Learning Objective 3 - Chapter 4 (3 marks)

Question 1

what is corporate governance?

Answer 1

A system by which an organisation is directed and controlled; the process where company objectives are established, chieved and monitored.
CG is also concerned with the relationships between the board, management, shareholders and othe releant stakeholders within a legal and regulatory framework

Question 2

what are the two most important parts of good corporate governance?

Answer 2

Transprarency and accountability

Question 3

what is a corporate governance framework?

Answer 3

This comprises rules and practices through which a board of directors nsures accountability, fairness, and transparency in a companys relationship with its stakeholders.

Question 4

what are the four levels that the Corporate Governance framework in the UK operates?

Answer 4

• Through Legislation - The Companies act 2006
• Through Regulation - In particular for listed companies on the London Stock exchange, through the listing rles which is the responsibility of the FCA
• Through reporting; via the UK corporate governance code, which is the responsibility of the Financial Reporting council.
• for all companies not listed on the LSE, adopting equivilnt approaches to corporate governance to those that are listed, as the UK CG code is considered to represent best practice standards of supervision and management by directors and stakeholders

Question 5

what was the first full UK corporate governance code?

Answer 5

The Cadbury Report, published in 1992.

The initiative to form a committee (Under the chairman of Sir Adrian Cadbury) in order to publish a code of practice followed several high profile corporate failures

Question 6

what was the corporate governance code formerly known as?

Answer 6

The combined code

Question 7

What is the FRC and what is its mission?

Answer 7

The Financial Reporting Council

The FRC’s mission is to promote transparency and integrity within business, it sets the UK corporate governance and stewardship codes and UK standards for accounting and actuarial work.

Question 8

what is the most up to date corporate governance code and when did it come into play?

Answer 8

The 2018 CG code, which came into play 01 Jan 2019, replacing the 2016 code.

Question 9

what was the 5 main sections of the 2016 code?

Answer 9

• Leadership
• effectiveness
• accountability
• remuneration
• relations with shareholders

Question 10

what are the 5 main sections of thr 2018 code?

Answer 10

• Board leadership and company purpose
• Division of responsibilities
• Composition, succession and evaluation
• Audit, risk and internal control
• Remuneration

Question 11

what does the ‘Board leadership and company purpose’ section of the 2018 Corporate Governance code entail?

Answer 11

• the principal that a successful company will be led by an effective board, promoting long term sustainable success and generating value for shareholders
• All directors must act with integrity, lead by example and contribute to wider society
• the board should ensure that there is a framework in place which allows for risk to be assessed and managed

Question 12

what does the ‘Division of responsibilities’ section of the 2018 Corporate Governance code entail?

Answer 12

-The chair will lead the board and is responsible for its overall effectiveness in directing the company.
- The board should include an appropriate combination of executive and non-executive
(and, in particular, independent non-executive) directors, such that no one individual or
small group of individuals dominates the board’s decision-making.
-The board, supported by the company secretary, should ensure that it has the policies,
processes, information, time and resources it needs in order to function effectively and
efficiently

Question 13

what does the ‘Composition, succession and evalution’ section of the 2018 Corporate Governance code entail?

Answer 13

• appointments to the board should be formal, thorough and transparent and an effective succession plan should be maintained for board and senior management.
• The board should have a combination of skills, experience and knowledge.
  -Annual evaluation of the board should consider its composition, diversity and how effectively members work together to achieve objectives. Individual evaluation should demonstrate whetehr each director continues to contribute effectively

Question 14

what does the ‘Audit, risk and internal control’ section of the 2018 Corporate Governance code entail?

Answer 14

• The board should establish formal and transparent policies and procedures to ensure the independence and effectiveness of internal and external audit functions.
• the board shouls establish procedures to manage risk, oversee internal framework and determine the nature and extent of principal risks the company is willing to take in order to achieve its long term strategic objectives.

Question 15

what does the ‘Remuneration’ section of the 2018 Corporate Governance code entail?

Answer 15

• Remuneration policies and practices should be designed to support strategy and promote long term sustainable success. Executive remuneration should be aligned to the companies purpose and values, and linked to the companies long term strategy.
• a formal and transparent procedure should be developed on executive remuneration. no director should be involved in the deciding of their own remuneration outcome.

Question 16

what 4 things should companies do in terms of going concern, risk management and internal control according to the CG code 2018?

Answer 16

• Identify any material uncertainties in their ability to trade as ongoing concern,
• assess their principal risks and explain how they are being managed
• state whether they are able to continue in operation and meet their liabilities
• monitor their risk management and internal control systems at least annually.

Question 17

is compliance with the Corporate Governance Code a legal requirement?

Answer 17

It is not a legal requirement however it is part of the Stock Exchange Listing Rules. i.e companies are required to state in their annual report that they are in compliance with the code, or if not fully complaint, to detail (explain) where they are not compliant and why.

Question 18

what is Turnball guidance?

Answer 18

Set up under the chairmanship of Nigel Turnball - set out best practivce on internal control for UK listed companies, and assisted them in applying the section of the UK CGC that deald with internal control.

Question 19

When was the turnball guidance published?

Answer 19

1999 originally, then updated versions were issued by the FCA in 2005, 2009 wiith the latest being 2014

Question 20

What were the key changes to the 2014 issue of the ‘turnball guidance’?

Answer 20

The turnball guidance was republished and called ‘Guidance on Risk Management, Internal Control, and Related Financial and Business Reporting’ (the ‘Risk Guidance’). It applies to listed companies for accounting periods beginning on or after 01 October 2014.

Question 21

what are the legal requirements for compliance to the Corporate Governance Code?

Answer 21

UK companies are not legally required to comply with the CGC, however if the firm is listed on the London Stock Exchange, then compliance (or a reason as to why they are not compliant) is required under the Listing Rules.

Question 22

what is the stance on CGC for mutual companies?

Answer 22

They have no legal obligation to comply, as with any UK company. However, under The Association of Financial Mutuals (AFM), they have their own version of the code which adapts the requirements to the particular needs of mutual companies.
i.e this includes gudance around the role of shareholders (adapting this to members) and the appointment of directors that have specific experience of the intrests of members. A good example of this is the Met police friendly society, where certain non-exec directors or retired police officers serve.

Question 23

what were the main intentions of the 2018 publication of the revised Guidance on Audit Committees by the FCA?

Answer 23

This intended to stimulate thinking on how boards can carry out their role most effectively and is designed to help boards with their actions and decisions when reporting on the application of the codes principles.

The key areas addressed:
1. Making sure best practice is followed out, the audit committes arrangements need to be proportionate to the task, and will vary according to the sixe, complexity etc.
2. The audit commitee has a particular role, acting independently from the executive, to ensure that the interests of the shareholders are properly protected in relation to financial reporting and internal control, while directors have a duty to act in the interests of the company. If there is any dispute between the board and the audit committee, this is to be resolved at board level
3.The guidance contains recommendations about the conduct of the audit committee’s relationship with the board, exec management and internal and external auditors.
4. The management is under obligation to ensure the audit committee is kept properly informed.

Question 24

what are the 7 main roles and responsibilities of the audit committee?

Answer 24

• Monitoring the integrity of the companies financial statements
• Reviewing the companies internal financial records
• Monitoring and reviewing the effectiveness of the companies internal audit function
• Making recommendations to the board regrding appointment of ext auditor and approving remuneration and terms for the engagement of the ext auditor
• Reviewing and monitoring the ext auditors independence and objectivity in the audit process
  -developing and implementing policy on the engagement of an ext auditor
• to report to the board, identifying any matters where is considers that action or imrpovement is needed

Question 25

when did the FRC publish the Guidance on Board Effectiveness?

Answer 25

2018

Question 26

What does the Guidance on Board Effectiveness, as published by the FRC in 2018 relate to?

Answer 26

Primarily, sections A & B of the CGC on leadership and effectiveness of the board

Question 27

Who developed the Guidance on Board Effectiveness after the FRC published it in 2018? and what were the main topics dealt with?

Answer 27

The Institute of Chartered Secretaries and Administrators (ICSA).

The main topics:
-Board leadership and company purchase
- Division of responsibilities
- Audit, Risk, and internal control
- Remuneration

Question 28

what is Germans version as adopted by the UK CGC?

Answer 28

The Deutscher Corporate Governance Kodex

Question 29

What is the Australian version of the UK CGC?

Answer 29

The Corporate Governance Principals and Recommendations

Question 30

What is the South East Asian CGC version?

Answer 30

South East Asia Corporate Governance Initiative - launched in 2014

Question 31

What isthe USA approach to CGC?

Answer 31

The USA take a different approach. Companies with a listing on a stock exchange in the USA are required to comply with requirements of the Sarbanes-Oxley Act 2002 (SOX). Therefore this legilsation is relevant for many UK companies that have a US stock exchange share listing.

The results of the SOX legislation continue to receive mixed reviews, although a 2017 study published by the American Accounting Association provides evidence that the requirements SOX set for financial reporting and public audits have, in fact, served as an extremely effective warning process in detecting corporate fraud.

Question 32

what other countries have adopted a SOX type law?

Answer 32

apan, Germany, France, Italy, Australia, Israel, India, South Africa and Turkey

Question 33

in terms of company law, what is the difference for publicly listed companies?

Answer 33

They have to not only abide by the standard company law as all companies are, but also have to abide by ‘listing rules’, which effectively have the force of law.

Question 34

What do the listing rules dictate?

Answer 34

The contents of the prospectus for a company seeking a listing for the first time.

There is an ongoing obligation to disclose sensitive information, and communicate on new share offers, rights issued, and potential or actual takeover bids for the company.

The Listing Rules require quoted companies to produce half yearly financial reports as well as annual reports.

Question 35

what is the process called whena company seeks a listing for the first company?

Answer 35

An Initial Public Offering ‘IPO’

Question 36

What do all public companies and The London stock exchange have in common

Answer 36

They are both required to abide by the Listing Rules.

Question 37

what is the main legislation currently covering limited companies in the UK

Answer 37

The companies act 2006

Question 38

What does the Companies Act 2006 include regulation affecting?

Answer 38

• Company formation
• Statutory reporting
• Company meetings
• Responsibilities of company directors and officers

Question 39

what does companies house do?

Answer 39

Keeps public record of companies registered in the UK

Question 40

What are the three statutory functions done by companies house?

Answer 40

• Incorporate and dissolve limited companies
• Exampine and store company information under the Companies Act and related legislation
• Make this available to the public

Question 41

who is responsible for making sure information about the company & its accounts are sent off to companies house?

Answer 41

The company director has a personal responsibility to do this.

Question 42

what must a company do before it wants to enter into any contracts or undertake any business?

Answer 42

Register with companies house, as without registration, it has no legal existence.

Question 43

if a company wants to issue shares, what must it do?

Answer 43

it must register as a public company and comply with certain additional rules such as having allotted share capital of at least £50,000

Question 44

what do the registration documents set out?

Answer 44

1 - companies name
2- whether the company is public or private
3 - whether the liability of the members of the company is limited and if so, if this is by shares or by guarentee. If the company is to be limited by shares, the document must also include a statement of capital and the initial shareholdings.
4 - the situation of the companies registered office. (in the UK )
5 - The statement of the proposed officers
6 - the proposed articles of association

Question 45

what are the two types of documents that companies are legally required to submit to companies house as part of statutory requirements?

Answer 45

• Confirmation statement
  -Reports and accounts

Question 46

what is a confirmation statement?

Answer 46

this is essentially an information document, including the company’s registered address, the principal business activities, information about the company’s directors, company secretary (where applicable), shareholders and the companies share capital.

Question 47

how often must a confirmation statement be issued to companies house?

Answer 47

At least once every 12 months.. The company has 28 days from the date to which the return is made to do this. The return is a summary of the company’s details to a particular date, being the ‘made up date’

the latest date that it may be made up is the anniversary of the previous return

Question 48

what does the companies act say about the retaining of accounting records?

Answer 48

Companies Act requires that every company must keep accounting records which are sufficient to show the company’s transactions.

i.e, to:

• disclose with reasonable accuracy & at any time, the financial position of the company at that time
• enable the directors to ensure that any accounts required to be prepared comply with the requirements of the act

Question 49

what are the accounts useful for?

