FCA and ICO publish joint update on GDPR
The Financial Conduct Authority and the Information Commissioner’s Office (ICO) have released a joint update in February 2018 on the General Data Protection Regulation (GDPR).
The joint release confirms that the EU General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. It adds that the GDPR is an essential step forward in enhancing the privacy and security of personal data and will be regulated and enforced in the UK by the ICO.
The joint statement requires financial services firms to consider how the GDPR will apply to them so they are ready to comply with the regulations from May 2018. To a general concern raised by firms about their ability to comply with both the GDPR and rules made by the FCA, the joint release clarifies that, in FCA’s opinion, the GDPR does not impose requirements which are incompatible with the rules in the FCA Handbook. Indeed, the release states that “there are a number of requirements that are common to the GDPR and the financial regulatory regime detailed in the FCA Handbook”.
The joint release also draws attention to the fact that compliance with GDPR is now a board level responsibility, and “firms must be able to produce evidence to demonstrate the steps that they have taken to comply”. The FCA’s requirement to treat customers fairly enshrined in the current financial services regulatory framework is central to the data protection law as well.
However, the FCA have acknowledged that there are still ongoing discussions to ensure specific details of the GDPR can be implemented consistently within the wider regulatory landscape. Therefore, the FCA and ICO are working closely together in preparation for the GDPR, and have jointly hosted a GDPR Roundtable with firms and industry bodies recently to listen to industry concerns.
The FCA have made it clear that protection of personal data is very much a regulatory imperative and while the ICO will regulate the GDPR, complying with the GDPR requirements is also something the FCA will be further integrating with their rules, for example, within the requirements in the Senior Management Arrangements, Systems and Controls (SYSC) arrangements. As part of their obligations under SYSC, firms will be required to establish, maintain and improve appropriate technology and cyber resilience systems and controls.
The fair treatment of existing interest-only mortgage customers
The FCA published in January 2018 the findings of their thematic review in TR 18/1 about fair treatment of existing interest-only mortgage customers. More recent findings from FCA’s Financial Lives Survey 2017 identified that existing interest-only mortgages are held by an increasingly older customer population with 70% of all interest-only mortgages held by customers aged over 45. Their thematic review looked at how lenders are working to help such customers avoid the potential harm of non-repayment of their mortgages at maturity.
The FCA wanted to understand the extent to which lenders had chosen to review their own arrangements since they issued regulatory guidance to mortgage lenders in 2013. To achieve this objective, they completed 3 activities:
• Desk based reviews to assess lenders’ strategies for managing their existing interest-only mortgage book including policies, communications to customers, operations, adviser training and Management Information (MI);
• File reviews to assess both the customer’s experience when they engage with their lender about their maturing interest-only mortgage and the repayment options they are offered; and
• Visits to lenders to meet with senior leaders, managers and advisers to assess their understanding and implementation of their strategies.
The FCA found that all the lenders in the sample have made progress in the fair treatment of interest-only mortgage customers and most lenders have put in place strategies to contact customers with interest-only mortgages and to understand their repayment plans with a view to providing appropriate solutions where no suitable plan is in place. They observed that most lenders provided a wide range of options and adopted a flexible approach to help those customers who are unable to repay their mortgage at maturity.
In most cases, lenders had well trained and experienced teams who provided advice to customers whose mortgages had either matured or were close to maturity. The FCA also found the good practice of some lenders helping customers whose mortgages still had a number of years to maturity through their new business teams.
All relevant firms should use the examples of good practice detailed in the paper as guidance when dealing with their interest-only mortgage customers.
High-cost credit review
In January 2018, the FCA published an update on their high-cost credit review. In July 2017, the FCA had published a Feedback Statement FS 17/2 setting out their response to the Call for Input. In FS 17/2, FCA had set out their decision to retain the cap on high-cost short-term credit (HCSTC), commonly known as the pay day loan cap, at its current level for a further three years. FCA also published a detailed analysis of consumption patterns of various high-cost lending products. In the Statement, they identified a number of issues which could cause consumer harm, and decided to investigate those further with the aim of issuing a Consultation Paper with proposals for addressing regulatory concerns in 2018.
The January paper gives an update on the FCA’s intervention in the area of high-cost credit so far and indicates the further work that they are undertaking including timelines for that work.
The FCA have a number of concerns about outcomes for consumers of high-cost credit products but they have not yet reached any final conclusions or decisions, either about the extent of any consumer harm, nor have they decided whether, or how, to intervene. They will carry out full consultations where they see the need to introduce new rules to address any identified consumer harm, taking into account the findings of related work that the FCA have been undertaking, in particular, as part of the Strategic Review of Retail Banking.
