UNIT 2- TOPIC 24 Flashcards
Define the following definitions as stated under the UK General Data Protection Regulation ( UK GDPR ):
Natural Person
Data subject
Personal Data
Special categories of personal data
Data controller
Data processor
Natural Person = An individual human being. Should not be confused with the broader term ‘legal person’ which can be a private or public company as well as an individual human being
Data Subject = The individual (the natural person) whose data is being processed
Personal Data = Information that can directly or indirectly identify a natural person.
Special categories of personal data = data that is more sensitive and needs higher protection and can only be processed with explicit consent
Data controller = This is the ‘legal’ person who determines the reason why the data is processed and the way it is processed. (Like TSB ) They make sure data protection requirements are met
Data processor = this is a person who processes personal data on behalf of the data controller
What is The Markets in Financial Instruments Directive (MiFID)
A directive that applies only to firms who provide services to clients which include to tradeable financial instruments
When did the General Data Protection Regulation come into effect in the UK?
Why was it made in the first place?
GDPR was introduced as an EU regulation, that all member states had to adopt by 25th May 2018. Since the UK left the EU (Brexit) what effect did this have on the adoption of the GDPR in the UK?
It came into effect in the UK on the 25th May 2018
It was created because the existing EU legislation for data protection (the Data Protection Directive of 1995 ) needed updating due to consumers increased online activity
The provisions of the GDPR were retained in UK Law as ‘UK GDPR’ so no effect
UK GDPR is based on a set of 6 Data Protection Principles, all of which are about the ‘processing’ of data protection
Outline and explain each
Under UK GDPR, an organisation must have a legal basis for processing data. There are 6 lawful reasons (only 1 must be satisfied for the organisation to legally process the data) What are they?
1) Consent
2) Required for a Contract
3) Legal obligation - the processing is needed for the organisation to comply with the law.
4) Vital interests - the processing is necessary to protect someone’s life.
5) Public task - the processing is needed for the organisation to act in the public interest.
6) Legitimate interests - the organisation has legitimate interests.
What different rights does a data subject have?
Data subjects have the right to:
access personal data through upon request request
correct inaccurate personal data;
have personal data erased, in certain cases
object to data being used
move personal data from one service provider to another
UK GDPR contains rules on the transfer of personal data to receivers located outside the UK
Tell me about these rules?
The rules apply to all transfers no matter what
The rules state the controller or receiver who initiates or agrees to the transfer is the one responsible for complying with the GDPR rules
What is a restricted transfer?
A transfer of personal data is known as a ‘restricted transfer’ if the receiver is:
Located in a third country
An international organisation
In a country where their sector is covered by UK ‘adequacy regulations’
NOTE:
* A third country is a country outside the EU
- If somewhere is covered by the UK’s adequacy regulation it means they are deemed to have adequate data protection rules in place
Who is responsible for overseeing the application of the UK GDPR and who should firms report to in the event of a significant data breach?
The information commissioner for both questions
The Information Commissioner is responsible for overseeing the application of the UK GDPR. Firms should report significant personal data breaches to the Information Commissioner.
There are 8 courses of action the Commissioner can take if there has potentially been an infringement of the terms of the Regulation. What are they?
Serve information notices
Issue Undertakings (make an organisation do a certain action to improve compliance)
Serve enforcement notices, and ‘stop now’ orders (make an organisation do something or stop doing something so they comply)
Conduct consensual assessments ( to conduct consensual audits)
Serve assessment notices (to conduct compulsory audits)
Issue monetary penalty notices
Prosecute ( those who commit criminal offences under UK GDPR)
Issue a ban
If the information commissioner serves ‘an information notice’ what does this mean
Same question, but for ‘an enforcement notice’
Same question but he issues ‘an undertaking’
If the information commissioner serves an information notice it requires an organisation to give the commissioner certain info within a set timeframe
If the commissioner serves an enforcement notice he requires an organization to take (or refrain from taking) specified steps in order to ensure they comply with the law
If the commissioner issues an undertaking this means he requires an organisation to do a certain task in order to improve its compliance
UK GDPR is based on a set of 6 Data Protection Principles, all of which are about the ‘processing’ of data protection
Under UK GDPR data protection must be:
1) Processed lawfully, fairly and in a transparent manner for any individual.
2) Collected for specified, explicit and legitimate purposes and not processed further in a way that is incompatible with those purposes
3) Adequate, relevant and limited to what is necessary in relation to the reason they are being processed
.4)Kept accurate and up to date.
5) Kept in a form that allows identification of the data subject for no longer than is necessary (archiving is allowed in certain circumstances)
6) Processed in a way that ensures appropriate security of the personal data by using the appropriate technical or organizational measures. This is to prevent unauthorised or unlawful processing and accidental loss, destruction or damage of the personal data
For number 4, what happens if the details are not accurate or up to date?
For number 2, what are the lawful ways it can it be processed which aren’t linked with the initial purpose?
For number 4: Every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay
for number 2: Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
What is The Pensions Regulator responsible for?
The Pension Regulator (TPR) is responsible for regulating occupational pension schemes and some personal pension schemes
What is The Pensions Regulators Aims?
(IVE ONLY INCLUDED THE MORE HARD TO REMEMBER ONES)
It aims to:
Ensure employers enrol their staff onto an occupational pension scheme
Reduce the risk of claims being made to the Pension Protection Fund
Ensure employers are compliant with requirements under the Pension Act 2008
Minimize any adverse impact on the sustainable growth of an employer
What is a direct pay arrangement?
What does it mean if a personal pension scheme is set up using a direct pay arrangement
A Direct Pay Arrangement is where the employer collects the employee’s pension contribution from their gross salary and pays it directly to the pension provider
If a personal pension scheme is set up using a Direct Pay Arrangement the Pension Regulator protects it like it does with occupational pension schemes
What kind of approach does the pension regulator take? Proactive or Reactive
Proactive
The Pensions Act 2004 requires the Pensions Regulator to issue voluntary codes of practice. What does this mean?
The codes provide guidelines for trustees, employers, administrators and others about complying with pensions legislation, and sets out the expected standards of conduct
Does the pension regulator work with the FCA?
Yes, to develop a joint strategy for regulating the pensions and retirement income sector
To protect the security of members’ benefits the Pension Regulator has a range of powers that fall into 3 main categories. What are they?
1) The power to investigate schemes
2) The power to put things right
3) The power to act against avoidance
The Pension Act introduced requirements for trustees to have sufficient knowledge and understanding of pension and trust law, and of scheme funding and investment
True or false?
True
What is the Pension Protection Fund and its purpose?
What else is the PPF responsible for?
When was it established?
What are the different ways the compensation payments of the PPF are funded?
The Pension Protection Fund (PPF) protects members of private sector defined-benefit pension schemes in the event their firm becomes insolvent and has insufficient funds to maintain full benefits for its scheme members.
The PPF is also responsible for the Fraud Compensation Fund, which provides compensation to occupational pension schemes that suffer a loss as a result of dishonesty
It was established in The Pensions Act 2004
THE PPF IS FUNDED FROM THE FOLLOWING:
It imposes a levy on defined-benefit schemes
It takes on the assets of schemes that are transferred to the fund.
It seeks the recovery of assets from insolvent employers.
It seeks to grow its funds through investment
What is electronic money?
Electronically stored monetary value issued on receipt of funds for the purpose of making payment transactions (fancy definition)
ie the thing that allows u to make cashless payments with your card etc in real life
The Markets in Financial Instruments Directive (MiFID) applies to firms that provide services to clients that involve tradeable financial instruments. Out of all the following products what is covered under MiFID?
