5: Regulation

Chapter section
A Financial Services Authority
B Regulation of insurance outside the UK
C Financial Services Compensation Scheme
D Financial Ombudsman Service
E Data Protection Act 1998
F Money laundering

Learning objectives
After studying this chapter, you should be able to:

j state the role of the FSA and major international regulators;

j list the FSA’s statutory objectives, Principles for Businesses and Handbook structure;
j outline the FSA’s approach to regulation of financial services;
j outline FSA’s approach to regulating consumer and commercial insurance business;

Chapter 5
j explain the role of the Financial Services Ombudsman, the Financial Services Compensation scheme
and the Data Protection Act;
j list the EU and FSA requirements for an insurer to be authorised;
j discuss the basic components of an insurers solvency margin calculation;
j explain what is meant by money laundering, how the London market is exposed to it, and what can be
done to guard against it.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/1

 Lloyd’s and London Market Introductory Test

Introduction
In this chapter we will consider the role of the FSA and its approach to regulation, the regulation
of insurance outside of the UK, the role of the Financial Services Compensation Scheme and the
Financial Services Ombudsman. We will also consider the Data Protection Act 1998.

There is not the scope within this book to review the FSA Handbook and its particular rules
in detail but candidates should be aware of the structure of the Handbook, FSA’s Principles
for Businesses and its general approach to regulation. To assist in this, the structure of the
Handbook and Statements of Principle and Code of Practice for Approved Persons are
contained in Appendices 1 and 2. Further information on the role of the FSA is available on its
website: www.fsa.gov.uk.

Before turning more specifically to the role of the FSA and other regulators, it is firstly
important to recognise that complying with regulatory requirements ultimately makes good
business sense. If businesses do not have an effective compliance culture and do not put in place
effective structures, systems, controls and processes to meet regulators’ requirements, they
will unnecessarily become exposed to regulatory and, indeed, business risks. Recent corporate
scandals have highlighted how prominent global businesses can fail, often rapidly, if the
business does not comply with regulatory and/or legal requirements. An organisation’s failure
to comply with applicable laws and regulations is often symptomatic of much wider problems.
When such failings are made public, the damage to a firm’s reputation and brand can often be
significant, often impacting upon consumer and market confidence and financial performance.

Businesses are, therefore, becoming increasingly concerned to protect their brand and
reputation. The importance of brand and reputation cannot be underestimated, particularly in
a market such as insurance, where a significant number of insurers compete to offer essentially
a similar product. If a firm enjoys a strong reputation because it actively goes beyond the
minimum regulatory requirements and seeks to set the benchmark for best practice, these
positive attributes can play an important role in its ability to attract and retain customers in a
highly competitive market place.

Regulators are increasingly testing the robustness of firms’ internal controls. Compliance is
often simply the starting point for seeking to run an efficient and successful business.

5/2 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

A Financial Services Authority

The Financial Services Authority (FSA) is the independent body set up by the government
under the Financial Services and Markets Act 2000 (FSMA) to regulate financial services in
the UK and protect the rights of customers. It has a wide range of rule making, investigatory
and enforcement powers, to meet its four statutory objectives:

• maintain confidence in the financial system;

• promote public understanding of the financial system;
• secure the appropriate degree of protection for consumers; and
• reduce financial crime.

The FSA’s primary concern, in relation to the regulation of insurers, is to ensure that
policyholders are adequately protected.

By law, most financial services firms must be authorised by the FSA to do business in the UK
and, once authorised, firms must follow the FSA’s rules. The FSA regulates banks, building
societies, credit unions, insurance companies, friendly societies, financial advisers, stockbrokers,
fund managers, mortgage brokers and insurance intermediaries. It does not regulate the sale
and administration of personal loans, credit cards and occupational pension schemes. Other
agencies regulate or monitor these services.

The FSA is also the regulator for UK-domiciled subsidiary companies of overseas firms even

Chapter 5
though the home office may also be regulated by the relevant local regulator in the country
concerned.

The FSA’s approach differs depending on whether it is regulating consumer or commercial

insurance. This is described further in section A6 below and also in the context of brokers in
chapter 8.

A1 Risk-based approach
The FSA adopts a risk-based approach to regulation. Through its powers of authorisation and
ongoing monitoring and assessment of firms, the FSA is able to identify and mitigate risks
which threaten its statutory objectives and potentially compromise its ability to promote
efficient, orderly and fair markets. It seeks to work with the market and generally restricts
regulation to those circumstances where the market does not provide adequate market-based
solutions to protect consumers and where regulation can be provided at a reasonable cost.

A2 FSA Handbook of rules and guidance

The Handbook is the FSA’s key legislative document and is the reference point for firms
regulated by the FSA. It includes general high level standards and principles, which all firms
must comply with, as well as more specific rules which authorised firms must follow.

The Handbook continues to evolve in response to the changing regulatory landscape. The
FSA consults on new rules and issues consultation papers (CPs) for discussion purposes. This
enables the regulator to explain its proposed approach and for any interested party to respond.
Following consultation, the FSA introduces the new rules, usually outlined in Policy Statements,
which may either amend the existing rulebook, or introduce new provisions. These can apply
to a limited sector, such as insurance, or indeed to all authorised firms. A summary of the
Handbook’s contents is at Appendix 1.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/3

 Lloyd’s and London Market Introductory Test

A3 High level standards

The FSA has set out a number of high level standards which firms must comply with. These
include the FSA’s ‘Principles for Businesses’ which form an important part of the FSA’s
Handbook.

A3A FSA’s Principles for Businesses

All authorised firms are required to demonstrate:

1. Integrity A firm must conduct its business with integrity.

2. Skill, care and diligence A firm must conduct its business with due skill,
care and diligence.
3. Management and control A firm must take reasonable care to organise and
control its affairs responsibly and effectively, with
adequate risk management systems.
4. Financial prudence A firm must maintain adequate financial
resources.
5. Market conduct A firm must observe proper standards of market
conduct.
6. Customers’ interests A firm must pay due regard to the interests of its
customers and treat them fairly.
7. Communications with clients A firm must pay due regard to the information
needs of its clients, and communicate
information to them in a way which is clear, fair
and not misleading.
8. Conflicts of interest A firm must manage conflicts of interest fairly,
both between itself and its customers and
between a customer and another client.
9. Customers: relationships of trust A firm must take reasonable care to ensure
the suitability of its advice and discretionary
decisions for any customer who is entitled to rely
upon its judgment.
10. Clients’ assets A firm must arrange adequate protection for
clients’ assets when it is responsible for them.
11. Relations with regulators A firm must deal with its regulators in an open
and co-operative way, and must disclose to the
FSA appropriately anything relating to the firm of
which the FSA would reasonably expect notice.

Breach of a Principle will make a firm liable to potential enforcement action by the FSA
including possible disciplinary sanctions.

5/4 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

A4 FSA’s regulation of authorised firms

The core components of the FSA’s regulation are:

• supervision by risk assessment exercise;

• the regulation of individuals (those who do not conform can be prevented from trading);
and
• the regulation of firms (those who do not conform can be barred from trading).

A4A FSA’s risk assessment framework

As mentioned earlier, the FSA adopts a risk-based approach to its regulation of firms. Risks arising
from firms’ business processes, practices and activities, particularly larger firms, could pose a
threat to the FSA’s statutory objectives. The FSA, by way of Advanced Risk Responsive Operating
FrameWork (ARROW) visits, compares a firm’s internal risk analysis against the FSA’s own
knowledge experience and expectations, and evaluates the potential risks against several factors,
key amongst which is the probability of the risk/event happening and its potential impact.

The FSA’s evaluation of the risk that a firm poses to its statutory objectives will determine the
approach and intensity of the FSA’s regulatory programme in relation to that firm. Firms, whether
they are insurers or intermediaries, which trade large value risks or which have a widespread
consumer base of personal lines customers will always be regarded by the FSA as, in principle,
presenting significant risk and will receive regular, detailed and searching ‘ARROW’ visits.

Chapter 5
The outcome of the ‘ARROW’ process is a Risk Mitigation Programme (‘RMP’) issued by the
FSA to the firm it has reviewed, which sets out a list of required actions to be undertaken by the
firm in order to meet the FSA’s expectations, together with the timescale within which the firm
has to deliver.

Firms that are regarded as low risk are monitored by a combination of baseline reporting
(specified standardised returns to the FSA, which include financial reporting and various
notifications, for example, statistics relating to complaints received, or material developments in
line with Principle 11), action taken in response to any risks identified by this information and
sample exercises to monitor compliance standards in a sector and as part of sector-wide reviews.

Firms regarded as low impact do not undergo an individual risk assessment, nor are they
subject to a risk mitigation programme. Firms regarded as medium or high impact will undergo
a risk assessment. Insurers (including those operating in the Lloyd’s and London market) are
generally initially regarded as medium to high risk. This initial assessment results from a high
level review that involves identifying the business risks and control risks in the firm, as well as
external risks that could affect it.

A4B Regulation of individuals

Under FSMA, UK firms are required to gain FSA approval prior to appointing individuals to
a key position. These key positions are known as controlled functions and those who fill the
controlled functions are known as approved persons. The firm must also notify the FSA when
an approved person leaves the firm.

The FSA has published and codified a number of statements of principle relating to approved
persons. These are outlined in Appendix 2.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/5

 Lloyd’s and London Market Introductory Test

A5 Regulation of firms
In addition to risk assessments and the approval of authorised individuals, the FSA requires
authorised firms to provide it with a range of information, dependent upon the activities
undertaken. This can either be specified information in response to specific rules within its
Handbook or more general information in line with Principle 11, which requires firms to notify
the FSA of anything which FSA would reasonably expect notice of.

