Chapter 6 (9 exam questions) Principles And Rules As Set Out In The Regulatory Framework Flashcards
What is general prohibition
Being in breach of general prohibition is a criminal offense. What charges can it carry?
Firms who were regulated under the Financial Services Act 1986, were ‘grandfathered’ over automatically to be regulated by the FSA when the FSMA 2000 came into force
Exceptions:
Activities that at the time were not classed as regulated activities such as mortgage and general insurance advice were not grandfathered across. Instead, they became regulated in MCOB and ICOBS respectively
Firms previously authorised through membership of Recognised Professional Bodies (RPBs). Most of these were accountants and solicitors who had little regulatory involvement and did not want to be regulated under the perceived constraints of the FSA.
Authorisation is not required if regulated activities are ‘incidental’ to an individual or firm’s professional services
Explain this
An example is where an accountant may give factual information on the taxation of an investment bond. The advice is ‘incidental’ to his usual accountancy advice. They can only give factual information
These are known as Exempt Professional Firms
What are Exempt Professional Firms
What are Authorised Professional Firms
Both are members of Designated Professional Body (DPB).
Exempt Professional Firms are those which do not require authorisation because the regulated activity they carry out is ‘incidental’ to an individual or firm’s professional services. For example, where an accountant gives factual information on the taxation of an investment bond. The advice is ‘incidental’ to his usual accountancy advice
Authorised Professional Firms are those that do require direct authorisation by a regulator (part4 permission) on a regulated activity they carry out. This is because the activity is ‘by way of business’ meaning it takes a lot of their time and resources they do it to generate income or profits. For example, a firm who gives pension advise.
Why do many individual’s and firms choose to work under an authorised person and appointed representative framework.
You are an agent for a firm (principle) who is responsible for their actions
Because direct authorisation is expensive
An example of this model is St James’s Place Wealth Management
Tell me the different bodies, companies and individuals to whom exempt status applies. Ie, those who do not need to gain part 4a permission
Question
When requesting authorisation from the FCA, the FCA may send you a Scope of Permission. What is this?
Means you application has been successful
It is the formal Part 4a permission.
It states the start date and the permissions granted.
Do those acting as an approved person (outside the scope of the SM&CR regime) need to apply for authorisation?
Yes, they would need individual authorisation
The principal firm (authorised person) takes full responsibility for all their appointed representatives actions or inactions related to regulated business.
An AR cannot be an authorised person as well. There is no dual authorisation. True or false
True
Can an appointed representative have multiple principles?
Yes an AR may work within the parameters of several principal firms.
A mortgage AR for example may have one principle for residential mortgages and another for lifetime mortgages.
It does require a ‘multiple principal agreement’ to be in place, where one principal must be identified as the lead principal, who is responsible for handling all complaints received about the AR, regardless of which type of advice the complaint relates to
If, for example, an already-authorised sole-trader or partnership changes to a limited company, does the new entity need to apply for authorisation?
yes
This is because the FSMA 2000 does not permit the transfer of authorisation from one party to another
What is the difference between an authorised person and an approved person
Authorised person - Usually the business that carries on regulated activities.
approved person - the individual who had been approved to carry out one or more controlled functions within the authorised person. They are known as the appointed representatives
What are controlled functions:
Controlled functions apply to non SM&CR regime. It is those:
whose roles have significant influence on the conduct of an authorised person’s affairs. (a firms compliance officer)
dealing with customers in connection with regulated activities (mortgage advisors)
For understanding
Give me different examples of approved persons ie controlled functions (do not be confused with the term authorised person)
Remember, controlled functions apply to non SM&CR firms whos role carries great significance for the firm
Any individual classed as an approved person is bound by APER
Tell me the timeline of the introduction of the SM&CR regime
What was the introducing this regime?
Its aim was to make individuals and companies more accountable for conduct and competence and, as a result, reduce possible harm to consumers and strengthen market integrity.
Under SM&CR, firms are divided into three categories: What are they and what do each entail?
How did SM&CR change from the Approved Persons Regime
Under the SM&CR, controlled functions were changed to ‘senior management functions’.
What are certified functions (cf)
What are senior manager functions (smf)
Who authorises them? What do they need to be classed as in order to be approved for the role.
Both are under the remit of the SM&CR
Certified functions =
Employees that are not SMs but whose role has a significant impact on consumers, the firm and/or market integrity. They are also known as ‘significant harm functions’. The firm itself approves them as ‘fit and proper’, not the FCA (like it does for SMFs). They are allocated to a SMF. CFs are roles like mortgage advisers.
Senior manager functions =
Those who have senior roles within the organisation. They are equivalent to controlled functions as seen in the approved persons regime. They require FCA pre-approval. For example, CEO or COO
To be approved they have to be deemed fit and proper. For CF the authorisation is granted by the firm. For SMF it is authorisation is granted by the FCA
What is the Directory?
A central directory published by the regulator which includes details of all directors and senior managers, all ‘fit and proper’ individuals and individuals that conduct business with clients and require a qualification to do so.
A bit like the registers that Authorisation division used to keep of all approved persons, and those that had this status removed.
Under SM&CR you have ‘senior management functions’. What is this?