Answer 49

Investors and other stakeholders who want to know the condition of the company in which they have invested their capital and to assess the performance of the directors.
Creditors, to obtain reassurance that their debts will be paid or alert them to any possibility that it may not be paid

Question 50

By law, what must the accounts show in terms of view?

Answer 50

They must show a true and fair view.

Question 51

what is there to aid companies to give a true and fair view of their economic position?

Answer 51

to aid this process, companies are required to comply with accounting standards, i.e preparing their consolidated accounts;

companies listed on the London Stock Exchange have to follow International Financial Reporting Standards

Question 52

For most companies, what 3 things will the annual accounts include?

Answer 52

• Income statement (profit and loss account)
• A balance sheet signed by a director
  -A directors report signed by a director or the company secretary.

Question 53

what is the set of required documents (income statement, balance sheet and directors report) when grouped together, called?

Answer 53

The annual report and financial statements

Question 54

what is a directors report and when is it required?

Answer 54

This is a report that should include a fair view of the company’s business and a description of the principal risks and uncertainties facing the company

This is required by the CA 2006 to include a business review, unless the company is subject to the small companies regime.

Question 55

what 5 things must the business review include if it is a quoted company?

Answer 55

• The main trends and factors likely to affect the future development, performance and position of the company’s business

info about:
-environmental matters
-the company’s employees
-social and community issues
-info about which persons to with whom the company has contractual or other arrangements which are essential to the business.

Question 56

what is a directors remuneration report?

Answer 56

This has to be submitted by the directors of a quoted company
-must be approved by the board of directors and signed by a director or the secretary of the company.
-must include a detailed summary of any performance conditions for share options & long term incentive schemes and why these were chosen.
-details of directors service contracts, salaries, fees, bonuses, share options, long term incentive schemes, pensions, retirement benefits, compensation for past directors & sums to third parties for directors services.

Question 57

what is the main influence on directors reports?

Answer 57

The Large & medium sized companies and groups accounts and reports (amendment) regulations 2013 - issued by the Association of British Insurers (ABI

Question 58

what is a chairman’s statement?

Answer 58

This is usually included in the annual report & is normally a broad statement about the company’s activities attributed to the company’s chairman. This is not required by the companies Act.

Question 59

is there any obligations on auditors regarding Chairman’s or directors Statements/reports?

Answer 59

External auditors are not required to judge weather the content of either the directors or chairman’s reports are true and fair. However, they would be obliged to report to the shareholders any inconsistency that arose between these statements and the rest of the annual report

Question 60

what are the rules around the submission of annual accounts?

Answer 60

There are special rules for small & medium companies however all companies have to keep accounting records and all limited companies have to submit these to companies house.

Quoted companies must ensure that their report and accounts are available on their website.

Question 61

in what time frame do companies have to submit their accounts?

Answer 61

Private companies must file within 9 months of the year end and private have to submit theirs within 6 months.

Question 62

do all companies need a company secretary?

Answer 62

All public companies have to have a company secretary, as required by the Companies Act 2006.

Question 63

What does the CA 2006 impose on companies regarding a company secretary?

Answer 63

The Companies Act 2006 requires all public companies to have a company secretary,
although a private company need not have one.
The 2006 Act imposes a duty on the directors of companies to:
take all reasonable steps to secure that the secretary…of the company is a person who appears to them to have the requisite knowledge and
experience to discharge the functions of secretary of the company

Question 64

what are the key roles of a company secretary?

Answer 64

guiding a chairman and board on their responsibilities under the rules and regs
-supporting the chairman in ensuring the board functions efficiently and effectively
-ensuring good information flows within the board and its committees and between senior management and non-exec directors, as well as facilitating induction and assisting with professional development as required
- developing and overseeing the systems that ensure the company complies with all applicable codes, legal and statutory requirements
-overseeing day to day admin
- responsible for facilities, HR, Insurance, investor relations, pensions, admin,

Question 65

according to the FRCs guidance on Risk management, Internal Control and Related Financial and Business Reporting, who has the responsibility for risk management and internal control?

