Chapter 7: Regulatory processes, systems and controls Flashcards
Regulators of the UK market
Financial Conduct Authority and Prudential Regulation Authority
Who do members receive regulation updates from (3 main associations)
Lloyd’s have own department for government relations for information gathering/sharing
LMA, IUA, LIIBA all send information to members
Data evidence for regulators
- Regulators require data evidence to show compliance
Solvency
Balance between assets and liabilities
Solvency II
EU’s europe-wide solvency rules
- Since leaving EU, UK agreed to recognise each others standards
Who can a government sanction
Governments can ban all parties (govs, business, individuals) from trading with other parties
Fundamental reasons sanctions are imposed
Political pressure
Enforce concept of respect for democracy
Enforce the concept of respect for human rights
Maintain/restore peace in country/region
Types of financial sanctions
- Prohibiting the transfer of funds to a sanctioned country
- Freezing assets of a company/individual
- Freezing assets of a whole gov
Office of financial sanctions implementation (OFSI)
- Responsible for the implementation and administration of international financial sanctions in effect in the uk
Lifted regimes
- Countries who have had their sanctions lifted
- Libya, Haiti and angola
US Government sanctions
Due to close links between LM and US we must abide by their sanctions
Cuban sanctions
All US citizens/permanent residents where they are located, all people and organisations physically in the US as well as subsidiaries of US companies outside the US (any LM insurer with US parent) cannot trade
Office of Foreign asset Control (OFAC)
Manages US sanctions
How do insurers find out about sanctions
HM treasury
US Department of the Treasury
OFAC
Lloyd’s crystal
Data Protection Act 2018 (DPA)
- Coincided with GDPR (General data protection regulation) and LED (law enforcement directive)
- Modernised UK data protection
Main elements of the DPA
- General data processing
- Regulation and enforcement
- Post-brexit UK GDPR
DPA: General Data Processing
- Implement GDPR standards
- Clarified definitions
- Ensure confidentiality is maintained in health/safeguarding situations
- Provide appropriate restrictions to rights to access/delete data
- Set parental consent for online data processing to 13
DPA: Information Commissioner powers
- Improved during the DPA
- Able to levy higher admin fines
- Commissioner can bring criminal proceedings for offences where a processor alters the record to prevent disclosure following a SAR
Subject Access Request (SAR)
Request made by or on behalf of an individual for the information they are entitle to under GDPR
- Individuals have a right to know
- Verbal or Written
- One month to respond generally
- Complain to company then to Information Commissioners office
- First couple requests should be free
Post-Brexit UK GDPR
- Sits alongside DPA 2018
- Applies to controllers and processors in the EU
- GDPR places new legal obligations
- Applies to both automated personal data and manual filing systems where data is accessible
Sensitive personal data categories
- Race
- Ethnic Origin
- Politics
- Trade Union Membership
- Genetics
- Biometrics
- Health
- Sex life
- Sexual orientation
GDPR Data protection principles
- Lawful, Fairness and transparency
- Purpose limitation
- Data minimalisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
Consent under GDPR
- Must be given freely and specified
- Must also be separate from other T+Cs
- Firms may have their own lawful basis but consent must follow same rules
GDPR rights
Right to be informed
Right to Access
Right to Rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Right in relation to automated decision making/profiling
