Unit 2 Topic 24 - Other regulation affecting the advice process Flashcards

1
Q

Who does the General Data Protection Regulation apply to?

A

It applies to ‘personal data’, which is information relating to an individual who can be identified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is 1) of the six GDPR protection principles?

A

Processed lawfully, fairly and in a transparent manner in relation to individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is 2) of the six GDPR protection principles?

A

Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is 3) of the six GDPR protection principles?

A

Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is 4) of the six GDPR protection principles?

A

Kept accurate and up to date. Every reasonable step must be taken to ensure that personal data are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is 5) of the six GDPR protection principles?

A

Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, although archiving is allowed in certain circumstances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is 6) of the six GDPR protection principles?

A

Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does GDPR define ‘Data subject’?

A

An individual (a natural person) whose personal data is processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does GDPR define ‘Personal data’?

A

Information that can directly or indirectly identify a natural person. This information can be in any format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does GDPR define ‘Special categories of personal data’?

A

This data is more sensitive and so needs more protection. Generally (although there are exceptions) such data can only be processed if the individual has given explicit consent. Sensitive data includes information about an individual’s:

  • race;
  • religious beliefs
  • political persuasion;
  • trade union membership;
  • sexual orientation;
  • health;
  • biometric data;
  • genetic data;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does GDPR define ‘Processing’?

A

This has a very broad meaning, covering all aspects of owning data, including:

  • obtaining that data in the first place
  • recording of the data
  • organisation or alteration of the data
  • erasure of the data, by whatever means.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does GDPR define ‘Data controller’?

A

This is the ‘legal’ person who determines the purposes for which data are processed and the way in which this is done. The data controller is normally an organisation/employer, such as a company, partnership or sole trader. They have prime responsibility for ensuring the requirements of the Act are carried out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does GDPR define ‘Data processor’?

A

This is a person who processes personal data on behalf of the data controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the six criteria of which at least one must apply in order for an organisation to have a lawful basis for processing data?

A

1) Consent
2) Contract
3) Legal obligation
4) Vital interests
5) Public task
6) Legitimate interests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Who is responsible for enforcing GDPR?

A

The Information Commissioner is responsible for overseeing the application of the GDPR. Firms should report significant personal data breaches to the Information Commissioner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the Information Commissioner’s powers to enforce GDPR?

A
  • Serve information notices.
  • Issue undertakings
  • Serve enforcement notices, and ‘stop now’ orders where there has been a breach
  • Conduct consensual assessments (audits)
  • Serve assessment notices
  • Issue monetary penalty notices
  • Prosecute
  • Issue a ban
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the following classified as under GDPR and possible fines?

  • For a data controller to fail to comply with an information or enforcement notice.
A

Criminal offence.

The maximum fine for this is the higher of EUR 20m or 4% of an organisation’s worldwide turnover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the following classified as under GDPR and possible fines?

  • Failure to make a proper notification to the Information Commissioner. ‘Notification’ is the way in which a data controller effectively registers with the Information Commissioner’s Office b acknowledging that personal data are being held and by specifying the purpose(s) for which the data re being held.
A

Criminal offence.

The maximum fine for this is the higher of EUR 20m or 4% of an organisation’s worldwide turnover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the following classified as under GDPR and possible fines?

Processing of data without authorisation from the Commissioner.

A

Criminal offence.

The maximum fine for this is the higher of EUR 20m or 4% of an organisation’s worldwide turnover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the following classified as under GDPR and possible fines?

Intentionally or recklessly re-identifying individuals from psedonymised or anonymised data

A

Criminal offence.

The maximum fine for this is the higher of EUR 20m or 4% of an organisation’s worldwide turnover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define Direct Pay Arrangement

A

A direct pay arrangement is one where the employer collects an employee’s pension contributions from their gross salary and pays them over to the pension provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the three categories ‘power of the pensions regulator’ fall under?

A
  • Investigating schemes
  • Putting things right
  • Acting against avoidance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Outline the ‘Investigating schemes’ section of the powers of the pensions regulator.

A
  • Identifying and investigating risks.
  • Requiring all schemes to make regular returns to the regulator.
  • Requiring trustees or scheme managers to give notification of any changes to important information, such as types of benefit being provided by the scheme.
  • Requiring that the regulator be informed quickly if the scheme discovers that it cannot meet the funding requirements, so that remedial action can be taken at an early stage.
24
Q

Outline the ‘Putting things right’ section of the pensions regulator.

A
  • Requiring specific action to be taken to improve matters within a certain time.
  • Recovering unpaid contributions from an employer who does not pay them to the scheme within the required period (by the 19th day of the month following that in which they were deducted from the member’s salary)
  • Disqualifying trustees who are not considered fit and proper persons
  • Imposing fines or prosecuting offences in the criminal courts
25
Q

Outline the ‘Acting against avoidance’ section of the pensions regulator.

A
  • Preventing employers from deliberately avoiding their pensions obligations and so leaving the Pension Protection Fund to cover their pension liabilities
  • Issuing:
  • contribution notices, requiring the employer to make good the amount of debt either to the scheme or to the Pension Protection Fund; or
  • financial support directions, which require financial support to be put in place for an underfunded scheme.
26
Q

What is the Pension Protection Fund?

A

The Pensions Act 2004 established the Pension Protection Fund (PPF) to protect members of private sector defined-benefit pension schemes in the event that a firm becomes insolvent with insufficient funds to maintain full benefits for all its scheme members.

27
Q

How does the PPF fund compensation payments?

A
  • It imposes a levy on defined-benefit schemes (there are exceptions for some schemes in certain circumstances).
  • It takes on the assets of schemes that are transferred to the fund.
  • It seeks recovery of assets from insolvent employers.
  • It seeks to grow its funds through investment.
28
Q

Define Electronic Money (E-Money).

A

Electronically stored monetary value issued on receipt of funds for the purpose of making payment transactions, including prepaid cards and electronic prepaid accounts for use online.

29
Q

What is the Investment Services Directive (ISD)?

A

Its aim is to enable investment firms to operate in different European states.

In order to obtain and retain authorisation in their home state, investment firms must comply with certain prudential rules drawn up by the authorities in the home state. The general nature of these prudential rules are incorporated in the Markets in Financial Instruments Directive (MiFID).

30
Q

What is the Markets in Financial Instruments Directive (MiFID)?

A

It is a key element of the EU Financial Services Action Plan and aims to harmonise the regulation of investment services cross the EU.

MiFID has the main objectives of increasing both competition and consumer protection by setting requirements in three main areas:

  • conduct of business
  • organisation
  • market transparency
31
Q

Briefly outline the ‘Conduct of business rules’ reforms under MiFID II.

A

Enhancing the level of protection for different types of investor.

32
Q

Briefly outline the ‘Transparency’ reforms under MiFID II.

A

The MiFID pre- and post-trade transparency regime for shares is extended to non-equity investments.

33
Q

Briefly outline the ‘Development in the market structures’ reforms under MiFID II.

A

Designed to produce comprehensive regulation of secondary trading.

34
Q

Briefly outline the ‘Organisational requirements’ reforms under MiFID II.

A

Enhanced requirements in respect of the management of firms; explicit organisational and conduct requirements relating to product governance.

35
Q

Briefly outline the ‘Commodity derivatives’ reforms under MiFID II.

A

Refinement of and augmentation of existing MiFID requirements.

36
Q

Briefly outline the ‘High-frequency trading’ reforms under MiFID II.

A

Measures to ensure that high-frequency trading does not adversely impact on markets.

37
Q

Briefly outline the ‘Disclosure’ reforms under MiFID II.

A

Requirement for aggregated cost disclosure, detailing all adviser and product charges.

38
Q

Briefly outline the ‘Suitability’ reforms under MiFID II.

A

The requirement to assess suitability when recommending an investor, buys, holds or sells (rather than buys or sells).

39
Q

What is Undertakings for Collective Investment in Transferable Securities?

A

Undertaking for Collective Investment in Transferable Securities (UCITS) legislation applies to regulated investment funds that can be sold to the general public throughout the EU.

UCITS aims to provide a common framework of investor protection and product control.

40
Q

What are the two main objects of a European single market for insurance?

A
  • Provide all EU citizens with access to the widest possible range of insurance products, while ensuring the highest standards of legal and financial protection.
  • Enable an insurance company authorised in any of the member states to pursue its activities throughout the EU.
41
Q

What are the minimum requirements of insurance intermediaries?

A

Intermediaries must not have been:

  • convicted of a serious criminal offence relating to crimes against property or other financial crimes;
  • declared bankrupt.
42
Q

What is the amount the latest directive requires that insurance intermediaries should hold in professional indemnity insurance?

A

At least EUR 1,300,380 per case and

EUR 1,924,560 per annum.

43
Q

What information must an intermediary give to a customer?

A
  • Name and address
  • Details of registration and means of verifying the registration
  • Whether the intermediary has any holding of more than 10% of the voting rights or capital of an insurance company
  • Conversely, whether any insurance company has a holding of more than 10% of the voting rights or capital of the intermediary
  • Details of internal complaints procedures and of external arbitrators (eg ombudsman bureaux) to which the customer could complain
  • Whether the intermediary is independent or tied to one or more insurance companies.
44
Q

Briefly outline ‘Extension of the scope of IMD’ under reforms under the IDD.

A

To cover direct insurance sales and some aspects of price comparison websites.

45
Q

Briefly outline ‘Enhanced professionalism requirements’ under reforms under the IDD.

A

Formal requirement for intermediaries to undertake at least 15 hours continuing professional development each year.

46
Q

Briefly outline ‘Conduct of business rules’ under reforms under the IDD.

A

Requirement that insurance distributors must always act ‘honestly, fairly and professionally in the best interests of customers’.

47
Q

Briefly outline ‘Mandatory disclosures’ under reforms under the IDD.

A

Before an application for insurance is made to ensure that customers receive clear information.

48
Q

Briefly outline ‘Requirement for a standardised (insurance product information document)’ under reforms under the IDD.

A

For non-life insurance contracts.

49
Q

Briefly outline ‘Stricter requirements’ under reforms under the IDD.

A

For the sale of life insurance products with investment elements.

50
Q

Briefly outline ‘Additional information requirements’ under reforms under the IDD.

A

For the sale of bundles products

51
Q

Briefly outline ‘Simplified procedure for cross-border entry to insurance markets across the EU’ under reforms under the IDD.

A

Through the use of a single electronic database of cross-border insurance intermediaries.

52
Q

What is the role of oversight groups?

A

Oversight of an institution’s business can be carried out by different individuals and groups, such as auditors, trustees or compliance officers.

53
Q

What is the difference between a data controller and a data processor?

A

A data controller is legally accountable for the purposes for which data is processed and the way such processing is carried out. A data controller is a ‘legal person’ but not necessarily a ‘natural person’, ie it might be an organisation rather than an individual.

A data processor is a person who processes personal data on behalf of the data controller.

54
Q

What does the GDPR define as ‘sensitive data’?

A
  • Race
  • Religious beliefs
  • Political persuasion
  • Trade union membership
  • Sexual orientation
  • Health
  • Biometric data
  • Genetic data
55
Q

Which of the following products are NOT subject to MiFID?

a) Units in a collective investment
b) Shares
c) Life assurance
d) Bonds

A

Life assurance.

56
Q

A general insurer with a head office in one of the member states may set up branches in other member states; these branches will be regulated by the national regulator of the state in which the head office is situated. True or False?

A

True.