Principles and Rules As Set Out In The Regualtory Framework Flashcards
What is the general rule of Prohibition set out by the financial services and Markets Act (FSMA)
No one should undertake a regulated activity without being authorised or exempt.
Who is exempt from the general Prohibition rule? 5
Appointed representative of an authorised firm.
Members of a designated professional body undertaking regualted activity as an incidental part of their buisness. (Solicitors/accountants)
Central banks
Local authorities
Certain governmental bodies.
Describe a task that a solicitor may undertake that would not need to be authorised?
When an accountant advises a client, they should make a pension contribution to reduce their tax bill.
They would only need to be authorised to then go on and set up the pension.
Describe a situation where a solicitor would not need authorisation?
To undertake encashment and distribution of assets as per the terms of a will.
They would need to be authorised to arrange investments into new financial instuments for a will beneficiary.
What is a firm that is authorised?
Authorised Professional Firm (APF)
Why has authorisation become more relevant recently for local authorities?
Due to now offering edeferred payment arrangements for long-term care recipients property.
In this case, the local authority is required to point the care toward independent advice.
Who are applications made to?
The relevant authority PRA or FCA using part 4a permission.
What should a firm do to find out if an activity is authorised?
Check the FCA handbook in block 9
Perimeter Guidance (PERG)
What will happen when a larger firm applies for authorisation?
They will apply to the PRA, and they will assess the firms capital adaquacy.
The FCA will assess their fitness from a conduct perspective.
What happens with smaller firms applying for authorisation?
They apply only to the FCA who do all their checks.
What are the time scales for application for authorisation?
6 months if the application is in full.
12 months if not (hence taking great care)
What is meant by great care when applying for authorisation?
It is a requirement of any firm applying for permission to undertake regulated activity that they disclose all information about which the regulator could reasonably expect to be informed.
What is the most basic condition for making and application for authorisation?
That the person be ‘fit and proper’ as set out in the FIT section of the FCA handbook.
What will happen if an application for authorisation is accepted?
The firm will be issued with a scope of permissions notice, which sets out what the permission covers.
At this point, the activity is now legal.
(It is not before this)
If refused, the firm recalls, and they have a right to appeal to the Upper Tribunal (Tax and Chandery Chamber)
What is the authorisation consequence for changing the status of a business?
It will need to apply for new authorisation except in the circumstance where a member of a two person partnership dies as this can then carry on but as a sole trader.
What are the responsibilities of being authorised?
Compliance with the regulator’s regulations.
Ensuring the firm has sufficient capital to meet adaquacy requirements.
Ensuring that anyone in a controlled function role has the necessary permissions.
Must not employ the services of an individual prohibited by the FCA/PRA
(Generally, because they have made a serious breach of regulations and standards laid out by the regulating authorities)
Who has the responsibility of ensuring the responsibilities of authorisation are met?
The firms compliance officer.
What is an authorised person?
Not a person but an authorised firm unless they are a sole-trader.
What is an approved person?
An individual approved by the regualtor to do a controlled function.
(A person who acts in a senior capacity or gives advice to customers)
Who is covered by the Senior Management and Certification Regime (SM&CR)?
Who is still on the approved person’s regime?
Most senior staff in a vast majority of firms.
Appointed representatives as they did not get moved to SM&CR.
What are the key aims of SM&CR?
Clarity of responsibility
Improved corporate governance & accountability for decision-making
Ensure firms don’t rely on collective board responsibility
Clarity of who runs the business
Give FCA a framework for enforcement when issues occur
Placing emphasis of responsibility on firms, not the FCA
What are the 3 types of firms SM&CR identifies for the application of requirements?
Limited scope - usually smaller businesses.
Core - subject to baseline regime
Enhanced - large, complex businesses which are subject to enhanced requirements
Why does SM&CR devided firms into 3 categories for application of requirements?
So, the requirements imposed on businesses are proportionate to the risk posed.
What is the purpose of SM&CR?
To make sure personal filling senior roles have personal responsibility for the actions of their business area.
Meaning they have prescribed roles, joined together into an overall organisational responsibility map.
This allows a joined up picture of the organisation, who holds what responsibility and identifies gaps.
What must a senior manager hold before taking up their role.
Preauthorisation from the regulator.
Name a prescribed responsibility within an investment firm.
A nominated compliance officer (SMF 16)
In the new certification regime, what is required of the broader selection of staff members?
An annul fit and proper test for key members.
Pretty much everyone is held to conduct responsibilities within authorised firms.
Only exceptions are ancillary staff, i.e. cleaners
What does holding every staff member to conduct requirements mean?
They can not say they were just following orders, and they take personal responsibility for their actions.
What is expected under the old approved person’s regime?
Only those operating in controlled roles need to be approved and subject to checks on their fitness for the role.
This still applies to appointed representatives.
What are the 3 sections the SM&CR splits into?
The Senior Managers Regime
The certification regime
The conduct rules.
Fes tibe the Senior Managers Regime section of SM&CR
Covers senior roles
Can be withdrawn if failing to pass fit and proper test.
Can be fixed or prohibited from working within a regulated firm
Each prescribed responsibility under this regime should be held by one person.
Each senior manager will have a statement of responsibilities and a corresponding duty of responsibility.
Describe the certification regime
Covers material risk takeovers such as customer facing roles
Responsibility for the oversight of these roles is very much passed over to the authorised firm.
Firms must report names of individuals performing these roles to the FCA. They are published in a central directory.
Describe the conduct rules section of SM&CR
Applies virtually to everyone within the business.
Covers basic good conduct and the requirement for sufficient training.
Replaced the approved person’s regime.
Does not cover appointed representatives.
No one to be approved unless they pass a fit and proper test.
Holds individuals and firms accountable for their actions.
Acountability remains even after classing to be approved with no statue of limitations.
Action must be taken within 3 years of discovering wrongdoing.
Why is there no reason for appointed representatives (AR) to be authorised by the FCA?
The principle will be authorised instead.
Describe some situations where the worker is an appointed representative?
A financial advisor tied to an authorised employer.
An advisory network where the network is authorised and the individual firms are ARs.
What should the principle check with regards to their ARs?
Whether there is any conflict of interest
Are they fit and proper
Whether the principle has the necessary system controls to be responsible for the ARs conduct and actions.
Is there a written agreement for the principle to accept responsibility for the actions of the AR.
Is a written agreement necessary between principle and AR
Yes, and the FCA must be notified within 10 days of this coming into force.
In the case of an AR having two principles, what must happen?
There must be a written agreement between the two principles, and one must agree to act as lead, for instance, to handle complaints.
What must firms be aware of for training?
Recruiting from the right level of training and experience.
Staff should demonstrate their competence before being allowed to opperate. (Supervision/on board training)
Makesure staff competence is maintained
Managers undertake gap analysis and rectify findings
No one to opperate in specialist roles without correct training.
What are some examples of specialist training?
Adivising on long-term care.
Advising on equity release
Pension transfer specialist (requires level 6 paper, CII’s AF7)
What is the requirement for financial advisors to start their role?
Must complete a level 4 standard qualification within 48 months of starting. (e.g. CII Diploma in Regualted Finance)
What is the minimum qualification for mortgage advisors?
Must hold a level 3 qualification with no prescribed time limit.
What is the minimum requirement for advisors CPD?
35 over a rolling 12 month period.
21 being structured CPD
What is structure/unstructured CPD?
Structured has specific learning outcomes, i.e. training courses.
Unstructured is anything else.
What time scale should MiFID and non-MiFID competencies be kept for after an employees period of employment?
5 years MiFID
3 years non-MiFID
How long must records of Pension Transfer Specialists training be kept?
Indefinitely
This is in line with the records they keep of the advice they give.
What should happen with breaches of training and competence?
They should be reported to the FCA. i.e., failing to meet the 48-month deadline to level 4 or in the view of a firm becomes incompetent.
What are firms forbidden from doing?
Giving any inducement that might cause a conflict with their responsibility to the consumer.
Give examples of what is and isn’t acceptable inducements.
Ok- Provision of a software package to all customer firms as part of an IT project.
Not ok- A bespoke piece of software produced for one customer firm.
Ok- Production of product literature (also necessary)
Not ok- putting the customer firms name on the literature.
Ok- some hospitality
Not ok- lavish hospitality exceeding the test of reasonable value.
Ok- providing training facilities for a customer firm to use
Not ok- only making training facilities available to the customer firm
What inducements are not allowed?
Under the table (trips to the races, lavish lunches)
Trail commission paid to someone other than the original advisor except under special conditions (further adis3 being given to a customer under another firms name)
What must happen with fee only arrangements?
Trail commission must be transferred to the client.
How long must inducement records be kept for?
5 years and must be recorded. (If in doubt, record it)
What are the timescales for record keeping?
Indefinitely - pension transfer, freestanding AVC (FSAVC) contracts, pension opt-outs. (Due to high risk)
Six year - financial promotions relating to life and pensions products.
Five year - Most other records.
What system does the FCA use for regulation?
RegData
What data must firms report to the FCA?
Capital adaquacy
Complaint levels
Type of business being transacted and the number of people involved.
Level of client funds held
Persistency levels (number of polices cooling-off or cancelling later)
How often do complaint levels need to be reported?
Twice yearly detailing the level and type of complaints.
What does complaint level reporting achieve?
Spot potential issues in firms and across firms in relation to the type of business.
How are complaint returns further broken down.
How quickly they were resolved
Under 4 weeks
4-8 weeks
Over 8 weeks
What do reporting persistency levels achieve?
An increase could suggest pressure being applied at the point of sale.
When would the FCA expect a firm to make an immediate notification?
In the event of a breach or material change that could impact the regualtory status of the business.
This would include a change of business address, the appointment of a new director, or appointment of someone into a specialist control led function such as a pension transfer specialist or compliance officer.
What is a complaint?
An expression of dissatisfaction, which can be verbal or written and which may or may not be justified.
It must be in relation to the provision of or failure to provide a service and allege that the complainant either suffered or will sufferer financial loss, material distress, or inconvenience.
In regards to complaints, what must a firm never do?
Insist a complaint is made in writing
What should happen with each complaint?
Don’t pre-judge.
Take every compliant on its merits and investigate accordingly.
Who is an eligible complainant?
An individual consumer
Consumer buy to let
A small business with less than 10 staff and a turnover or balance sheet under EUR2m. (Micro-enterprise)
A small business with fewer than 50 staff and a turnover or balance sheet under £6.5m
A charity with an annual income of less than £6.5m or a trust with net assets under £5m.
How should a firm’s complaint procedure be handled?
Each firm must have and publicise the procedure.
The right complaign should be given to the customer and should also make the customer aware they are covered by the financial ombudsman service.
A senior member of staff should be appointed to handle the firms dedicated complaints handling function.
Complaint investigation should be handled completely, diligently, and impartially as per the FCA requirement.
What are the mandatory steps involved in recovering a complaint?
The customer should be sent an acknowledgement within a reasonable timeframe.
After 4 weeks, if the complaint is still not resolved, the customer should be sent a holding letter explaining that the complaint is still being handled.
After 8 weeks or upon earlier completion of the investigation, the customer should be sent a further letter. (Either the final response or a further holding letter explaining the reasons why and when it is expected). At this point, no matter what applies, the firm must inform the customer of their right to go to the Finanacial ombudsman service.
If a complaint is upheld, what should a firm do?
Make an offer of compensation or action to restore the client to their position as though the wrong-doing hadn’t happened.
What are the time frames for making a referral to the Financial Ombudsman Service (FOS)?
Made within 6 months of te iving the right to go to the FOS.
Made within 6 years of the event in question or 3 years if discovered later down the line.
On the complaint flow chart what is Part one?
Rapid resolution
- if a complainant can be resolved within 3 days
- Confirm matter is considered to be resolved.
- provide details of FOS for information and potential refferal
On the complaint flowchart, what is Part 2
Promote acknowledgement (if rapid resolution was not possible)
- for example, 5 days
- acknowledge and send a copy of the complaints procedure.
- assign complaints handler
On the complaint flow chart, what is on part 3?
Keeping the client informed
- for example. Within 4 weeks.
- summary and resolution where possible, including FOS details and rights to reffer.
- or
- ## holding response
On the complaint flowchart, what is Part 4?
Within 8 weeks
- fianl response
- or
- Details of when the firm will be able to issue a final response and FOS referral details.
- and confirmation of the right to refer to the FOS within 6 months
On the complaint flowchart, what is Part 5
Twice a year
- firms must send compliant statistics to the FCA
On the complaint flowchart, what is Part 6
Three years
- non MiFID buisness must hold onto details of complaints over this period
On the complaint flowchart, what is Part 7
Six years after the event
- maximum timeframe an individual has to complain
- this may be 3 years after they should have reasonably known they had cause to complain if that date is later than 6 years.
What is the usual standard that firms use to respond to a complaint
5 days, but this is not binding
What is the financial ombudsman service? (FOS)
An independent adjudicator under the control of the FCA
What does the FOS do?
Looks into complaints on their merit and decides whether they should be upheld.
What are firms expected to do with the FOS?
Fully co-operate with them and provide any information it deems necessary.
Are the FOSs decisions binding?
Yes, for the provider but no for the complainant who can choose to reject the adjudication and take the matter to court.
What are the limits on the FOS being able to award compensation?
£415000 for cases referred after 1/4/23 for acts or omissions on or after 1/4/19
Plus
Interest
Costs
Interest on costs
Can the FOS award higher compensation than £414000 plus costs?
Yes, but it is not binding. However, if taken to court, the court will consider the higher amount.
What is the deal worked out for ombudsman regarding pensions?
Workplace pensions are subject to a separate ombudsman, but the FOS deals with sales and marketing, and the pensions ombudsman looks at matters of administration.
What might the FOS do?
Make a directions award
- this is simply telling the business to make things right. I.e make an apology, pay a claim.
How is the FOS funded?
A levy on firms based on their turnover and a flat-rate case handling fee for each complaint.
Firms should not make any attempt to recover this fee from the complainant.
Why was the financial services compensation scheme introduced?
If a firm failed and was not able to meet it’s obligations this would destroy confidence in the system.
How does the financial services compensation scheme work?
Other firms pick up failed firms’ obligations through compensation funded by levies. All firms regulated by the PRA and FCA are expected to pay this.
What does the FSCS cover?
Deposits
Investments and mortgages
Long-term insurance
General insurance
Pensions
How much is covered by the FSCS for deposits?
100% of the first £85000 per investor, per authorised firm.
Take care since several trading names might represent the same firm.
How much is covered by the FSCS for investments and mortgages.
100% of £85000
How much is covered by the FSCS for long-term insurance?
Provider fails - 100% of the claim no upper limit
Intermediary fails - 90% of the claim with no upper limit.
(This would apply where, for instance, the claimant was entitled to compensation, but the intermediary failed before it was paid.)
How much is covered by the FSCS for general insurance.
Compulsory insurance - 100% no upper limit
Non-compulsory insurance - 90% of the claim with no limit
How much is covered by the FSCS for pensions
Insured pension scheme - 100%
SIPP - 100% of claim up to £85000
How long does the FSCS attempt to pay out?
7 days from firm failure.
More complex tasks may take longer.
What extra thing would the FSCS do in the case of insurance?
Ensure continuity of cover by finding a new provider to take over the policies issued by the failing provider.
Before a claim is paid, what will the FSCS collate
Imformation about the nature and timing of the insolvency. Claims will be reduced if the FSCS feels there was negligence on behalf of the claimant that contributed to the loss or if it feels that policy values were artificially high.
How is the levy paid for the FSCS?
It is determined by the sector the firm opperates in ie. Insurance firms protect insurance firms.
Limits are set for the maximum that a firm could be expected to pay that year.
How is an FSCS claim valid
If it comes from an eligible complainant. (Broadly, anyone except large companies or governmental bodies)
Who can the FSCS pay compensation to when a customer passes away?
Their executor.
What is the estimated amount of global money laundering?
2-5% of global GDP
How is the process of money laundering carried out?
Placement - dirty funds placed into a fininacial product
Layering - moved around the system via a series of transactions
Integration - investment product sundered resulting in a clean cheque from the provider.
Why is there a global effort against money laundering?
Because of the harm it can do.
What was introduced to tackle money laundering? And what does it do?
Proceeds of Crime Act 2002
Works against money laundering and also people who fail to disclose a suspicion of money laundering.
If you suspect someone of money laundering, what should you do?
Don’t tell them as this is known as tipping off and is a crime in itself.
Carry on the transaction and report it.
What should each firm have to facilitate the reporting of money laundering?
Money laundering reporting officer (MLRO)
Whi does the MLRO report to if they think money laundering I’d taking place?
The National Crime Agency (NCA)
How does the MLRO report to the NCA?
