24) Other regulation affecting the advice process Flashcards

1
Q

What are the rules relating to data protection?

A

To follow process for customer due diligence, such as identification, then such info is handled appropriately and stored securely.
If not, customer’s right to privacy is breached and exposes them to risk of being victim to fraud such as identity theft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When did General Data Protection Reguln come into effect in UK?

A

25 May 2018 (previously EU legislation was Data Protection Directive 1995) - applies to ‘personal data’, wh is info relating to an indiv who can be identified (name, ID No., location data, online identifier etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are data protection principles? (DP)

A

GDPR is set of six DP principles, all relating to processing perso data

1) data shd be processed lawfully, fairly and transparently.
2) collected for specified, explicit and legitimate purposes - not processed further to be incompatible w above said purposes - archiving for public interest, scientific, historical/statistical res purposes is okay
3) Data collected shd be relevant, adeq and ltd to purpose for which it is processed.
4) Kept accurate and up to date - inaccurate data and those not reqd for purpose for wh processed shd be erased or rectified without delay.
5) Data kept in a form that permits identifn of subjects and for no longer than nec, (archiving for some purpo allowed)
6) Ensure data processed with approp secu, wh incl protec against unauthorised and unlawful processing, and use approp tech and organisational measures against accidental loss, destruction and damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some of the data collected and what are GDPR reqts of such data?

A
  • — Data subject-an indiv whose perso data is processed
  • — Personal data - info that can dir/indir identigy a natural person
  • —Special categories of personal data - sensitive and req more protec - gen.lly collected with explicit consent from indiv and may include
  • race *religious beliefs *political persuasion
  • trade union membership * sexual orientation
  • health *biometric data *genetic data
  • —Processing - covers all aspects of data including
  • obtaining data *recording of data
  • orgn or alteration of data *disclosure of data
  • erasure/destruction of data
  • —Data controller _ is the ‘legal’ person who det for what purpo is processed and how it is done. Data controller can be an employer/orgn, partnership, sole trader - they have prime respon for ensuring reqt of Act are carried out.
  • —Data processor - person who processes perso data on behalf of data controller.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When can an organisation process data?

A

An orgn shd always have a lawful basis for processing perso data. At least one of the followg must apply

1) Consent - clear consent given by indiv to process
2) Contract - Processing is nec for contract betn orgn and indi, or indi has asked for it before entering into contract
3) Legal obligation - processing is nec to comply w law
4) Vital interests - processing is nec to protect life
5) Public task - nec for orgn to act in public interest
6) Legitimate interests - Processing is nec for organisation’s/third party’s legitimate interests, unless there is good reason to protect such perso data wh can override those legiti interests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What rights does a data subject have regarding their data?

A

1) To access their data through subject access request
(without charge)
2) correct inaccurate data
3) erase data - in certain cases
4) object to data
5)move personal data from one service provider to ano

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does an orgn demonstrate compliance with GDPR?

A

1) must establish a governance str. w roles and responsibilities
2) keep a detailed record of all data processing operations
3) document data protection policies and procedures
4) for high-risk processing opns, carry out data protec impact assessments
In cases where orgn/busi are estd in >1 EU country, processing will be monitored by one single DPA (data processing authority) - the ‘lead authority’, wh is whr the busi has main offices/has ctrl admini/whr maj of mgt decisions take place, also applies to countries outside of EU who have reln with EU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who enforces GDPR?

A

Information Commissioner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What powers do an Info Commissioner have to enforce GDPR?

A
  • *- Serve info notices –ask orgn for specified info w.in certain time
  • *- Issue undertakings - to orgn to improve compliance
  • *- Serve enforcement notices and ‘stop not’ orders where there has been a breach
  • *- Conduct consensual assessments (audits)
  • *- Serve assessment notices - to conduct compulsory audits for compliance check
  • *- Issue monetary penalty notices - for breaches
  • *- Prosecute - for criminal offences under Act
  • *- Issue ban - temp or permanent ban imposed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What actions constitute as criminal offences under GDPR?

A

> Data controller failing to comply w an info or enforcement notice.
Failure to make proper notification to Info Comsnr
(Notifn is the way in wh a data contlr registers w Info Comsnr’s Office of acknowledging that perso data is held and by specifyi g the purpose of it.
Processing data w.out authorn. from Comsr.
Intentionally or recklessly re-identifying indiv from pseudonymised or anonymised data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the role of The Pensions Regulator (TPR)

A

TPR is respon for regln of work-based pension schemes (sometimes personal pension schemes)
= protect benefits of occupational pension schemes
= protect perso pension schm. whr there is direct pay arrangement
= promote good admin of work-base schm
= reduce risks of situa wh may lead to claims for compensation form Pension Protection Fund
= maximise employer compliance to Pensions Act2008
= minimise adverse impact on sustainable gr of employer.

