Categories
Blog

Protecting Personal Data in the Banking Industry: Lessons from the Farage Controversy

Today I want to consider a burgeoning imbroglio in the UK involving Nigel Farage. While you might not think of Farage as a candidate for the FCPA Compliance Blog, it turns out that his current banking situation has some very interesting data privacy issues, shedding light on the data protection risks faced by banks and the importance of compliance with GDPR regulations. So in this blog post, we will explore the lessons learned from this incident and provide practical advice for financial institutions to ensure the security and privacy of customer information.

The recent episode surrounding Nigel Farage’s banking situation has sparked concerns about data protection and compliance within the banking industry. Farage, a prominent figure in the Brexit movement, had his bank account with Coutts, a high-end bank owned by NatWest, closed and was offered an account with another associated bank. The alleged reason was that he did not have a high enough net worth to merit the account with Coutts. It turned out the real reason was his right-wing politics, particularly around leading the charge for Brexit.

NatWest then compounded its problem by leaking a story to the BBC, that Farage had been dropped because, as reported in the Guardian, the CEO of NatWest, Dame Alison Rose had been the source of the leak to the BBC of this false information. All of this raised concerns about a potential data breach. Coutts had closed his account after lengthy discussions over the reputational risk that his political views posed for the bank.

Rose tried to apologize to Farage but as the New York Times reported, “The apology and a promise to review the bank’s policies were not enough to ease the pressure on Ms. Rose. Reports late Tuesday that the government, which has a 39 percent stake in the bank, was “significantly concerned” about Ms. Rose’s leadership seemed to seal her fate. Before dawn, the bank announced her immediate departure” in late July. Peter Flavel, the boss of its private bank, Coutts was also sent packing.

From the regulatory, data privacy and GDPR responses, NatWest is in severe trouble. Not only had the Bank violated its own data privacy regulations in providing the information to the now former CEO but it also released that same information to the BBC. The consequences of non-compliance with GDPR regulations can be severe, particularly in regulated industries like financial services. Banks may face potential violations and internal policy breaches, which could lead to legal action and impact their banking license and fit and proper provisions. CEOs can be held liable for consent and connivance in data protection cases, emphasizing the importance of understanding data protection laws and potential criminal offenses associated with them.

The controversy surrounding Nigel Farage’s banking situation serves as a wake-up call for the banking industry to prioritize data protection and compliance. Financial institutions cannot afford to overlook these issues, as the consequences in the era of GDPR can be significant. It is crucial to establish proper policies and procedures, provide training and education for top-level management, and ensure a compliance culture is embedded throughout the organization.

There are multiple lessons to be learned from this controversy and several key takeaways that can help banks navigate the complexities of data protection and compliance:

1.Be cautious with written communication: The incident underscores the importance of being mindful of what is written in emails, as subject access requests can expose them. Consider whether a controversial email would be better discussed through a phone call or read aloud before sending.

2. Learn from previous compliance issues: NatWest had previous issues with data protection compliance, leading to the resignation of CEO Dame Allison Rose. This highlights the need for organizations to build a compliance culture at all levels, including those in top positions.

3. Allocate resources for subject access requests: The bank’s CFO has provided extra resources to handle subject access requests, as the cost of non-compliance is usually higher than the cost of compliance. It is estimated that it takes a six-figure sum for a bank to respond to a subject access request.

4. Scrutinize politically exposed persons and connections to Russian individuals: Financial institutions have an obligation to carefully scrutinize politically exposed persons and individuals with connections to Russian individuals. Balancing legitimate activities with obeying the law is crucial.

This affair provides valuable insights into the importance of data protection and compliance in the banking industry. The Farage controversy serves as a reminder that the security and privacy of customer information should be paramount for financial institutions. By learning from past incidents, allocating resources for subject access requests, and adhering to GDPR obligations, banks can safeguard their reputation, avoid legal repercussions, and build trust with their customers.

Categories
Life with GDPR

Life With GDPR: Banking’s Data Dilemma – Farage’s Account Closure & the Risks of Data Breach

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. The recent controversy surrounding Nigel Farage’s banking situation highlights the risks and compliance challenges faced by the banking industry in relation to data protection.

In this episode, Tom and Jonathan discuss the closure of Farage’s bank account with Coutts, a high-end bank owned by NatWest, and the potential data breach that ensued. They discuss the risks of internal emails being exposed through subject access requests (SARs) and emphasize the importance of caution in email communication. The conversation also explores the cost and consequences of non-compliance with GDPR obligations, particularly in relation to SARs. The potential legal implications for banks that violate their own policies or delete data that should be provided in response to a SAR are highlighted. Overall, the episode underscores the need for banks to prioritize data protection, compliance, and proper decision-making in the financial industry.

 Key Takeaways:

·      Nigel Farage’s Banking Controversy

·      Data Protection Risks in Banking

·      The Cost and Consequences of Subject Access Requests

·      Serious concerns about data protection and access to banking

 Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn