UNIT 2- TOPIC 24

Question 1

Define the following definitions as stated under the UK General Data Protection Regulation ( UK GDPR ):

Natural Person
Data subject
Personal Data
Special categories of personal data
Data controller
Data processor

Answer 1

Natural Person = An individual human being. Should not be confused with the broader term ‘legal person’ which can be a private or public company as well as an individual human being

Data Subject = The individual (the natural person) whose data is being processed

Personal Data = Information that can directly or indirectly identify a natural person.

Special categories of personal data = data that is more sensitive and needs higher protection and can only be processed with explicit consent

Data controller = This is the ‘legal’ person who determines the reason why the data is processed and the way it is processed. (Like TSB ) They make sure data protection requirements are met

Data processor = this is a person who processes personal data on behalf of the data controller

Question 2

What is The Markets in Financial Instruments Directive (MiFID)

Answer 2

A directive that applies only to firms who provide services to clients which include to tradeable financial instruments

Question 3

When did the General Data Protection Regulation come into effect in the UK?

Why was it made in the first place?

GDPR was introduced as an EU regulation, that all member states had to adopt by 25th May 2018. Since the UK left the EU (Brexit) what effect did this have on the adoption of the GDPR in the UK?

Answer 3

It came into effect in the UK on the 25th May 2018

It was created because the existing EU legislation for data protection (the Data Protection Directive of 1995 ) needed updating due to consumers increased online activity

The provisions of the GDPR were retained in UK Law as ‘UK GDPR’ so no effect

Question 4

UK GDPR is based on a set of 6 Data Protection Principles, all of which are about the ‘processing’ of data protection

Outline and explain each

Question 5

Under UK GDPR, an organisation must have a legal basis for processing data. There are 6 lawful reasons (only 1 must be satisfied for the organisation to legally process the data) What are they?

Answer 5

1) Consent

2) Required for a Contract

3) Legal obligation - the processing is needed for the organisation to comply with the law.

4) Vital interests - the processing is necessary to protect someone’s life.

5) Public task - the processing is needed for the organisation to act in the public interest.

6) Legitimate interests - the organisation has legitimate interests.

Question 6

What different rights does a data subject have?

Answer 6

Data subjects have the right to:

access personal data through upon request request

correct inaccurate personal data;

have personal data erased, in certain cases

object to data being used

move personal data from one service provider to another

Question 7

UK GDPR contains rules on the transfer of personal data to receivers located outside the UK

Tell me about these rules?

Answer 7

The rules apply to all transfers no matter what

The rules state the controller or receiver who initiates or agrees to the transfer is the one responsible for complying with the GDPR rules

Question 8

What is a restricted transfer?

Answer 8

A transfer of personal data is known as a ‘restricted transfer’ if the receiver is:

Located in a third country

An international organisation

In a country where their sector is covered by UK ‘adequacy regulations’

NOTE:
* A third country is a country outside the EU

• If somewhere is covered by the UK’s adequacy regulation it means they are deemed to have adequate data protection rules in place

Question 9

Who is responsible for overseeing the application of the UK GDPR and who should firms report to in the event of a significant data breach?

Answer 9

The information commissioner for both questions

Question 10

The Information Commissioner is responsible for overseeing the application of the UK GDPR. Firms should report significant personal data breaches to the Information Commissioner.

There are 8 courses of action the Commissioner can take if there has potentially been an infringement of the terms of the Regulation. What are they?

Answer 10

Serve information notices

Issue Undertakings (make an organisation do a certain action to improve compliance)

Serve enforcement notices, and ‘stop now’ orders (make an organisation do something or stop doing something so they comply)

Conduct consensual assessments ( to conduct consensual audits)

Serve assessment notices (to conduct compulsory audits)

Issue monetary penalty notices

Prosecute ( those who commit criminal offences under UK GDPR)

Issue a ban

Question 11

If the information commissioner serves ‘an information notice’ what does this mean

Same question, but for ‘an enforcement notice’

Same question but he issues ‘an undertaking’

Answer 11

If the information commissioner serves an information notice it requires an organisation to give the commissioner certain info within a set timeframe

If the commissioner serves an enforcement notice he requires an organization to take (or refrain from taking) specified steps in order to ensure they comply with the law

If the commissioner issues an undertaking this means he requires an organisation to do a certain task in order to improve its compliance

Question 12

UK GDPR is based on a set of 6 Data Protection Principles, all of which are about the ‘processing’ of data protection

Under UK GDPR data protection must be:

1) Processed lawfully, fairly and in a transparent manner for any individual.

2) Collected for specified, explicit and legitimate purposes and not processed further in a way that is incompatible with those purposes

3) Adequate, relevant and limited to what is necessary in relation to the reason they are being processed

.4)Kept accurate and up to date.

5) Kept in a form that allows identification of the data subject for no longer than is necessary (archiving is allowed in certain circumstances)

6) Processed in a way that ensures appropriate security of the personal data by using the appropriate technical or organizational measures. This is to prevent unauthorised or unlawful processing and accidental loss, destruction or damage of the personal data

For number 4, what happens if the details are not accurate or up to date?

For number 2, what are the lawful ways it can it be processed which aren’t linked with the initial purpose?

Answer 12

For number 4: Every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay

for number 2: Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes

Question 13

What is The Pensions Regulator responsible for?

Answer 13

The Pension Regulator (TPR) is responsible for regulating occupational pension schemes and some personal pension schemes

Question 14

What is The Pensions Regulators Aims?
(IVE ONLY INCLUDED THE MORE HARD TO REMEMBER ONES)

Answer 14

It aims to:

Ensure employers enrol their staff onto an occupational pension scheme

Reduce the risk of claims being made to the Pension Protection Fund

Ensure employers are compliant with requirements under the Pension Act 2008

Minimize any adverse impact on the sustainable growth of an employer

Question 15

What is a direct pay arrangement?

What does it mean if a personal pension scheme is set up using a direct pay arrangement

Answer 15

A Direct Pay Arrangement is where the employer collects the employee’s pension contribution from their gross salary and pays it directly to the pension provider

If a personal pension scheme is set up using a Direct Pay Arrangement the Pension Regulator protects it like it does with occupational pension schemes

Question 16

What kind of approach does the pension regulator take? Proactive or Reactive

Answer 16

Proactive

Question 17

The Pensions Act 2004 requires the Pensions Regulator to issue voluntary codes of practice. What does this mean?

Answer 17

The codes provide guidelines for trustees, employers, administrators and others about complying with pensions legislation, and sets out the expected standards of conduct

Question 18

Does the pension regulator work with the FCA?

Answer 18

Yes, to develop a joint strategy for regulating the pensions and retirement income sector

Question 19

To protect the security of members’ benefits the Pension Regulator has a range of powers that fall into 3 main categories. What are they?

Answer 19

1) The power to investigate schemes

2) The power to put things right

3) The power to act against avoidance

Question 20

The Pension Act introduced requirements for trustees to have sufficient knowledge and understanding of pension and trust law, and of scheme funding and investment

True or false?

Answer 20

True

Question 21

What is the Pension Protection Fund and its purpose?

What else is the PPF responsible for?

When was it established?

What are the different ways the compensation payments of the PPF are funded?

Answer 21

The Pension Protection Fund (PPF) protects members of private sector defined-benefit pension schemes in the event their firm becomes insolvent and has insufficient funds to maintain full benefits for its scheme members.

The PPF is also responsible for the Fraud Compensation Fund, which provides compensation to occupational pension schemes that suffer a loss as a result of dishonesty

It was established in The Pensions Act 2004

THE PPF IS FUNDED FROM THE FOLLOWING:

It imposes a levy on defined-benefit schemes

It takes on the assets of schemes that are transferred to the fund.

It seeks the recovery of assets from insolvent employers.

It seeks to grow its funds through investment

Question 22

What is electronic money?

Answer 22

Electronically stored monetary value issued on receipt of funds for the purpose of making payment transactions (fancy definition)

ie the thing that allows u to make cashless payments with your card etc in real life

Question 23

The Markets in Financial Instruments Directive (MiFID) applies to firms that provide services to clients that involve tradeable financial instruments. Out of all the following products what is covered under MiFID?

Shares
Life assurance
Bonds
Units in collective investments
Derivatives
Pensions
Mortgages

Answer 23

Shares
Bonds
Units in collective investments
Derivatives

Mortgages, Pensions and Life assurance are not included in MiFID

Question 24

What are the main aims of The Markets in Financial Instruments Directive (MiFID)

Answer 24

harmonise regulation of investment services across the EU

Increase competition

Increase consumer protection

Question 25

MiFID covers two types of activity. These are classed as 'core activities' and 'none-core activities' respectively Give me examples of both types of activity If a firm performs both core and non-core activities what does this mean in relation to MiFID If a firm only performs non-core activities what does this mean in relation to MiFID

Answer 25

Core Activities: "Investment services and activities" Non-Core Activities: "ancillary services" Where a firm performs both core and non-core activities, MiFID rules apply to both types of activities. A firm that only performs non-core activities is not subject to MiFID

Question 26

What are tradeable financial instruments? Just look at the name

Answer 26

As the name suggests it is a financial instrument that you can trade A financial instrument is a monetary contract between two parties Therefore a tradable financial instrument are things like shares, bonds, units in a collective investment schemes It is not things like mortgage contracts, life assurance policies as these cannot be traded

Question 27

One of the benefits that comes with being subject to MiFID is that firms who operate under its rules have access to an EU 'passport'. Explain this and why it is a benefit.

Answer 27

Any firm subject to MiFID has the right to operate throughout the European Economic Area (EEA) from a single authorisation in its home state. This means the directive makes cross-border activity easier to conduct as there is a single set of rules across the EEA

Question 28

Tell me the types of investment activities are covered by MiFID There are 5

Answer 28

Receipt and transmission of orders from investors Execution of orders on behalf of customers Investment advice Discretionary portfolio management (on a client‑by‑client basis) Underwriting the issue of specified financial instruments

Question 29

Why has the FCA included MiFID in its handbook?

Answer 29

The FCA is the regulatory body responsible for securities in the UK. MiFID's rules apply to tradable financial instruments (securities) hence FCA have included it in their handbook

Question 30

Why was MiFID 2 introduced?

Answer 30

It was introduced to improve how financial markets function following what was learnt from the financial crisis, improve investor protection and fix some issued that were missed in the original MiFID It was initially proposed in 2010 by the European Commission

Question 31

A way to remember: Tash Did Over Chrissa Helping Dale Scam Chrissa (this is why MiFID 2 was introduced) MiFID 2 was introduced to improve how financial markets function following what was learnt from the financial crisis, improve investor protection and fix some issued that were missed in the original MiFID It reforms 8 main areas in total. What are these areas? When were the MiFID 2 rules onshored in the UK and why did it not apply straight away like it did with other states?

Answer 31

The 8 main areas it reforms are: Transparency Development in market structures Organisational requirements Commodity derivatives High‑frequency trading Disclosure Suitability Conduct of business rules The onshore UK MiFID framework began at the end of the Brexit transition period on 31 December 2020. (it didnt apply straight away because of brexit)

Question 32

The 8 main areas MiFID 2 improves are: 1) Conduct of business rules 2) Transparency 3) Development in market structures 4) Organisational requirements 5) Commodity derivatives 6) High‑frequency trading 7) Disclosure 8) Suitability Briefly tell me how it has reformed each area

Answer 32

1) It improved level of protection for investors 2) transparency rules previously applies just to shares pre and post trading but now also apply non share investments 3) Created rules for secondary trading 4) Added requirements for the management of firms 5) improved rules around Commodity derivatives from the original MiFID 6) Added rules to ensure high‑frequency trading does not negatively impact markets 7) added Requirement for aggregated cost disclosure, which detailed all adviser and product charges 8) Added a requirement that firms must assess suitability when recommending an investor, buys, holds or sells (rather than just buys or sells) NOTE* ( i dont need to know this necessarly but will help understanding ) Definitions Commodity Derivatives = Remember a derivative is just something that derives its value from an underlying asset. Therefore, a Commodity Derivatives is just a derivative that derives its value from a commodity such as wheat, gold etc. Someone may invest in a Commodity Derivative because it allows them to own the underlying asset, which could grow in value, without physically having it Secondary Trading = Trading on the secondary market. The secondary market is just a market where stocks are traded between investors on the stock exchange. This is separate from the primary market where the stocks are traded between the issuer of the stocks and investors. Trading on the secondary market allows you to trade stocks without any interference from the original issuer of the stocks

Question 33

There are two EU directives which regulate investment funds and their managers What are they

Answer 33

The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009) The Alternative Investment Fund Managers Directive (AIFMD)

Question 34

What is the main aim of The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009) and what products does it apply to?

Answer 34

Its aim is to provide a common framework for investment protection and product control for investment funds that can be sold to the general public across the EU It applies to regulated investment funds that can be sold to the general public across the EU

Question 35

The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2007) applies to regulated investment funds that can be sold to the general public across the UK True or false

Answer 35

False Its 2009, not 2007 Its across the EU, not the UK

Question 36

The Undertakings for Collective Investment in Transferable Securities (UCITS) Directive (2009) allows free circulation of the units within investment funds it covers anywhere in the EU as long as some requirements are met by the fund itself What are these requirements?

Answer 36

The investment funds must have an adequate spread of risk among its underlying investments The investment fund must also have a high degree of liquidity so investors can redeem their units on demand

Question 37

Since Brexit, UCITS authorized by the FCA is referred to as 'UK UCITS' What right have 'UK UCITS' lost since Brexit? What implication does this have?

Answer 37

UK UCITS have lost their EU 'passport' right. ( remember this is one of the main benefits of UCITS for its member states ) This means UK investment firms that wish to market in the EU are classed as 'Alternative Investment Funds' . This means they must comply with the marketing rules in the state where the investor is located. Remember, other states in the EU can do market in any state without issue due to UCITS providing them with an EU 'passport

Question 38

What are Alternative Investment Funds (AIF)?

Answer 38

UK investment funds that are sold to the general public and are subject to UK UCITS ( because they lost their passporting right)

Question 39

Who does The Alternative Investment Fund Managers Directive (AIFMD) apply to? Similar to MiFID, what does AIFMD provide to those who are subject to it?

Answer 39

This directive applies specifically to the MANAGERS of Alternative Investment Funds (AIF) who's AIFs are sold to PROFESSIONAL investors or have underlying assets which aren't eligible under UCITS (e.g real estate AIFMD provides a 'passporting' framework for managing and marketing funds across the EU, enabling cross-border activities to be carried out. AIF's that are sold to retail investors ( ie not professional investors ) are not subject to AIFMD and therefore do not have access to the marketing 'passport'. AIF’s are UK investment funds that are subject to UCITS. Called AIFs because they lost their passporting right

Question 40

As with the Undertakings for Collective Investment in Transferable Securities (UCITS), Alternative Investment Funds (AIF) that are domiciled in the UK have lost their passporting right to market in any EU state without issue. True or false

Answer 40

True

Question 41

Flash Card for understanding

Answer 41

Alternative Investment Funds (AIF) = UK investment funds sold to the general public that are subject to UCITS. They are classed as AIFs because the UK left the EU and they are lost their passporting right so when they market in an EU they must adhere to that states rules Undertakings for Collective Investment in Transferable Securities (UCITS) Directive = An EU directive that allows collective investment schemes that are sold to the general public to operate freely throughout the EU on the basis of a single authorisation from one member state. (as they have an EU passport) The Alternative Investment Fund Managers Directive (AIFMD) = A directive that applies specifically to managers of AIFs that are sold to professional investors (hedge funds or private equity fund) or contain underlying assets which are not eligible under UCITS( such as real estate )

Question 42

What are the two main reasons for a European single market for insurance?

Answer 42

It means all EU citizens have access to a wide range of insurance products, whilst being ensured the highest standards of legal and financial protection Enables an insurance company authorised in any of the member states to carry out business in any EU member state ( EU Passport )

Question 43

What is the name of the Directive which set the framework for the regulations of Life Assurance in the EU?

Answer 43

Consolidated Life Directive (2002)

Question 44

Why was the Consolidated Life Directive (2002), which set the framework for the regulations of Life Assurance in the EU, known as the 'consolidated' life directive?

Answer 44

It brought together the provisions of three previous EU Life Directives (hence consolidated) Like other EU legislation it aims to harmonise laws throughout the EU with the objective of promoting competition

Question 45

Tell me all the provisions under the Consolidated Life Directive (2002) (There are 5)

Answer 45

Definitions of what classes as life assurance and life insurance (the definition also includes annuities and income protection insurance) It outlines the requirements a life company must meet to be authorised It outlines rules regarding the ongoing supervision of a life company, with specific rules regarding financial supervision. It requires policyholders be provided with clear/accurate info about the essential features of products offered to them. (Because of this, the FCA requires life companies provide a key features document) It outlines Cancellation rights regarding life assurance (In the UK, FCA rules require that those applying for life assurance are granted a statutory 'cooling-off period)

Question 46

The UK government retained the Consolidated Life Directive and other aspects of the core EU insurance legislation such as Solvency II in UK law after Brexit True or false

Answer 46

True

Question 47

What product does The Consolidated Life Directive cover? What product does the Non-Life Council Directives cover?

Answer 47

What product does The Consolidated Life Directive cover= Life Assurance What product do the Non-Life Council Directives cover= general insurance

Question 48

What did the 3rd Non-Life Council Directive introduce?

Answer 48

Now any insurance company whose head office is in one of the member states can establish branches in any other state and carry out business in any other state

Question 49

Why was the Insurance Mediation Directive (2003) introduced? (Think* mediation = intermediate = intermediary)

Answer 49

The EU wanted to ensure that retail markets in insurance are accessible and secure so The Insurance Mediation Directive (IMD) was introduced It allowed insurance intermediaries to provide services in all states throughout the EU

Question 50

Because of the Third Non-Life Council Directive, which was issued in 1992, any insurance company whose head office is based in any of the EU member states can establish branches in any other state and carry out insurance business. Who supervises these cross border activities?

Answer 50

These cross border activity's will be under the supervision of the authority in the member state where the insurance company's head office is located

Question 51

The EU wants to ensure general insurance companies can operate throughout the EU, and wants to ensure that retail markets in insurance are accessible and secure What directives were introduced so it could achieve both of these?

Answer 51

The EU wants to ensure insurance companies can operate throughout the EU = The third Non-Life Council Directive Wants to ensure that retail markets in insurance are accessible and secure = Insurance Mediation Directive

Question 52

How does the Insurance Mediation Directive define insurance mediation

Answer 52

The activities of introducing, proposing or carrying out other work preparatory to the conclusion of contracts of insurance, or of concluding such contracts, or of assisting in the administration and performance of such contracts, in particular in the event of a claim" (ie what an insurance intermediary does)

Question 53

The Insurance Mediation Directive define insurance mediation as "The activities of introducing, proposing or carrying out other work preparatory to the conclusion of contracts of insurance, or of concluding such contracts, or of assisting in the administration and performance of such contracts, in particular in the event of a claim" If an employee of the insurance company, or someone acting under the responsibility of the insurance company (a tied agent), carries out such activities, are they included in this definition? Ie can they be classed as an intermediary?

Answer 53

They are not included in the definition of insurance mediation

Question 54

The insurance Mediation Directive established a system of registration for all independent insurance (and reinsurance) intermediaries. Ie they must register with the competenet authority in their home state. For example, independent financial advisers based in the UK who are selling life assurance or general insurance must be registered with the FCA To be registered the IMD sets out a few requirements that the intermediary must pass. What are they?

Answer 54

intermediaries must have knowledge and skills The insurance intermediary must be 'of good repute' (Ie Not convicted of serious criminal offences and must not be declared bankrupt) They should hold professional indemnity insurance of a certain amount per case or a percentage of the amount they earn yearly, whichever is higher. (Because registration is determined by the intermediaries local authority the above requirements may vary slightly across different states)

Question 55

Regulations specify in some detail what information an insurance intermediary must give to a customer. In relation to the intermediary, information must be supplied?

Answer 55

Name and address; Details of registration and means of verifying the registration; Whether the intermediary has any holding of more than 10% of the voting rights or capital of an insurance company; conversely, whether any insurance company has a holding of more than 10% of the voting rights or capital of the intermediary; Details of the internal complaints procedures and of external arbitrators (eg ombudsman bureaux) to which the customer can complain; Whether the intermediary is independent or tied to one or more insurance companies

Question 56

What was the Insurance Mediation Directive replaced by?

Answer 56

It was replaced with effect from 1 October 2018 by the Insurance Distribution Directive (IDD)

Question 57

What was improved or added (reformed) by the Insurance Distribution Directive after it replaced the Insurance Mediation Directive?

Answer 57

Added rules around direct insurance sales and some aspects of price comparison websites (The IMD didn’t do this) Intermediaries now must do 15hours of professional development a year Introduced a standardised 'insurance product information document' for non-life insurance contracts Additional info required for the sale of bundled products ( where multiple insurance products are mixed together) Simplified procedure for cross-border entry to insurance markets across the EU through the use of a single electronic database of cross-border insurance intermediaries

Question 58

The oversight of an institution's business can be carried out by different individuals and groups too, such as auditors, trustees or compliance officers There are two types of Auditor. What are they? Tell me the key differences between the two

Answer 58

External Auditors and Internal Auditors External auditors check published financial statements and accounts of businesses they are independent of. They follow the rules of the professional standards of the Auditing Practices Board and the Accounting Standards Committee External auditors may also be members of professional bodies, such as the Institute of Chartered Accountants in England and Wales (ICAEW) or the Association of Chartered Certified Accountants. Both bodies publish ethical codes that their members are expected to adhere to Internal auditors may be in-house members of staff, or the process may be outsourced. Their basic task is to: review how an organisation is managing its risks; Determine whether appropriate controls have been established; Evaluate and suggest improvements to control and governance processes. Internal auditors may be members of a professional body, such as the Chartered Institute of Internal Auditors Figure put how to make simpler

Question 59

The oversight of an institution's business can be carried out by different individuals and groups, such as auditors, trustees or compliance officers For example, most occupational pension schemes are set up under trust because this means the pension assets are kept separate from the business’s assets since the pension assets are in the possession of the trustees Tell me about how Trustees can do this?

Answer 59

The key legislation is the Trustee Act 1925 and the Trustee Investment Act 2000. The trustee act 1925 is concerned with the general duties of trustees The trustee investment act 2000 is concerned with the way in which trustees deal with the investment of trust assets READ 24.5.2

Question 60

The oversight of an institution's business can be carried out by different individuals and groups, such as auditors, trustees or compliance officers Tell me about compliance officers What are their responsibilities

Answer 60

Firms that are authorised by the Financial Conduct Authority (FCA) or the Prudential Regulation Authority (PRA) are required to appoint a compliance officer to have oversight of the firm's compliance function (ie to ensure the firm is complying with all relevant legislation and regulations ) (remember Firms are also required to appoint a money laundering reporting officer (MLRO) - Both roles are senior management functions under the Senior Managers and Certification Regime (SM&C) ) A compliance officers responsibilities include: Production and publication of a compliance manual; Maintenance of compliance records such as complaints register and promotions records Responding to and corresponding with the FCA on compliance matters; Ensuring that staff meet FCA requirements as regards recruitment, training, supervision and selling practices. Compliance officers may be members of a professional body, such as the Association of Professional Compliance Consultants

Question 61

Regulations specify what information an intermediary must give to a customer in relation to the advice and products offered by the intermediary. Tell me what is required

Answer 61

Independent intermediaries must base their advice on analysis of a sufficiently large number of contracts available on the market to enable them to recommend a product that is adequate to meet the customer's need The intermediary must give the customer (based on the information supplied by the customer) an assessment of their needs and a summary of the underlying reasons for the recommendation of a particular product. (This can be with a confidential client questionnaire or a fact find, and by the issue of a suitability letter to justify the specific recommendation

Question 62

Tell me about each of the following: What is the trustee act 1925 The trustee investment act 2000

Answer 62

The trustee act 1925 is concerned with the general duties of trustees The trustee investment act 2000 is concerned with the way in which trustees deal with the investment of trust assets