ICO launches certification scheme for trade organisations

Two ways in which firms and organisations can show accountability under the General Data Protection Regulation (GDPR) are by developing their own voluntary Code of Conduct and/or a Certification Scheme.

However, the Information Commissioner’s Office (ICO), highlights that this is not something every firm could do, and the data protection regulator says that, on this topic, it only wants to hear from:

  • Firms and other organisations that are in a position to represent a group of firms or organisations, or
  • Firms and other organisations that have expertise in developing data protection certification criteria

On February 28, the ICO published guidance on Codes of Conduct and Certification. The ICO is also now in a position to receive applications from firms and to consider whether to approve these.

The idea of having a documented Code of Conduct and Certification Scheme might, for example, appeal to a trade association or similar body. These procedures might address data protection issues that are important to the association’s members, such as fair and transparent processing. By developing sector-specific guidelines in this way, it can help to build public trust and confidence in the relevant business sector’s ability to comply with data protection laws.

Important issues that need to be covered in a Code of Conduct include:

  • The types of data the organisation handles
  • The key data protection risks faced by the organisation
  • Whether the organisation is UK-based or processes data in more than one country
  • How the organisation will monitor compliance with the Code and investigate breaches of the Code
  • Details of any consultation exercise the organisation has carried out with firms, customers and other stakeholders

Codes that have been approved by the ICO will be published on the regulator’s website

A certification scheme must explain:

  • The legal basis for processing data
  • The rights of data subjects
  • The obligations to report data breaches
  • Details of any Data Protection Impact Assessments

Other mandatory characteristics of certification schemes include:

  • They must be relevant to the target audience
  • They must be capable of being used in small and medium-sized firms

Approved certification schemes will be listed on a public register.

Ian Hulme, ICO Director of Regulatory Assurance, said:

“I would encourage any organisation that can speak on behalf of a group of organisations, or who has expertise in developing standards or certification criteria, to have a look at our guidance and speak to us about developing a GDPR Code of Conduct or Certification scheme.

“Both mechanisms are a really good way for organisations to show their commitment to complying with data protection legislation and ultimately, build public trust and confidence in their organisation.”


The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


FCA publishes discussion paper on culture

Senior figures at the Financial Conduct Authority are increasingly speaking about the importance of firms having the right culture and how they believe this will lead to better customer outcomes. The FCA has now published a discussion paper on the subject, which contains a number of good practice examples. The regulator even acknowledges that, on occasions, they could be the cause of an adverse impact on a firm’s culture because the firm is worried about how the FCA will view an individual matter.

Unlike other FCA papers, the regulator is not seeking formal feedback from firms and other organisations. Instead the FCA hopes that issuing this discussion paper will start a debate on the issue of culture.

Some of the key items from the discussion paper include:

  • Employees often work better when they have a sense of purpose and feel that they are making a meaningful contribution to the firm’s strategic goals. A firm’s purpose needs to be simple and understandable by all, and ideally the firm’s senior managers will have drawn up a statement of purpose for the firm. Once this statement has been finalised, the next task might be to define what ‘good outcomes’ would look like, from the perspective of both customers and employees
  • A number of firms are displaying images and quotes from their customers in public spaces around their offices to emphasise why what they do matters to their customers
  • All firms need to make a profit, but it can lead to unfavourable outcomes for customers and/or employees when profit moves from being merely an outcome to the primary purpose of an enterprise. Joe Garner, CEO of Nationwide Building Society, suggests firms could adopt a hierarchy of outcomes, where once they have made a decent profit, they can address higher level goals such as serving customers and benefitting wider society. Mr Garner also calls on firms to work out how large their ‘purpose gap’ is. The purpose gap is the difference between what the firm hopes to achieve, and the outcome that would be achieved via its existing business practices
  • In some ways, the hierarchy of outcomes could work the other way, in that if a firm is able to serve its customers better, and manages to benefit wider society, it can use these achievements in its marketing activities and, hopefully, achieve higher profits as a result. The examples used are Zurich’s claims record of paying, on average, 99% of first party claims across the UK business; and Vitality’s insurance arrangements where premiums decrease if customers lead healthy lifestyles
  • When firms have a short-term goal to generate revenue at the expense of the best interests of its customers, it often ends up benefitting no-one. Consider the scandals such as PPI and LIBOR, from which there were no winners
  • The large gender pay gap that exists in many sectors within financial services could lead to prospective employees feeling the industry is out-of-date and out-of-touch, and result in the most capable people choosing alternative careers
  • When firms reward their staff, the best firms don’t just increase their salary and perks, but also provide comprehensive training and education
  • Effective and ethical dealings with third party service providers are also traits exhibited by the firms with positive cultures

