HSBC subsidiaries have been fined a total of £3m for failing to protect their customers' personal data.
The FSA says the firms' failings led to sensitive customer data being lost in the post on two occasions.
HSBC Life Limited received the biggest fine at £1,610,000, while HSBC Actuaries and Consultants Limited and HSBC Insurance Brokers Limited were fined £875,000 and £700,000 respectively.
When investigating security systems and controls, the FSA found large amounts of customer data was being sent in an unencrypted format via post a courier to third parties.
Confidential files were also left on open shelves and kept in unlocked cabinets where they could be easily stolen.
HSBC Actuaries lost floppy disks containing the information of 1,917 pension scheme members in April 2007.
HSBC Group Insurance's compliance team ordered more robust data security be put in place after the incident, but in February 2008 HSBC Life lost the details of 180,000 policy holders.
Margret Cole, director of enforcement at the FSA, says: "Fraud, particularly identity theft, is a major concern to everyone and firms must ensure that their data security systems and controls are constantly reviewed and updated to tackle this growing threat.
"In areas where we have previously warned firms of the need to improve, people can expect to see fines increase to deter others and change behaviour in the industry."