Answer 65

The board ultimately takes on this responsibility

Question 66

what does the FRC guidance set out in relation to the boards responsibility for risk management and internal control?

Answer 66

They provide a high level overview of the factors they should consider regarding design, implementation, monitoring and review of risk management and internal control systems

Question 67

what does the FRC guidance not set out in relation to the boards responsibility for risk management and internal control?

Answer 67

It does not set out, in detail, the procedure by which a company designs and implements its risk management and internal control systems `

Question 68

what does the FRC guidance not set out in relation to the boards responsibility for risk management and internal control?

Answer 68

It does not set out, in detail, the procedure by which a company designs and implements its risk management and internal control systems `

Question 69

who should corporate governance and effective risk management be adopted by?

Answer 69

all operational managers and staff within the organisation

Question 70

what is the first line of defence?

Answer 70

The front - line staff / managers. It is the responsibility of these managers to make sure that risks are identified and controlled in keeping with the strategy and control environment

Question 71

what might be in place to support operational managers in being the first line of defence?

Answer 71

Firms usually have a team of risk management who coordinate the risk activities and act as advisors and monitors to the senior management and board. This may be made up of risk analysts, health and safety specialists, regulatory and compliance advisors .

Question 72

Who is the control of risk assigned to?

Answer 72

The management most closely involved with the activity.

Question 73

Who will be in control of risks associated with fraudulent claims?

Answer 73

The head of claims

Question 74

Who will be in control of risks associated with service interruptions

Answer 74

The head of IT

Question 75

Who will be in control of risks associated with ensuring the accuracy of accounting records

Answer 75

The Finance Director

Question 76

what is the second line of defence for risk management?

Answer 76

The risk management department, supporting operational / department managers / compliance / security

Question 77

who is the third line of defence for risk management?

Answer 77

The internal audit team / risk and control owners

Question 78

what are the four ways to ensure effective management of risks in underwriting?

Answer 78

• Limits of authority for individual underwriters
• second review of quotations by senior underwriters
• regular review of pricing schedules
  -monitoring of aggregation (or risk accumulation) practices

Question 79

what are the 3 ways that risk is managed in claims?

Answer 79

• All claims payments are reviewed by second member of staff
• Claim validity checking
• Reinsurance coverage reviewed by senior management

Question 80

what are the 3 ways that risk is managed in claims?

Answer 80

• All claims payments are reviewed by second member of staff
• Claim validity checking
• Reinsurance coverage reviewed by senior management

Question 81

What are three ways that risk is controlled in finance?

Answer 81

• Daily reconciliation between ledgers and bank accounts
• limited authorities for authorising accounts payable
  -Anti-money laundering measures

Question 82

What are 4 ways risk is managed in human resources?

Answer 82

• Reference checks for new employees
• A scheme of regular training and development for all staff
• Audit of expenses claimed
• Absence monitoring

Question 83

what are 4 ways risk is managed in IT?

Answer 83

• Back up records on a daily basis
• Relocation contingency plans
• Anti-Virus and intrusion software
• Data security and quality management

Question 84

what are the four main facets for risk management in insurance companies?

Answer 84

1- Strategic
2- Insurance / underwriting and reserving
3- investment/market
4 - credit

Question 85

what is considered the dominant risk amongst most organisations?

Answer 85

Reputation, however this is usually not deemed a risk in its own right, but rather as a result of lack of something else i.e staff training

Question 86

what do strategic risks refer to for an insurance firm?

Answer 86

i.e takeover bids, starting new lines of business, opening branches in new locations etc

Question 87

what do insurance and reserving risks refer to?

Answer 87

This relates to the potential for the loss ratio to be higher than that which was assumed in the business plan. I.e the adequacy of pricing premiums
i.e insurers must keep funds in place to pay the claims once discussions and investigations have completed.

Question 88

what is deemed as investment/market risks for insurers?

Answer 88

This includes losses due to the reduction in value of investments of returns that are below the planned level. Causes to these losses may be because of the insurers investment portfolio or because of more general market wide downturn

Question 89

what is deemed a credit risk for insurers?

