Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

Context

The FCA has published a speech delivered by Emily Shepperd, FCA Chief Operating Officer, at the Association of British Insurers’ ‘A changing regulatory landscape: how best to prepare?’ event in London.

Key points to note and next actions

• The FCA has developed a balanced strategy designed to support the financial services sector.
• The FCA is being clear with the industry about how it will operate and delivering what it needs to quickly.
• The FCA is upfront about the risks and opportunities. 
• The FCA references being a proportionate, predictable and purposeful regulator, simplifying and stripping outdated requirements from its insurance rule book.
• The speech discusses the issues of growth, the FCA being a smarter regulator, helping consumers navigate their financial lives, and fighting crime.

Context

The ICO has published an earlier press release and a redacted Penalty Notice setting out the reasons for fining genetic testing company 23andMe £2.31m for failing to implement appropriate security measures to protect the personal information of UK users, following a large-scale cyber attack in 2023.  The penalty follows a joint investigation conducted by the ICO and the Office of the Privacy Commissioner of Canada.

Key points to note and next actions

• The Penalty Notice is 158 pages long.
• Between April and September 2023, a hacker carried out a credential stuffing attack on 23andMe’s platform, exploiting reused login credentials that were stolen from previous unrelated data breaches.
• This resulted in the unauthorised access to personal information belonging to 155,592 UK residents, potentially revealing names, birth years, self-reported city or postcode-level location, profile images, race, ethnicity, family trees and health reports. The type and amount of personal information accessed varied depending on the information included in a customer’s account.
• The investigation found that 23andMe did not have additional verification steps for users to access and download their raw genetic data.

Context

The ICO has confirmed that the Data (Use and Access) Act 2025 (the DUAA) has received Royal Assent, so is now law.  This new legislation updates key aspects of data protection law, making it easier for UK businesses to protect people’s personal information while growing and innovating their products and services.

Key points to note and next actions

Changes to the law include:

• clarifying how personal information can be used for research;
• lifting restrictions on some automated decision making;
• setting out how to use some cookies without consent;
• allowing charities to send people electronic mail marketing without consent in certain circumstances;
• requiring organisations to have a data protection complaints procedure; and
• introducing a new lawful basis of ‘recognised legitimate interests’. 

The Act provides the ICO with new powers, including the ability to compel witnesses to attend interviews, request technical reports, and issue fines of up to £17.5 million or 4% of global turnover under the Privacy in Electronic Communications Regulations (PECR).

Context

In its report, ‘Growing pains: clarity and culture change required’, the Financial Services Regulation Committee highlights that the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA)’s secondary international competitiveness and growth objective is being held back by pervasive risk aversion, regulatory uncertainty, and inefficiency in the regulatory system.  The details of the oral evidence sessions in January and February are also available online.

The report’s headline message is that a “culture of risk aversion among financial regulators undermines their competitiveness and growth objective”.

The report contains key messages for Government and for the regulators, and seems to be criticising what some would see (and what Governments and Regulators have called for in the past following financial crises) as responsible risk-aversion, a desire for consumer protection and appropriate friction to deter bad actors from entering the UK financial services marketplace.  In essence, the FSRC, currently,  has a different opinion to the Regulators on an appropriate ‘risk vs. reward’ balance.

Key points to note and next actions

The Committee calls on the regulators to:

• Drive cultural change throughout their organisations, introducing a more tailored and proportional approach to the risks posed by regulated firms, a culture of continual operational improvement and innovation, and a more transparent and trusting relationship with stakeholders.
• Create a joint cost of compliance working group in conjunction with their respective Cost Benefit Analysis Panels and include an assessment of actual costs of large-scale regulatory reforms as part of their post-implementation reviews.
• Clarify guidance on the implementation of the Consumer Duty and set out how the FCA and the FOS intend to address long-standing concerns with the redress framework.
• Prioritise the delivery of the Advice Guidance Boundary Review to give UK consumers more support to save and invest.

The Committee calls on the Government to:-

• Undertake a focused assessment of the financial services landscape to identify where regulatory overlap can be eliminated.
• Provide parameters and clear direction to the regulators on how it sees financial services regulation supporting its growth strategy.
• Include outcomes-based secondary objective metrics that aim to illustrate the impact of the regulators’ action on the real economy and review the regulators’ statutory operating service metrics to ensure they are in line with comparative jurisdictions.
• Commission an independent study to assess the cumulative cost of compliance in the financial services sector relative to other international jurisdictions and further academic research into how regulation can support growth.
• Engage in concerted action to improve financial education from school age and up and work with the FCA, universities, and research organisations to develop new financial education programmes.

The FCA has put out quite a brusque response setting out what it is doing already to support economic growth, and comments that “We’ll carefully consider the Lords Financial Services Regulation committee’s recommendations and look forward to responding.”

Context

The ABI has responded to Defra’s announcement of a commitment to invest £7.9 billion over ten years in flood defences, welcoming the Government’s commitment to more funding and a long-term framework to support flood defences.

Key points to note and next actions

• The statement said that the announcement was a welcome relief to homes and businesses across the country, and reiterated the ABI’s long-held view that robust investment in defences and a clear, enduring strategy are vital to real, lasting resilience.
• The ABI makes the point that new homes need to be able to withstand flooding, extreme heat, stronger winds and subsidence, and that such homes must not be built in flood-risk areas.

Context

New independent consumer research, conducted by Viewsbank among a nationally representative sample of 827 aged 18-plus between 7^th and 10^th March 2025, shows that Insurance customers increasingly are accepting the use of credit to pay for cover as they look for ways to improve budgeting and make their money work harder.

Key points to note and next actions

• PCL’s Insurance Index shows a sharp rise in number of consumers willing to use credit.
• Increasing financial confidence and more credit being available are helping to drive the trend.
• The Insurance Index shows that nearly a third (30%) of consumers say they have become more willing to use credit for insurance payments in the past year confirming a growing trend.
• The recent study found that being accepted for credit is an issue for some – with 19% saying they have found it harder to secure credit since the beginning of the cost-of-living crisis; 15% have been turned down for a credit card over that period.
• Premium Credit research shows more consumers are working harder to find the best price and quality of insurance cover.  This year, 70% say they are putting more time into shopping around compared with 62% last year and 53% in 2023.