According to  Simon Hill, Head of Legal & Compliance at Certes Networks, this is mostly due to the fact that financial institutions are not only heavily regulated by data privacy requirements, but they are also under mounting pressure to be open to consumers and businesses about how they are protecting their data from potential breaches. 

Additionally, no bank or financial services organisation wants to face the consequences of a data breach. This is demonstrated by the fallout of numerous data breaches in the industry over the years - from Capital One in 2019, to Equifax in 2016 and Tesco Bank in 2017. In the case of the Capital One data breach, a hacker was able to gain access to 100 million Capital One credit card applications and accounts. This included 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. Additionally, an undisclosed number of people's names, addresses, credit scores, credit limits, balances and other information dating back to 2015 was involved, according to the bank and the US Department of Justice.

What’s more, the damages of these data breaches are not only reputational, but also financial. As a result of Equifax’s data breach, the organisation reached an agreement to pay at least $575 million and up to $700 million to compensate those whose personal data was exposed. In 2016 Tesco Bank was fined £16.4 million by the Financial Conduct Authority (FCA) over its "largely avoidable" cyber-attack that saw criminals steal over £2 million from 34 accounts. This clearly shows that these consequences can arise no matter how ‘large’ or ‘small’ a data breach may seem; companies that do not encrypt their data adequately enough to safeguard it will be penalised.

On top of this, the increasing expectations of consumers means that banks and financial institutions are trying to achieve a balancing act: how can they protect data privacy, while at the same time remaining transparent about how data is being protected? However, it doesn’t have to be a trade-off between meeting customer expectations and meeting cyber security compliance requirements. Banks and financial services organisations can utilise technology to the fullest extent while still protecting data and avoiding the unthinkable repercussions of a data breach.

The balancing act 

To achieve this balance, banks and financial services organisations need to take greater measures to control their security posture and assume the entire network is vulnerable to the possibility of a cyber-attack. Robust encryption and controlled security policies should be a central part of an organisation’s cyber security strategy. When stringent policies are generated and deployed, it enables greater insight into applications communicating in and across the networks. New tools are now available to enforce these policies, not only impacting the application’s workload and behaviour, but the overall success of the system access.

Conclusion 

Banks and financial services organisations should not have to worry about keeping data secure and protected when it is entirely possible to do so. Adopting new ways to look at how organisations define policies through micro-segmentation and separating workloads by regulations, is one example of how to keep data more secure. Also, ensuring policies define only those users who have a critical need to see the data limits network vulnerabilities. And lastly, a robust key management system that is automated whereby keys are rotated frequently, can also help to safeguard system access and strengthen the organisation’s security posture.

This week we learnt that two of the UK’s top supermarkets are merging, shaking up grocery shopping for generations to come. The £13 Billion merger between Walmart-owned Asda and Sainsbury’s, which recently bought out Nectar, is set to create a grocery powerhouse that can finally compete against Tesco Stores.

Following the announcement shares rocketed and the public was happy to hear prices would receive a 10% cut as a consequence of the merger. Rpeorts indicate no jobs will be cut, nor will any stores be closed. So what is this merger all about?

Finance Monthly spoke to Dr Naaguesh Appadu, Research Fellow at Cass Business School and member of the Mergers & Acquisitions Research Centre, who comments on Sainsbury's and Asda agreeing to £13bn merger.

Dr Naaguesh Appad said: “This deal is about market share. Neither Sainsbury’s nor Asda can afford to stay quiet. You just have to look at the grocery sector right now: Tesco has acquired Booker and Morrisons supplies products to Amazon. Therefore, it is key to show the leadership in terms of groceries for the Sainsbury’s/Asda merger to happen. It should be noted that they neither company can grow organically, and they don’t have the option of staying away Tesco, from the current market leader.

“This deal with see the consumer win two-fold. First, customers will be able to access more products and second, they’ll enjoy lower prices (execs have stated 10%) on common products due to competition on suppliers. It will be interesting to see how this plays out in terms of competition, now that executives have stated there are no plans to close Sainsbury's or Asda stores.”

This week Tesco finally agreed to a £129 million fine for overstating its profits in 2014, thus avoiding prosecution. This agreement, made by Tesco Stores Ltd. Follows a two-year probe from the SFO. Not only did Tesco suffer majorly from share price hits, but is now also facing a huge fine for its errors. Alex Ktorides, Head of Ethics and Risk Management at Gordon Dadds LLP, here provides Finance Monthly with a specialist overview of the matter, and hints at potential implications for any business missing the mark when it comes to such critical internal vulnerabilities.

Tesco appears this week to have reached a key stage in the financial misstatement scandal that so badly hit its share price and reputation in 2014.

A brief recap. The retailer, in or about September 2014, shocked the financial world when it admitted that it had identified an apparent £250 million overstatement of its profits. The central problem was that it was alleged that Tesco had significantly overstated its profits by supposedly booking rebates (receipts) from suppliers that it had not yet received. A range of regulators became involved as the Tesco share price took a serious hit in the wake of the revelations.

Win Fuel With Kroger Through: Kroger 50 Fuel Points

Misstating profits, as in the Tesco case, can give rise to a number of concurrent investigations in the UK, all involving different investigating and prosecuting authorities with differently sized sticks with which to beat the offending corporate entity and singled out individuals.

First in the firing line (though there is no magical order in reality) are the internal financial directors and external auditors who will likely face serious scrutiny from the Financial Reporting Council (FRC), which has in the past brought investigations in relation to past scandals such as Torex, Cattles and car manufacturer, Rover.