These are the equivalent to ‘controlled functions’ which was under the approved person regime
It is those who hold great influence of a firm and therefore can present significant risk
Under the SM&CR there are 3 pillars:
-The senior manager regime
-The certification regime
-Conduct rules
Tell me specifically about conduct rules
What happens if these rules are breached?
These outline conduct rules that must be adhered to by all those subject to SM&CR
They are enforceable, high level rules, and must be applied across the whole of the authorised person (ancillary staff, such as cleaners and cooks, are exempt).
There are 2 tiers:
Tier 1: Applies to most employees (except ancillary staff)
Tier 2: Applies to senior managers specifically
Breaches of these conduct rules must be reported to the FCA (If it involves a senior manager it must be reported within 7 DAYS of concluding any disciplinary action. If the breach involves any other category beside senior managers, it must be reported ANNUALLY
Summary
After successfully being granted Part 4a permission, with all controlled functions and senior roles approved, the individual, firm, or market must then ensure they meet certain key responsibilities.
There are obviously many responsibilities that an authorised person must meet. Two big ones though are ‘fighting financial crime’ and ‘protection of data’
Tell me about
What is money laundering. What are the stages of money laundering?
The process by which criminal proceeds are ‘washed’ to disguise their illicit origins and made to appear legitimate
The stages:
Placement - Adding the illicit funds into the financial system. ie, depositing into a bank account
Layering - Moving the illicit funds around in a complex way in order to hide its origin. ie, mixing with legit money or taking out an investment to surrender it early
Integration - Money is placed back into the system where it now appears legitimate. It has been ‘washed’ . ie, purchasing a house or car
What did the Proceeds of Crime Act 2002 introduce in relation to Money Laundering?
Made ‘failing to disclose’ an offence
Made ‘tipping off’ an offence
Made multiple other offences in relation to ML. For example, concealing criminal property, acquiring etc. (WONT READ IT ALL)
What did the Fourth Money Laundering Directive (4MLD) do?
What did the fifth Money Laundering Directive (5MLD) do?
4MLD = Introduced a risk-based approach to ML, by removing automatic exemptions from due diligence and gave guidance on Anti Money Laundering.
5MLD = Increased transparency around beneficial ownership information and the source of funds
How did the 4MLD directly affect the UK. In other words, what role did firms have to have now?
Firms must have a Money Laundering Reporting Officer (MLRO) who reports into the National Crime Agency (NCA) where necessary
NOTE: National Crime Agency (NCA) role is to bring to justice serious / organised criminals who present the highest risk to the UK
The 4th Money Laundering Directive Introduced a risk-based approach to ML
What does this mean specifically or in practise?
This means that every client case must be assessed and the extent of AML checks required established. For example, a bank asking someone if they are a Politically Exposed Person
The Money Laundering Regulations which came as a result of the 4th Money Laundering Directive, introduced a risk based approach to ML in the UK
It also widened the types of businesses that are subject to these rules. What were the business types that now had to adhere to this regualtion?
The Money Laundering Regulations which came as a result of the 4th Money Laundering Directive, introduced a risk based approach to ML in the UK
It also widened the types of businesses that are subject to these rules.
Then the Money Laundering and Terrorist Financing Regulations 2019 came about due to the escalation of terrorist groups and the atrocities they carry out (which need funding) so AML rules required a further update.
These new rules came into force on the 10th January 2020, and further expanded the scope of persons and firms subject to AML rules.
Because of the above 2 regulations what firms and persons are now subject to AML rules?
The Money Laundering Regulations =
Anyone with a casino licence
Anyone within a professional role (ie, audit)
Any finance providers, including dealers in goods who receive more than £10000 in cash
Money Laundering and Terrorist Financing Regulations 2019 =
Letting agents
Those who trade in or act as an
intermediary when purchasing works of art
Crypto asset exchange providers
When is enhanced due diligence or ‘extra’ due diligence required to be carried out on customers
When is simplified due diligence required?
There are several obvious ones…
Not so obvious ones…
An ‘occasional transaction’ worth €10,000 or more is carried out.
they accept or make high value cash payments of €10,000 or more (or equivalent in any currency) in exchange for goods.
Simplified due diligence (SDD) is an option if the transaction / business relationship is assessed as ‘low risk
Certain high-risk individuals, such as politicians, will require enhanced validation as they are deemed to be ‘Politically Exposed Persons’ (PEPs).
What does this enhanced validation look like in practise?
This enhanced validation includes the requirement for additional signed verification documentation from a professional organisation, such as a bank or a solicitor.
Can physically entering someone’s home be used as address verification for CDD
Yes
After CDD has been carried out, how long must records be kept?
For at least 5 years after the end of the customer relationship
Or 5 years after the transaction has taken place.
Records of the transactions themselves must also be kept for a minimum of 5 years
Such records can be paper-based (original or photocopies) or electronic.
An annual report from the MLRO is mandatory. true or false
True
SUMMARY OF AML
Firms must have a Data Protection Compliance Officer. What is this role also known as?
A controller.
What was the purpose of the General Data Protection Regulation (GDPR)?
