CISI – Financial Products, Markets & Services Topic – Financial Services Regulation and Professional Integrity Lesson: 8.4 Data Protection and 8.5 Complaints and Compensation
Examples of data losses
Complying with the Data Protection Act Financial Services Firms that hold and process personal data must be registered with the Information Commissioner The firm is described as the Data Controller Notify the Information Commissioner that they are processing information Process personal information in accordance with the 8 principles of the Act Answer subject access requests from individuals Legal requirements
8 Principles of the Data Protection Act Customer information should be...... 1 Processed fairly and lawfully 2 Obtained for one or more specified and lawful purpose and shall not be processed in any other way 3 Accurate and kept up-to-date 4 Kept for no longer than necessary 5 Processed in accordance with the rights of the subject 6 Adequate, relevant and not excessive for the purpose(s) Protected against unauthorised & unlawful processing, accidental loss, destruction or damage using adequate technical and organisational methods 7 8 Protected against it’s transfer outside of the European Economic Area unless the country ensures it’s protection.
Regulatory Recommendations for keeping data safe Employees should not have access to data beyond what is necessary to do their job. Firms should look to monitor and control all flows of information into and out of the organisation. Removable media should be disabled except when there is a genuine need. Unauthorised staff should not be able to remove information undetected Laptops and other portable devices should be encrypted and wiped when no longer used. Devices should be logged and monitored. Software that tracks all activities should be installed (including web surfing and email traffic) Carry out due diligence on any 3rd party suppliers before agreeing contracts All visitors to the firm’s premises should be logged in and out and supervised while on site.
Complaints and Compensation Complaints are inevitable – sometimes they are valid, sometimes not. The FCA requires authorised firms to deal with complaints from eligible complainants (Individuals and small businesses) promptly and fairly. Firms need.... Written procedures staff must follow if a complaint is made: Make a definitive response to the complaint Reasonable timescale to resolve it If a complaint is verbal or written If a complaint is justified or not Can be followed even for an ‘ineligible’ complainant (business client) Those making a complaint should..... Receive an acknowledgement of the complaint in a timely manner Receive a response to the complaint Have their complaint appropriately investigated Be made aware of their rights to go to the Financial Ombudsman Service Receive a final response within 8-weeks of the date of the complaint
Internal Complaints Procedures Employees appointed to handle the complaint must have sufficient competence. must not have been directly related or involved. must have the authority to settle the complaint. must adequately address the complaint and offer redress where appropriate. must offer fair compensation (address consequential or prospective loss as well as actual loss)
The Financial Ombudsman Service (FOS) Under the FSMA and FCA, the FOS has the power to make rules relating to handling complaints. The FOS is designed to resolve complaints about financial services firms quickly and simply Characteristics of The Financial Ombudsman Service (FOS) Offers an independent view Complainants can use this when dissatisfied with a firm’s final response. Operates a dispute resolution scheme. FOS decisions are binding for firms but not for the complainant. Fair compensation may be payable – no more than £150K
The Financial Services Compensation Scheme (FSCS) If retail banks were to collapse, savers could potentially lose their deposited money. This would create uproar and undermine confidence in the financial system – people would no longer want to keep their money in a bank account. Northern Rock savers withdrawing their money in September 2007 Function of The Financial Services Compensation Scheme (FSCS) Pays out compensation to eligible complainants in the event of a default of an authorised firm. (Excludes professional customers) Similar to an insurance policy paid for by all authorised firms. Compensation: Firms in default – 100% of the first £50K per person per firm for investments. £75K for bank deposits