Why has CBEST been introduced?

The Bank of England (“BoE”) has become progressively concerned of the threat of cybercrime in light of increasingly sophisticated attacks on the UK financial services industry. This concern was further bolstered by internet security expert McAfee’s latest report published in June 2014, which put the global cost of cybercrime at £266 billion. To combat this threat, on 10 June 2014 the BoE, HM Treasury and the Financial Conduct Authority (“FCA”) (collectively the “UK Financial Authorities”) launched the new CBEST framework. It is hoped that CBEST will test cyber vulnerabilities, ultimately enabling the UK’s financial industry to defend itself against cyber-attacks.

What is CBEST?

The CBEST framework is part of a broader effort to encourage those within the financial industry to collaborate and share information.

CBEST is available to core financial firms, infrastructure providers and regulators those who, if they did undergo some sort of consolidated cyber-attack or series of structured attacks, could have a major impact on the UK generally). Although participation will be voluntary, it is expected that take up will be significant due to the benefits. According to the BoE, these include, amongst other things, access to up-to-date and competent cyber intelligence from organisations which have been assessed against rigorous standards.

In summary, CBEST operates by mimicking the tactics of hackers and replicating these on a financial institution’s IT system. The new framework uses intelligence from government and accredited commercial providers to identify attackers to a particular financial institution. The techniques that these hackers may use are then replicated to assess the extent to which they could successfully penetrate that financial institution’s defences. It is intended that this process will create a better understanding amongst those in the financial sector of the types of cyber-attacks they potentially face and the importance of having a continuous detection and recovery process in place.

What are financial institutions expected to do?

Although the UK Financial Authorities remains interested in an institution’s backup plans in the event of a cyber-attack, it is now equally interested in its on-going ability to defend itself and capacity to withstand such threats. The FCA has been clear that from now on financial institutions are expected to take full responsibility for their IT systems by ensuring constant vigilance and maintaining sufficient resources to guard against any form of cyber-attack.

As such, post-CBEST, financial institutions will be expected to focus on a series of agreed action plans and responsibilities designed to ensure the competent and continuous ability to protect itself against cyber-crime.

The action to be undertaken by a particular financial institution following the CBEST process will ultimately be determined by:

  • the findings workshop: this documents the level of control that the institution should have and the types of cyber vulnerabilities it is currently experiencing. Notes of this workshop will be forwarded to the UK Financial Authorities to document the CBEST process; and
  • the reporting stage, which includes:
    • a Cyber Security Incident Response Maturity Output report (one of five elements to the reporting stage) – this will generate KPIs specific to the institution, which are then forwarded to the UK Financial Authorities for comparison with others; and
    • a Security Improvement Plan – this is based on the findings workshop and determines the responsibilities and agreed actions to be undertaken by the institution as well as the expected timelines.

The CBEST framework is only one way in which institutions can clearly demonstrate their ability to meet such expectations. Regardless of whether CBEST is adopted, those in the financial sector can take numerous precautions to ensure that they do not fall foul of the statutory and regulatory rules. For example:

  • financial institutions should have documented crisis plans for when cyber-attacks do occur and clearly delineate procedures for monitoring IT security which are continuously updated;
  • IT networks should be regularly tested and results recorded to demonstrate the institution’s strategy in developing competent defences against cyber-crime;
  • debates at board level on the cyber-crime issues should be properly documented; and
  • financial institutions should consider including cyber-security as a specific risk to be considered as part of their annual risk assessments.



On 25 June 2014, the FCA published an agreement it has entered into with Wonga Group Limited, the UK’s largest payday lender, under which Wonga is expected to pay compensation of more than £2.6 million to around 45,000 customers for unfair and misleading debt collection practices.

An accompanying FCA press release explains that an investigation begun by the Office of Fair Trading (“OFT”) in 2011 and taken over by the FCA in April 2014 (when it assumed responsibility for consumer credit regulation in the UK) determined that, between October 2008 and November 2010, Wonga and certain other group companies employed unfair debt collection practices. Communications were issued to customers in arrears in the names of “Chainey, D’Amato & Shannon” and “Barker and Lowe Legal Recoveries”, giving the misleading impression that the customers’ outstanding debts   had been passed to a law firm or other third party. Further legal action was threatened should the debt not be promptly repaid. In some cases, charges were added to customers’ account before or after (or both) these letters were sent out.

In fact, the two firms did not exist and Wonga was found to have adopted this practice with a view to maximising collections by unfairly increasing pressure on customers. In addition, in April 2014 Wonga notified the FCA that it had discovered certain unintentional system errors relating to the calculation of customers’ balances where the inputs to these calculations (such as fees, balance adjustments or the timing used to calculate interest) were not consistently applied.

