Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

Context

The FCA has published its findings on how smaller mutual life insurers meet Consumer Duty requirements and deliver good customer outcomes, sharing good practice and its expectations. The Consumer Duty sets high standards of protection for retail customers across financial services. It requires firms to deliver good outcomes in terms of products and services, price and value, understanding, and support. Firms that offer non-investment insurance products are also subject to fair value rules under PROD 4.

Key points to note and next actions

Findings from the FCA’s review:

• Target Market Statements – Firms had a strong focus on understanding their customers. However, most had broad statements to describe their target markets, and some were also unclear on who their products would not be suitable for.
• Fair value assessments – Firms had strong metrics to measure value. However, most were limited in their conclusions, often relying on one benefit, such as the ease of purchasing the product, rather than considering the overall quality of the product and related services.
• Financial operating models – All firms emphasised the importance of placing customers at the heart of their organisation. However, they were inconsistent in assessing their future viability. Some assessments were also conducted in ways that would not support timely decision making on strategic direction.

The FCA will continue to monitor how firms are demonstrating the higher standards the Duty expects, including price and value. Its recent multi-firm review – Findings from the insurance multi-firm review of outcomes monitoring under the Consumer Duty – outlines work the FCA will do to assess how firms are monitoring that they meet the Duty’s requirements.

Context

The FCA, Bank of England and Prudential Regulation Authority have together signed a Memorandum of Understanding (MoU) with the European Supervisory Authorities to enhance co-operation and oversight of critical third-parties (CTPs) that fall under the UK’s CTP regime. This provides a framework for coordinating and sharing information on the oversight of CTPs under the UK regime and critical third-party providers (CTPPs) under the EU’s Digital Operational Resilience Act (DORA), including during incidents such as power outages or cyber-attacks.

Key points to note and next actions

The MoU aims to manage potential risks to financial stability and market confidence, as well as strengthen international cooperation. It will also help reduce duplication and regulatory burden on CTPs and CTPPs. The UK’s CTP regime is designed to be compatible with DORA with similar international standards.

• The background to this is that in 2024, UK regulators introduced new rules to bolster the resilience of critical third parties providing key services to the financial sector.
• These rules came into effect on 1 January 2025 and apply once a CTP is designated by the Treasury. The Treasury is responsible for deciding which third-party service providers should fall under the new CTP regime. The rules require designated CTPs to provide regular assurance, undertake resilience testing and report major incidents.
• Regulators will continue to work with the Treasury throughout the designation process.
• The regime does not reduce the responsibility of financial firms and Financial Market Infrastructures (FMIs) to manage their own operational resilience and third-party risks in line with existing outsourcing rules.
• In the EU, the Digital Operational Resilience Act (DORA) provides for regulation of CTPPs by the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), and/or European Securities and Markets Authority (ESMA). CTPPs face a series of requirements under DORA, including around incident management and reporting, and must confirm they can withstand and manage a wide range of ICT disruptions and cyber threats and comply with uniform requirements for the security of network and information systems.

Context

The FCA has opened applications for the second cohort of its AI Live Testing service. AI Live Testing is the first of its kind in the financial sector to help firms who are ready to use AI in UK financial markets.

Key points to note and next actions

Firms participating in the FCA’s AI Live Testing service will receive support from the FCA’s regulatory team and its technical partner Advai to develop, assess and deploy safe and responsible AI for consumers and markets. The service helps firms to consider key questions around evaluating AI including governance, risk management and monitoring. It will also help the FCA to better understand how AI could shape UK financial markets and inform future approach to the technology.

• For firms that wish to apply, an application form should be completed by 2 March 2026.  The FCA will notify successful firms by mid-March and the testing will start from April 2026.  
• If you have any questions about AI Live Testing, the FCA can be contacted at: AILiveTesting@fca.org.uk.

Context

The FCA has made the decision to ban Antony Reynolds from working in financial services and fine him £2,037,892 and this has been upheld by the Upper Tribunal. Mr Reynolds was dishonest when he gave pension transfer advice and investment recommendations to customers, causing them significant harm.

Key points to note and next actions

Mr Reynolds showed a clear disregard for his customers’ interests and provided unsuitable advice. He also advised his customers to invest in high-risk and unsuitable products while at the same time hiding high exit fees and falsifying documents. His misconduct exposed hundreds of people to serious financial loss. Over £17.6m has been paid in compensation to more than 470 affected customers, many of whom suffered losses in excess of statutory compensation limits. In addition, Mr Reynolds let 2 unapproved people provide pension advice and when confronted with his misconduct he lied to regulators, allowed important evidence to be destroyed, and moved his family home into a trust to avoid paying his debts.

Context

The FCA has published campaign images on social media to encourage consumers of financial services to check the status of firms

Key points to note and next actions

Anyone can use this service to check a financial firm:

• is authorised by the FCA
• has permission to provide services required

It also sets out the information you won’t find on the Firm Checker. For example, as it can’t confirm whether FSCS or FOS protection will definitely apply if something goes wrong, it encourages consumers to make their own checks to make sure the product or service meets their needs.

It is designed for consumers to understand if a firm has FCA permission to offer a financial product or service, and provides details about the firm’s permissions as well as the firm’s contact information.

Context

The ICO has fined two companies £225,000 in total for sending millions of unsolicited marketing messages in breach of the law.

Key points to note and next actions

• Allay Claims Ltd, based in Newcastle-upon-Tyne, has been fined £120,000 for sending more than 4 million unlawful marketing text messages between February 2023 and February 2024. The messages promoted PPI tax refund services and were sent without valid consent or compliance with the rules on the ‘soft opt-in’ exemption. 
• ZMLUK Limited (formerly Zuru Media Ltd), based in Bristol, has been fined £105,000 for sending over 67 million marketing emails between January and July 2023 without valid consent. The emails promoted a range of products and services using data sourced from third parties, where people were not given clear and informed choices about receiving marketing. 

Context

The UK Parliament Treasury Select Committee report says that the Bank of England, the Financial Conduct Authority (FCA) and the Treasury are exposing the public and the financial system to potentially serious harm due to their current positions on the use of artificial intelligence in financial services. Its view is that by adopting a wait-and-see approach, the major public financial institutions, responsible for protecting consumers and maintaining stability in the UK economy, are not doing enough to manage the risks presented by the increased use of AI in the financial services sector.

Key points to note and next actions

• According to evidence received by the Committee, more than 75% of UK financial services firms are now using AI, with the largest take-up among insurers and international banks. AI is being used in various ways, including to automate administrative functions, to deliver core services such as processing insurance claims and credit assessments.
• In the report, MPs acknowledge that AI and wider technological developments could bring benefits to consumers. The Committee, therefore, encourages firms and the FCA to work together to ensure the UK capitalises on AI’s opportunities. However, the Treasury Committee believes action is needed to ensure that this is done safely. One recommendation is for the Bank of England and the FCA to conduct AI-specific stress-testing to boost businesses’ readiness for any future AI-driven market shock.
• The Treasury Committee is also recommending the FCA should publish practical guidance on AI for firms by the end of this year. This should include how consumer protection rules apply to their use of AI as well as providing a clearer explanation of who in those organisations should be accountable for harm caused through AI.
• The Critical Third Parties Regime gives the FCA and the Bank of England new powers of investigation and enforcement over non-financial firms which provide critical services to the UK financial services sector, including AI and cloud providers. The Government is responsible for deciding which firms are brought into this regime.
• The report notes that, despite being set up for more than a year, no organisations have yet been designated under the regime. The Committee urges the Government to designate AI and cloud providers deemed critical to the financial services sector in order to improve oversight and resilience.