Jonathan Davidson, FCA Executive Director of Supervision – Retail and Authorisations, said:

“The purpose of a firm sits at the heart of its business model, strategy and culture. Unhealthy cultures and purpose have been at the root cause of too many mis-selling and other conduct scandals in financial services. I want to see strong leadership creating purposeful cultures where it is safe to speak up and diversity is encouraged and listened to.

“A healthy purposeful culture should lead to better outcomes for consumers and markets, and healthy and sustainable returns for shareholders. It should also lead to a healthier and less stressful environment for employees, and a reduction in increasingly concerning mental health issues.

“However, culture transformation is difficult; even with strong leadership it takes time and consistency, but small changes can make a big difference. I hope that everyone who reads these essays will be inspired to take at least one idea back to their organisation to try for themselves and take a step towards creating more purposeful cultures in financial services.”

In his foreword to the discussion paper, Mr Davidson says:

“My purpose at the FCA is to bring about a transformation in the business models and culture of financial services.”

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


Coronavirus and financial services – FCA calls on firms to plan for disruption

Coronavirus is having a major impact in many different areas across the world. The Financial Conduct Authority has issued a statement in which it says:

“We expect all firms to have contingency plans in place to deal with major events.”

All firms should have a business continuity plan, and this should set out the steps the firm will take to ensure it can continue to service its customers, even if this has to be done with a reduced number of staff and/or from different locations. The FCA is clearly saying that a widespread outbreak of a virus is one of the scenarios in which the continuity plan needs to be put into practice.

The Government has urged firms to explore ways in which some, or all, of their staff, could work from home should the outbreak spread further within the UK. Some experts suggest the peak of the outbreak in the UK may occur in late April or in May; others have cautioned that firms may have to deal with a situation where one-fifth of their workforce are off work with sickness at any one time.

As the peak of the outbreak could be just a matter of weeks away, firms in all sectors need to start thinking about ways in which essential customer servicing can continue and how home working can be facilitated.

In today’s technology-focussed age, many employees will be able to work from home, with the aid of email, telephone contact, teleconferencing, web chat etc. However, it will probably take several days, if not weeks, to put in place arrangements such as ensuring staff can log in to the relevant systems and can access the necessary documents from a remote location.

Some of the key issues firms may need to address include:

  • Urging staff to stay at home should they think that they may have symptoms of the virus
  • Relaxing requirements that might currently require staff to provide doctor’s notes and similar for periods of illness
  • Understanding that staff who are symptom-free may still need to be away from work as their children might have caught the virus, or their school has been closed
  • Purchasing hand sanitiser
  • Ensuring all toilets have a well-stocked soap dispenser and a number of anti-septic wipes
  • Encouraging staff to wash their hands regularly, in line with the Government’s advice
  • Asking staff to sneeze into disposable tissues, and then to bin the tissue and wash their hands immediately
  • Regularly cleaning computer keyboards, desks and surfaces
  • Changing any ‘hot desking’ practices or similar, as the virus can remain on surfaces for as long as a few days
  • Allowing employees to change their working hours so they can travel outside of peak hours

The Government has said that statutory sick pay can now be paid from the first day of absence if the employee in question has coronavirus concerns.

It has also said that it does not recommend closing the office were any employees to test positive for the virus. Instead, the firm will receive advice from the local Public Health England Health Protection Team.

Another impact of the outbreak is the recent sharp falls in share prices across the globe, and many ordinary people have seen the value of their investments plummet. Hopefully the UK’s financial advisers will have assessed their clients’ attitudes to risk and capacities for loss before recommending any risky equity-based investments. However, advisers could still have an important role in re-assuring their customers that short-term volatility in share prices is common.

