In the rapidly evolving FinTech space, executive-level individuals across various organisations are finding themselves under the microscope. Theta Lake’s Susannah Hammond recently explored the current minefield of accountability.
The CEOs of an American digital retailer, the chief information officer (CIO) of a British bank, and numerous high-ranking staff members in a US bank, all share a common thread. Each of them has faced individual enforcement for non-compliance regarding technology use, some even bordering on misuse.
In October 2022, the U.S. Federal Trade Commission (FTC) sanctioned a company and its CEO for security lapses that left the data of 2.5m clients vulnerable. Despite being made aware of these issues two years prior to the incident, they didn’t address them effectively. Penalties involved not just data erasure and data collection limitations, but also forced the CEO to meet distinct data safety standards given his role in overseeing unlawful activities. The FTC mandate applies to the CEO regardless of his affiliation with the firm, carrying forward to any future role where he handles consumer data.
Fast forward to April 2023, the UK Prudential Regulation Authority imposed a £81,620 fine on the former CIO of a British bank. His failure to oversee the bank’s outsourcing strategies related to a 2018 IT migration project led to this penalty. The financial repercussions extended to the bank as well, facing a hefty £48.7m fine for operational resilience shortcomings in December 2022. The bank had to part with an additional £32.7m for compensation to customers who were negatively affected. The regulator concluded that the CIO’s inadequacies impaired the bank’s operational resilience, leading to considerable disruption.
Read the full article here and Susannah Hammond’s blog on individual accountability here.