Answer 89

Credit risks is those that relate to premium payments by clients and also for reinsurance recoveries. Losses due to non-payment of premiums is likely to be minimal for personal lines because most lines of insurances, payment is required before cover commences and for commercial lines, notice of cancellation will be issued if premiums are not paid in a given time frame.

also, where an insurer takes a large claim payment there may be reinsurance protection in place. There is a credit risk that a reinsurer may become insolvent if not financially sound.

Question 90

what is an operational risk deemed as for insurers?

Answer 90

This includes all risks that are not included in the other categories essentially. i.e risks for property damage to the insurers offices and equipment, fraud by employees, breach of regulatory rules, EL claims etc

Question 91

what is classed as a group risk for insurance companies?

Answer 91

this includes risks that emerge when a firm is a part of a wider group. i.e the UK group may rely on the parent for solvency capital, technical support and centralised services such as actuarial and admin. If the strategy at the centre changes, the UK firm may not be able to fulfil its business aims.

Question 92

what exercise might the board carry out when assessing risks and circumstances & looking at effectiveness and adequacy of controls?

Answer 92

a cost benefit exercise would be carried out to assist in the decision making.

Question 93

in order to bring structure and coherence to risk management activities in an organisation, what must risk managers do?

Answer 93

They use an established framework, or standard to guide them.

Question 94

What is a standard that has been adopted the most amongst the standards that have been published by various organisations over the past 20 years?

Answer 94

the UK Risk Management Standard

Question 95

how / why was the UK Risk Management Standard published?

Answer 95

This was compiled and published as a joint venture between Institute of Risk Management and the Association of Insurance and Risk Managers (AIRMIC) and ALARM (the Public Risk Management Association). It has since been adopted by the Federation of European Risk Management Association (FERMA)

Question 96

What is at the heart of any risk management standard?

Answer 96

A flow process for the risk management - where each step follows on from previous work.
I.e risk identification must be undertaken before risk estimation can take place.

Question 97

What are the 6 parts of the risk management process according to the UK Risk Management Standard?

Answer 97

1 - The organisation creates strategic objectives
2- Risk Assessment, Risk Analysis, Risk Evaluation
3 - Risk Reporting, threats and opportunities
4 - Decision
5 - Risk Treatment
6- Residual Risk Reporting
7 - Monitoring

Question 98

When is a formal audit usually done in the risk management process according to The UK Risk Management Standard

Answer 98

Between the risk reporting and decision making stages

Question 99

what is another main international standard of risk management standards for organisations of any size?

Answer 99

the ISO 31000 (and the associated ISO 31010 - risk identification techniques)

Question 100

What does corporate governance say about a role of an audit committee?

Answer 100

good CG requires that firms have an audit committee made up of two or three (two in smaller companies) non-exec directors.

If it is a small company, the chairman may be a member but cannot be the chair of the audit committee, as long as they were considered independent on appointment as chairman.

At least one member of the committee must have the recent and relevant financial experience.

Question 101

who answers any questions to shareholders regarding audit?

Answer 101

The chair of the audit committee

Question 102

for financial years beginning on or after 01 January 2016, companies are required to have a full statutory audit by an external audit if they satisfy two of these three:

Answer 102

• A turnover exceeding £10.2m
• Net assets exceeding £5.1m
• More than 50 employees

Question 103

what kinds of companies are always subject to statutory external audits, no matter their size?

Answer 103

Investment firms
insurance companies
public companies

Question 104

An auditors report will state, whether in their opinion the annual accounts…:

Answer 104

• give a true and fair view
• Have been prepared in accordance with the relevant financial reporting framework
• Have been prepared in accordance with the requirements of this Act (and, where applicable, Article 4 of the IAS Regulation)

Question 104

An auditors report will state, whether in their opinion the annual accounts…:

Answer 104

• give a true and fair view
• Have been prepared in accordance with the relevant financial reporting framework
• Have been prepared in accordance with the requirements of this Act (and, where applicable, Article 4 of the IAS Regulation)

Question 105

what report emphasised the importance of an internal audit?

Answer 105

The Turnball report - as it stated that its main role is to evaluate risk and monitor the effectiveness of the systems of internal control.

Question 106

What is an alternative name for a chief internal auditor?

