Tag: data

FCA Plans to Share More Data - Waymark Tech Blog

FCA Plans to Share More Data

The FCA has admitted it could share more of its information to help the financial sector understand what bad conduct looks like.

Debbie Gupta, director of Life Insurance and Financial Advice at the FCA told the personal finance Society’s annual conference that the FCA sat in a unique position of being able to see, first hand, what bad conduct looked like.

“From our point of view, yes we are doing lots of work on rooting out bad practice, but I also think one of the things the regulator is privileged to see, in a slightly roundabout way, is what bad practice looks like.”

The FCA has chosen to take action on an advice market which it says is, too often, letting customers down. The area concerning the regulator most is defined benefits.

According to a survey from the regulator, advice in this sector is all too often ‘still not of an acceptable standard.’

The regulatory started out by asking advice firms with defined benefit transfer permissions to return data about their activities before following up with site visits. It quickly raised concerns when it found that 60% of firms providing transfer advice have recommended 75% or more of its clients to transfer.

It recently sent out letters to 1,600 companies about their advice surrounding transfers, more than half of the 2,500 advice firms working in the sector. The companies contacted have been given two months to make changes and get their houses in order.

Gupta says the regulator is seeing evidence every day where firms are failing to provide significant advice to clients. This data, can prove useful in creating a picture of what bad culture looks like.

The move feeds into their ongoing aim to reduce non compliance by improving general culture. As we’ve covered in the past it is already focusing on a company’s conduct as an indicator of potential non-compliance and it now appears to believe that this data can offer learnings to the wider sector about what bad culture looks like and how it can be avoided.

It’s a similar principle to the Enforcd Regulatory Database. By compiling details of enforcement actions taken across the financial sector it is possible to build a picture of where companies are going wrong and what they could have done to avoid problems in the first place. (If you would like more information on access to the Enforcd Regulatory Database please get in touch here.)

A look at the cases on the database shows common problems cropping up in terms of incentives, data management and governance. The FCA does indeed have a privileged position which can help to shine a light on the key warning signs of non-compliance.

However, it can also share details of good culture, giving firms a positive template on which to work. By doing so, it can give firms a guide including plenty of DOs, as well as the DON’Ts.

Employee Investigations: Managing Data

Employee Investigations: Managing Data

Much has been written about the importance of managing client data in the era of GDPR. However, many firms may be overlooking a vital issue when it comes to their own internal investigations.

The rules surrounding data privacy have become much more complicated in the last few years. GDPR, plus a number of other international regulations, create fresh regulatory issues some of which firms may not be aware of.

At the same time data is growing in volume and complexity. Keeping a handle on it all is becoming increasingly complex. The use of cloud storage brings issues of cross border data transactions, third party problems and multiple jurisdictions which can be difficult to manage.

Employee consent

Data processing is an extremely wide ranging term under GDPR and, as we’ve written elsewhere, the penalties for getting it wrong can be quite extensive. Employee data must be treated just as carefully as client data, which means people must have given fully informed consent for all the ways in which data will be used. Even when consent has been obtained, it can’t always be relied upon for investigations.

At the same time firms must keep employees informed about what data they store, how it may be shared and with whom. As in all walks of life, employees are increasingly aware of their data rights and may well enforce them during an investigation.

How should you respond?

It’s a difficult tightrope to walk and there’s a fair chance many companies are unwittingly leaving themselves open to non compliance.

So, what lessons can be learned?

First, investigations teams must have a clear idea of the boundaries, what data they can analyse and how it can be used. They should put in place clear policies in place which ensure investigators understand how they can use data, and that only data which is relevant for the purposes of that investigation is used.

When working across multiple jurisdictions it may be necessary to obtain legal advice. GDPR has set the template for other regulators, but each takes their own individual spin on the concept. For example, China’s data privacy regulations, although closely modeled on GDPR, adopts a much looser approach to the idea of consent. Understanding which data belongs in which jurisdiction and making sure all applicable regulations are being complied with, is complicated and challenging.

Consent must be managed.

A firm must have a reasonable basis of holding any data and inform all employees about how their data will be used and their rights. If an investigation is carried out they will need to be handed notices informing them about the way in which their data will be used.

This is extremely important. Individuals have become much more informed about GDPR and how it applies to them, and may use that power as part of any investigation. Authorities are also showing themselves to be increasingly willing to go further in applying the details of GDPR for employees.

Companies should take time to look again at their policies, to ensure they are achieving the same level of compliance for employees as they already have for clients. You can find out more about what’s required in an excellent insight article by Dispute Resolution Lawyer David Harris on our Global Regulatory Database.

Powered by WordPress & Theme by Anders Norén