Thursday 22 – Friday 23 August 2013
Recently, I had cause to get in touch with a very large and very global corporation regarding their audit of a financial institution in which I have a stake. I contacted them first via telephone and was promptly directed to the voicemail of the analyst in charge of the audit. As one does, I left a message requesting that he call me back at his earliest convenience, as I had concerns about part of the process. After a few days, I still had not received a call back, so I included a letter, outlining my concerns with part of the audit process, with an amended page of the information the analyst required for the audit. It should be noted here that the analyst provided his contact details in the event that someone may wish to contact him regarding the audit, so I didn’t just randomly and in an uninvited manner, contact him.
Now, approximately two and a half, possibly three weeks later, I’m still waiting for a reply to either the phone call or the letter. Yep, a global company that has offices all across Australia has ignored the concerns that I raised regarding their auditing process, despite the analyst providing contact details for anyone who needed to speak with him.
So what, you ask, could have me so up in arms about a routine audit of a financial institution? Well, it’s not the fact that an audit took place because, having worked in a business where stock takes and audits occurred, I fully understand the purpose of said audit. I appreciate that audits are undertaken in order to protect clients of financial institutions from dodgy business practices. I’m totally happy that there is accountability in the financial world, because I sure as shit don’t want my financial institution misappropriating and embezzling my funds that I’ve worked my arse off to save. What I did find terribly concerning was the manner in which this global company of auditors and analysts sought to ascertain the information they required of me in order to complete their audit of my financial institution.
Y’see, this large, global company expected me to put my signature, which at my financial institution is essentially the equivalent of a PIN, on a letter that contained my name, address, bank account number, and total amount of money I have in that institution, and post it off to the auditor. Now, I’m sure that the other randomly selected clients of said financial institution did exactly what was required of them by this large and global auditing company, but there was no way in Hades that I was going to oblige, and here’s my argument . . .
In this day and age, experts are constantly telling us that we should not provide our banking details to anyone. Correct? And here’s a global company that specialises in auditing financial institutions and other large companies, insisting that I do exactly that: send a signed letter to them which contains enough information that some person of ill repute needs to create a false identity based around me or anyone else who was silly enough to follow the request of the auditor. Think about it . . . if I had sent that letter with all that information via post (or any other manner of sending information), any dubious person who intercepts it could, conceivably, have a driver’s licence, passport, Medicare card, or whatever other identification document they wanted made up in my name. They then could have taken themselves and false documents to say, a bank in the city and, for argument’s sake, got a million dollar loan in my name.
It’s not as far fetched as it might sound. We all know that not every employee of a company will undertake every security protocol when dealing with people they don’t know. How many times, when it was still a common thing to do, have you signed for a credit card purchase and the shop assistant hasn’t matched your signature on the receipt with the signature on the back of your card? It’s a common occurrence. So, what makes people think that an employee of a financial institution is going to satisfy every security protocol? People take short cuts, especially if they think that the person they are dealing with looks trustworthy (admit it, looks do play a big part in how trustworthy you think someone might be), or they ‘seem nice’ (we’ve all heard that, especially when neighbours are discovered to have been the serial killer or rapist that the authorities have been tracking), or they appear to be in a hurry.
And here is a huge company that decides the best way to ascertain whether a client of a financial institution is concerned with how said institution is handling their money, is to have the client send essentially all of their banking details, via post, to that auditor. They displayed no concern for security, no interest in the fact that identity theft is almost commonplace these days, or that one of these clients had issues with their process. Yep, I’m still waiting for that phone call, or the letter, or a tweet back. Sick and tired of waiting for a response, I decided to tweet the Australian branch of the company and, as with the phone call and letter, I have not received a response.
Why would you run a business like that? Surely, they’re aware of the impact one annoyed person can have on their company via Social Media . . . surely they can’t afford bad press.
If you’re wondering how I chose to respond to this company, I redacted the standard form letter that contained all of my banking details, and returned it with the scathing letter on the business practices of this company as I saw them. I’m figuring that I either made my point abundantly clear, or the analyst in question didn’t give a rat’s arse about my concerns. As a side note, I did manage to track that particular analyst down via his Social Media profiles and he doesn’t come across as a very nice young man, engaging in what I’d consider a lil bit of trolling of a couple of sporting teams, and some terribly rude Facebook updates. I’m all for your Social Media profiles being personal and private, but I think if you’re silly enough to advertise your place of employment quite prominently and proudly in your bio, you should probably be a lil bit more careful with regards to what you choose to post on SoMe.
I’d love to name and shame this particular analyst and the company he works for, however, I do have standards of my own, and I will not be labelled libellous, slanderous, or defamatory because this company can’t respond to the concerns of the people they are supposed to be protecting with their audits. But seriously, in this day and age where we are all encouraged to be vigilant about the information we give out, and to whom we give it out to, a global company should not be expecting me to provide them with my banking details even if they are conducting an audit of a financial institution. After all, I can’t vouch for the character of anyone who works for that auditing company, can I?