A5A Regulation of Lloyd’s by the FSA

The Society of Lloyd’s is an ‘authorised person’ (as are London market insurance companies)
and subject to the FSA’s rules. The FSA also directly regulates managing and members’ agents.
As Lloyd’s is a market, it also has a strong interest in managing risk within the market so that
the central assets of the Society are protected and thereby continue to provide an additional
layer of protection for all Lloyd’s policyholders. Lloyd’s central assets are discussed in more
detail in chapter 7, section D1C. Lloyd’s also seeks to protect its global licences and brand and
accordingly imposes additional requirements on managing agents.

A5B The consequences of failing to comply

The FSA may take action against firms or individuals that fail to comply with their regulations.
Where applicable they can withdraw authorisation, impose fines, discipline approved persons,
or institute criminal proceedings.

A6 Conduct of Business rules

As well as authorising and supervising firms operating in the financial services sector, the FSA
also controls how products are sold. At a general level, firms have to disclose basic information
about themselves to their customers and must follow pre-set rules and guidelines about
assessing a customer’s needs and explaining the products which are being sought or sold.

The FSA’s requirements on how business is transacted are set out in its Conduct of Business
(COBS) and Insurance Conduct of Business (ICOBS) rules. These are founded upon the
requirement to provide a high level of consumer protection and the nature of the requirements,
and the duties, responsibilities and obligations that a firm has towards its customers all become
more onerous for what the FSA terms ‘consumer’ business. The definition of ‘consumer
customer’ follows the established EU definition - an individual who is acting for purposes
which are outside his trade, business or profession. The other main category of client or business
is commercial. Commercial customers are those that do not meet the consumer definition.

See chapter 8 for a further analysis of consumer and commercial customers.

5/6 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

B Regulation of insurance outside the UK

Most countries have systems for regulating their local insurance sector and an insurance
supervisory or regulatory authority. Details of insurance regulation vary from country to
country, but, in essence, an insurer or broker will generally need permission from the local
regulator to commence trading in the country where it wishes to do business. Key objectives
of most systems of insurance regulation are ensuring that insurers have the financial security
to meet policyholders’ claims, will treat policyholders fairly and that policyholders have access
to an efficient insurance market. For insurance brokers, also known as intermediaries, two of
the key objectives are to ensure a degree of consumer protection through adequate professional
standards and competency on the one hand, and through ensuring that the broker buys
adequate professional indemnity insurance on the other. (More detail on the regulation of
insurance intermediaries can be found in chapter 8.)

In recent years there has been an increased level of co-ordination between insurance regulators
around the world, through the activities of the International Association of Insurance
Supervisors (IAIS). The IAIS was established in 1994 and has members in more than 120
countries. It seeks to promote cooperation among insurance regulators, to set guidelines
for insurance supervision, to provide training to its members and to coordinate work with
regulators in other financial sectors and international financial institutions.

The insurance regulatory systems of two of the largest insurance markets, the EU and the USA
are described in sections B1 and B2.

Chapter 5
B1 European Union (EU)
With effect from 1 May 2007, there were 27 Member States of the European Union, from
Ireland in the west to Greece in the east. The primary objective of the EU is the creation of a
‘single European market’, essentially an agreement between the Member States to permit the
barrier-free movement within and between all the EU Member States of people, goods, services
and capital. These are considered the key elements of a functional economic market.

In addition to the EU Member States, there are three countries (Iceland, Liechtenstein and
Norway) which have signed an agreement to take on board much of the EU single market
legislation, although these three have had no say in developing the EU’s programme. Together,
these 30 countries are known as the European Economic Area (EEA).

In 1989, Switzerland also signed a separate agreement with the EU which extends some but not
all of the EU single market regime into Swiss Law.

The EU is founded upon international treaties signed by all its Member States who agree its
objectives and agree to be bound by its rules. These treaties establish various institutions in
which all Member States are represented and which oversee the implementation of the single
market programme. These institutions are the Council of the European Union, the European
Parliament and the European Commission and, depending on their specific roles, they develop
and put in place legislation to achieve the single market objectives. A further, more recent
addition to the EU’s institutions has been the European Central Bank.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/7

 Lloyd’s and London Market Introductory Test

Member States’ commitment to the principles of the EU and adherence to EU-generated

legislation is overseen by the European Court of Justice (ECJ). The ECJ has a mixture of
administrative and constitutional powers and, in the context of the single market, typically,
hears cases brought by the European Commission against Member States who have failed to
implement required laws on time. The ECJ can also hear cases where disputes arise between the
various EU institutions. Lastly, depending on the nature of the EU legislation, the ECJ can hear
cases brought by private individuals where the legislation allows this.

A body of EU law has, therefore, been developed by these institutions which in some instances
addresses particular sectors of the market and economic activity. One such area is insurance
and there are various specific legislative measures which have been issued by the EU institutions
and these must be implemented and observed by the EU’s Member States.

Responsibility for insurance regulation in the EU rests with each Member State which is
required to have an official body responsible for insurance regulation. In some cases, as with
the FSA in the UK, that body is responsible for the regulation of the overall financial services
sector; in other Member States, its role focuses on insurance specifically.