Shares
Life assurance
Bonds
Units in collective investments
Derivatives
Pensions
Mortgages
Shares
Bonds
Units in collective investments
Derivatives
Mortgages, Pensions and Life assurance are not included in MiFID
What are the main aims of The Markets in Financial Instruments Directive (MiFID)
harmonise regulation of investment services across the EU
Increase competition
Increase consumer protection
MiFID covers two types of activity. These are classed as ‘core activities’ and ‘none-core activities’ respectively
Give me examples of both types of activity
If a firm performs both core and non-core activities what does this mean in relation to MiFID
If a firm only performs non-core activities what does this mean in relation to MiFID
Core Activities: “Investment services and activities”
Non-Core Activities: “ancillary services”
Where a firm performs both core and non-core activities, MiFID rules apply to both types of activities.
A firm that only performs non-core activities is not subject to MiFID
What are tradeable financial instruments?
Just look at the name
As the name suggests it is a financial instrument that you can trade
A financial instrument is a monetary contract between two parties
Therefore a tradable financial instrument are things like shares, bonds, units in a collective investment schemes
It is not things like mortgage contracts, life assurance policies as these cannot be traded
One of the benefits that comes with being subject to MiFID is that firms who operate under its rules have access to an EU ‘passport’. Explain this and why it is a benefit.
Any firm subject to MiFID has the right to operate throughout the European Economic Area (EEA) from a single authorisation in its home state.
This means the directive makes cross-border activity easier to conduct as there is a single set of rules across the EEA
Tell me the types of investment activities are covered by MiFID
There are 5
Receipt and transmission of orders from investors
Execution of orders on behalf of customers
Investment advice
Discretionary portfolio management (on a client‑by‑client basis)
Underwriting the issue of specified financial instruments
Why has the FCA included MiFID in its handbook?
The FCA is the regulatory body responsible for securities in the UK.
MiFID’s rules apply to tradable financial instruments (securities) hence FCA have included it in their handbook
Why was MiFID 2 introduced?
It was introduced to improve how financial markets function following what was learnt from the financial crisis, improve investor protection and fix some issued that were missed in the original MiFID
It was initially proposed in 2010 by the European Commission
A way to remember: Tash Did Over Chrissa Helping Dale Scam Chrissa (this is why MiFID 2 was introduced)
MiFID 2 was introduced to improve how financial markets function following what was learnt from the financial crisis, improve investor protection and fix some issued that were missed in the original MiFID
It reforms 8 main areas in total.
What are these areas?
When were the MiFID 2 rules onshored in the UK and why did it not apply straight away like it did with other states?
The 8 main areas it reforms are:
Transparency
Development in market structures
Organisational requirements
Commodity derivatives
High‑frequency trading
Disclosure
Suitability
Conduct of business rules
The onshore UK MiFID framework began at the end of the Brexit transition period on 31 December 2020. (it didnt apply straight away because of brexit)
The 8 main areas MiFID 2 improves are:
1) Conduct of business rules
2) Transparency
3) Development in market structures
4) Organisational requirements
5) Commodity derivatives
6) High‑frequency trading
7) Disclosure
8) Suitability
Briefly tell me how it has reformed each area
1) It improved level of protection for investors
2) transparency rules previously applies just to shares pre and post trading but now also apply non share investments
3) Created rules for secondary trading
4) Added requirements for the management of firms
5) improved rules around Commodity derivatives from the original MiFID
6) Added rules to ensure high‑frequency trading does not negatively impact markets
7) added Requirement for aggregated cost disclosure, which detailed all adviser and product charges
8) Added a requirement that firms must assess suitability when recommending an investor, buys, holds or sells (rather than just buys or sells)
NOTE* ( i dont need to know this necessarly but will help understanding )
Definitions
Commodity Derivatives = Remember a derivative is just something that derives its value from an underlying asset. Therefore, a Commodity Derivatives is just a derivative that derives its value from a commodity such as wheat, gold etc. Someone may invest in a Commodity Derivative because it allows them to own the underlying asset, which could grow in value, without physically having it
Secondary Trading = Trading on the secondary market. The secondary market is just a market where stocks are traded between investors on the stock exchange. This is separate from the primary market where the stocks are traded between the issuer of the stocks and investors. Trading on the secondary market allows you to trade stocks without any interference from the original issuer of the stocks
There are two EU directives which regulate investment funds and their managers
What are they
The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009)
The Alternative Investment Fund Managers Directive (AIFMD)
What is the main aim of The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009) and what products does it apply to?