(TPR aims to iden. and prevent potenl prob rather than deal w them whn they arise - risk-based approach considering
=likelihodd of an event occurring
= impact of the event on the schm and its members

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Powers of The Pensions Regulator (TPR)

A

1) Investigating schms: =iden and inves risks =req reg returns to regulator = trustees/schm mgrs to notify imp changes to info e g type of bene provided = if cannot meet funding reqts
2) Putting things right: = req sp action to improve w.in sp time = recover unpaid contribu from employer to schm = disqualify unfit and not proper trustees =impose fines/prosecute
3) Acting against avoidance: =preventing deliberate avoi.ce from employers of their pension obligations, leaving Pension Protection Fund (PPF)to cover liabilities
=Issue contribution notices to employer failing to pay into schms/PPF or issue finanl support directions fir underfunded schms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the Pension Protection Fund?

A

Estd in Pensions Act 2004, PPF protects memb of pvt sector defined-benefit pension schms in the vent of the firm becoming insolvent/insuff funds to maint bene for schm memb.
Also to compensate loss by dishonesty for occupational pensn schm

PPF compensates by =imposing levy on defined-bene schms. =takes on assets of schms transferred to fund.
= recovery of assets from insolvent employers.
= grow its own funds by investment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some of the financial services affected by EU Directives?

A

1= Electronic Money Regulations - authorisation/registraion of new electronic money issuers (EMI)
2= Investment Services Directive (ISD) - wh enables investt firms to operate in diff europn states (but only after authorn by home state)
3) Markets in Financial Instruments Directive (MiFID)
Applies to firms providing serv to clients in reln to tradeable finanl instruments such as shares, bonds, units and derivatives. but NOT life assureance, pensions and mortgs) MiFID aims to enhance competition and consumer protection by setting reqts in * conduct of busi *organisation and * market transparency MiFID distinguishes core acti “(investt serv and act”i) and non-core acti (“ancillary acti”). If firm has both core and non-core then both come under MiFID, if only non-core then not.
4) Undertakings for Collective Investment in Transferable Securities (UCITS) - applies to regulated investt funds that can be sold to gen public throughout EU, by common framework of investor protecn and product control.
Life Assurance: =to provide EU citizens w access to widest poss range of insu pdts w highest stds of legal and finanl protec and =enable and insu co. authorised in any of memb states to pursue acti throughout EU.
General Insurance: =Non-life insurance Companies estd in one state can establish branches and varry out acti in other states. Companies can be authorised for more than one class of non-life insu.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain Directive on Insurance Mediation (IMD)

A

IMD (Jan 2003) ensures insu co.s can operate throughout the EU, and to ensure that retail markets in insu are accessible and secure. Insu Distri Directive Oct 2018 intro in Oct 2018 to strengthen IMD. Insurance mediation is described as ‘ acti of intro.g, proposing or carrying out other work preparatory to the conclusion of contracts of insu, assisting in admin and perfor.of such contracts, esp in the event of a claim’ If en employee of insu co/agent acting under an insu co carry out such acti, they are not included in the definition of insu mediation.
All indep insu (and reinsu) intermediaries must be regd w a competent authority in their home state, in the UK they must be regd with FCA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How are insu intermediaries required to be?

A

Reqd to be of ‘good repute’
- no criminal offences relating to crimes against property or other finanl crimes
- not declared bankrupt
Intermediaries shd hold professional indemnity insu of 1,300,380 euros per case and 1,924,560 in total per annum
Client money held in sepa segregated accs. Intermediaries shd also have finanl capa of an amt = at least 4% of premiums recd per annum or a min of 15,000euros.
Details given to cust:
Name and address, details of registration, declaration if intermed holds > 10% capi or voting rights of an insu co, declare if an insu co holds >10% capi or voting rights of the intermediary, details of internal complaints and proce and external arbitrators (eg ombudsman) for cust complaints, whether intermed is indep or tied to one or more insu co.

Advice to cust - based on info provided and assessment of cust needs - by means of factfind and suitability letter for recommnded products
Intermed shd base advice/recomm on analysis of a suff.ly large no of contracts avai in the mkt, to suit cust needs.

17
Q

What are the oversight groups and what is their role?

A

Auditors:
1) External auditors - concerned parti w published finanl statements and acc. They are indep of the busi whose acc are being audited - usually firms of accountants. Assure that published finanl reports are up to approp accounting stds, and compiled acc to prevailing legislation. Auditors are members of professional bodies.
2) Internal auditors - in-house members of staff
-review how an orgn is mng.ing risks
-whether approp controls have been estd
-evaluate abd suggest improvements and governance processes
Make sure policies record/reports are accurate and reliable - but they do not put controls in place. They identify problems and inform mgt along with recommending poss solutions. Internal auditors may be
members of a professional body - Institute of Internal Auditors.

Trustees: Respon to ensure property held in trust is acc to trust deed for bene of trust beneficiaries. Eg Unit Trusts, Occupational pension schemes. Trustees subject to statutory reqts acc to Trustee Act 1925 and 2000 wh define gen duties and how to deal w investt of trust assets.

Compliance officers: appointed by firms who come under FCA or PRA - to have oversight of firm’s function -i e with all legislation/regulations. Compliance officer will

  • produce and publish compliance manual
  • maint compliance records - for complaints, promotions etc
  • correspond w FCA on compliance and respond
  • ensure staff meet FCA reqt reg recruitment, trg, supervsn, and selling practices. Officers may be members of compliance Institute.