December 2012 Update

17th December 2012

Here is the latest round of regulatory developments for December 2012:

The Journey the FCA Continues
It’s the regulatory change on the horizon that remains top of the agenda for all firms. In the last month the regulator has said that their overall aim is to make financial markets work well so consumers get a fair deal.

Key operational objectives that the FCA will expect are;

1. Appropriate degree of protection in place for consumers;
2. Protected and enhanced integrity of the UK financial system; and
3. The promotion of effective competition for the benefit of consumers.

From 1st April 2013 firms will see:
• Greater focus on whether its business model delivers fair outcomes for consumers
• Focus on firm-specific issues as well as issues across the specific sector and market we are in
• More forward-looking approach, with faster reactions to deal with potential problems
• Greater intensity of conduct supervision

Summary of key points to focus on for 2013:
• Building unique relationships with your customers should be at the heart of your organisation
• Supervision approach will not be dissimilar to how it is currently
• BAU of supervision will be supported by thematic reviews focused on the ‘big issues’
• Controlled functions will be accountable for mitigating conduct risks and held accountable
• The regulator wants to engage with firms on an ‘appropriate basis’ and maintain effective relationships where they want to know how your firm address issues (as opposed firms approaching the FCA as to what to do)

Client Money and the FCA
The protection of client money and assets has been an FSA priority since the failure of Lehman Brothers, and this will continue to be the case under the FCA.

Martin Wheatley has been outlining the important role the FCA will play in regulating wholesale markets and the conduct of participants in them. He explained the crucial role that protecting client assets effectively plays in this, contributing to fulfilling the FCA's overarching objective of protecting and enhancing confidence in the integrity of UK Markets.

Following recent investment firm insolvencies, and the Supreme Court Ruling on the administration of Lehman Brothers, the regulator has decided to review the CASS regime to learn any lessons of the recent past.

Financial Crime – The Regulator’s Areas of Current Interest
FSA has announced that their next round of thematic reviews will focus on;

1. Money laundering, terrorist financing and sanctions risks in trade finance; and
2. Anti-money laundering and anti-bribery and corruption systems and controls in firms.

Expect to see reports and enforcement action stemming from this by Q3 2013.

Information Commissioner Fines Prudential £50,000
The Information Commissioner’s Office (ICO) has issued a warning to the financial sector after a mix-up over the administration of two customers’ accounts led to tens of thousands of pounds, meant for an individual’s retirement fund, ending up in the wrong account.

This is the first monetary penalty served by the ICO that doesn’t relate to a significant data loss and is of relevance whether or not you are in this sector of the regulated market.

Prudential has been served with a monetary penalty of £50,000 following the incident, which resulted in a serious breach of the Data Protection Act. The original error was caused when the records of both customers, who share the same first name, surname and date of birth, were mistakenly merged in March 2007.

The accounts remained confused for more than three years, and the problem was only resolved in September 2010. This was despite the company being alerted to the mistake on several occasions, including a letter from one of the customers in late April 2010 which clearly indicated his address had not changed for over 15 years. The company failed to investigate thoroughly at this point and the penalty imposed today relates to the inaccuracy then present which continued for a further six months.

Stephen Eckersley, ICO Head of Enforcement, said:

“Organisations must make sure the information they hold on their customers’ files is accurate and kept up to date in order to comply with the Data Protection Act. In this case two customer files were consistently confused and the company failed to remedy the situation despite being alerted to the problem on more than one occasion before it was finally resolved.

“This case would be considered farcical were it not for the serious sums of money involved.”

Last year the public made more complaints about the way money lenders were handling their information than for any other sector. Around 15% of the almost 13,000 data protection complaints received by the ICO during the last financial year were due to concerns relating to this group, with inaccurate data the third most complained about issue across all sectors.

Commenting on the ICO’s concerns in this area, Stephen Eckersley continued:

“While data losses may make the headlines, most people will contact our office about inaccuracies and other issues relating to the misuse of their information. Inaccurate information on a customer’s record, particularly when the record relates to an individual’s financial affairs, can have a significant impact on someone’s life.

“We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people’s records are accurate. Staff should also receive adequate training on how to manage and maintain them, with any concerns fully investigated in order to ensure problems are addressed at an early stage.”

Prudential has now improved the training it provides to its staff and updated its processes to ensure that the accuracy of customers’ records is maintained at all times. All firms can do well to review the information that we hold and take any necessary steps to be confident that we could not make a similar mistake. ICO fines at the moment are not huge, but the reputation damage is a very real threat to financial firms.

Every firm who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

FSA Problems with Digital Financial Promotions
During their routine monitoring of digital media FSA have identified and published a list of common poor practices such as:

• promotions which failed to contain appropriate risk warnings; and
• a lack of understanding of image advertising.