In the insurance sector, the key form that EU legislation takes is the Directive. A directive sets
out measures that the governments of EU Member States must implement into their national
laws, normally by a specified date.

Key directives affecting European insurers include three Life and three Non-Life Insurance
Directives, regulating the conditions an insurer must fulfil if it wishes to enter the market (a
process known as ‘authorisation’), and also what it must do in order to maintain its operational
status once it has begun trading. As we have seen above, these conditions are, in principle,
managed and supervised in each EU Member State by the respective national regulator.

Although the full detail of the authorisation process is beyond the scope of this course, it is
important to understand that an insurer’s authorisation is given on the basis of a proposed
business plan including details of the different classes of business to be traded and the countries
where the business will come from. The EU insurance directives divide insurance into 18
different classes of business, each of which has a common definition throughout the EU.
Authorisation is given on a per-class-of-business basis.

A key stage in the development of the EU’s single market programme was the implementation of
the Third Life and Non-Life Directives in 1992, which established the current regulatory system
of the ‘single licence’ (also often known as the single passport) which is founded on the principle
of home state financial regulation. This means that an insurer’s authorisation is granted by the
authorities in its home state (where its head office is situated) is valid for the whole EU and not
only for its national territory, with all the other national authorities accepting and respecting the
home state regulator. However, an insurer wishing to accept risks from outside its home state must
have permission from its regulator to do so, which is given on a state by state basis.

5/8 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

The Third Insurance Directives referred to above also ended the practice whereby regulators
could require to approve the pricing of an insurance product and its wording before it could be
sold in its territory. This system still persists in the USA (see section B2 below) and is typically
known as ‘rate and form’ filing. The EU system is founded on the principle of free competition
on price and product content balanced by a strict regime of home-state financial supervision.
However, EU Member States are permitted in certain circumstances to set requirements for
all products sold in their countries – this is known as ‘host country’ control (as opposed to the
‘home country control’ system of financial supervision). This principle is particularly important
for underwriters in the London market who must understand that there are most likely local
rules applying to the sale of their to products in other countries. Key amongst these are:

• Contract law. A Member State may insist on its own contract law being applied to certain
contracts sold on its territory. There is an option for states to allow a free choice of which
contract law to apply, and the UK has taken up this option. However, the UK is in the
minority and, thus, London market underwriters may find that their products will be
governed by another country’s contract law system. The rules on contract law do not apply
to reinsurance, nor to ‘large risks’.

Many EU countries do not have a common law system like that of the UK but rather a
codified body of law. This can require, for example, that a policy document has to contain
certain wording or be set out in a certain way.

London market underwriters offering insurance products into foreign countries must take

Chapter 5
care to ensure that their products conform to all local requirements.

• Marketing, advertising and the selling process.

• Tax. There is no single taxation system or rate across the EU Member States. The insurance
directives simply provide that the taxes applicable to insurance premiums are those in the
country of the risk.

• The ‘general good’. The host country retains the right to apply its own laws if it can show
that these are necessary to protect ’the general good’. This is an EU legal concept which
is loosely comparable to public policy and consumer protection. The application of this
concept is limited to situations where pre-defined criteria are met, but these details are
outside the scope of this course.

Other important EU directives include five specifically relating to motor insurance and the
Insurance Mediation Directive, establishing a harmonised regulatory system for insurance
intermediaries (this is covered in more detail in chapter 8, section A). Other directives apply
to a range of economic sectors, including insurance, such as the Unfair Contract Terms
Directive and the Distance Marketing Directive.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/9

 Lloyd’s and London Market Introductory Test

B1A Establishment and services business

Authorised insurers may, therefore, carry on insurance business in or from a Member State
other than the one in which their head office is located on either:

• an ‘establishment’ basis – via a branch office or other physical presence (known as an

‘establishment’) in the other Member State; or
• a ‘services’ basis – directly from their home state, on a cross-border basis. This is the basis on
which most of the London market’s business is transacted where the risk is located in an EU
Member State outside the UK.

Insurers doing business in these ways do not need to establish financial resources in the other
Member States in which they are doing business and are only required to comply with the
financial and solvency requirements in their home state only.

B1B Solvency
Solvency is the concept of an insurer having assets greater than its liabilities.

Within the UK, solvency is monitored by the FSA for all insurers, including Lloyd’s, and
requires all authorised insurers to confirm on a regular basis that they comply with the
requirements of the FSA. The FSA is moving towards what is called Solvency 2, which combines
the pure review of assets in relation to liabilities with elements of risk management and public
disclosure.