Its aim is to provide a common framework for investment protection and product control for investment funds that can be sold to the general public across the EU
It applies to regulated investment funds that can be sold to the general public across the EU
The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2007) applies to regulated investment funds that can be sold to the general public across the UK
True or false
False
Its 2009, not 2007
Its across the EU, not the UK
The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009) allows free circulation of the units within investment funds it covers anywhere in the EU as long as some requirements are met by the fund itself
What are these requirements?
The investment funds must have an adequate spread of risk among its underlying investments
The investment fund must also have a high degree of liquidity so investors can redeem their units on demand
Since Brexit, UCITS authorized by the FCA is referred to as ‘UK UCITS’
What right have ‘UK UCITS’ lost since Brexit?
What implication does this have?
UK UCITS have lost their EU ‘passport’ right. ( remember this is one of the main benefits of UCITS for its member states )
This means UK investment firms that wish to market in the EU are classed as ‘Alternative Investment Funds’ . This means they must comply with the marketing rules in the state where the investor is located.
Remember, other states in the EU can do market in any state without issue due to UCITS providing them with an EU ‘passport
What are Alternative Investment Funds (AIF)?
UK investment funds that are sold to the general public and are subject to UK UCITS ( because they lost their passporting right)
Who does The Alternative Investment Fund Managers Directive (AIFMD) apply to?
Similar to MiFID, what does AIFMD provide to those who are subject to it?
This directive applies specifically to the MANAGERS of Alternative Investment Funds (AIF) who’s AIFs are sold to PROFESSIONAL investors or have underlying assets which aren’t eligible under UCITS (e.g real estate
AIFMD provides a ‘passporting’ framework for managing and marketing funds across the EU, enabling cross-border activities to be carried out.
AIF’s that are sold to retail investors ( ie not professional investors ) are not subject to AIFMD and therefore do not have access to the marketing ‘passport’. AIF’s are UK investment funds that are subject to UCITS. Called AIFs because they lost their passporting right
As with the Undertakings for Collective Investment in Transferable Securities (UCITS), Alternative Investment Funds (AIF) that are domiciled in the UK have lost their passporting right to market in any EU state without issue. True or false
True
Flash Card for understanding
Alternative Investment Funds (AIF) =
UK investment funds sold to the general public that are subject to UCITS. They are classed as AIFs because the UK left the EU and they are lost their passporting right so when they market in an EU they must adhere to that states rules
Undertakings for Collective Investment in Transferable Securities (UCITS) Directive = An EU directive that allows collective investment schemes that are sold to the general public to operate freely throughout the EU on the basis of a single authorisation from one member state. (as they have an EU passport)
The Alternative Investment Fund Managers Directive (AIFMD) = A directive that applies specifically to managers of AIFs that are sold to professional investors (hedge funds or private equity fund) or contain underlying assets which are not eligible under UCITS( such as real estate )
What are the two main reasons for a European single market for insurance?
It means all EU citizens have access to a wide range of insurance products, whilst being ensured the highest standards of legal and financial protection
Enables an insurance company authorised in any of the member states to carry out business in any EU member state ( EU Passport )
What is the name of the Directive which set the framework for the regulations of Life Assurance in the EU?
Consolidated Life Directive (2002)
Why was the Consolidated Life Directive (2002), which set the framework for the regulations of Life Assurance in the EU, known as the ‘consolidated’ life directive?
