From Book

Question 1

What are the 3 operational objectives of the FCA?

Answer 1

1. Secure an appropriate degree of protection for insurers
2. Protect and enhance the integrity of the UK financial system
3. Promote effective competition in the interests of consumers in the markets for regulated financial services and services provided by recognised investment exchanges on certain regulated activities.

Question 2

From April 2014 the FCA took over some activities from the Office of fair trading including…?

Answer 2

• Lending or brokering credit, whether or not secured on land;
• Being a credit reference agency or providing credit information services
• Debt collection and debt administration services; and
• Carrying out activities in relation to contracts for the hire of goods.

Question 3

In terms of FCA, PRA, PRC and FPC who has power over whom?

Answer 3

FPC / PRC both committees in the bank of England

FPC has formal powers of direction over the PRA and the FCA where such powers have been granted by HM treasury

PRC - powers over PRA

Question 4

List the regulated activities under the Regulated Activities Order 2001

Answer 4

AEIO MAD

Accepting Deposits
Effecting or carrying out contracts of insurance as principle
Issuing electronic money
OTFs

MTFs
Arranging a mortgage or other home finance transaction
Dealing in, arranging deals in or managing investments

Question 5

what does the information commissioners office oversee?

Answer 5

• The data protection act
• The general data protection regulation (GDPR)
• The freedom of information act
• The environmental information regulations
• The privacy and electronic communications regulations

Question 6

Who must data processors notify before carrying out any data processing?

Answer 6

The relevant national authority

Question 7

What must data protection comply with?

Answer 7

European data protection principles e.g. processing data fairly and lawfully, and using data for specific and legitimate purposes

Question 8

What will firms outside the EU have to do if they want to target customers inside of the EU ?

Answer 8

Meet GDPR

Question 9

A data controller must provide certain information to individuals about whom they hold personal data what is this?

Answer 9

Data controller must disclose their identity, details of the data they hold and what they plan to do with it

Question 10

what measures must be put in place in reference to GDPR?

Answer 10

Technical and organisational measures to protect personal data against accidental loss/ destruction, unauthorised access or other unlawful processing.

Question 11

In terms of GDPR what written agreements must be made and entered into by whom?

Answer 11

Enter into written agreements to ensure that data processors act only on the data controller’s instructions and comply with the same security obligations that are imposed on data controllers under the applicable national legislation.

Question 12

Under GDPR what measures must data processors put iin place?

Answer 12

• Implement technical and organisational security measures
• Protect personal data
• Keep a register of data processing activities
• Comply with the rules relating to the transfer of personal data outside of the EU
• Comply to restrictions on their ability to engage sub-processors

Question 13

What must consent around GDPR be?

Answer 13

Specific

Customer silence or inactivity to tick boxes is no longer sufficient

Question 14

When consent is gained for GDPR what is it valid for?

Answer 14

Valid only for the stated purpose for which it was collected and not for any other purpose.

Question 15

Once consent is given what does the data subject have the right to do?

Answer 15

Withdraw the consent at any time

Question 16

What is a fair processing notice?

Answer 16

Info organisations are required to give data subjects:

• grounds of data
• period of retention
• mechanism of export (if exported outside of the EU)
• source of the data

must also give their rights/ right to complain/ right to withdraw data

Question 17

What is data subject rights?

Answer 17

• right to have data transmitted to themselves or another data controller
• to require controller to erase the data in some circumstances
• right to request more info on processing through a subject access request

Question 18

If a data participant requests information on data/ uses their rights how long do organisations have to respond?

Answer 18

Within one month

Question 19

Can data controllers charge a fee for data requests?

Answer 19

Generally no

Question 20

if there is a data breach whom must be notified and within what timeframe?

Answer 20

ICO within 72 hours

Individuals to whom the personal data relates without undue delay.

Question 21

What must organisations maintain in terms of a data breach?

Answer 21

A data breach register

Question 22

When can data be exported outside the EEA?

Answer 22

Only when the recipient non-EEA country is either deemed by the European Commission to offer adequate data protection safeguards, or a valid export mechansim has been put in place

Question 23

If data is breached what can fines be? - certain important provisions

Answer 23

20 million EUROS or 4% of global annual turnover whatever is the greater

Question 24

If data is breached what can fines be? - other provisions

Answer 24

10 million EUROS or 2% of global annual turnover whatever is the greater

Question 25

what do the investment provisions of the Trustee act 2000 not apply to?

Answer 25

Occupational pension schemes, authorised unit trusts or certain schemes under the charities act 2011