Within the EU, the insurance directives require that all insurers must establish a solvency
margin which is supervised by the insurer’s home state regulator. The purpose of a solvency
margin is to ensure that an insurer has sufficient assets to meet its liabilities and protect its
customers. In broad terms, the non-life solvency margin is calculated as the higher of two
figures – one approximately between 16% and 18% of annual premiums and the other between
23% and 26% of claims averaged over the last three financial years. There is a 50% loading
for three classes of business judged to be particularly volatile – marine, aviation and general
liability. In life assurance, the solvency margin is much simpler. Again in broad terms, it is
calculated as 0.3% of sums assured at risk plus an uplift depending on the type of business
involved. The EU insurer solvency system is currently under review.

Lloyd’s market solvency is considered in more detail in chapter 7.

5/10 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

B2 USA
The USA is a very important source of business for the London insurance market. Insurance
regulation in the USA is principally at individual state level. Each of the 50 states (as well as
the District of Columbia and USA dependant territories) has its own legislative body, its own
insurance law and regulations and its own insurance department responsible for insurance
regulation. An insurance department is headed by an official (whose title may be ‘insurance
commissioner’, ‘director of insurance’ or ‘superintendent of insurance’), who may be appointed
by the state governor or elected by the general public.

Insurers and insurance intermediaries wanting to do business in a particular state must obtain
licences to do so from the state insurance department and must subsequently comply with
the requirements in the local insurance law and regulations for licensed entities. In the case of
licensed (or admitted) insurers, these include requirements to submit regular, detailed financial
reports for solvency monitoring purposes and to meet capital adequacy standards. Many
insurance departments also control the rates that may be charged and the policy wordings
(known as ‘forms’) that may be used for many classes of insurance and insurers, therefore, have
to seek ‘rate and form’ approval before use.

Non-admitted insurers can conduct business in US states on a surplus lines basis. This means
that if the locally licensed insurers refuse to underwrite a risk it may be offered to a surplus
lines insurer. This is the principal way in which Lloyd’s syndicates and some London company
insurers underwrite US risks. States regulate surplus lines transactions by exercising jurisdiction

Chapter 5
over the insurance intermediary handling the transaction, who must be a licensed surplus lines
broker. Surplus lines placements must be of risks eligible for export to the surplus lines market
and must normally first be offered to a specified number of licensed insurers (known as ‘the
declination process’ or ‘the diligent search’). Only where the licensed insurers turn down the
risk can it then be offered to a surplus lines insurer. Most states maintain lists of ‘eligible’ surplus
lines insurers, who meet the state requirements, including maintenance of financial assets
locally, in designated trust funds. Surplus lines insurance is not subject to state rate and form
regulation.

Some US states allow exemptions from their surplus lines laws for risks of a certain size or class,
though by no means all states allow exemptions. Typically, exemptions are given for marine and
aviation business, and major commercial risks where the insured spends over a set amount in
annual premium and/or employs more than a certain number of staff.

Lastly in the US context, there is the concept of direct procurement, also sometimes known as
independent procurement. This allows a purchaser of insurance to avoid the surplus lines rules
if they leave their home state and insure with any insurer they choose, even if that insurer is not
based in the same state as the prospective insured.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/11

 Lloyd’s and London Market Introductory Test

B3 Global insurance regulation

This raises some important issues for London market insurers. Obtaining licences to transact
insurance business in other countries can be an onerous and slow process. In some countries,
insurance laws make it difficult or impossible for a foreign insurer to become licensed. Even
where this is possible, local insurance regulators may expect a foreign licensed insurer to
deposit assets in their territory, to help protect local policyholders, making maintenance of a
range of licences in different countries expensive. Insurance laws are usually drafted with the
local market in mind, and can contain provisions that a foreign insurer will find it difficult to
comply with.

Although Lloyd’s has licences or authorisations to carry on business in over 70 countries, which
may be used by all the syndicates in the Lloyd’s market, other London market insurers may have
a more restricted range of licences and may seek to transact direct insurance business on a ‘non-
admitted basis’, such as in the US.

B4 Regulation of reinsurance
Reinsurance is less heavily regulated than direct insurance. This reflects the approach of
legislators in many countries, that the purchasers of reinsurance contracts generally do not have
the same need of regulatory protection as personal and smaller commercial policyholders who
may have little or no insurance knowledge or understanding.

Often, where regulatory requirements for reinsurance do exist, they focus on the ability of
the ceding insurer to take balance sheet ‘credit for reinsurance’ they have purchased. This is
currently the position in the USA, where US insurers can only take balance sheet credit for
reinsurances purchased from reinsurers who meet certain criteria, intended to ensure that they
have the financial strength to meet claims made on their reinsurance contracts. Nevertheless,
the absence of reinsurance licensing requirements in many countries makes it easier for a
reinsurer than for a direct insurer to transact business on a worldwide basis.

However, in 2005 the EU passed a directive on reinsurance which will implement a harmonised
framework for reinsurance supervision across the EU. This provides for a regulatory framework
based on the existing regime introduced by the Third Insurance Directive for direct insurers and
extends to reinsurance companies the system for the authorisation and financial supervision of
an insurance undertaking by the Member State in which it has its head office (‘home country
control’). This would enable reinsurers authorised in one Member State to carry on their
business anywhere in the European Union. The reinsurance directive also sets out prudential
rules for the supervision of reinsurers, and is required to be implemented in all Member States
by December 2007.