The FRC has a range of powers including fines and sanctions against individuals and the auditing firms.  This will not be a cheap case to defend (FRC investigators invariably outsource forensic accounting investigatory aspects, the costs of which it will seek to recoup) and which may or may not be covered by the terms of professional indemnity insurance depending on the programme carried by the auditor in question.

Secondly will be the SFO investigation. The SFO will not be shy in seeking information and this will include amongst other things extensive disclosure of documents, countless recorded meetings and a range of witness statements and experts’ reports. Not a short process, nor one which is stress free.

The FCA will also be interested in protecting the public. In the instance of alleged misstatement of profits, as in the Tesco case, the ‘public’ are the investors and shareholders buying shares in a listed entity in a major regulated market such as the FTSE 100.

Similar to the ‘soft dollar’ settlements propounded by the SEC in the US, the FCA will look to quickly assess the period during which the share price may have been artificially inflated (or indeed in some cases, deflated) and look to impose or agree a settlement scheme as swiftly as possible. There is precedent to this, as well as the Tesco scheme announced very recently.  In the mid-2000’s the FSA (now FCA) put huge pressure on the IFA sector to agree with Aberdeen Asset Management and others a financial compensation scheme for individual investors miss-sold so-called ‘split-cap’ investment trusts. This was no easy feat for the then Chief of the FSA John Tiner who was (anecdotally) personally calling up the professional indemnity insurers of those advisors involved in a bid to speed up the implementation of the compensation scheme. One imagines that Tesco and its management/insurers will be receiving similar pressure to agree the £85m scheme it has just announced.

Tesco’s Deferred Prosecution Agreement (DPA) – if it is sanctioned in the Southwark Crown Court next week – will be the fourth reached by the SFO. All of the DPAs reached so far have involved very different allegations and conduct (see Rolls Royce for example). The allegations involving Tesco relate to relatively short periods of time and very specific behaviour of alleged accounting errors involving the early booking of receipts from suppliers.

There is one common feature to the DPAs reached so far, and that is that each of the corporates under investigation that have successfully reached DPAs with the SFO have been seen to be cooperating with the investigation. That does appear to be a crucial aspect of the potential for reaching a DPA with the SFO.

So, what to do if an investigation occurs? The first thing is to obtain advice speedily. It may be necessary for legal advice to be obtained by different advisors and professional firms, with individuals quite often having to be separately advised to the corporate entities. A DPA may be the obvious and best solution and these are always predicated on cooperation. Very often in the case of enforcement proceedings or criminal investigations, cooperation is a vital component of reaching agreement and this is only increased significantly with the advent of DPAs. Indeed, in a recent speech, the director of the SFO stated that DPAs are not the ‘new normal’ but rather will only be available where there has been significant cooperation which is meaningful evidence by the corporation in question.

Cooperation can take many forms including but not limited to, the provision of documents (this sounds simple but often in reality these are frequently requested in huge volumes and under tight timescales and in a format that the SFO’s computing experts can easily handle). In the Polly Peck case, revisited on the return of Asil Nadir after some 19 years in the sun of Northern Cyprus, the SFO had recourse to review thousands of documents which were in some cases 20 years old and it was fortunate indeed that they had been retained at all.

DPAs can lead to a swifter conclusion of investigations (which are of course very damaging) and discounts on any penalties. Also, receiving reduced sentencing for those cooperating with the prosecutors may be on the table.

In summary, financial accounting methods and over or understating profit is a business critical issue. The implications – financial penalty, share price collapse, civil compensation schemes, expensive regulatory and criminal investigations, loss of income and in some cases, prison – are as serious as it gets in the corporate world. As Tesco has shown us (and a glance at current cases with both the SFO and FCA shows us that there are many more to come, not least of all such big brands as Barclays, Airbus Group and GlaxoSmithKline) misstating profits is a short term boost towards long term pain. The settlements with the FCA and SFO as a special offer that Tesco will not be looking to repeat.

TalkTalk has acquired the blinkbox Movies business and the Tesco broadband and fixed line voice base from Tesco Plc. The assets have been acquired free of debt and as a single transaction for cash. The announcement comes one day after the beleaguered supermarket revealed plans to close 43 stores and close its staff pension scheme.

On-demand provider of pay content in the UK, blinkbox works across multiple platforms and devices – both inside and outside the home. Its product offering dovetails with that of TalkTalk’s TV platform, which services 1.2 million customers in the UK.

As part of the deal, Adrian Letts, blinkbox CEO and co-founder will join TalkTalk as Managing Director for TV, reporting to Tristia Harrison, Managing Director of TalkTalk’s consumer business.

As part of the same transaction TalkTalk has also acquired Tesco’s broadband and voice base (75,000 broadband and 20,000 voice households). As with the recent acquisition of the Virgin Media National base, customers will be transferred across to the TalkTalk network over the coming months.

“Since launch, TalkTalk TV has demonstrated its popularity with value-seeking customers to become the UK’s fastest growing TV service. We are excited about the opportunity that blinkbox’s platform and technology expertise bring, and which will significantly accelerate the development of our TV platform. The purchase of Tesco’s broadband base is another example of TalkTalk leveraging its national network to grow faster. We are excited about the future of quad-play – fixed phone and broadband, TV and mobile – and this acquisition will help to further drive home our value for money advantage,” said Dido Harding, Chief Executive of TalkTalk.