Chapter 7: Regulatory processes, systems and controls

Question 1

Regulators of the UK market

Answer 1

Financial Conduct Authority and Prudential Regulation Authority

Question 2

Who do members receive regulation updates from (3 main associations)

Answer 2

Lloyd’s have own department for government relations for information gathering/sharing

LMA, IUA, LIIBA all send information to members

Question 3

Data evidence for regulators

Answer 3

• Regulators require data evidence to show compliance

Question 4

Solvency

Answer 4

Balance between assets and liabilities

Question 5

Solvency II

Answer 5

EU’s europe-wide solvency rules

• Since leaving EU, UK agreed to recognise each others standards

Question 6

Who can a government sanction

Answer 6

Governments can ban all parties (govs, business, individuals) from trading with other parties

Question 7

Fundamental reasons sanctions are imposed

Answer 7

Political pressure

Enforce concept of respect for democracy

Enforce the concept of respect for human rights

Maintain/restore peace in country/region

Question 8

Types of financial sanctions

Answer 8

• Prohibiting the transfer of funds to a sanctioned country
• Freezing assets of a company/individual
• Freezing assets of a whole gov

Question 9

Office of financial sanctions implementation (OFSI)

Answer 9

• Responsible for the implementation and administration of international financial sanctions in effect in the uk

Question 10

Lifted regimes

Answer 10

• Countries who have had their sanctions lifted
• Libya, Haiti and angola

Question 11

US Government sanctions

Answer 11

Due to close links between LM and US we must abide by their sanctions

Question 12

Cuban sanctions

Answer 12

All US citizens/permanent residents where they are located, all people and organisations physically in the US as well as subsidiaries of US companies outside the US (any LM insurer with US parent) cannot trade

Question 13

Office of Foreign asset Control (OFAC)

Answer 13

Manages US sanctions

Question 14

How do insurers find out about sanctions

Answer 14

HM treasury
US Department of the Treasury
OFAC
Lloyd’s crystal

Question 15

Data Protection Act 2018 (DPA)

Answer 15

• Coincided with GDPR (General data protection regulation) and LED (law enforcement directive)
• Modernised UK data protection

Question 16

Main elements of the DPA

Answer 16

• General data processing
• Regulation and enforcement
• Post-brexit UK GDPR

Question 17

DPA: General Data Processing

Answer 17

• Implement GDPR standards
• Clarified definitions
• Ensure confidentiality is maintained in health/safeguarding situations
• Provide appropriate restrictions to rights to access/delete data
• Set parental consent for online data processing to 13

Question 18

DPA: Information Commissioner powers

Answer 18

• Improved during the DPA
• Able to levy higher admin fines
• Commissioner can bring criminal proceedings for offences where a processor alters the record to prevent disclosure following a SAR

Question 19

Subject Access Request (SAR)

Answer 19

Request made by or on behalf of an individual for the information they are entitle to under GDPR

• Individuals have a right to know
• Verbal or Written
• One month to respond generally
• Complain to company then to Information Commissioners office
• First couple requests should be free

Question 20

Post-Brexit UK GDPR

Answer 20

• Sits alongside DPA 2018
• Applies to controllers and processors in the EU
• GDPR places new legal obligations
• Applies to both automated personal data and manual filing systems where data is accessible

Question 21

Sensitive personal data categories

Answer 21

• Race
• Ethnic Origin
• Politics
• Trade Union Membership
• Genetics
• Biometrics
• Health
• Sex life
• Sexual orientation

Question 22

GDPR Data protection principles

Answer 22

1. Lawful, Fairness and transparency
2. Purpose limitation
3. Data minimalisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality

Question 23

Consent under GDPR

Answer 23

• Must be given freely and specified
• Must also be separate from other T+Cs
• Firms may have their own lawful basis but consent must follow same rules

Question 24

GDPR rights

Answer 24

Right to be informed
Right to Access
Right to Rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Right in relation to automated decision making/profiling

Question 25

Accountability and governance post 2018

Answer 25

• More significant under GDPR
• Expected to have extensive governance measures
• Privacy impact assessments are legally required

Question 26

Breach notification

Answer 26

Orgs must report certain types of data breaches to relevant supervisory authority and to individuals affected.

Question 27

Bribery Act 2010

Answer 27

• Bribing another person
• Receiving a bribe
• Bribing a foreign official
• Corporate offence of failing to prevent bribery

Question 28

Foreign and Corrupt practices Act 1977 (US)

Answer 28

• Prohibits bribery of foreign government/political officials