Under the agreement, which is a voluntary application for imposition of requirement, Wonga is required to conduct a consumer redress scheme to determine whether the unfair debt collection practices and the unintentional system errors identified have caused detriment, loss or damage to customers. To the extent any such detriment, loss or damage has been caused, Wonga must then determine what redress is appropriate. While some affected customers will receive cash, others are likely to have their outstanding balance reduced. The consumer redress scheme relating to the unfair debt collection practices will be overseen by a skilled person appointed by the FCA under section 166 of the Financial Services and Markets Act 2000 (“FSMA”).


On 27 May 2014, the Upper Tribunal (the “Tribunal”) rejected an appeal (FS/2012/0013) by Ian Hannam (“Hannam”) against the Financial Services Authority’s (“FSA”) (predecessor to the Financial Conduct Authority) controversial 2012 decision that he had committed market abuse. Few cases have caused more discussion amongst London’s bankers than the FSA’s pursuit of Hannam for market abuse. Some commentators take the view that the FSA acted inappropriately by fining Hannam for simply doing what bankers have always done – sharing bits of information with potential investors to generate interest in a client. Others believe that the FSA behaved in an equitable way enforcing its rules against disclosure of inside information.

Regardless of the view held, the Tribunal’s decision sends a clear message as to what conduct will be classified as market abuse and the consequences of failing to follow internal procedures for dealing with inside information.


In February 2012, the FSA fined Hannam, the former Chairman of Capital Markets at JP Morgan and Global Co-Head of UK Capital Markets at JP Morgan Cazenove (“JPMC”), £450,000 for improper disclosure of inside information. The FSA claimed that Hannam had disclosed inside information about Heritage (one of JPMC’s clients)   in two emails to two other clients, even though: no trades took place as a result of the disclosure; Hannam’s honesty and integrity was not in question; and both emails were inaccurate. The FSA pursued action against Hannam on the basis that his disregard for JPMC’s procedures for handling market-sensitive information also constituted a serious violation of the market abuse law.

Hannam challenged the decision in the Tribunal, claiming that the two emails did not contain inside information, as the information was not entirely accurate and therefore  not precise enough to be price sensitive. In the alternative, he stated that he was acting in the proper course of his employment and acting in his client’s best interests by trying to facilitate a corporate transaction, e.g. the disclosure could not amount to market abuse.

Upper Tribunal decision

The Tribunal accepted that Hannam had acted neither deliberately nor recklessly, but found that he had made a serious error of judgement in sending the emails. The Tribunal confirmed that the emails disclosed “inside information” and should have been kept confidential in accordance with UK Takeover Code rules. It also rejected Hannam’s argument that he had acted in the course of his employment, as he had failed to follow internal JPMC procedures on the handling of such information, which required him to impose an obligation of confidentiality upon the recipient of the information (e.g. obtain a non-disclosure agreement from the recipient). Further, the Tribunal held that as a senior banker at JPMC and an approved person, Hannam should have been aware that he was in possession of inside information and that he was required to follow internal procedures and take appropriate measures to protect that information.

The following key points emerge from this case:

  • the standard of proof to be applied in market abuse cases is the civil standard, on the “balance of probabilities”, despite the quasi-criminal nature of the proceedings;
  • “inside information” can include information which is not entirely accurate or information which has already been partially disclosed (especially in circumstances where disclosure by the insider will give credence to the previously disclosed facts), but would not include information which is false;
  • persons with “inside information” must be cautious in its handling and should think carefully before disclosing it; and
  • the individual must have followed their own internal company procedures and other applicable rules, such as the Takeover Code, to rely on the statutory defence (section 123(2) FSMA) of having acted in the “proper course of his employment, profession or duties”).


On 23 May 2014, the Financial Conduct Authority (“FCA”) issued final notices to Barclays Bank Plc and to Daniel James Plunkett, a former Barclays broker, for failings relating to the London Gold Fixing.

Mr Plunkett was responsible for pricing and managing Barclays risk on a digital exotic options contract that referenced the price of gold during the 3.00 pm Gold Fixing on 28 June 2012. He placed orders which were intended to increase the likelihood that the price of gold would fix above a certain level (the barrier), which it eventually did. As a result, Barclays avoided a US$3.9 million payment to its customer that would have been due had the price been fixed below the barrier, and Mr Plunkett’s book profited. When the customer raised its concerns with Barclays, Mr Plunkett failed to disclose that he had placed orders and traded during the Gold Fixing. He then misled both Barclays and the FCA by providing a false account of events. Barclays subsequently compensated the customer in full.

