So you have made your new year’s resolution and you have kept to your gym schedule (so far). You have even stuck to dry January after all the overindulgence of Christmas. However, have you set up a compliance plan in your business for 2019?
Recent and upcoming changes mean that almost all areas of compliance have now changed. For the Regulator, having a detailed compliance plan is one key way to show your business is on top of these changes.
We have put together 10 key areas that every compliance plan should have in 2019. If you can think of anything else, please let us know.
1. Complaints
Complaints remains a key area for the Regulator. This is especially important because from the 1st April 2019, businesses with an annual turnover of less than £6.5 million and fewer than 50 persons and/or with a balance sheet total of less than £5 million will now be able to complain to the FOS. In October 2018, the FCA issued new near-final rules which means more businesses will be treated just as consumers by the Financial Ombudsman Services (FOS). If you are a commercial broker, this might mean more of your clients will now have access to the FOS. Some things to consider changing:
- Your policies and procedures
- Your sales processes
- Client letters and Terms of Business Agreements (ToBA)
- Staff training etc.
2. Sales documentation
As well as the changes in complaints, which will come into force this April, last year saw major changes from the General Data Protection Regulations (GDPR), as well as from the Insurance Distribution Directive (IDD). As a result, we would expect that the following things changed in your business:
- Consent
- Sales process disclosures
- Privacy policies
- Advised sales and making a personal recommendation
- Changes in Terms of Business Agreements (ToBA)
- Remuneration disclosures etc.
Your compliance plan should ensure you review all these to check they are meeting all the new rules.
If not, speak to us, we might be able to lend a helping hand.
3. Client money
Client money remains one of the key areas of concern for the FCA especially because of the potential uncertainty we could face in the next year. This could lead to some brokers’ cash flows being put at risk.
-
Client money
If you handle client money, ensure that your compliance plan includes reviews and checks on your current framework so you are sure you meet the rules. Make sure you have a client money audit carried out and that previous breaches and findings have been corrected. Findings of client money audits are now reported to the FCA, and the Regulator may pick a sample of brokers to check in 2019.
-
Full risk transfer
If you are 100% risk transfer, don’t forget to check that you are meeting your insurer’s risk transfer requirements, especially in regards to when you can withdraw your commissions. Remember, if you breach this requirement for an insurer, you could end up holding client money without FCA permissions and in serious breach.
4. Insurer relationships
In the last year, Alpha Insurance, Horizon Insurance Company Ltd and Qudos Insurance have all failed. The FCA has mentioned that they expect brokers to carry out adequate due diligence and ongoing monitoring and review to make sure that the insurers they are recommending to clients are right for them. If you are not carrying out regular reviews of all the insurers you use, then please make sure you have a plan to start in 2019, especially with the current level of uncertainty and the risk that more insurers might fail.
With IDD implemented in October 2018, brokers providing a personalised recommendation must also ensure that they are clear about their responsibilities when making a choice between insurers.
5. FCA permissions and conditions
Have you checked your FCA permissions lately? Do you now have any close-linked companies and have these been appropriately reported to the FCA? Have you recently carried out a review of your threshold conditions? Especially threshold condition 2.4 which checks whether you have appropriate financial and non-financial resources. Have you checked that your business model threshold condition has been appropriately documented in your regulatory business plan?
Do you have the right approved individuals listed on your FCA register? It is important to check especially with the Senior Managers & Certification Regime (SM&CR) coming into place in 2019.
Don’t forget, if you have a relationship with a claims management company, after the 1st April, you will need to check they have FCA authorisation in order to use them.
These are all points to check are on your plan for the year.
6. Management systems and controls
One of the biggest jobs in any broker is ensuring that your current management processes are up to date. For the Regulator, your risk register, breaches log, gifts and entertainment log, complaints log/register etc. are all key controls which should be recording any events within the business.
If you find that your current logs are empty, then the Regulator could question whether your firm is recognising those events. Always remember, having something in your logs is better than having nothing.
Following recent changes including the Financial Crime Guide, consumer credit amendments, upcoming complaints changes etc., remember to review your policies and procedures to ensure they are up to date. Policies to review include:
- Complaints
- Conduct and TCF
- Conflicts of interest (following the IDD)
- Insurer and third party policy
- Data protection and Data Security (following GDPR)
- Anti-bribery and corruption
- Anti-money laundering
- Business continuity
- Consumer credit
7. Conduct risk, TCF and Training and Competence
-
Conduct and SMCR
Conduct risk is even bigger on the FCA’s agenda for 2019. The upcoming Senior Managers & Certification Regime (SM&CR) will extend the conduct requirements from senior managers to everyone within the business carrying out regulated and significant activity. This means a regulated ordinary members of staff who are found breaking the conduct rules might have to be reported to the FCA going forward.
This tightening of the rules will mean management will have to re-train staff on their responsibilities under the new rules and how to always provide positive outcomes to their clients.
-
Training and Competence and the IDD
IDD did not only introduce the 15hour CPD requirement, but it also introduced specific areas which the Regulator expects all individuals carrying out insurance regulated activities to learn. These include:
- knowledge of terms and conditions of policies offered,
- knowledge of applicable laws such as consumer protection law, relevant tax law and relevant social and labour law;
- claims handling;
- complaints handling;
- knowledge of assessing customer needs;
- knowledge of the insurance market;
- knowledge of business ethics standards; and
- Knowledge of financial competence
Are these specific areas on your training plan?
8. Appointed representatives
If you have appointed representatives, then ensure you a plan for separately understanding their compliance requirements and making sure that all their policies, procedures, letters, sales process, ToBAs etc. are all up to date. Your compliance plan should have a full breakdown of which appointed representatives and processes should be reviewed.
9. Consumer credit
Changes to affordability checks and consumer credit might mean changes in your business. Also, have you recently reviewed your consumer credit processes and whether your permissions match your activities? Have you checked your ToBA to make sure that it has the right consumer credit disclosures? It might benefit you to make sure these are on your plan for 2019.
10. Financial crime
On the 13th December 2018, the FCA released an updated guide to financial crime which has details of the controls and processes which they expect you to have in your business. We recommend that you carry out a review of your financial crime controls to make sure they meet the requirements of the new guide. This should at least include a review of your policies and procedures around:
- Anti-bribery and corruption;
- Anti-money laundering; and
- Sanctions
We hope you have found this blog useful, and if you have any questions, click below to get in touch.