Risk warnings: It is not acceptable to omit important information or a statement about risk just because you intend to give it later in the sales process. The promotion itself should be fair, clear and not mis-leading. This is known in the industry jargon as ‘standalone compliant’.

Image advertising: An image advert must consist of only the name of the firm, a logo or an image associated with the firm, a contact point and a reference to the types of regulated activities provided.  When advertising goes beyond this, it is no longer just ‘image’ and all the financial promotion rules come into play. Using a digital medium does not make everything an image advert, which is somehow exempt from the financial promotions rules.

There are also a couple of common regulatory myths about using digital media.
• First, there is no ‘one click rule’. Website banner adverts or sponsored search engine results need to be compliant in their own right.  Being one click away from the information does not necessarily make it compliant.
• Roll-over risk warnings are not sufficient on website banner adverts. In most cases FSA do not think a roll-over risk warning is appropriate, as many people may still read the advert without hovering over it.

CPP Fine
Over the last week FSA has issued its joint largest retail fine of £10.5 million to Card Protection Plan Limited (CPP) for mis-selling insurance products.

CPP has also agreed to pay redress and estimates that around £14.5 million will need to be paid to affected customers, but this could change depending on how many customers respond to CPP's contact exercise.  CPP has estimated that the total costs of the FSA's investigation will be £33.4 million which includes the fine, redress and the costs associated with the investigation.  The fine is for all types of sale made by CPP while the focus of the redress exercise is CPP's direct sales.

The FSA found widespread mis-selling of CPP's two main UK products between January 2005 and March 2011.  CPP failed to treat its customers fairly and did not provide clear information to its customers:

• CPP sold its Card Protection product by emphasising that customers would benefit from up to £100,000 worth of insurance cover - when this was not needed because customers were already covered by their banks; and
• CPP overstated the risks and consequences of identity theft during sales of its Identity Protection product.

CPP sold Card Protection and Identity Protection through its own sales channels, or through a partner, such as a high street bank, which introduced its customers to CPP. Card Protection cost about £35 a year while Identity Protection cost about £84 a year. In total, CPP sold 4.4 million policies and generated £354.5 million in gross profit.

In the period in question, 18.7 million policies were renewed which generated an income of £656.5 million. Following FSA intervention in early 2011 CPP has improved its renewal process and extended the cooling off period during which customers can change their minds about buying the product from 14 days to 60 days.

CPP agreed with the FSA requirements to stop new sales of products (apart from where the insurance is sold as part of a package) and to stop trying to keep customers who call to cancel their policies.  The FSA has required CPP to appoint an external 'skilled person' to monitor and report on its claims and complaints handling.

The FSA found that CPP's sales process focussed on sales, revenue and commercial objectives at the expense of treating customers fairly. The FSA's investigation revealed that:

• CPP sales agents were encouraged to be overly persistent in persuading potential customers to purchase the products even after they had made it clear that they did not wish to buy them;
• CPP gave its sales agents targets for successfully dissuading customers who contacted CPP to cancel their policies;
• CPP did not prevent sales agents telling customers to buy the products on the basis that customers could cancel them during the cooling-off period; and
• CPP renewed and took payments from customers without reminding them when it did not have current addresses and could not send renewal documentation.

Customers generally do not need insurance for fraudulent transactions on lost or stolen credit and debit cards because they are not liable for unauthorised card payments - apart from in exceptional circumstances.  However CPP continued to sell Card Protection by emphasising this insurance aspect of the product.

CPP also failed to control its affairs responsibly and effectively. This is because it was aware that significant issues about its sales and compliance processes had been raised by the FSA but it failed to take sufficient action to deal with them.

Tracey McDermott, the FSA's director of enforcement and financial crime, said

"This is a serious case, one that has warranted our joint largest retail conduct fine and generated a sizeable bill for consumer redress.

"While CPP's products were relatively inexpensive, they were sold widely and CPP encouraged its sales agents to be overly persistent.  This exposed a very large number of customers to the unacceptable risk of buying products they did not want or need. Further, we had already warned the firm that it might be misleading customers about a feature of Card Protection from which customers were unlikely to benefit, but insufficient action was taken to rectify this.

"We have highlighted before our concerns about low cost insurance that offers little or no value to the customer. This case shows the action we will take if our warnings are not heeded".

CPP agreed to settle at an early stage entitling it to a 30% discount on its fine. Without the discount, the fine would have been £15 million.

CPP has agreed to provide an undertaking about a contract term it used which was unfair. This unfair term allowed CPP to take customer payments from another card covered by Card Protection in the event that payment could not be taken from the original card. The purpose of having multiple cards registered was to ensure that all cards were covered by the protection, but CPP used it to take payment from customers.