5/12 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

C Financial Services Compensation Scheme

The Financial Services Compensation Scheme (FSCS) is the UK’s statutory fund of last resort
for customers of authorised financial services firms. It is an independent body, created under
the FSMA and is funded by levies on FSA authorised firms. The FSCS can pay compensation
if a firm is unable, or unlikely to be able, to pay claims against it, for example, if the firm is
insolvent. The FSCS is free to customers.

The FSCS covers business conducted by firms authorised by the FSA. European firms
(authorised by their home state regulator) that operate in the UK may also be covered.

FSCS protects:

• deposits;
• insurance policies;
• insurance broking (for business on or after 14 January 2005);
• investment business; and
• mortgage advice and arranging (for business on or after 31 October 2004).

As a fund of last resort, there are limitations as to the amount of compensation the Scheme can
pay. The rules applicable to the scheme form part of the FSA’s Handbook of Rules and Guidance.

D Financial Ombudsman Service

Chapter 5
The Financial Ombudsman Service (FOS) is an independent organisation set up under the
Financial Services and Markets Act 2000 but operates independently of the FSA. The role of the
Ombudsman is to help resolve individual disputes between consumers and financial firms. This
is done through the impartial investigation of disputes between policyholders and the firm. The
Ombudsman tries to reach agreement by a process of mediation or conciliation.

FOS can deal with complaints made by a private individual, businesses with a yearly turnover
of under £1m, a charity with a yearly income of under £1m, or a trust with net assets of under
£1m. FOS can generally deal with most types of financial complaint relating to financial
products and services provided in (or from) the United Kingdom, subject to certain criteria
being met. The Ombudsman does not cover store cards and loans by non-FSA authorised firms
or occupational pension schemes.

Before a complaint may be referred to FOS a complainant must give a firm up to eight weeks to
resolve the complaint. There are also rules that a firm must follow when handling complaints.
Firms are required to inform consumers that they may contact the Ombudsman if they are
unhappy with its decision. Consumers have six months from the company’s final letter to refer
complaints to the Ombudsman. The complainant can choose whether or not to accept an
Ombudsman’s decision. If they accept the decision, it is binding on both the complainant and the
firm. If a complainant does not accept the Ombudsman’s decision they can take the case to court.

The scheme is free to consumers, even if the Ombudsman finds in the firm’s favour.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/13

 Lloyd’s and London Market Introductory Test

E Data Protection Act 1998

The Data Protection Act 1998 gives individuals certain rights regarding information held about
them. It also places obligations on those who process information. The Act seeks to strike a
balance between the rights of individuals (data subjects) and those with legitimate reasons for
using personal information (data controllers).

Anyone processing personal information must notify the Information Commissioner’s Office
that they are doing so.

There are a number of principles which anyone processing information must comply with and
certain conditions must also be met for personal information to be considered fairly processed.
These are outlined in Appendix 3.

E1 Rights under the Act

Individuals have seven rights under the Act:

1. The right to subject access. This allows people to find out what information is held about
them on computer and within some manual records.

2. The right to prevent processing. Anyone can ask a data controller not to process information
relating to him or her that causes substantial unwarranted damage or distress to them or
anyone else.

3. The right to prevent processing for direct marketing. Anyone can ask a data controller not to
process information relating to him or her for direct marketing purposes.

4. Rights in relation to automated decision taking. Individuals have a right to object to

decisions made only by automatic means e.g. there is no human involvement.

5. The right to compensation. An individual can claim compensation from a data controller
for damage or distress caused by any breach of the act. Compensation for distress alone can
only be claimed in limited circumstances.

6. The right to rectification, blocking erasure and destruction. Individuals can apply to the
court to order a data controller to rectify, block or destroy personal details if they are
inaccurate or contain expressions of opinion based upon inaccurate information.

7. The right to ask the Commissioner to assess whether the Act has been contravened. If
someone believes their personal information has not been processed in accordance with the
DPA, they can ask the Commissioner to make an assessment. If the Act has been breached
and the matter cannot be settled informally, an enforcement notice may be served on the
data controller.

E2 Criminal Offences
A number of criminal offences were created by the Act and include notification offences
– where processing is being undertaken without notification to the Commissioner of the
processing being undertaken or changed.

There are also rules relating to the disclosure of information and unsolicited marketing.

5/14 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

F Money laundering
‘Money laundering’ is a term used to describe the techniques, procedures or processes used
to convert illegal funds obtained from criminal activities into other assets in such a way as to
conceal their true origin so that it appears the money has come from a legitimate source.

The principal legislation in the UK is the Proceeds of Crime Act 2002 (PoCA), together with
the Money Laundering Regulations 2007. PoCA establishes three primary money laundering
offences, which are outlined below.

