, which is rapidly taking hold, please contact me by sending your CV and contact details to me at md@cei-compliance-limited.co.uk

If you are a budget holder and looking to engage a consultancy for your company please contact me at the same email address, md@cei-compliance-limited.co.uk , with your requirements.

The standards covered by the PCI Council can be used to help build or augment the security policies and structure for the enterprise, data centres and your customers. This comprehensive set of requirements for security management, policies, procedures, network architecture, software design and other critical protective measures will be used by the wise as a best practices guide to implement and follow.

Although the PCI Council manages the underlying security standards, compliance is set independently by the individual brands. Each brand has its own set of financial penalties per incident, with additional penalties ranging from restrictions to outright loss of use.

A common misconception is that this is an IT issue and best left solely to the technical departments to resolve. In fact, most companies find that this is a multi-discipline exercise best co-ordinated by a risk and compliance function who can then co-ordinate any IT requirements and engagement; governance for policy writing or amendment; operations for current practices and training; HR for new hires security checks; as well as providing feedback to the audit function for reporting to senior management.

In the latest release of PCI DSS is the requirement that all Web-facing applications be protected against known attacks. Also, further consideration is paid to the vulnerability of the application if someone does get access: How much damage can they do? Historically hosting companies over the years have become very good at protecting the networks and the operating systems from attacks, while the applications themselves have been left vulnerable.

Advertising

Three arms of HSBC have been fined over £3m for control failures which potentially left customers’ confidential details open to being lost or stolen.

The Financial Services Authority (FSA) has fined HSBC Life UK £1,610,000, HSBC Actuaries and Consultants £875,000 and HSBC Insurance Brokers £700,000 for not having adequate systems and controls in place.

The fines follow an investigation by the regulator which found that large amounts of unencrypted customer details had been sent via post or courier to third parties.

Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen.

In addition, staff were not given sufficient training on how to identify and manage risks like identity theft, the FSA said.