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


FCA director gives examples of how to handle the needs of vulnerable customers

Nisha Arora, the regulator’s Director – Consumer and Retail Policy, became the latest FCA speaker to talk about treatment of vulnerable customers when she addressed The Investing and Saving Alliance (TISA) conference in February 2020.

More than 200 financial services firms are now members of TISA. The organisation’s About Us website page uses many of the phrases that are now familiar to anyone who has read recent FCA guidance on customer vulnerability:

“The Investing and Saving Alliance’s (TISA) ambition is to improve the financial wellbeing of UK consumers by bringing the financial services savings industry together to promote collective engagement, to deliver solutions and to champion innovation for the benefit of people, our industry and the nation.

“We do this by focusing on good consumer outcomes and harnessing the power of our broad industry membership base to deliver practical solutions, new digital infrastructure and by devising innovative, evidence-based strategic proposals for government, policy makers and regulators.”

The central theme of the speech was that the FCA wishes to “change the discourse” on the topic of customer vulnerability. Many firms will have devised compliance monitoring

plans and the like by carefully reading the individual rules in the FCA Handbook that apply to them. However, when it comes to vulnerable customers, this approach will not work. Fair treatment of customers needs to become a central plank of firms’ culture, processes and practices. Firms need to consider the specific needs of the most vulnerable members of their customer base, and then devise solutions to address these needs.

The idea that each firm might have vulnerable customers who require different solutions was explored by Ms Arora when she said:

“Our aim in issuing guidance, rather than prescriptive rules, is to encourage firms to consider the guidance through the lens of their own business and decide which actions they need to take to meet the needs of their vulnerable customers. This cannot be a ‘one size fits all’ approach.”

The FCA director then said that understanding the vulnerabilities of their client base was the first step firms are expected to take. The next three stages of the vulnerable customer journey are:

  • Assessing the skills and capabilities of the firm’s staff. If this assessment suggests it is necessary, a firm could incorporate vulnerability issues into existing training for some or all staff, or could use external resources, such as visits from representatives of relevant charities, to inform staff about a particular vulnerability
  • Taking action to assist vulnerable customers, including:
  • Product design – the needs of vulnerable customers can be considered both when designing new products, and when amending and refining existing products. Here the speaker commented that the FCA’s vulnerability guidance paper mentioned “one firm that built a function into their app so that customers could disclose their personal circumstances and their needs”
  • Customer service – here Ms Arora’s example was an insurer that normally expected its customers to fill out a long online application form, but there was also the option for anyone who was uncomfortable with this to provide their details in a phone conversation
  • Communications – the FCA director made the important point that many experienced staff within financial services never stop to think that the general public don’t understand financial matters particularly well. She urged firms to check that the customer understands what is being proposed, and to offer them extra explanations or additional thinking time if needed, to ensure they can make an informed decision. The specific example here was a firm that sent communications via email rather than paper to a visually impaired customer, as he could read emails via his own text-to-speech software
  • Monitoring whether these actions have been successful, and making amendments to practices and procedures as required

Ms Arora said the FCA will issue more vulnerable customer guidance later this year.


The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


Adviser pleads guilty to £300,000 fraud

An Ipswich-based independent financial adviser has pleaded guilty at Norwich Magistrates Court to a fraud that resulted in his clients and his firm losing more than £300,000 over a two-year period. He was an employee of a small local financial advisory practice at the time of his offences.

The precise nature of the fraud has not been made public, but the adviser’s charge sheet read:

“You were expected to safeguard, or not to act against, the financial interests of your clients. You dishonestly abused that position.”

On this occasion, the issues were identified by the firm rather than by the Financial Conduct Authority. Alex Couling, a director of the firm, commented:

“We are a small family business that my dad literally set up from our spare room and built into a success. Something like this puts our lives and livelihoods at risk and we could not distance ourselves from it further.”In November 2018 a member of our team identified an irregularity in a file that [name of adviser] had been working on. Further investigation followed with more cases of irregular behaviour being identified.

“We contacted the police and the relevant authorities and have fully cooperated with their investigations. [name of adviser] was suspended from duty immediately and his clients were advised that he no longer represented our firm.