The FCA fined Barclays £26 million for breaches of Principle 3 (management and control) and Principle 8 (conflicts of interest) of the FCA’s Principles for Businesses. Between June 2004 and March 2013 its inadequate systems and controls resulted in Barclays failure to properly manage the way its traders’ participated in Gold Fixing, adequately train staff on the precious metals desk and have adequate systems for monitoring traders activity. Barclays also failed to manage the inherent conflict of interest arising from Barclays participation in the Gold Fixing while selling customers options products that referenced, and were dependent on, the price of gold fixed. Mr Plunkett was able to exploit these weaknesses to influence the 3.00 pm Gold Fixing and profit at the customer’s expense.

The FCA fined Mr Plunkett £96,600 and banned him from performing any function in relation to any regulated activities carried on by any authorised or exempt persons, or exempt professional firm. Mr Plunkett breached Statement of Principle 1 (integrity) of the FCA’s Principles for Businesses by failing to act with integrity when carrying out his controlled function, by putting his own interests ahead of the customer and subsequently trying to hide his conduct. He also breached Statement of Principle 3 (management and control) by failing to observe the proper standards of market conduct. His actions were particularly serious as they had the potential to adversely affect the Gold Fixing, and the UK and international financial markets. His actions also occurred the day after the FCA had published its publication on the LIBOR and EURIBOR action against Barclays.

The FCA states in a related press release that it expects firms to ensure they are not replicating this type of behaviour in their reference rate and benchmarks operations. It is engaging with UK benchmark administrators on their plans to assess compliance with the International Organisation of Securities Commission’s (“IOSCO”) principles for financial benchmarks.


On 15 May 2014, the FCA published the final notice it has issued to Martin Brokers (UK) Ltd (“Martins”), an inter-dealer broker, imposing a fine of £630,000 for misconduct relating to the London Interbank Offered Rate (“LIBOR”).

The FCA found that Martins breached Principle 5 (market conduct) of the FCA’s Principles for Businesses (“PRIN”) because its brokers colluded with a trader at UBS AG (“Trader A”) as part of a co-ordinated attempt to influence Japanese yen (“JPY”) LIBOR submissions made by panel banks, in an attempt to manipulate the published JPY LIBOR rate. In particular, on or around dates when the level of the final published JPY LIBOR rate was of particular significance to the profitability of Trader A’s trading positions, the Martins brokers:

  • communicated skewed suggestions to some panel banks as to where they believed the published JPY LIBOR rate would set for a particular day (known as “run-throughs”);
  • requested that panel banks make specific JPY LIBOR submissions at levels that would benefit Trader A; and
  • created spoof orders, with the aim of influencing panel banks’ views of the cash market so that they would make JPY LIBOR submissions at levels that benefitted Trader A.

The FCA also found that Martins breached Principle 3 (management and control) of PRIN because the company failed to have adequate risk management systems or effective controls in place to monitor and oversee its broking activity. In particular, it:

  • had minimal policies and procedures in place to govern individual brokers’ behaviour;
  • had no effective compliance function and a poor compliance culture; and
  • provided limited compliance training for brokers.

An accompanying FCA press release states that Martins is the second inter-dealer broker and the sixth firm overall, to be fined by the FCA for LIBOR-related failures. The FCA fined ICAP Europe Ltd £14 million in September 2013 for LIBOR failings.

Martins would have been fined £3.6 million but for the fact that it was able to show that it could not pay a penalty of this amount in addition to the other regulatory fines that it faces in relation to LIBOR, including a financial penalty of USD 1.2 million imposed by the US Commodity Futures Trading Commission (“CFTC”).



The FCA has published its thematic review (TR14/8) which summarises the FCA’s finding following its review into claims handling in household and retail travel insurance.

The review found that the majority of policyholders included in the survey were satisfied with their experience. However, the FCA has identified seven key issues in relation to which improvements to practice may be required.

  • recording and use of inbound claims calls (mainly household);
  • communication and ownership throughout the claim;
  • management of supply chains (household);
  • the emergency assistance activities of travel insurers and the need for the right insurance;
  • insurance in relation to medical conditions (travel);
  • consumer outcomes in long chains of delegation; and
  • the clarity of product documentation.

The FCA will undertake further thematic work later this year to consider the claims process for commercial customers, particularly small businesses.


On 13 May 2014, the FCA published a thematic review report summarising its work on the clarity of fund charges. The findings outlined in the report are based on the FCA’s assessment of 11 UK firms including asset managers, banks, insurers and wealth managers operating funds that were sold to UK retail investors representing 29% of the UK retail market by assets under management, equivalent to £131 billion.

