Erm...
Fines aren't much of a deterrent in most cases. Usually because a new insurance/blame sponge sector springs up to cover the costs.
A good example of this is with banks and new laws to help tackle money laundering.
I hear that if KYC at a bank isn't performed to a sufficient level the people directly involved may be liable to be throw in porridge for 6 months. Im not sure if this is currently in place but it is at least in the pipeline. IANAL so I'm no expert here.
As a result I am aware of some people scurrying around gathering investment to build a solution that allows banks to hand the KYC off to a third party AND it be covered by some form of insurance. This muddies the water somewhat and allows banks to continue to carry on as before and simply build the cost of incompetence into their business model.
Counting the cost of fines as part of the running costs of a business is a widespread practice.
That said, I dont think jail time is the solution here either. I suggest being struck off from your industry and the fines being levyed on individuals not the businesses.
Biting the hand that feeds IT
