Regulatory Spotlight: September 2018

Data protection, Brexit developments, countdown to IDD, open banking and much more

· Regulatory update,GDPR,SMCR,Claims Management,insurance

Deal or no deal…. that is the (data) question

As the Brexit looms ever closer, everyone is considering there options for both ‘deal or no deal' scenarios? In an attempt to help businesses prepare whatever the outcome, the UK government has provided guidance on data protection in the event that there is no deal on Brexit.

The key message is that if the UK does leave the EU in March 2019 without an agreement in place for data protection, there will be no immediate change to the UK’s data protection standards. As with many other regulatory topics, this status quo outcome is a result of the EU Withdrawal Act.

The recently implemented European data protection regulation, GDPR, will be incorporated into UK law. This means that the free flow of personal data from the UK to EU would be allowed at the point of exit. The not-so-good news is that there still could potentially be changes to the legality of transferring personal data from organisations in the EU to the UK.

The European Commission (EC) has stated that if the UK’s level of personal data protection is equivalent to that of the EU, it would make an adequacy decision allowing the transfer of personal data to the UK without restrictions. However, there is no clear timetable as to when a decision on adequacy will be taken. Therefore firms need to consider the implications of this not being granted in March 2019.

Final countdown for Insurance firms

The requirements of the Insurance Distribution Directive (IDD) apply from 1 October 2018 to any firms involved in organising insurance. Firms whose main business model is in insurance should be close to finalising their preparations. For those who only do some arranging of insurance alongside their main business activities, this may have been less of a priority but we are now in the final countdown.

IDD comes at a time where there is a heightened focus on the conduct and customer agenda. It's therefore unsurprising that the changes brought in by IDD, which are set to drastically transform the insurance mediation and distribution industry focus on areas such as:

Customers’ best interest principle;
Assessing the needs and demands of customers;
Additional disclosure requirements; and
More extensive training and competence standards.

Claims Management & SM&CR

With the FCA regulation of Claims Management Companies (CMCs) beginning in 9 months time, the regulator seems to be blowing full steam with preparations. The latest development is a Consultation Paper containing draft rules and guidance for CMCs relating to the Senior Manager & Certification Regime (SM&CR) some of which will depend on whether the CMC is classed as a category 1 or 2 CMC.

Additionally, the FCA also explains some transitional arrangements that will apply to its regulation of CMCs. Quite surprisingly, the FCA does not intend to authorise individuals in CMCs until the SM&CR begins for solo-regulated firms on 9 December 2019. Before then, individuals will not be subject to the current Approved Persons Regime even though CMCs will be authorised by the FCA from April 2019.

We suggest that CMCs start familiarising themselves with these proposed rules and also respond to the consultation by 6 December 2018.

We are constantly keeping up-to-date with the regulatory changes within the financial services industry. If you need assistance to keep up with these regulatory changes please feel free to contact the team

Other regulatory sparks

On 12 September 2018, the Creditworthiness Assessment Bill had its first reading in the House of Commons. If enacted, the Bill would require firms carrying on credit-related regulated activities and connected activities to consider rental payment history and council tax payment history when assessing a borrower’s creditworthiness

The Sanctions and Anti-Money Laundering Act 2018 allows the UK to create a sanctions regime independently of the EU. The UK’s approach is set to remain closer to the EU’s. The UK courts are likely to have an important role in shaping policy and we’re likely to see an increase in litigation under the new legal framework.

The Treasury Committee has published a report calling for crypto-assets to be regulated. In its inquiry it examined the growing phenomenon of cryptocurrecies and noted that the problems include: volatile prices, hacking vulnerabilities, minimal consumer protection, and anonymity aiding money laundering. It also highlighted that the ambiguity in the UK Government and regulators’ position is not sustainable

For those in Payment Services, E-Money and open banking, a consultation paper has been released announcing the proposed FCA approach to the Final Regulatory Technical Standards and EBA guidelines under the revised PSD2 particularly in relation to the purposes of open banking and security of customers' payments. It's also worth noting that the draft statutory instrument confirming the proposed post-Brexit landscape for Payments and E-Money Institutions is available.

The results of the FCA's review of outsourcing in retail banks is complete and while the FCA did not identify huge concerns.

A Dear CEO letter has been sent by the FCA and PRA to the CEOs of major banks and insurers to seek assurance that they are successfully managing the transition from LIBOR to alternative interest rate benchmarks

Recent failures of Insurance Brokers Alpha, Enterprise and Gable have promoted the FCA to provide some guidance on how to undertake due diligence on insurers.

Any questions?