Chris Skinner's blog

Shaping the future of finance

FSA’s data hypocrisy

Chris Skinner Author Avatar
by

I had a fascinating conversation with a group of information security professionals yesterday. 

We
were talking around the issues of data leakage and covered a wide
variety of subjects from accidental leakage to deliberate theft, from
human frailties to ISO27001 standards, from the challenges of ensuring
users find it easy to get the information they need to the issue of
blocking unauthorised access and implementing layers of security, and
so on.   To be honest, we could have debated for days rather than an
hour and a half.

During the conversation, there was one moment that really surprised me.   

One
of the banks had been severely beaten up by the UK’s regulator, the
Financial Services Authority (FSA), over their lackadaisical approach
to data security.  As a result, this firm has really tightened up their
policies.  They don't allow any laptops or systems on or off the
premises without security checks, all PC's and laptops have their USB
ports blocked to stop any data leakage through memory sticks, and all
email is sent using secure servers and high levels of encryption.

The
email systems they use, in fact, are based upon PGPU, the PGP Universal
Gateway.  If you're not familiar with PGPU here's the write up from
their website:

"Unprotected
email poses a critical risk to an enterprise’s most sensitive data:
customer information, financial data, trade secrets, and other
proprietary information. Exposure of this information can result in
financial loss, legal ramifications, and brand damage.  PGP Universal
Gateway Email provides centrally managed, standards-based email
encryption to secure email communications with customers and partners.
By encrypting data at the gateway, PGP Universal Gateway Email ensures
data is protected from unauthorized access in transit over the public
Internet and at rest on a recipient’s mail server. With PGP Universal
Gateway Email, organizations can minimize the risk of a data breach and
comply with partner and regulatory mandates for information security
and privacy."

Excellent. 

After all, the biggest exposure for data loss is surely as you move files of information around between organisations?

Trouble
is that the FSA cannot receive PGPU emails because their systems aren't
up-to-date enough to allow such emails through their internal mail
servers. 

So the bank set up a bank-hosted secure server
which could hold their FSA directed emails.  The idea being that FSA
staff could access the bank’s server to download emails.  However, that
didn't work because the FSA's firewall blocked staff from accessing the
bank's secure server!

I thought this couldn't be true, but the story was backed up by other banks in the room who use PGPU encrypted email systems.

In
other words, the FSA beats up these banks about their tardy internal
data security standards, so the banks overhaul everything to conform
and kowtow, only to find they can't tell the FSA about what they've
done because the FSA is unable to communicate with their newly secure
bank servers.

Smacks a bit of regulatory hypocrisy if you ask
me.  Mind you, with so many data leaks from government departments, is
it that surprising?

Maybe the FSA should give themselves a fine.

RegulationCategories
Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Chris Skinner’s ‘Digital For Good’ Book Launch Event – CFTE

Top 50 Global Thought Leaders and Influencers on FinTech 2023

Chris Skinner
Commentator, CEO of The Finanser and best-selling author at The Finanser

Thinkers360 Thought Leader

Contact Me

Global Awards

Lifetime Achievement Award

Global 100 - 2024 Winner

Chris Skinner - Financial Markets Advisor of the Year - The Finanser - UK 2023

Best Financial Markets Advisor of the Year 2023

30 Best Regtech Blogs and Websites 2023

Kids creating the future bank | TEDxAthens

Captain Cake and the Candy Crew

Captain Cake Winner of a Golden Mom’s Choice Award

TWO-TIME WINNER OF A MOM’S CHOICE GOLD AWARD!

Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser