Topic 24: Other regulation affecting the advice process Flashcards

1
Q

What are Oversight groups?

A

People or bodies with responsibility for ensuring firms meet various financial and regulatory requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are external auditors?

A

Inspect the firm’s financial accounts to ensure published financial reports are accurate and compiled in line with legislation and accounting standards. They are usually accountancy firms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Internal Auditors?

A

Usually part of an in-house department, whose role is to assess how effectively the firm manages risk and the controls it has in place, and to identify any improvements needed to risk management processes and controls. Some firms outsource the function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Trustees?

A

Responsible for holding and looking after trust assets in accordance with the trust deed, for the benefit of the beneficiaries. Examples in the context of financial services would be trustees of unit trust funds and occupational pension schemes. Pension scheme trustees have specific duties under the Pensions Acts of 1995 and 2004, and other trustees are subject to the requirements of the Trustee Act 1925 and the Trustee Investment Act 2000.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Compliance Officer?

A

Firms regulated by the PRA and FCA must appoint a compliance officer to oversee the firm’s compliance with regulations and legislation. The position is a senior management function under the Senior Managers’ Regime, and is responsible for the production of a compliance manual, compliance records, dealing with the FCA and making sure staff meet FCA requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Pension Protection Fund?

A

Compensates members of defined benefit occupational pension schemes when the employer becomes insolvent and the scheme cannot provide the promised member benefits. Funded by taking over and investing the assets of the insolvent employer’s scheme and charging a levy on other occupational schemes. It provides benefits for members at the scheme’s normal retirement date. Those who reached the scheme’s normal retirement date before the employer became insolvent receive 100% of the benefits they earned, while those who had not reached the normal retirement date are limited to 90%.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the six data protection principles?

A

1) Processed lawfully, fairly and in a transparent manner in relation to individuals.
2) Collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered
to be incompatible with the initial purposes.
3) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4) Kept accurate and up to date. Every reasonable step must be taken to ensure
that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
5) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, although archiving is allowed in certain circumstances.
6) Processed in a manner that ensures appropriate security of the personal
data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical
or organisational measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Data Subject?

A

an individual (a natural person) whose personal data is processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Personal Data?

A

information that can directly or indirectly identify a natural
person. This information can be in any format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Special Categories of Personal Data?

A

This data is more sensitive and so
needs more protection. Generally (although there are exceptions) such data
can only be processed if the individual has given explicit consent. Sensitive data includes information about an individual’s:
— race;
— religious beliefs;
— political persuasion;
— trade union membership;
— sexual orientation;
— health;
— biometric data;
— genetic data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Data Controller?

A

This is the ‘legal’ person who determines the purposes for which data are processed and the way in which this is done. The data controller is normally an organisation/employer, such as a company,
partnership or sole trader. They have prime responsibility for ensuring the
data protection requirements are adhered to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Data Processor?

A

This is a person who processes personal data on behalf of
the data controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An organisation must have a lawful basis for processing data. At least one of
the six must apply when processing personal data?

A

1) Consent – clear consent has been given by the individual to process their
personal data for a specific purpose.
2) Contract – the processing is necessary for a contract between the organisation
and the individual, or because the individual has asked for certain steps to be taken before entering into a contract.
3) Legal obligation – the processing is necessary for the organisation to comply with the law.
4) Vital interests – the processing is necessary to protect someone’s life.
5) Public task – the processing is necessary for the organisation to act in the public interest.
6) Legitimate interests – the processing is necessary for the organisation’s
legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides
those legitimate interests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A data subject has a number of rights, including the right to:

A
  • access personal data through subject access requests (under UK GDPR, no
    charge can generally be made for this);
  • correct inaccurate personal data;
  • have personal data erased, in certain cases;
  • object;
  • move personal data from one service provider to another
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In order to demonstrate compliance with the UK GDPR, an organisation must:

A
  • establish a governance structure with roles and responsibilities;
  • keep a detailed record of all data processing operations;
  • document data protection policies and procedures;
  • carry out data protection impact assessments for high-risk processing
    operations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How is the UK GDPR enforced?

A

The Information Commissioner is responsible for overseeing the application
of the UK GDPR. Firms should report significant personal data breaches to
the Information Commissioner.

17
Q

What are the criminal offences under GDPR?

A

The following are criminal offences.
1. For a data controller to fail to comply with an information or enforcement notice.
2. Failure to make a proper notification to the Information
Commissioner. ‘Notification’ is the way in which a data
controller effectively registers with the Information Commissioner’s Office by acknowledging that personal data are being held and by specifying the purpose(s) for
which the data are being held.
3. Processing of data without authorisation from the Commissioner.
4. Intentionally or recklessly re-identifying individuals
from data that is pseudonymised – it can no longer be
attributed to a specific person without the use of additional information, which is kept separately – or anonymised – it
does not relate to a natural person or has been processed
so the data subject cannot be identified (ICO, no date).

The maximum penalty is the higher of £17.5m or 4 per cent of an organisation’s total annual worldwide turnover in the
previous financial year.

17
Q

There are several courses of action the
Commissioner can take if there has potentially been an infringement of the
terms of the Regulation?

A
  1. Serve Information Notices
  2. Issue Undertakings
  3. Serve enforcement notices and ‘stop now’ orders where there has been a breach
  4. Conduct consensual assessments (audits)
  5. Serve assessment notices
  6. Issue monetary penalty notices
  7. Prosecute
  8. Issue a ban
18
Q

What is the role of the Pensions Regulator?

A

The Pensions Regulator (TPR) is responsible for the regulation of work-based pension schemes (as well as some personal pension schemes), and it aims to:
- ensure employers enrol their staff onto a work-based pension scheme (known as ‘automatic enrolment’);
- protect the benefits of a work-based pension scheme, as well as people’s
savings;
- protect the benefits of personal pension schemes where there is a direct
pay arrangement;
- promote good administration of work-based schemes, as well as people’s
savings;
- reduce the risk of situations arising that might lead to claims for compensation from the Pension Protection Fund (see section 24.3);
- maximise employer compliance with duties and safeguards under the
Pensions Act 2008;
- minimise any adverse impact on the sustainable growth of an employer
(TPR, 2022).

19
Q

What is a Direct Pay Arrangement?

A

A direct pay arrangement is one where the employer collects an employee’s
pension contributions from their gross salary and pays them over to the pension provider.

20
Q

What is Markets in Financial Instruments Directive (MiFID)?

A

The Markets in Financial Instruments Directive (MiFID) applies to firms that
provide services to clients in relation to tradeable financial instruments, which
include shares, bonds, units in a collective investment, and derivatives. Life
assurance, pensions and mortgages are outside the scope of MiFID.

21
Q
A