It brought together the provisions of three previous EU Life Directives (hence consolidated)
Like other EU legislation it aims to harmonise laws throughout the EU with the objective of promoting competition
Tell me all the provisions under the Consolidated Life Directive (2002)
(There are 5)
Definitions of what classes as life assurance and life insurance
(the definition also includes annuities and income protection insurance)
It outlines the requirements a life company must meet to be authorised
It outlines rules regarding the ongoing supervision of a life company, with specific rules regarding financial supervision.
It requires policyholders be provided with clear/accurate info about the essential features of products offered to them. (Because of this, the FCA requires life companies provide a key features document)
It outlines Cancellation rights regarding life assurance
(In the UK, FCA rules require that those applying for life assurance are granted a statutory ‘cooling-off period)
The UK government retained the Consolidated Life Directive and other aspects of the core EU insurance legislation such as Solvency II in UK law after Brexit
True or false
True
What product does The Consolidated Life Directive cover?
What product does the Non-Life Council Directives cover?
What product does The Consolidated Life Directive cover= Life Assurance
What product do the Non-Life Council Directives cover= general insurance
What did the 3rd Non-Life Council Directive introduce?
Now any insurance company whose head office is in one of the member states can establish branches in any other state and carry out business in any other state
Why was the Insurance Mediation Directive (2003) introduced?
(Think* mediation = intermediate = intermediary)
The EU wanted to ensure that retail markets in insurance are accessible and secure so The Insurance Mediation Directive (IMD) was introduced
It allowed insurance intermediaries to provide services in all states throughout the EU
Because of the Third Non-Life Council Directive, which was issued in 1992, any insurance company whose head office is based in any of the EU member states can establish branches in any other state and carry out insurance business. Who supervises these cross border activities?
These cross border activity’s will be under the supervision of the authority in the member state where the insurance company’s head office is located
The EU wants to ensure general insurance companies can operate throughout the EU, and wants to ensure that retail markets in insurance are accessible and secure
What directives were introduced so it could achieve both of these?
The EU wants to ensure insurance companies can operate throughout the EU = The third Non-Life Council Directive
Wants to ensure that retail markets in insurance are accessible and secure = Insurance Mediation Directive
How does the Insurance Mediation Directive define insurance mediation
The activities of introducing, proposing or carrying out other work preparatory to the conclusion of contracts of insurance, or of concluding such contracts, or of assisting in the administration and performance of such contracts, in particular in the event of a claim” (ie what an insurance intermediary does)
The Insurance Mediation Directive define insurance mediation as “The activities of introducing, proposing or carrying out other work preparatory to the conclusion of contracts of insurance, or of concluding such contracts, or of assisting in the administration and performance of such contracts, in particular in the event of a claim”
If an employee of the insurance company, or someone acting under the responsibility of the insurance company (a tied agent), carries out such activities, are they included in this definition? Ie can they be classed as an intermediary?
They are not included in the definition of insurance mediation
The insurance Mediation Directive established a system of registration for all independent insurance (and reinsurance) intermediaries. Ie they must register with the competenet authority in their home state. For example, independent financial advisers based in the UK who are selling life assurance or general insurance must be registered with the FCA
To be registered the IMD sets out a few requirements that the intermediary must pass. What are they?
intermediaries must have knowledge and skills
The insurance intermediary must be ‘of good repute’
(Ie Not convicted of serious criminal offences and must not be declared bankrupt)
They should hold professional indemnity insurance of a certain amount per case or a percentage of the amount they earn yearly, whichever is higher.
(Because registration is determined by the intermediaries local authority the above requirements may vary slightly across different states)
Regulations specify in some detail what information an insurance intermediary must give to a customer. In relation to the intermediary, information must be supplied?
Name and address;
Details of registration and means of verifying the registration;
Whether the intermediary has any holding of more than 10% of the voting rights or capital of an insurance company;
conversely, whether any insurance company has a holding of more than 10% of the voting rights or capital of the intermediary;
Details of the internal complaints procedures and of external arbitrators (eg ombudsman bureaux) to which the customer can complain;
Whether the intermediary is independent or tied to one or more insurance companies
What was the Insurance Mediation Directive replaced by?