Answer 106

The Chief Audit Executive

Question 107

what does the scope of an internal audit include?

Answer 107

These are primarily conducted to address the needs of legal / accounting requirements.

Question 108

what 5 ways can internal audits assist directors with implementation of good CG?

Answer 108

• Maintaining a good internal control by reviewing how a company identifies and manages risk
• Reviewing board reports to ensure that they present a balanced and understandable view point
• ensuring the directors are up to date with new accounting and auditing issues i.e international accounting standards
• Communicating with the external auditors and ensuring a unified approach to work
• Ensuring that the board receives the correct communications and info required from ext auditors

Question 109

what is the primary focus of compliance work?

Answer 109

to ensure that processes and activities carried out in the firm are in compliance with established operational procedures and meet the requirements of the regulator

Question 110

how must data be maintained?

Answer 110

in a way that can be readily accessed by the appropriate staff Pricing actuaries and underwriting staff will use the data as input to their risk prediction software. it is important that any chases in the way data is collected or stored is known to the actuaries and UW’s

Question 111

when is being able to affirm the accuracy of data important?

Answer 111

When providing reports and analysis to senior management, i.e if deciding whether to enter or continue a class of business.

Question 112

Who imposes a requirement on accurate record keeping?

Answer 112

the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018)

Question 113

what does data quality and accuracy refer to?

Answer 113

The challenge of ensuring that data is reliable and complete

Question 114

when is a data cleanse needed?

Answer 114

Sometimes, data is collected on an inconsistent basis and a data cleanse will occur to bring each line of data into a standard format. I.e this is common when two businesses merge together who have collected data in different ways in the past

Question 115

what is the biggest emerging challenge for insurers and AI (Artificial intelligence) systems?

Answer 115

AI is commonly ised to determine acceptance and terms for insurance application, so if there is a lack of accuracy and quality in this data, this can lead to unjust treatment in customers.

Question 116

what is classed as input data in terms of AI ?

Answer 116

Data about a risk / individual

Question 117

what is classed as output data in terms of AI?

Answer 117

The accuracy of decisions or predictions about a risl / individual

Question 118

what needs to be done with confidential paper records?

Answer 118

They need to be stored in a secure, lockable cabinet or desk, and marked as private and confidential. access should be restricted to trusted individuals

Question 119

what needs to be done with confidential electrical records?

Answer 119

These need to be restricted to individuals that are trusted. i.e via password systems or encryption. companies must guard against hacking of their databases via antivirus and fire wall protection software

Question 120

in 2015, what did the ICO state the most common data security issues were?

Answer 120

• Data being posted or faxed to incorrect recipients
• theft / loss of paperwork `

Question 121

what is insider dealing / insider trading?

Answer 121

The misuse of confidential information by making investment decisions using information that should be confidential.

Question 122

what are the consequences of insider dealing / trading

Answer 122

This is a civil offence, and is defined in the Financial Services and Markets Act 2000

Question 123

what does the Financial Services and Markets Act 2000 cover regarding insider trading?

Answer 123

That this is a civil offence.

Makes reference to the following behaviour:

• Insider dealing: When an insider deals, or tries to deal on the basis of inside information
• improper disclosure; where an insider improperly discloses inside info to another

Question 124

what does the Financial Services and Markets Act 2000 cover regarding insider trading?

Answer 124

That this is a civil offence.

Makes reference to the following behaviour:

• Insider dealing: When an insider deals, or tries to deal on the basis of inside information
• improper disclosure; where an insider improperly discloses inside info to another perosn

Question 125

what should be done within a company to prevent confidential information from leaving the ‘insider’ group?

Answer 125

An ‘insider list’ should be made. This should be limited to trusted persons, and if anyone is removed from this list it should be known to all other insiders.

Question 126

who does UK GDPR relate to as of Jan 2021??

Answer 126

This applies to the controllers and processors in the UK.

Question 127

Prior to Jan 2021, what regs applies in the UK relating to GDPR?

Answer 127

The European Union GDPR.

Question 128

what is classed as sensitive personal data?

