Topic 24

Question 1

What legislation replaced the Data Protection Act 1998 in the UK?

Answer 1

The Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR), retained in UK law as UK GDPR after Brexit.

Question 2

What does ‘personal data’ mean under UK GDPR?

Answer 2

Personal data is information that can directly or indirectly identify an individual, such as name, ID number, location data, or online identifiers.

Question 3

What are the six data protection principles under UK GDPR?

Answer 3

Processed lawfully, fairly, and transparently

Collected for specified, legitimate purposes

Adequate, relevant, and limited to necessity

Accurate and kept up to date

Retained no longer than necessary

Processed securely

Question 4

What are ‘special categories’ of personal data?

Answer 4

Sensitive data needing extra protection, including race, religion, political beliefs, trade union membership, health, sexual orientation, biometric and genetic data.

Question 5

Who is a data subject?

Answer 5

A natural person whose personal data is processed.

Question 6

What is a data controller?

Answer 6

A legal person (usually an organisation) who determines why and how personal data is processed and ensures compliance with data protection rules.

Question 7

What is a data processor?

Answer 7

A person or organisation that processes personal data on behalf of the data controller.

Question 8

What are the lawful bases for processing personal data under UK GDPR?

Answer 8

Consent

Contract

Legal obligation

Vital interests

Public task

Legitimate interests

Question 9

What rights does a data subject have under UK GDPR?

Answer 9

The right to access, correct, erase, object to processing, and transfer their data.

Question 10

What must organisations do to demonstrate compliance with UK GDPR?

Answer 10

Establish governance roles, record processing operations, document policies, and perform data protection impact assessments for high-risk activities.

Question 11

What is a restricted transfer under UK GDPR?

Answer 11

A transfer of personal data to a non-UK controller or processor, allowed only if the recipient is covered by UK adequacy regulations or safeguards are in place.

Question 12

Who is responsible for enforcing the UK GDPR?

Answer 12

The Information Commissioner.

Question 13

What must firms do in the event of a significant personal data breach?

Answer 13

Report it to the Information Commissioner.

Question 14

What powers does the Information Commissioner have to enforce UK GDPR?

Answer 14

Require information from organisations

Conduct compulsory audits

Issue undertakings

Issue monetary penalty notices

Serve enforcement and assessment notices

Serve ‘stop now’ orders

Prosecute

Conduct consensual assessments (audits)

Issue temporary or permanent bans on data processing

Question 15

What is are the criminal offences under UK GDPR?

Answer 15

Failing to comply with an information or enforcement notice

Failing to properly notify the ICO

Processing data without authorisation

Re-identifying individuals from pseudonymised or anonymised data

Question 16

What is the maximum penalty under UK GDPR for serious breaches?

Answer 16

The higher of £17.5 million or 4% of an organisation’s total annual worldwide turnover from the previous financial year.

Question 17

What does the Pensions Regulator (TPR) oversee?

Answer 17

Work-based (occupational) pension schemes and some personal pension schemes with direct pay arrangements.

Question 18

What are the key aims of the Pensions Regulator?

Answer 18

Ensure automatic enrolment

Protect scheme members’ benefits and savings

Promote good scheme administration

Reduce risks leading to Pension Protection Fund claims

Maximise employer compliance under the Pensions Act 2008

Minimise impact on sustainable employer growth

Question 19

How does the Pensions Regulator approach its work?

Answer 19

With a risk-based approach, focusing on prevention rather than reaction, considering both likelihood and impact of risks.

Question 20

What are the three broad categories of TPR powers?

Answer 20

Investigating schemes

Putting things right

Acting against avoidance

Question 21

Give two examples of actions TPR might take when “putting things right.”

Answer 21

Recover unpaid contributions

Disqualify unfit trustees

Question 22

What powers does TPR have to act against avoidance?

Answer 22

Prevent employers from avoiding obligations

Issue contribution notices

Issue financial support directions

Question 23

What must pension trustees have under the Pensions Act 2004?

Answer 23

Sufficient knowledge and understanding of pension and trust law, scheme funding, investments, and scheme documentation.

Question 24

What is the purpose of the Pension Protection Fund (PPF)?

Answer 24

To protect members of private sector defined-benefit schemes when an employer becomes insolvent and cannot fully fund pensions.

Question 25

What else is the PPF responsible for?

Answer 25

The Fraud Compensation Fund, which provides compensation to schemes affected by dishonesty.

Question 26

How does the PPF fund its compensation payments?

Answer 26

Levy on defined-benefit schemes Taking on assets of transferred schemes Recovering assets from insolvent employers Investment growth

Question 27

Does the PPF always provide 100% of pension benefits?

Answer 27

No, it provides varying levels of compensation, with full benefits paid only in limited circumstances.

Question 28

What directive led to the creation of the Electronic Money Regulations 2011 in the UK?

Answer 28

The second Electronic Money Directive (2EMD).

Question 29

When did the Electronic Money Regulations 2011 come into effect in the UK?

Answer 29

30 April 2011.

Question 30

What do the Electronic Money Regulations 2011 cover?

Answer 30

Authorisation, registration, and prudential standards for electronic money institutions (EMIs).

Question 31

What regulation retained the Electronic Money Regulations post-Brexit?

Answer 31

The Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018.

Question 32

What did the 2023 regulations change regarding the FCA’s powers?

Answer 32

Removed limitations on the FCA’s ability to make rules for authorised and small EMIs and other similar institutions.

Question 33

What does MiFID regulate?

Answer 33

Firms providing services relating to tradeable financial instruments like shares, bonds, and derivatives.

Question 34

When did MiFID become effective in the UK?

Answer 34

November 2007.

Question 35

What are the three main objectives of MiFID?

Answer 35

Improve conduct of business Strengthen organisational requirements Enhance market transparency

Question 36

What are core and non-core activities under MiFID?

Answer 36

Core: Investment services and activities Non-core: Ancillary services

Question 37

What is the MiFID 'passport'?

Answer 37

Allows firms authorised in one EEA state to operate throughout the EEA based on that single authorisation.

Question 38

Which UK body incorporated MiFID into its rules?

Answer 38

The Financial Conduct Authority (FCA).

Question 39

What event triggered MiFID II reforms?

Answer 39

The 2008 financial crisis.

Question 40

Name three areas covered by MiFID II reforms.

Answer 40

Transparency (e.g., for non-equity investments) Enhanced investor protection Organisational requirements, including product governance

Question 41

What does MiFID II require regarding cost disclosures?

Answer 41

Aggregated disclosure of all adviser and product charges.

Question 42

How does MiFID II address high-frequency trading?

Answer 42

Imposes measures to ensure it does not negatively impact markets.

Question 43

What is MiFID II's requirement concerning suitability?

Answer 43

Suitability must be assessed not only when buying or selling but also when holding an investment.

Question 44

What is the main goal of the UCITS Directive?

Answer 44

To provide a common framework of investor protection and product control across the EU.

Question 45

What does UCITS allow through mutual recognition?

Answer 45

It allows the free circulation of fund units across the EU based on a single authorisation.

Question 46

What requirements must UCITS funds meet?

Answer 46

Adequate spread of risk and high liquidity for investor redemption.

Question 47

What did UCITS V aim to improve when implemented in March 2016?

Answer 47

Investor protection standards and customer confidence.

Question 48

What happened to UK UCITS funds after Brexit?

Answer 48

They lost their passporting rights and are treated as AIFs in the EU.

Question 49

What types of funds does AIFMD cover?

Answer 49

Funds not eligible under UCITS, such as hedge funds, private equity, and real estate funds.

Question 50

Who is AIFMD primarily aimed at?

Answer 50

Professional investors.

Question 51

What does AIFMD provide for fund managers?

Answer 51

A passporting framework for managing and marketing funds across the EU.

Question 52

Can AIFs be marketed cross-border to retail investors using the passport?

Answer 52

No, local member state rules apply instead.

Question 53

When did AIFMD come into force?

Answer 53

22 July 2011.

Question 54

What happened to UK-domiciled AIFs post-Brexit?

Answer 54

They lost their EU marketing passport and must follow member state rules to market in the EU.

Question 55

What are the two main objectives of a single EU insurance market?

Answer 55

Access to a wide range of insurance products with strong legal and financial protection Allow insurers authorised in one EU country to operate across the EU

Question 56

Why are life and non-life insurance treated separately in EU legislation?

Answer 56

Due to their different characteristics and life assurance's links to long-term savings.

Question 57

What EU legislation provides the framework for life assurance regulation?

Answer 57

The Consolidated Life Directive (2002).

Question 58

What types of insurance are included in the definition of life assurance?

Answer 58

Life insurance, annuities, and income protection insurance.

Question 59

Who is responsible for the ongoing financial supervision of a life assurance firm?

Answer 59

The regulator in the firm's home state.

Question 60

What must life assurance policyholders be given?

Answer 60

Clear, accurate product information and a key features document.

Question 61

What cooling-off protection is offered to life assurance applicants in the UK?

Answer 61

A statutory cancellation period (cooling-off period), as required by FCA rules.

Question 62

Was the Consolidated Life Directive retained in UK law post-Brexit?

Answer 62

Yes.

Question 63

What did the Second Non-Life Council Directive (1988) allow?

Answer 63

It allowed insurers to supply insurance in other EU states without establishing a branch or subsidiary.

Question 64

What was the purpose of the Third Non-Life Council Directive (1992)?

Answer 64

It allowed insurers to establish branches in other EU countries under the supervision of their home state regulator.

Question 65

How is authorisation granted under the Third Non-Life Directive?

Answer 65

By class of insurance, with the possibility of being authorised for multiple classes.

Question 66

What was the purpose of the Insurance Mediation Directive (IMD)?

Answer 66

To allow insurance intermediaries to operate across the EU and regulate sales standards.

Question 67

How is "insurance mediation" defined under the IMD?

Answer 67

As introducing, proposing, concluding, or assisting in the administration of insurance contracts.

Question 68

Are tied agents included in the IMD's definition of insurance mediation?

Answer 68

No, tied agents and company employees are excluded.

Question 69

What must intermediaries be registered with?

Answer 69

A competent authority in their home state (e.g. FCA in the UK).

Question 70

What are the professional requirements for insurance intermediaries?

Answer 70

General, commercial, and professional competence, plus good repute.

Question 71

What are the 'good repute' criteria under IMD?

Answer 71

No serious financial crime convictions or bankruptcy declarations.

Question 72

What insurance must intermediaries hold under IMD?

Answer 72

Professional indemnity insurance to a minimum threshold or a percentage of annual income.

Question 73

How must intermediaries handle client funds?

Answer 73

Through segregated accounts and with a minimum level of financial capacity.

Question 74

What details must intermediaries give about themselves?

Answer 74

Name, address, registration, ownership links, complaint procedures, and whether they’re tied or independent.

Question 75

What must independent intermediaries base their advice on?

Answer 75

Analysis of a sufficiently large number of contracts to recommend suitable products.

Question 76

What must intermediaries provide to justify product recommendations?

Answer 76

An assessment of needs and reasons for recommendations, documented via a factfind and suitability letter.

Question 77

How should all information be communicated to the customer?

Answer 77

Clearly, accurately, and in a way that is comprehensible.

Question 78

What replaced the Insurance Mediation Directive in 2018?

Answer 78

The Insurance Distribution Directive (IDD).

Question 79

What was the main aim of the IDD?

Answer 79

To harmonise standards, improve consumer protection, and ensure consistency across the EU.

Question 80

When is the FCA implementing IDD rules in the UK?

Answer 80

From April 2024.

Question 81

What annual training must intermediaries now complete under IDD?

Answer 81

At least 15 hours of continuing professional development (CPD).

Question 82

How must intermediaries act under the IDD?

Answer 82

Honestly, fairly, and professionally in the best interests of customers.

Question 83

What new standardised document is required for products?

Answer 83

The Insurance Product Information Document (IPID).

Question 84

What sales practices are now regulated under the IDD?

Answer 84

Direct sales, comparison websites, bundled products, and life insurance with investment elements.

Question 85

How does the IDD support cross-border distribution?

Answer 85

Through a single electronic register of cross-border intermediaries and simplified procedures.

Question 86

What is the purpose of oversight groups in financial services?

Answer 86

To ensure that investments and operations are handled safely, honestly, and in compliance with laws and regulations, protecting all stakeholders.

Question 87

Who can carry out oversight functions in financial institutions?

Answer 87

Auditors, trustees, compliance officers, and similar roles.

Question 88

What is the main responsibility of external auditors?

Answer 88

To provide assurance that published financial statements are free from material misstatement and follow legislation and accounting standards.

Question 89

Who do external auditors typically belong to?

Answer 89

Professional bodies like the ICAEW or ACCA, which publish ethical codes.

Question 90

What is the primary role of internal auditors?

Answer 90

To assess risk management, check internal controls, evaluate operations, and suggest improvements—but not to implement controls.

Question 91

Who may perform internal audit functions?

Answer 91

In-house staff or outsourced professionals; often members of the Chartered Institute of Internal Auditors.

Question 92

What is the role of a trustee?

Answer 92

To ensure that assets held in trust are managed according to the trust deed for the benefit of the beneficiaries.

Question 93

What is an example of a trust in financial services?

Answer 93

Unit trusts and occupational pension schemes.

Question 94

What legislation outlines trustees’ responsibilities?

Answer 94

Trustee Act 1925 (general duties) and Trustee Investment Act 2000 (investment responsibilities).

Question 95

Why are pension scheme trustees important?

Answer 95

They ensure pension assets are separate from the employer’s business assets for member security.

Question 96

What is the role of a compliance officer?

Answer 96

To ensure the firm complies with all relevant legislation and regulatory requirements.

Question 97

Under which regulatory regime do compliance officers operate?

Answer 97

The Senior Managers and Certification Regime (SM&CR)

Question 98

What are key responsibilities of a compliance officer?

Answer 98

Producing compliance manuals, maintaining records (e.g., complaints), liaising with the FCA, and ensuring staff meet FCA requirements.

Question 99

What additional role must firms appoint?

Answer 99

A Money Laundering Reporting Officer (MLRO).

Question 100

Which professional body might compliance officers belong to?

Answer 100

The Association of Professional Compliance Consultants.

Question 101

Why are codes of conduct important in financial services?

Answer 101

They set ethical and professional standards for individuals and firms to follow.

Question 102

What must an adviser declare to receive a Statement of Professional Standing (SPS)?

Answer 102

That they meet professional standards and adhere to their body’s code of ethics.

Question 103

Name two other examples of codes of conduct in financial services.

Answer 103

The Advertising Standards Authority and The Standards of Lending Practice.