PoCA also imposes obligations upon regulated firms to have a Money Laundering Reporting
Officer (MLRO) to whom cases of money laundering must be reported by a firm’s staff.
The MLRO is the conduit for onward reporting to the appropriate regulatory and criminal
investigation authorities. While it is important to understand the primary money laundering
offences and ensure that you are not party to such offences, it is equally important for you to be
aware of your obligation to report any knowledge or suspicion of money laundering.

F1 Primary money laundering offences

These are as follows:

• Concealing etc. Where someone knows or suspects that property constitutes someone’s
benefit from criminal conduct, he or she commits an offence if he or she conceals, disguises,
converts, transfers or removes that criminal property from the UK.

Chapter 5
• Arranging. A person commits an offence if he or she enters into or becomes concerned in
an arrangement which he or she knows or suspects will facilitate the acquisition, retention,
use or control of criminal property by or on behalf of another person.
• Acquisition, use and possession. An offence is committed if someone acquires, uses or has
possession of property if he or she knows or suspects that the property constitutes a person’s
benefit from criminal conduct.

These offences can attract severe penalties including prison sentences of up to 14 years.

F1A Reporting suspicious activity

If you know or suspect or have reasonable grounds for knowing or suspecting that another
person is engaged in money laundering you must report the matter to the MLRO as soon
as practicable after the information comes to you. Failure to do so may constitute a criminal
offence under PoCA punishable by up to 5 years in prison.

F1B Tipping off

It is an offence for any person, if he or she knows or suspects that a matter has been reported
to the MLRO, to take any action likely to prejudice an investigation by informing or tipping off
the person who is the subject of a suspicious report, or anyone else involved, that a disclosure
has been made or that law enforcement authorities are carrying out or intending to carry out a
money laundering investigation.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/15

 Lloyd’s and London Market Introductory Test

F2 Examples of money laundering in the insurance context

The following examples are the types of transaction that compliance and money laundering
officers in the insurance market typically watch out for:

• Overpayment of premium with a request to return the overpaid amount to a different

country.
• Large or irregular return premiums.
• Substantial payments in cash.
• Premium from one country, claims to be paid to another country.
• Frequent ‘small’ claims whose total is roughly equivalent to the premium paid.
• Request for claims to be paid to persons or entities other than stated as (re)insured in the
policy.
• Uncharacteristically high levels of brokerage.

Often, although apparently suspicious, such transactions are perfectly legitimate, but it is
important that the issues are understood and scrutinized/investigated by an independent
person who is not involved in the day-to-day business.

Many insurers and intermediaries also have ‘watch lists’ which list countries which are known
to have connections with money laundering activity. Business coming from such countries will
be subject to additional checking before it is allowed to proceed.

5/16 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

Glossary of terms

Data Protection Act 1998 The Act gives individuals certain rights regarding information held about
them. It also places obligations on those who process information.
Directives A directive sets out measures that the governments of EU Member States
must implement into their national laws, normally by a specified date.
Financial Ombudsman An independent organisation set up under the Financial Services and
Service Markets Act 2000 but operating independently of the FSA. The role of the
Ombudsman is to help resolve individual disputes between consumers
and financial firms.
Financial Services The FSCS is the UK’s statutory fund of last resort for customers of
Compensation Scheme authorised financial services firms. It can pay compensation if a firm is
unable, or unlikely to be able, to pay claims against it, for example, if the
firm is insolvent.
Financial Services Authority The Financial Services Authority (FSA) is the independent body set up by
the government under the Financial Services and Markets Act 2000 (FSMA)
to regulate financial services in the UK and protect the rights of customers.
It has a wide range of rule making, investigatory and enforcement powers,
to meet its four statutory objectives:

Chapter 5
• maintain confidence in the financial system;
• promote public understanding of the financial system;
• secure the appropriate degree of protection for consumers; and
• reduce financial crime.
Money laundering The term used to describe the techniques, procedures or processes used to
convert illegal funds obtained from criminal activities into other assets in
such a way as to conceal their true origin so that it appears the money has
come from a legitimate source.
Solvency margin The purpose of a solvency margin is to ensure that an insurer has sufficient
assets to meet its liabilities and protect its customers.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/17

 Lloyd’s and London Market Introductory Test

5/18 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

Appendix 1: FSA Handbook: Summary of contents

The following is a summary of the FSA Handbook and only lists those parts of the Handbook that are
most relevant to insurers. The Full Handbook can be viewed on the FSA’s website. www.fsa.gov.uk

Block Sourcebook or manual Reference

code
Glossary Glossary Glossary
terms used in the the meaning of defined terms used in the Handbook
Handbook
High Level Standards Principles for Businesses PRIN
the standards applying the fundamental obligations of all firms under the regulatory system
to all firms and Senior Management Arrangements, Systems and Controls SYSC
approved persons the responsibilities of directors and senior management
Threshold Conditions COND
the minimum standards for becoming and remaining authorised
Statements of Principle and Code of Practice for Approved APER
Persons
the fundamental obligations of approved persons
The Fit and Proper test for Approved Persons FIT
the minimum standards for becoming and remaining an approved
person
General Provisions GEN