It is an EU legislation
It was created because of concerns that the application of data protection across the EU was inconsistent. It was introduced to align the processes and improve consistency ie harmonise data protection legislation
This act brought much harsher penalties for anyone that breaches its terms.
How can individuals access their personal data?
Any individual can access their personal data through a Subject Access Request (SAR)
They also have these other rights as stated in GDPR
This UK legislation came into force in 2018 and aimed to modernise data protection law in addition to GDPR requirements.
UK national security is outside the scope of GDPR, so this Act introduced rules concerning areas such as immigration and crime prevention.
What legislation is the above referring to?
What did it introduce?
Data Protection Act 2018
Key bits it introduced:
Age 13 for when parental consent is not required to process personal data
Criminal proceedings can be bought against processors and controllers
Data is broken down into two groups –
- Personal data
- Sensitive personal data (also known as special category data).
What are the differences?
Personal data is, in short, any information which can be used to identify an individual. From the launch of GDPR, the definition is more detailed to reflect changes in technology.
Sensitive personal data is information in relation to, for example, an individual’s race, health and sexuality.
Question
The general principle is that, unless you provide permission, there is very little that firms can do with data they hold about you, and they should only store data for as long as they need to.
Under UK GDPR firms must identify a lawful basis (this is complying with a legal obligation) before they can both process and document an individual’s personal data. These six bases include: WHAT
Summary of DATA Protection
An authorised person is responsible for ensuring everyone working within it is, and continues to be, deemed competent.
Firms need to meet competence requirements in three principal areas: assessing competence, maintaining competence and record keeping.
This is required by the training and competence rules
If the individual is self employed under the authorised person how does this differ?
It makes no difference if individuals are employed, self-employed, or on a contract. Their ‘competence’ is still the responsibility of their authorised person.
Question
A manager who supervises their advisor has no qualifications but there advisor is adequately qualified. Is this okay
Question
Question
Summary or T&C rules
Record Keeping Requirements
Promotions = advert= 6 letter = 6 years
Non mifid = non = 3 letters = 3 years
Mifid = 5 letters = 5 years
What do Additional Voluntary Contributions (AVCs), Pension opt-outs, pension transfers, and Free Standing Additional Voluntary Contributions (FSAVCs) all have in common
All are related to pension
NOTE. It will come up in the exam asking how long records need to be kept. Remember it is indefinitely
QUESTION
QUESTION
Complaints are reported twice a year to the FCA.
What requirements must the report meet and why?
The way the report is set up is with each complaint being in different categories. These are
Complaints resolved within:
4 weeks
8 weeks
more than 8 weeks
The total numbers closed and upheld
Firms have 30 days after the end of the reporting period to submit these results
The reason for this is so the FCA can be proactive in its supervision as complaints are a good sign of any issues or developing issues
The FCA expect to be notified of any significant developments in an authorised person’s working patterns or standing.
These reports fall under to types
What are they? Give examples of the kind of thing that would be reported under each
‘Immediate’
- Any matter that could have a significant regulatory impact.
- Serious crime or fraud.
- Major breach of authorisation.
- A firm’s insolvency.
- Incorrect information has been provided to the regulator
‘Reasonable Advance Notice’
- Changes to core information such as a registered office address.
- A business name change.
- Changes to business telephone number
Record Keeping Summary
Any complaint should initially be made to the service or product provider, to give them the opportunity to put things right.
If an intermediary is involved, the complaint should go through them.
What about in cases where there is appointed representative involved?
What about an IFA?
the complaint should go to the authorised person if an AR is
involved
If the complaint involves an IFA it must go to them first
The complainant must be advised of their right to complain to the FOS within six months
True or false
True
QUESTION
QUESTION
Question
What can you do once you have received the decision from the FOS regarding your complaint?
Does the authorised person have to listen to the FOS decision?
How much does the FOS charge for complaints?
With a question…
FOS jurisdiction is compulsory for all authorised firms and is funded by levies on them, plus a case fee as explained below.
The first 25 complaints referred to FOS are ‘free’ for firms but thereafter, each case attracts a £650 fee. This acts as an incentive to have fewer complaints.
Summary of complaints
Question
Question
Not C because it must be ‘within’ 4 weeks. Not just necessarily 4 weeks
What are the compensation limits under FSCS?
Protection for long-term insurance (pensions and life assurance) has two protection levels:
Product provider: 100% of the claim with no upper limit.
Intermediary: 90% of the claim with no upper limit
Long term insurance includes:
Investment bonds
Annuities
QUESTION
Question
Question
There are 4 main protection schemes/bodies available for members of a pension scheme. What are they and how do they work
The Pensions Advisory Service (TPAS) - Offer free advise. (now part of ‘The Money and Pensions Service’ or MaPS )
The Pensions Ombudsman (TPO), this body deals with administration and management complaints regarding pensions. Can award compensation with no upper limit
The Pension Protection Fund- Provides compensation to members of defined benefit (DB) pension schemes where the scheme is underfunded, and the sponsoring employer has gone bust. It is funded by compulsory levies on DB schemes.
Fraud Compensation Fund - This provides compensation to pension schemes members who suffer a loss due to dishonesty.
