Chapter 6 - F

Question 1

What directive replaced the Insurance Mediation Directive (IMD) in the UK?

Answer 1

The Insurance Distribution Directive (IDD)

The IDD came into force on 1 October 2018.

Question 2

What is the broader term used in the IDD compared to the IMD?

Answer 2

Insurance distributor

The IDD applies to a wider range of entities by using ‘insurance distributor’ instead of ‘insurance intermediary’.

Question 3

Who does the IDD apply to?

Answer 3

• All sellers of insurance products
• Any person assisting with the administration and performance of insurance contracts
• Ancillary insurance intermediaries

Ancillary organizations are excluded from regulation if the insurance is complementary and the premium is less than €600.

Question 4

What are the two carve-outs from the definition of ‘insurance distribution’?

Answer 4

• Mere provision of information on an incidental basis
• Management of claims as an insurer on a professional basis
• Provision of data and information on potential policyholders

These carve-outs were also present in the previous IMD.

Question 5

What are the two general principles under the IDD?

Answer 5

• Distributors must act honestly, fairly, and professionally in customers’ best interests
• All information provided must be fair, clear, and not misleading

These principles guide the conduct of insurance distributors.

Question 6

What must distributors disclose regarding their remuneration?

Answer 6

• The nature of the remuneration
• The basis for that remuneration (fee/brokerage, etc.)

The IDD has detailed requirements for this disclosure.

Question 7

What was a key impact of the UK leaving the EU on insurers and intermediaries?

Answer 7

They had to consider setting up EU domiciled entities to service their EU client base

The cross-border permissions granted within the EU no longer apply to UK regulated entities.

Question 8

What does the FCA’s three-pillar risk framework focus on?

Answer 8

• Assessment of the firm’s conduct
• Event-driven work for flexible responses
• Reviewing issues and products when required

This framework helps ensure consumer interests and market integrity.

Question 9

What are the Client Assets rules (CASS) concerned with?

Answer 9

Protection of client assets for which brokers are responsible

Client assets could include premium funds or claims funds.

Question 10

What is required when a broker handles client money?

Answer 10

The broker must keep the client’s money separate from the firm’s own money

This protects client funds in case the firm fails.

Question 11

What is a statutory trust account?

Answer 11

An account where the broker must not fund payments out of client money

The trust exists only for client money actually received.

Question 12

What is a non-statutory trust account?

Answer 12

An account where the broker may fund payments out of client money

The trust is declared by the broker and not established by law.

Question 13

How quickly should client money generally be paid out according to CASS rules?

Answer 13

One business day after receipt by the broker

This includes payments made by wholesale brokers to retail brokers.

Question 14

What is the term ‘Data protection legislation’ used to refer to?

Answer 14

UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018)

Both govern the processing of personal data in the UK.

Question 15

What does the Data Protection Act 2018 (DPA 2018) do?

Answer 15

Mirrors much of the UK GDPR and makes some modifications

Parts of the UK GDPR do not apply to law enforcement processing.

Question 16

Who does the data protection legislation apply to?

Answer 16

All persons in the UK who process personal data other than for domestic purposes

It gives data subjects rights and places obligations on data controllers and processors.

Question 17

What type of data does the legislation apply to?

Answer 17

Personal data

Any information from which a living individual can be identified, either directly or indirectly.

Question 18

What are examples of personal data?

Answer 18

Names, identification numbers, photographs, addresses, IP addresses, shoe sizes

Information may become personal data when combined with other information.

Question 19

What is considered sensitive personal data?

Answer 19

Categories include:
* Race or ethnic origin
* Political opinions
* Religious or philosophical beliefs
* Trade union membership
* Genetic data
* Biometrics (for ID)
* Health information
* Information about sex life
* Sexual orientation

Provides additional safeguards for sensitive information.

Question 20

What are the seven Data Protection Principles?

Answer 20

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Each principle outlines requirements for processing personal data.

Question 21

What is required for lawful processing of personal data?

Answer 21

One of the legal bases set out in the legislation must apply

Organizations must identify a legal basis for processing.

Question 22

What are the legal bases for processing personal data?

Answer 22

1. Consent
2. Contract
3. Legal obligation
4. Vital interests
5. Public task
6. Legitimate interests

Each basis has specific requirements and limitations.

Question 23

What rights do individuals have under the legislation?

Answer 23

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights in relation to automated decision making

Each right provides individuals with control over their personal data.

Question 24

What is the Right to be informed?

Answer 24

Individuals have the right to be informed about the collection and use of their personal data

Information must include purposes, retention period, and sharing details.

Question 25

What must organizations do in relation to subject access requests (SAR)?

Answer 25

Respond within one month, possibly extending to two months for complex requests

Individuals can submit SARs verbally or in writing.

Question 26

What is the Right to rectification?

Answer 26

Individuals can have inaccurate personal data rectified or completed

Organizations must respond within one month.

Question 27

What is the Right to erasure also known as?

Answer 27

‘The right to be forgotten’

This right is not absolute and applies under certain circumstances.

Question 28

What does the Right to restrict processing allow individuals to do?

Answer 28

Request the restriction or suppression of their personal data

Organizations can store but not use the data.

Question 29

What is the Right to data portability?

Answer 29

The right to transfer personal data from one organization to another securely

Example: Changing banks.

Question 30

What is the Right to object?

Answer 30

Individuals can object to the processing of their personal data in certain circumstances

They have an absolute right against direct marketing.

Question 31

What is required for accountability and governance?

Answer 31

Data controllers must demonstrate compliance with data protection legislation

This includes maintaining documentation and having security measures in place.

Question 32

What must organizations do in case of a data breach?

Answer 32

Report data breaches to the Information Commissioner’s Office (ICO)

High-risk breaches must alert data subjects.

Question 33

What is the Digital Operational Resilience Act (DORA)?

Answer 33

EU regulation aimed at strengthening ICT security of financial organizations

Applies from 17 January 2025.

Question 34

Who does DORA apply to?

Answer 34

Brokers and insurers

Ensures resilience against operational digital disruptions.