There is an emerging picture of a case for possible intervention in a number of high-cost credit products but the FCA have also recognised the limits of what can be achieved through traditional regulatory interventions alone. Their approach to high-cost credit has the following four main components:
• Authorise, supervise and enforce against existing rules – FCA have already taken significant action where firms have not met their rulebook including creditworthiness and treating customers fairly. They are using the process of authorisation created by the transfer of regulation to the FCA to ensure that firms meet current enhanced standards.
• Prepared to intervene and propose new rules where the FCA find the evidence that markets are not working well for consumers.
• Promote competition and innovation in the interest of consumers by encouraging new business models that better serve consumers, and addressing rules that might be preventing markets from working as well as they could.
• Work with others to influence the demand in markets thinking about what drives demand for high cost credit, the alternatives and how consumers can build basic financial resilience.
The Future of UK regulatory landscape after Brexit
The FCA’s Chief Executive, Andrew Bailey, analysed potential outcomes for the UK’s regulatory framework after Brexit at the Future of the City dinner on 5 February 2018.
At the outset, Mr Bailey said that the FCA were treating Brexit as a high priority and they will do their utmost to make it work in the interests of the people of this country. However, making what he called ‘the big point’, Mr Bailey cautioned that if as a response to Brexit the European Union (EU) were to change the status quo, it would amount to a decision to close market access, not a decision about whether to open it. It would also be a decision to disconnect the EU from the benefits of global markets.
Mr Bailey pointed out a range of operational issues arising from Brexit which, if not tackled, will create financial stability risks and issues for both the UK and the European Union. In his view, “Just as they are symmetric in impact, so they are in the mutual interest of the UK and the EU to tackle”.
He briefly set out a number of them, starting with ‘contract continuity’, saying that when the UK departs from the EU, unless action is taken, a wide range of financial contracts between UK and EU counterparts could cease to be serviceable, in particular in insurance and derivatives sectors. Elaborating on the enormous impact of this, he said that it could affect up to £26 trillion of derivative contracts (of which £12 trillion extend beyond the end of March next year) and at least 30 million EU and 6 million UK insurance policyholders.
The other issue that he set out related to data sharing. In this context, Mr Bailey stated that EU and UK firms hold and share a very large amount of data about each other’s citizens and it was thought that around three quarters of cross-border data flows involving the UK were with EU member states. According to the documented information, the UK is a major exporter of digital data services such as data hosting and processing, and is the entry point to Europe for many global data-dependent businesses. The FCA themselves are a major exporter of data on trading activity, helping other European regulators oversee firms and markets. He advised that in an average month the FCA export over 250 million trade reports, compared with the 12 million they receive. If the UK was to leave the EU without mitigating actions on both sides, holding and sharing each other’s data may be in breach of national law.
Mr Bailey concluded his statement with a vision of what the future could look like after transition saying that a commitment to continued open markets should remain at the heart of the future with regulatory standards operating in the public interest underpinning open markets. The basis of such an arrangement will be mutual recognition of regulatory standards, which is quite different from passporting. He said that, as an impartial technician, he could not stress too much that we need these arrangements in place, and co-ordinated solutions are in the best interests of both sides.
FCA to allow SMEs access to Financial Ombudsman Service
The FCA have published a consultation paper CP 18/3 in January 2018 containing their proposal for small and medium sized enterprises (SMEs) to access the dispute resolution through the Financial Ombudsman Service (FOS). At present only consumers and the smallest businesses (micro-enterprises) are able to refer complaints against financial services firms to the Ombudsman. Microenterprises have been treated as ‘eligible complainants’ since 2009.
The FCA have acknowledged that when things go wrong, some SMEs, particularly smaller businesses, struggle to resolve disputes with financial services firms through the courts and have few alternative routes to seek redress. They now propose to change the handbook rules to allow SMEs to refer disputes to the FOS.
The FCA’s proposals are not designed to cover all disputes involving SMEs and the disputes not covered include those involving SMEs above the eligibility threshold for seeking redress through FOS, as well as disputes where redress sought would be significantly in excess of the Ombudsman’s binding award limit of £150,000. For small businesses to be eligible for referring their complaints to FOS, they must meet the following 3 criteria: a) annual turnover of less than £6.5m, b) annual balance sheet total of less than £5m and c) fewer than 50 employees.
To comply with the FCA rules, firms will also have to change the way they handle complaints from newly-eligible SMEs and guarantors. The FCA expect these new rules to give firms greater incentives to handle complaints well and provide redress when necessary. Additionally, firms will be required to take the relevant FOS decisions into account as in case of private consumer with a view to improving the outcomes for SMEs and the markets in general.
The FCA will consider feedback to this consultation and will publish a Policy Statement with the final rules later this year.