IFA attacks Capita over data protection breach

Capita has been slated for sending an adviser firm's bank account details on e-mail and has been accused of breaching the FSA's requirements on data protection and security.

An e-mail from the Capita Commissions team, who deal with back office administration on Axa Winterthur's SIPP products, was sent to an IFA on January 29. It stated the team had recently introduced a new system which enabled all future adviser remuneration payments to be paid automatically by BACS. Advisers were then asked to confirm their bank details, which were contained within the email.

However, David Brunning, director at Brunning Newman Houghton Ltd, says he is absolutely furious this message was sent as the e-mail contains "everything that your budding fraudster needs to ruin a company".

He says the firm has been treated poorly by a company it trusts as a third party business partner who has just "splashed these details around".

Brunning says he sent a copy of the e-mail to his bank to warn it to watch for any unusual activity. The company has also discussed at board level and with the bank about whether they should change their bank account to prevent any potential fraud problems.

He says the e-mail has caused a lot of stress and hassle and taken up a great amount of time, and adds the risk element of this mistake is huge.

"When you consider the FSA requirements on data protection, data security and TCF requirements, then this is a clear breach of those," he says.

"If we were to do this with one of our private client's details the FSA would go loopy and we would have been lynched and fined."

Brunning says he has complained to Capita, and has received an apology from Axa Winterthur.

"I was told it wasn't an individual mistake and someone had decided these emails could go out without encryption. Axa Winterthur says the company does have encryption systems in place but in this instance it wasn't used," he says.

Brunning claims Axa Winterthur has agreed verbally it would be liable for any costs associated with changing the firm's bank account because of the e-mail.

Peter Thomas, MD Capita SIPS Services, says: "The issues raised in this situation are not straight forward. Capita SIPS services are currently investigating both this case more generally to understand what lessons, if any need to be learned from this."

An Axa spokesperson says: "The incident, while wholly regrettable, was a one-off. An apology has been sent to the IFA, and I am happy to confirm that no other IFA has been affected."