Chapter 5
interpreting the Handbook, fees, approval by the FSA, emergencies,
status disclosure, the FSA logo and insurance against fines
Fees Manual FEES
the fees provisions for funding the FSA, FOS and FSCS
Prudential Standards General Prudential sourcebook GENPRU
the Prudential General Prudential Sourcebook for Banks, Building Societies, Insurers
Standards Block sets and Investment Firms
out the prudential Prudential sourcebook for Insurers INSPRU
requirements for firms Prudential sourcebook for insurers
Business Standards New Conduct of Business Sourcebook COBS
the detailed the conduct of business requirements applying to firms with effect
requirements relating from 1 November 2007
to firms’ day-to-day Insurance: New Conduct of Business sourcebook ICOBS
business the non-investment insurance conduct of business requirements
Client Assets CASS
the requirements relating to holding client assets and client money
Market Conduct MAR
Code of Market Conduct, Price stabilising rules, Inter-professional
conduct, Endorsement of the Takeover Code, Alternative Trading
Systems, what is acceptable market conduct and what is market abuse
Training and Competence TC
the commitments and requirements concerning staff competence

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/19

 Lloyd’s and London Market Introductory Test

Block Sourcebook or manual Reference

code
Regulatory Processes Authorisation (to see AUTH derivations and destinations tables, AUTH
the manuals describing go to Useful links)
the operation of the guidance on whether authorisation is needed, how to apply for it
FSA’s authorisation, and related issues
supervisory and Supervision SUP
disciplinary functions supervisory provisions including those relating to auditors, waivers,
individual guidance, notifications and reporting
Decision Procedure and Penalties Manual DEPP
a description of the FSA’s procedures for taking statutory notice
decisions, the FSA’s policy on the imposition and amount of
penalties and the conduct of interviews to which a direction under
section 169(7) of the Act has been given or the FSA is considering
giving with effect from 28 August 2007
Redress Dispute Resolution: Complaints DISP
the processes for the detailed requirements for handling complaints and the Financial
handling complaints Ombudsman Service arrangements
and compensation Compensation COMP
the rules governing eligibility under, and levies for, the Financial
Services Compensation Scheme
Complaints against the FSA COAF
details of the scheme for handling complaints against the FSA
Small Mortgage and Insurance Intermediaries: Part I - General MIGI
Rules
Small Mortgage and Insurance Intermediaries: Part I - General Rules
Small Mortgage and Insurance Intermediaries: Part II - Mortgage MOGI
Intermediaries (additional rules)
Small Mortgage and Insurance Intermediaries: Part II - Mortgage
Intermediaries (additional rules)
Small Mortgage and Insurance Intermediaries: Part III - GIGI
Insurance Intermediaries (additional rules)
Small Mortgage and Insurance Intermediaries: Part III - Insurance
Intermediaries (additional rules)
Regulatory Guides The Responsibilities of Providers and Distributors for the Fair RPPD
Treatment of Customers
these are guides to Responsibilities of Providers and Distributors for the Fair Treatment
regulatory topics of Customers Guide
The Unfair Contract Terms Regulatory Guide UNFCOG
Unfair Contract Terms Regulatory Guide

5/20 LLMIT/February 2008 © The Chartered Insurance Institute 2008

 5: Regulation

Appendix 2: Statements of Principle and Code of Practice for

Approved Persons (individuals)
This includes general principles for all persons approved by the FSA.

Principle 1
An approved person must act with integrity in carrying out his controlled function.

Principle 2
An approved person must act with due skill, care and diligence in carrying out his controlled function.

Principle 3
An approved person must observe proper standards of market conduct in carrying out his controlled
function.

Principle 4
An approved person must deal with the FSA and with other regulators in an open and co-operative
way and must disclose appropriately any information of which the FSA would reasonably expect
notice.

Principle 5
An approved person performing a significant influence function must take reasonable steps to ensure
that the business of the firm for which he is responsible in his controlled function is organised so that it

Chapter 5
can be controlled effectively.

Principle 6
An approved person performing a significant influence function must exercise due skill, care and
diligence in managing the business of the firm for which he is responsible in his controlled function.

Principle 7
An approved person performing a significant function must take reasonable steps to ensure that the
business of the firm for which he is responsible in his controlled function complies with the relevant
requirements and standards of the regulatory system.

© The Chartered Insurance Institute 2008 LLMIT/February 2008 5/21

 Lloyd’s and London Market Introductory Test

Appendix 3: Data Protection Act 1998 Principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be
further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes
for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary
for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful
processing of personal data and against accidental loss or destruction of, or damage to, personal
data.

8. Personal data shall not be transferred to a country or territory outside the European Economic
Area unless that country or territory ensures an adequate level of protection for the rights and
freedoms of data subjects in relation to the processing of personal data.

5/22 LLMIT/February 2008 © The Chartered Insurance Institute 2008