Answer 128

• Race
• Ethnic origin
• politics
• trade union membership
• genetics
• religion
• biometrics (where used for ID purposes)
• health
• sex life; or /
• sexual orientation

Question 129

what is the most significant addition in the Jan 2021 UK GDPR regs to the European Union GDPR?

Answer 129

The emphasis on accountability = the UK GDPR requires firms to show how they comply with the principals. I.e by documenting the decisions they take about processing activity

Question 130

what 6 data protection principals apply under the UK GDPR?

Answer 130

1 - Lawfulness, fairness, transparency - data should be processed lawfully
2- purpose limitation - data should be collected for a specified, explicit reason
3 - Data minimisation - should be adequate, relevant and limited to what is necessary
4 - Accuracy
5-storage limitation - kept in a form which permits identification of data subjects for no longer than necessary
6 - integrity and confidentiality - should be processed in a manner than ensures security of the personal data.

Question 131

why is establishing a lawful basis important?

Answer 131

firms need to identify a lawful basis before they can process personal data and document it. This is significant because the lawful basis that is used has an effect on an individuals rights

Question 132

What are the 6 lawful bases for processing data?

Answer 132

1 - Consent - must be given
2 - Contract - the processing is necessary for a contract a firm has with an individual OR because they have asked the firm to take specific steps before entering into the contract
3 - Legal obligation - the processing is necessary for the firm to comply with the law
4 - vital interests - the processing is necessary to protect an individuals life
5 - public tasks - processing is necessary in public interest
6 legitimate interests - processing is necessary for a firms legitimate interests, unless there is a good reasons that the individuals whos data is being processed can override this.

Question 133

what are the 8 rights to individuals under GDPR?

Answer 133

• Rights to be informed
• right of access
• right to rectification
• right to erasure
• right to restrict processing
• right to data portability
• right to object
• rights in relation to automated decision making and profiling

Question 134

what two good practice tools are legally required to be put into place regarding accountability?

Answer 134

privacy impact assessments
- privacy by design

Question 135

where are breach notifications reported to?

Answer 135

The ICO (information commissioners office), and in some cases the individuals that are affected

Question 136

what does ICO stand for?

Answer 136

information commissioners office

Question 137

what has been put in place to ensure that the protection of individuals afforded by the UK GDPR is not undermined?

Answer 137

restrictions have been imposed on the transfer of personal data outside of the UK to third countries.

Question 138

do the UK GDPR rules apply to firms operating in the EEA post brexit and those who send data to the UK?

Answer 138

Yes - these UK transfer rules pretty much mirror the EU GDPR rules, but the UK has the independence to keep this framework under review

Question 139

what was the main reason for implementation of the Data Protection Act 2018?

Answer 139

To coincide with the implementation of the EU GDPR (as this was prior to the EU GDPR) and the Law Enforcement Directiive (LED)

Question 140

what are the main elements of the DPA 2018 for general data processing?

Answer 140

• Implement GDPR standards across all general data processing
• Provide clarity on the definitions of terms used prior to brexit e.g definition of personal data
• Ensure that sensitive health, social care and education data can continue to be processed with confidentiality in mind.
  -provide appropriate right to access restrictions
• set the age to parental consent for online use to 13. This was supported by the ICO/

Question 141

what is the age that parental consent for online use is no longer needed?

Answer 141

13

Question 142

what are the main elements of the DPA 2018 for Regulation and enforcement?

Answer 142

• enact additional powers for the ICO (information commissioners office) who will continue to regulate data protection
• allows the ICO to levy higher administration fines on data controllers and processors for breaches (up to 17.5M£ or 4% of global annual global turnover
• empower the ICO to bring criminal proceedings for offences where a data controller or processor alters records with intent to prevent disclosure following a SAR

Question 143

what is the Information Commissioners Office (ICO)?

Answer 143

This is an independent government authority that oversees the UK compliance with general data protection.
They uphold information rights in the public interest
Any one holding personal data for anything other than domestic use is legally obliged to notify the ICO unless they are exempt

Question 144

What is the ICO’s view on changes to GDPR now that the UK has left the EU?

Answer 144

The ICO confirmed that it is in favour of the changes introduced by GDPR and sees no
need to amend the legislation now that the UK has left the EU.