Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 765777.

UKGI has teamed up with Aviva to provide ABC brokers with access to our weekly regulation update free of charge! The service provides a round-up of compliance-related issues to give you an overview of what’s on the regulatory horizon.

This will help you stay up to date with what regulatory changes may be coming up, so you can plan ahead.

You can also access previous ABC weekly regulation updates by clicking on the archive tab at the top of the page.

UKGI is working with Aviva to provide ABC brokers with access at preferential rates to our market-leading, online compliance manual and its library of over 200 template documents!

To watch a short introductory video showcasing the manual, click here, and to see for yourself just how useful the manual could be for your business, book an interactive demonstration.

Link(s):DP24/1: Regulation of commercial and bespoke insurance business
DP24/1: Regulation of commercial and bespoke insurance business | FCA

Context

The FCA is partially reopening Discussion Paper DP24/1. The FCA wants to ensure that customers in the commercial insurance market are protected appropriately, while also not placing unnecessary regulatory costs on firms.

Key points to note and next actions

The FCA is again asking for views from firms on whether the FCA rules appropriately balance customer protection and competitiveness.  The DP was initially published in July this year with a relatively short response window, and was covered in our Weekly Update for the week ending 2nd August 2024.  The re-opened questions again cover:

  • determining which rules apply to commercial insurance, including a comparison of some differing definitions of commercial clients based on balance sheet size / turnover / no. of staff etc., and options to change the FCA’s current ‘SME’ classification;
  • how the rules currently apply where more than one firm is responsible for manufacturing insurance products (so where there are co-manufacturers);
  • the application of iCOBS to co-manufacturing;
  • some of the challenges around how the PROD rules apply to bespoke insurance products, and the ‘bespoke products’ exclusion.

Firms can respond to the reopened questions by 10th January 2025 by emailing commercialinsurancemarket@fca.org.uk.

Link(s):Warning Notice Statement 24/4

Context

On 18th September 2024 the FCA gave Crispin Odey a warning notice proposing to take action in respect of the conduct summarised in the statement.  The FCA considers that, during the period from 24th December 2021 to 17th November 2022, Mr Odey (who was a certification employee at Odey Asset Management LLP (OAM) and at times during this period held Senior Management Functions) breached Individual Conduct Rule 1 of the FCA’s Code of Conduct which required him to act with integrity.

Key points to note and next actions

  • A warning notice is not the final decision of the FCA. The individual has the right to make representations to the Regulatory Decisions Committee which, in the light of those representations, will decide on the appropriate action and whether to issue a decision notice.
  • In February 2021, OAM gave Mr Odey a Final Written Warning in relation to inappropriate behaviour. In late 2021, OAM scheduled a disciplinary hearing to consider whether Mr Odey had breached the Final Written Warning.
  • The FCA considers that, during the relevant period, Mr Odey demonstrated a lack of integrity in that his actions were deliberately designed to frustrate OAM’s ongoing disciplinary process into his conduct, in order to protect his own interests, and showed a reckless disregard for OAM’s governance and caused OAM to breach certain regulatory requirements.
  • In addition, Mr Odey’s behaviour towards both OAM and the FCA lacked candour. He used improper means to protect his own interests and achieve his objectives; the reasons he gave for his dismissal of OAM’s Executive Committee, and his conduct in his dealings with the FCA, also support the finding that he lacks integrity.
Link(s):FG24/5: Prudential assessment of acquisitions and increases in control | FCA
FG24/5: Prudential assessment of acquisitions and increases in control

Context

Alongside the PRA, the FCA consulted on proposals to replace the EU guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the financial sector (3L3 Guidelines).  The FCA has now published a Finalised Guidance document, FG24/5, setting out guidance to replace the EU guidelines.

Key points to note and next actions

Following the consultation, the PRA has issued a joint policy statement as well as a supervisory statement for PRA authorised firms.  The FCA’s own final guidance sets out how it expects firms, and those acquiring or increasing control in UK authorised persons, to identify controllers for the purposes of FSMA. It also sets out:

  • its expectations for submitting the change in control notification;
  • the assessment criteria; and
  • how it will use its statutory powers to impose conditions on an approval.

The Guidance is split into five main sections

  • Introduction
  • Controller concepts and identification (concepts include significant influence, aggregation of holdings and acting in concert, including further guidance on acting in concert at Appendix 2)
  • Notices of proposed acquisitions and increases in control
  • Assessment of the proposed acquisition
  • The FCA’s approach to the use of conditional approvals

FCA authorised firms, and those persons to whom Part XII of FSMA applies, should follow this finalised guidance from 1 November 2024 instead of the 3L3 Guidelines when considering a UK Change in Control (CIC) transaction.  The FCA Handbook and our website have been amended to make specific reference to the finalised guidance.

There are useful diagrams in the document within Annex 1 giving practical examples of the determination of controllers.