It was replaced with effect from 1 October 2018 by the Insurance Distribution Directive (IDD)
What was improved or added (reformed) by the Insurance Distribution Directive after it replaced the Insurance Mediation Directive?
Added rules around direct insurance sales and some aspects of price comparison websites (The IMD didn’t do this)
Intermediaries now must do 15hours of professional development a year
Introduced a standardised ‘insurance product information document’ for non-life insurance contracts
Additional info required for the sale of bundled products ( where multiple insurance products are mixed together)
Simplified procedure for cross-border entry to insurance markets across the EU through the use of a single electronic database of cross-border insurance intermediaries
The oversight of an institution’s business can be carried out by different individuals and groups too, such as auditors, trustees or compliance officers
There are two types of Auditor. What are they?
Tell me the key differences between the two
External Auditors and Internal Auditors
External auditors check published financial statements and accounts of businesses they are independent of.
They follow the rules of the professional standards of the Auditing Practices Board and the Accounting Standards Committee
External auditors may also be members of professional bodies, such as the Institute of Chartered Accountants in England and Wales (ICAEW) or the Association of Chartered Certified Accountants. Both bodies publish ethical codes that their members are expected to adhere to
Internal auditors may be in-house members of staff, or the process may be outsourced.
Their basic task is to: review how an organisation is managing its risks;
Determine whether appropriate controls have been established;
Evaluate and suggest improvements to control and governance processes.
Internal auditors may be members of a professional body, such as the Chartered Institute of Internal Auditors
Figure put how to make simpler
The oversight of an institution’s business can be carried out by different individuals and groups, such as auditors, trustees or compliance officers
For example, most occupational pension schemes are set up under trust because this means the pension assets are kept separate from the business’s assets since the pension assets are in the possession of the trustees
Tell me about how Trustees can do this?
The key legislation is the Trustee Act 1925 and the Trustee Investment Act 2000.
The trustee act 1925 is concerned with the general duties of trustees
The trustee investment act 2000 is concerned with the way in which trustees deal with the investment
of trust assets
READ 24.5.2
The oversight of an institution’s business can be carried out by different individuals and groups, such as auditors, trustees or compliance officers
Tell me about compliance officers
What are their responsibilities
Firms that are authorised by the Financial Conduct Authority (FCA) or the Prudential Regulation Authority (PRA) are required to appoint a compliance officer to have oversight of the firm’s compliance function (ie to ensure the firm is complying with all relevant legislation and regulations )
(remember Firms are also required to appoint a money laundering reporting officer (MLRO) - Both roles are senior management functions under the Senior Managers and Certification Regime (SM&C) )
A compliance officers responsibilities include:
Production and publication of a compliance manual;
Maintenance of compliance records such as complaints register and promotions records
Responding to and corresponding with the FCA on compliance matters;
Ensuring that staff meet FCA requirements as regards recruitment, training, supervision and selling practices.
Compliance officers may be members of a professional body, such as the Association of Professional Compliance Consultants
Regulations specify what information an intermediary must give to a customer in relation to the advice and products offered by the intermediary. Tell me what is required
Independent intermediaries must base their advice on analysis of a sufficiently large number of contracts available on the market to enable them to recommend a product that is adequate to meet the customer’s need
The intermediary must give the customer (based on the information supplied by the customer) an assessment of their needs and a summary of the underlying reasons for the recommendation of a particular product. (This can be with a confidential client questionnaire or a fact find, and by the issue of a suitability letter to justify the specific recommendation
Tell me about each of the following:
What is the trustee act 1925
The trustee investment act 2000
The trustee act 1925 is concerned with the general duties of trustees
The trustee investment act 2000 is concerned with the way in which trustees deal with the investment
of trust assets