“In the months that followed we contacted all affected clients taking appropriate steps to rectify their position.”

The adviser will be sentenced at a later date at Norwich Crown Court.

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


Money Advice Trust publishes its views on the link between debt and mental health problems

The Money Advice Trust has published a document entitled ‘Understanding and evidencing customers’ mental health problems.’

Almost one in five (18%) people with a mental health problem will be in problem debt, compared to just 5%

of the remainder of the population. The reasons for this clear link between mental health issues and problem debt include:

  • Forgetting to pay bills due to short-term memory issues
  • An inability to concentrate means that people may struggle to read documentation
  • Budgeting is difficult for consumers with reduced problem-solving skills
  • A consumer with anxiety issues may not want to check their bills and financial documents
  • Mental health issues can cause some people to become more impulsive, so they could make inappropriate purchases and loan applications
  • Consumers becoming unable to work due to their condition, and being unable to pay bills and loan repayments as a result
  • Addictions resulting in people spending excessive sums on their addiction and having nothing left to pay bills or make loan repayments
  • Where the condition is particularly serious, an individual may be unable to manage even essential self-care tasks, like washing and eating, and so cannot possibly hold down a job or check their financial position

Staff working in customer-facing roles will inevitably encounter vulnerable customers at some stage. The guide urges firms and their staff that “the collection of mental health evidence should always start with a customer conversation, rather than with a request for a form to be completed.”

This first conversation should then follow the IDEA mnemonic:

  • Impact – what effect has the mental health condition had on the customer’s ability to manage their finances?
  • Duration – how long has the condition lasted?
  • Experience – does the condition recur over a period of time?
  • Assistance – how can the firm assist the customer?

Once the conversation has been completed, and the IDE questions above have been asked, the firm should reflect on what was said and how the firm should approach dealing with that customer in the future.

Some customers with mental health issues may be extremely reluctant to talk about their condition and how it affects them. Here, firms should explain that anything the customer discloses will be used to assist them in the future. By seeking the customer’s permission to make a note of the condition and its effects, the customer will then not need to describe their condition a second time when they next make contact with the firm.

Sometimes the firm might decide they need to go back to the customer to gather information, and on other occasions, the firm might decide to request external evidence of the condition, although the Trust’s guidance warns firms not to automatically request external evidence in every situation. The Trust has a generic Debt and Mental Health Evidence Form that firms can use, but the guidance says firms should “only use the DMHEF where [alternative information] cannot be collected, interpreted, and used.”

Examples of external evidence might include:

  • Prescription forms
  • Benefits award letters
  • Appointment letters
  • Personal care plans
  • Hospital discharge letters

Some of this alternative evidence might contain extremely sensitive personal information. Firms should take care to extract only the necessary and relevant information.

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


Brexit talks commence – what’s in store for financial services?

To paraphrase the Conservative Party’s election slogan, Brexit is, in a strictly legal sense, already ‘done’. However, as trade talks between the UK and the remaining EU states commence, it remains far from clear how the UK’s exit from the Union will affect the financial services industry.
The new Chancellor of the Exchequer, Rishi Sunak MP, has written to Valdis Dombrovskis – the Latvian who is the European Commission Vice-President for the Euro and Social Dialogue – on the subject of ‘equivalence’, i.e. how similar the financial services rulebooks of the UK and the EU will be in future.

The current position, as set out in the letter, is that equivalence assessments will be completed very soon. Here the letter reads:
“Both parties have agreed to start assessing equivalence with respect to each other under their respective frameworks as soon as possible after the United Kingdom’s withdrawal from the Union, endeavouring to conclude these assessments before the end of June 2020.”

The remainder of 2020 will be a transition period where the existing UK/EU trade relationship will be maintained. The rules UK financial services firms need to follow are unchanged and the passporting system remains in force. On December 31 2020, the rulebooks of the UK and the EU will be equivalent, and the key question is then ‘to what extent will these rulebooks diverge in the future?’

Mr Sunak’s letter concludes by saying he hopes to establish a dialogue for the exchange of information to support the two parties’ autonomous decision-making on equivalence; and finally, he mentions that the UK has already published its approach to the trade negotiations, including its specific negotiating position on financial services.

