Lack of intra-group outsourcing controls ensnares Equifax

Equifax UK assumed that its American parent's risk management procedures met its own regulatory obligations and neglected proper oversight of the processing of data on its behalf. When a breach occurred, this was compounded by chaotic communications to internal and external stakeholders, along with failures in complaint-handling. The firm was hit by hefty fines from both the financial regulator and the Information Commissioner, reports Denis O'Connor.

Denis O'Connoris a fellow of both the Institute of Chartered Accountants in England & Wales and the Chartered Institute of Securities and Investment. He was a member of the British Bankers' Association Money Laundering Committee from 2003-10 and a member of the Joint Money Laundering Steering Group's board and editorial panel between 2010 and 2016. He has been a frequent speaker at industry conferences on financial crime issues, both in the United Kingdom and abroad.

The Financial Conduct Authority has recently fined Equifax Ltd (Equifax UK) £11 million over outsourcing control failures following a significant security breach of the personal data of its customers, which occurred when the data was being processed by the company's parent organisation (Equifax Inc) in the United States. [1] The hackers could access the names, the dates of birth, some credit card details and the addresses of 13.8m United Kingdom customers.