August 2012 Update

31st August 2012

New ICOBS Rules for Packaged Insurance Policies

Look out for new ICOBS rules affecting the sale of general insurance policies.
A summary of the key new rules were consulted on by FSA in a recent paper, CP11/20 and the highlights are:

  • a firm must take reasonable steps to establish whether the customer is eligible to claim under each policy and inform them whether or not they would be eligible to claim.
  • a firm must provide the customer with an annual statement that sets out any qualifying requirements to claim under each policy and remind them to review whether they meet these requirements.
  • the steps a firm must take to ensure the suitability of its advice on a policy included in the package.

FSA have confirmed that they will implement the rules consulted on in CP11/20 with effect from 31 March 2013.

FSA want to ensure that their rules provide at least the same level of protection for consumers buying insurance with another product (such as a bank account) as those buying insurance on a standalone basis. The key risk FSA found was that consumers may think they are covered by the policy, but later find they are ineligible to claim or that the policy is unsuitable in some other way.

Gender directive one-minute guide
The Test Achats judgement, was passed on 1 March 2011, means as of 21 December 2012, insurers cannot use gender as a rating factor when pricing risk or paying benefits. FSA expect all firms to comply with the legislation. FSA would also expect regulated firms to be aware of the judgment and be considering its impact on their clients and customers. FSA have published a one-minute guide on what this means for firms.

New RDR web pages
FSA have restructured the RDR section of their website,  bringing all the material into one place, making it easier to find information. Please take a look by using the friendly web address – RDR is of relevance to all CF30s in firms with a retail client permission included in their licence.

AML Arrangements
The Financial Services Authority (FSA) has fined Turkish Bank (UK) Ltd £294,000 for breaching the Money Laundering Regulations 2007 (MLR).

The learning points from this case are:

  • establish and maintain appropriate and risk-sensitive AML policies and procedures – even if you are referred a client from another regulated entity, you can’t assume they have done the AML checks for you.
  • carry out adequate due diligence on, and ongoing monitoring of, clients; and
  • maintain adequate records relating to the above.

Moving to the FCA and PRA: Changes to regulatory status disclosure and use of logo
As we move closer to the establishment of the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA), FSA expect changes to both the regulatory status disclosure and the logo. FSA are keen to draw the upcoming changes to firms attention so that this can be factored in when ordering or reprinting stationary. They will be consulting on the proposed disclosure changes and expect to do this from September 2012.

The Financial Services Bill - Update
The Financial Services Bill was introduced to Parliament on 26 January 2012. The Bill will implement the Government’s commitment to strengthen the financial regulatory structure in the UK.  The legislation will fundamentally reform the current regulatory system, which divides responsibility for financial stability between the Treasury, the Bank of England and the Financial Services Authority (FSA).

A new approach to financial regulation
As you know, The new system will give the Bank of England macro-prudential responsibility for oversight of the financial system and, through a new, operationally independent subsidiary, for day-to-day prudential supervision of financial services firms managing significant balance-sheet risk. The FSA will cease to exist in its current form. A proactive new conduct of business regulator will also be created to protect consumers, promote competition and ensure integrity in markets.
The legislation implements these reforms by:

  • establishing a macro-prudential authority, the Financial Policy Committee (FPC) within the Bank of England, to monitor and respond to systemic risks;
  • clarifying responsibilities between the Treasury and the Bank of England in the event of a financial crisis by giving the Chancellor of the Exchequer powers to direct the Bank of England where public funds are at risk and there is a serious threat to financial stability;
  • transferring responsibility for significant prudential regulation to a focused new regulator, the Prudential Regulation Authority (PRA) established as a subsidiary of the Bank of England; and
  • creating a focused new conduct of business regulator – the Financial Conduct Authority (FCA) – which will supervise all firms to ensure that business across financial services and markets is conducted in a way that advances the interests of all users and participants.

What is happening to the FSA Handbook?
At legal cutover, the FSA Handbook will be split between the FCA and the PRA to form two new Handbooks, one for the PRA and one for the FCA. Most provisions in the FSA Handbook will be incorporated into the PRA’s Handbook, the FCA’s Handbook, or both, in line with each new regulator’s set of responsibilities and objectives.

Users of the Handbook will be able to access the following online:

  1. the PRA Handbook, displaying provisions which apply to PRA-regulated firms;
  2. the FCA Handbook, displaying all provisions which apply to FCA-regulated firms; and
  3. to support the transition, a central version which will show the provisions of both Handbooks, with clear labels indicating which regulator applies a provision to firms.

The new Handbooks will reflect the new regulatory regime (for example, references to the FSA will be replaced with the appropriate regulator), and in some areas more substantive changes will be made to reflect the existence of the two regulators, their roles and powers.   (This is likely to include such aspects as the future processes for permissions, passporting, controlled functions, threshold conditions and enforcement powers.) The more substantive changes will be consulted on before the PRA and the FCA acquire their legal powers. 
Changes to the FSA Handbook as a result of EU legislation and FSA policy initiatives will continue throughout this work. After acquiring their powers, the FCA and the PRA will amend their own suites of policy material as independent bodies in accordance with the processes laid down in the Financial Services Bill, including cooperation between them and external consultation. 

When will these changes happen?
Expect the new Handbooks (in draft form) in early 2013. This will allow firms and others time to adjust to the application of the new Handbooks before the FCA and the PRA are fully operational. The new Handbooks will not be available in detail before this. Alongside the publication, the regulator will publish material on how to interpret the application of the Handbooks, where this is not dealt with in the Handbooks themselves.

The FSA will continue to make changes to its Handbook in accordance with the normal procedure, until the new bodies acquire their legal powers.
The FSA Handbook will remain in force until the FCA and PRA acquire their legal powers.

Focus on: IT Controls
The guiding requirement here is Rule 3.2.6R in FSA’s Senior Management Arrangements, Systems and Controls sourcebook (SYSC) which requires a regulated firm to ‘take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime’. A bit of a mouthful!

I have put together a list of what IT documents the regulator typically asks firms for, or looks at either when firms apply for authorisation or during regulatory visits:

  • An IT strategy document
  • A firm organisation chart showing how IT fits into the firm’s organisational structure
  • An overview systems diagram showing the main applications
  • A network diagram
  • Details of any security accreditations held (Eg. ISO, PCI)
  • Information security policy and procedures
  • Disaster recovery plan
  • Recent business continuity test results
  • Details of any independent IT security firm tests
  • Details of any recent IT incidents
  • Passwords standards and policy – regular changing of passwords
  • Details of any IT outsourcing contracts or maintenance agreements
  • Some indication that staff have an awareness of, or have received training on information security

Preparing for FCA – 5 steps for your firm

  1. Oct 12 FSA will be releasing the second FCA approach document with clear rules for Day 1 for FCA which will be 1.3.2013 or 1.4 2013. There will be indications of future rules and a timetable for future changes, don’t miss this document, I will also make sure you receive a synopsis of it at the relevant time.
  2. The FCA will be able to ban financial promotions that it is not happy with; this area will get more rigorous scrutiny. Firms would be well advised to ensure they are happy with their financial promotions sign off procedures and records.
  3. Greater focus on business model – even firms that have been trading for some years should have an up to date business plan in place.
  4. Keep costs under control - The FCA aim is to be more efficient rather than increasing costs. Burden may shift to the more high risk sectors. For smaller firms the regulator will aim to keep FCA costs as low as possible.
  5. Does the firm have a consumer credit licence – if so, expect that to come under the FCA’s remit too, but a little later; in 2014