Link(s):Three individuals and two firms charged over alleged unauthorised business activities | FCA

Context

The FCA has started criminal proceedings against Anthony Hay, Laura Hay, Tim Stewart, Premier Finance GB Ltd and Proserv GBR Limited, for allegedly engaging in unauthorised business.  The FCA is prosecuting these firms and individuals for breaches of section 23(1) of the Financial Services and Markets Act 2000 (FSMA) namely by carrying out debt administration and debt collection, entering into regulated credit agreements and hire agreements, and effecting and carrying out contracts of insurance with retail customers for vacuum cleaners, whilst not being authorised.

Key points to note and next actions

The FCA is also prosecuting Mr Hay, Ms Hay and Mr Stewart as company officers under Section 400 of FSMA, in that they consented, connived or neglected to act in relation to the firms’ misconduct. They will be attending Westminster Magistrates’ Court on 7th November 2024.

Link(s):Regulatory Decisions Committee (RDC) | FCA

Context

The FCA has updated its Regulatory Decisions Committee (RDC) web page to update the Committee membership details, and effectively confirm Alison Potter as the new Chair.  Potter becomes Chair of the Committee with effect from November 2024.

Key points to note and next actions Before joining the RDC Potter practised as a barrister in commercial law at 4 Pump Court, London for over 30 years.  Her other roles, positions and experience are set out within the relevant section of the web page.

Key points to note and next actions

Before joining the RDC Potter practised as a barrister in commercial law at 4 Pump Court, London for over 30 years.  Her other roles, positions and experience are set out within the relevant section of the web page.

Link(s):ICO intervention into AI recruitment tools leads to better data protection for job seekers | ICO
Thinking of using AI to assist recruitment? Our key data protection considerations | ICO
“Privacy must still come first.” – we’re calling for collaboration with developers as report reveals future innovations and data protection concerns in genomics | ICO

Context

The ICO has published three different web pages aimed at AI and genomics developers, one of which explores the use of genomics in determining insurance quotes, with the clear message that ‘privacy must come first’.

Key points to note and next actions

  • The ICO has issuedseries of recommendations to AI developers and providers to ensure they are better protecting job seekers’ information rights.  AI is increasingly being used in the recruitment process to save time and money, helping to source potential candidates, summarise CVs and score applicants. If not developed lawfully, these tools may negatively impact jobseekers who could be unfairly excluded from roles or have their privacy compromised. 
  • Linked to the above, the ICO has shared key questions organisations should ask when procuring AI tools to help with their employee recruitment, all of which are founded in, and reflect, the key principles of data protection.
  • The ICO has published a new report which highlights how genomics could one day determine insurance quotes, solve crimes, tailor support in schools and create fitness plans.
  • Genomics is the study of the genes in our DNA, their functions and their influence on the growth, development and working of the body – using a variety of techniques to look at the body’s DNA and associated compounds.  The UK is recognised worldwide as a leader in genomics and the unique structure of the NHS is allowing us to deliver these advances at scale and pace for the benefit of patient and their families.
  • Concerns are raised in the report around third-party data, inappropriate bias, data security, and data minimisation, and the ICO is calling for collaboration with developers and for developers to take “privacy-by-design” approach and to join the Regulatory Sandbox.
Link(s):Private medical insurers report record 4.7 million covered by employer health schemes | ABI

Context

The ABI has published data showing that a record 4.7 million people were covered by Private Medical Insurance (PMI) through their employer in 2023 – the highest in more than 30 years of data collection.

Key points to note and next actions

  • The ABI also reported a 7% increase in the overall uptake of both individual and workplace policies.
  • A record total of 6.2 million people now have access to speedy diagnoses and quality treatment for acute health conditions arranged by insurers, as well as support to prevent more serious health issues developing. These figures represent an additional 411,000 people covered in 2023 compared to 2022. 
  • More policyholders made use of their private medical cover in 2023 too. Data shows a 21% increase in the number of claims made across individual policies and workplace schemes to 1.7 million. Workplace claims were the main driver, up 26% to 1.3 million.
Link(s):ABI and Lloyd’s of London publish guidance on major cyber events | ABI

Context

The ABI and Lloyd’s have co-published a guide for (re)insurers on how to approach defining a major cyber event.  As one of the most prominent systemic and emerging risks, there are few historic major cyber events for insurers to look at when trying to establish clear definitions and policy wording. The ‘Components of a Major Cyber Event: A (Re)Insurance Approach’ seeks to address this by setting out the factors (re)insurers should consider and provides a framework to follow when defining what constitutes a major cyber event.

Key points to note and next actions

Written by senior cyber (re)insurance leaders, the paper represents a joint effort to build shared approaches across the industry. The steps that need to be considered, and given varying degrees of emphasis, when defining a major event include: 

  • WHO is responsible for the event and whether their intentions were malicious or not?
  • WHAT was the cause of loss?
  • WHERE did it occur geographically, in the digital ecosystem and the insured population?
  • WHEN did the event start and how long did it last for?
  • HOW did the cyber event spread – was it manual or automatic?
  • WHY did the event occur, was the motive for financial or political gain?
  • IMPACT quantified as monetary loss.