The Financial Services Authority (FSA) has fined Mitsui Sumitomo Insurance Company Europe (MSIEu) £3.5 million for serious failings in corporate governance and the implementation of IT controls.

When the London-based subsidiary of Japan’s Mitsui Sumitomo Insurance Company began to expand its services to Europe in 2007, the FSA, following a review of the business, wrote to the company stating that it would need to ensure its systems and controls were improved to identify and address the risks of expanding into European markets.

However, MSIEu and its former executive chairman Yohichi Kumagai were found to have failed in their duties to set up an appropriate management structure and implement the necessary risk controls.

One of its significant failings was that Kumagai did not ensure the effective and timely implementation of a new IT administration system across the firm’s branch offices, which led to the management information available to the board being deficient.

It also meant that processes were put in places at branches to input data manually into various information systems, which created concerns around the quality of data being provided to senior management.

The company set out to implement PAS, an underwriting and claims IT system, in the period between 1 October 2009 and 31 March 2011. The aim was to standardise its business processes across all its branches, as the FSA had identified the implementation of this system in June 2009 as being key to providing management with enough data to oversee and control the growing branch business.

Despite reporting to the FSA in June 2009 that the implementation of the system was imminent, it was still not complete by the end of March 2011.

On 24 August 2009, the company reported to its board that good progress had been made with the implementation of PAS in London, and that it was ready to go live in Germany. However, three months later, the company said that the German branch was finding the implementation cumbersome.

The go-live date for the German branch was then pushed to January 2010, but then an update in July 2010 revealed that the PAS had still not been fully implemented, and the company’s CFO identified a number of issues with the system at the German branch when he visited a month later.

“Despite these difficulties, insufficient steps were taken to ensure that adequate resources, including individuals with sufficient time and adequate IT skills and experience, were devoted to implementation of the PAS system, either at the outset or as difficulties with the system increased,” the FSA report stated.

Kumagai also failed to fill key positions at the company with experienced staff with the necessary skills, for example, he did not hire a chief underwriting officer. This hindered the firm’s ability to control the expansion of the business, the FSA said.

As well as the financial penalty for the company, the FSA has banned Kumagai and fined him £119,303.

Tracey McDermott, acting FSA director of enforcement and financial crime, said: “Kumagai failed to respond adequately to the changing risks facing his business even after they had been pointed out by the FSA.

“The FSA requires firms to have effective corporate governance and controls. They must adapt these appropriately to reflect changes in their risk profile, especially growth into new areas.”

MSIEu and Kumagai agreed to settle at an early stage, therefore benefiting from a 30 percent reduction in fines, from £170,433 and £4.78 million, respectively.