By filling out a suspicious activity report (SAR)
What is the NCA?
A police body that handles money laundering in the UK.
Who holds the reporting individuals’ details?
The NCA, but their details are kept anonymous in court.
What is the assets recovery agency?
An agency that is part of the NCA established by the proceeds of crime act that can obtain a court order and confiscate or tax the proceeds of crime.
They ha e a wide range of powers when obtaining information regarding suspects and their financial details.
Where are the current rules on money laundering found?
The money laundering, terrorist financing and transfer of funds (information on the payer), regulations 2017
The money laundering and terrorist financing (amendement) regulations 2019
Guidance from the Money Laundering Steering Group (JMLSG), which interprets EU and international regulations and advises the UK.
Whi chairs the JMLSG?
The Bank of England and has representatives from around the industry.
What does customer due diligence (CDD) require?
Firms should consider the potential risk posed by a client and verify their identity.
Should be done whenever a firm does business with someone and should be required again for future business if there are concerns that previously obtained evidence remains valid.
Required if the firm has suspicion of money laundering.
Each transaction should be considered on its merits, and there are no longer automatically exemptions for smaller premium contracts.
How is CDD undertaken?
Validate customer identity and address.
For validation, what does the guidance allow?
A single source of ID if it is government issued. In practise, most companies will require more.
What will some companies do for validation?
Use the services of a credit reference agency to run an identity check, and for transactions involving businesses, we will search the company register.
What can a company employ if they are sure there is reduced risk?
Simplifies due diligence (SDD)
When would more stringent checks be required?
If the client is not physically present for the transaction or if they are a politically exposed person (PEP) from outside the UK.
How long should evidence of validation checks be held?
5 years from the transaction or 5 years from the end of the firms relationship with the customer. Whichever is later.
What should each company have in regards to money laundering?
A clear policy to tackle it and training for the staff.
The policy should be reviewed to ensure it remains current and valid.
Most companies require their staff to undertake retesting to ensure they remain aware of the policy within their role.
What must firms that are not covered by an anti-money laundering regulator do? (Estate-agents)
Register with an appropriate supervisor authority.
What replaced the data protection act 1998
The european general data protection regulation (GDPR)
When did GDPR come into effect
25th May 2018
Under GDPR, what is personal data?
Any information relating to a person that can be identified directly or indirectly.
In particular a:
Name
Identification number
Location data
Online identifiers
One or more factors specific to the person.
-physical
-psychological
-genetic
-mental
-economic
-cultural
-social identity
Includes IP address for PC
What are the 6 key data protection priciples?
Data should be processed lawfully, fairly, and transparently
Data should only be collected for specific and explicit purposes
Data collected should be adequate for the purpose it was collected
Data should be accurate and up to date
Data should not be kept longer than is necessary
Data should be processed in a confidential and secure manner
How many pages of actual data protection rules are there in GDPR?
204
What are the simple main provisions of GDPR
Make it easier for people to have control over their personal data.
Make it so data is held only with good reason (legitimate reason) and with explicit consent. When and how consent was gained must be demonstrated by firms.
Data controllers are responsible for ensuring anyone who processes data on their behalf have adequate controls before employing their services.
Penalties for non-compliance can be as much as £20m or 4% of global gross revenue.
Who is responsible for ensuring compliance with the GDPR?
The information commissioner officer (ICO)
If a data contrlloer breaches regulations, what can’t the ICO do?
They can impose fines.
What should a firm do if it recognises a breach in data handling?
Whistle blow to the ICO within 72 hours.
Under UK GDPR, what is an individual’s right concerning their data?
Right to be informed about data collection right to rectify inaccurate records
A right to have their data erased
A right to request a copy of the data held about them.
A tight to be forgotten.
Is there a fee for requesting a copy of data?
Generally, no, but SMEs can impose a fee if the request is manifestly unfounded or excessive.
How long should a data request take?
1 month
Under the right to be forgotten what should happen.
If data is no longer needed, they can have it deleted, and data processors will be responsible for anyone downstream to follow suit.
What must firms do in regards to the security of data.
Consider the strength of their own security.
Under take risk analysis to consider potential threats or weaknesses and implement steps to address the shortfalls revealed.
Risk analysis should also consider firms performing work in an outsourcing arrangement.