The Government has previously indicated it is seeking a very similar trade agreement to the one Canada has with the EU, even though the EU negotiators are reluctant to agree to this, on the basis that the UK is a bigger economy than Canada’s, and the fact the UK is much closer to continental Europe. There is also no agreement covering financial services in the EU-Canada deal that is in any way similar to the current passporting scheme.

John Barrass, deputy CEO of the (PIMFA), recently appeared on a Bloomberg podcast, and the presenter began by commenting that the UK and the EU seemed to have significant differences of opinion. Mr Barrass, however, began by saying that “you need to sort out the grandstanding bits from what is the real nub of the negotiations”. Instead he focussed on whether equivalence could be achieved but commented that with many of the Financial Conduct Authority’s rules there is no equivalent rule in the rest of the EU. Instead he speculated that equivalence clauses could be added to assist UK firms in continuing to service retail clients who live in continental Europe. Mr Barrass went on to say that the Government has not provided any assurances to the financial services industry that things will “run smoothly” from 2021 onwards.

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article


FCA fines car finance firm for unfair treatment of customers in difficulty

The Financial Conduct Authority (FCA) has fined a car finance provider £2,774,400. This is one of the largest fines the FCA has imposed on a consumer credit firm since it assumed responsibility for regulating the credit sector in 2014.

The firm in question was found to have failed to provide fair treatment to customers in financial difficulty. The fine was increased as the firm’s poor conduct continued for at least three and a half years, with this period beginning on April 1 2014 when the FCA started supervising the firm, and only ended on October 4 2017 after the FCA reached an agreement with the firm.

However, the firm in question co-operated with the FCA’s inquiry and did not dispute that it had broken the regulator’s rules, so its fine was then reduced by 30% – it would have been fined £3,963,500 had it contested the matter.

The issues identified by the FCA included:

  • Not providing sufficient forbearance to customers in arrears, such as giving them additional time to make repayments – a large number of customers were instead instructed to clear their arrears via a single payment
  • Failing to explain the possible consequences of falling into arrears in a way that was clear, fair and not misleading – instead many customers were directed towards having their arrangement terminated via a default termination, which was the most expensive option available

The firm has also paid £30,349,433 in compensation to 5,933 customers who were potentially affected by these failings, and this redress was paid even if there was no evidence that some of the individual customers had suffered any financial detriment.

1,405 customers were severely affected by the firm’s failings, as those borrowers subsequently defaulted after entering into unsustainable short-term repayment plans.

The Hampshire-based firm – owned by a FTSE 250 doorstep lender – provides motor finance for used vehicles and specialises in providing credit for customers who may be unable to obtain finance from mainstream car finance lenders due to their personal circumstances.

The FCA regularly speaks about the need to ensure vulnerable customers receive good outcomes. As a non-mainstream lender, the firm should have realised that many of its customers are at an increased risk of financial vulnerability, perhaps because they have a poor credit history, or no credit history at all.

On this subject, the Final Notice says:

“The non-standard market is a specialist niche market, which requires a deeper understanding of customers and their financial circumstances as the customers’ needs are far more varied and changeable than customers of mainstream lenders.”

Mark Steward, Executive Director of Enforcement and Market Oversight at the FCA, said:

“Moneybarn did not give its customers, many of whom were vulnerable, the chance to clear their arrears over a realistic and sustainable period.

“It also did not communicate clearly to customers, in financial difficulty, their options for exiting their loans and the associated financial implications, resulting in many incurring higher termination costs. These were serious breaches.

“After discussions with the FCA, Moneybarn voluntarily paid more than £30 million in redress to customers potentially affected by its failings.  The FCA gave Moneybarn significant credit for this in assessing the size of the penalty imposed.”

The firm’s managing director said:

“We are happy that all customers potentially affected by these findings have been fully compensated for any detriment they might have suffered.

“The processes we have had in place since 2017 are clear, effective and appropriate. The FCA has clarified its expectations of lenders in these important aspects of customer treatment, which will provide guidance for all finance companies within the motor industry.”

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article