The FCA found that although some firms provided a consistent and clear description of charges across different marketing documents, this was not the case for all. The report and related press release, set out examples of good and poor practice. The two key messages, in terms of the FCA’s expectations, relate to the reference to the annual management charge (“AMC”) and ongoing charges figure (“OCF”):

  • Using the AMC in some marketing material and the OCF in other documents may confuse investors and hinder their ability to compare charges.
  • Using the OCF consistently in all marketing material for UCITS funds is likely to help investors understand and compare charges.

The report is intended to act as a reminder to all firms of the current rules that firms should be following to ensure that fund charges are presented clearly and consistently to investors, so that investors can compare charges before deciding where to invest. The FCA expects all authorised fund managers to consider the FCA’s findings and review their arrangements accordingly. Firms must put consumers at the heart of their business model. That means it is important to make comparing costs as easy as possible. As part of the overall relationship between firms and consumers, firms need to manage the costs with as much tenacity as they produce returns, and make the costs they charge clear. Senior management of authorised fund managers and if necessary the wider group should satisfy themselves of their firm’s practices regarding the clarity of charge information and fund governance.

The FCA has discussed its findings with firms participating in the review. Where they were found not to have complied with the regulatory requirements, firms have been required to justify their approach and, where appropriate, take remedial action.

The FCA states that it will continue to work with the Investment Management Association (“IMA”) on this matter. In September 2012, the IMA published voluntary industry guidance on enhanced disclosure of charges and costs information and has consulted on a template presenting information about performance and charges into funds’ annual reports and accounts.


On 23 May 2014, the Alternative Investment Fund Managers Order 2014 (SI 2014/1292)(“the first Order”) and an accompanying explanatory memorandum were published.

The first Order amends:

The AIFMD grants a marketing passport for fund managers authorised under the AIFMD framework, allowing them to market to professional investors in any member state. It provides a similar right for fund managers authorised under the AIFMD framework to provide AIFMD related services in any member state. However, as Gibraltar is not a separate member state, Gibraltar registered managers and funds cannot exercise these rights in the UK. The first Order corrects that anomaly.

The first Order also amends the transitional provisions for existing UK firms being brought into the scope of the AIFMD framework and provides a transitional year for UK firms that were carrying out AIFMD regulated activities before AIFMD entered into force on 22 July 2013. A transitional firm would have twelve months to submit its application and for the FCA to approve its application for authorisation under the AIFMD framework.

Because the first order was laid before Parliament less than 21 days before it was due to come into force, an amendment order has also been made. The Alternative Investment Fund Managers (Amendment) Order 2014 (SI 2014/1313) (“the amendment Order”) and an accompanying explanatory memorandum were also published on 23 May 2014. The amendment Order was made on 21 May 2014 and comes into force on 31 May 2014. It amends:

  • The dates on which the first Order comes into force. All provisions now come into force on 16 June 2014 instead of 1 June, with the exception of article 6 (as to which see next bullet).
  • The date by which a person must notify the FCA of an intention to carry on insurance mediation activity if the person wishes article 7(5) or (6) of the first Order to apply to them so that they are treated as having permission under Part 4A of FSMA to carry on insurance mediation activity, or as having applied for such permission. The relevant date under article 6 for notifying the FCA is now 22 July 2014 instead of 1 July 2014.

The dates have been amended to ensure that the first Order does not breach the 21 day rule, that is the rule whereby statutory instruments subject to the negative resolution procedure are required to be laid before Parliament at least 21 days before they are due to come into force.

According to the explanatory memorandum to the first Order, HM Treasury consulted with the FCA, the Government of Gibraltar and the Gibraltar Financial Services Commission, and with regards to both orders, with industry. No objections to the provisions of either order were raised.


On 9 May 2014, the Financial Services Act 2012 (Relevant Functions in relation to Complaints Scheme) Order 2014 (SI 2014/1195) (“the Order”) was published with an accompanying explanatory memorandum.

Section 85 of the Financial Services Act 2012 (“FS Act”) contains provisions on the functions of the FCA and the Prudential Regulation Authority (“PRA”) (referred to as “relevant functions”) that fall within the scope of the complaints scheme established under Part 6 of the FS Act.

The FS Act provided for the reform of financial regulation in the UK. In the place of the Financial Services Authority (“FSA”) (predecessor to the Financial Conduct Authority), it established a new system of financial services regulators comprising:

  • An expert macro-prudential authority, the Financial Policy Committee (“FPC”) within the Bank of England to monitor and respond to systemic risks in the financial sector;
  • A focused micro-prudential regulator, the Prudential Regulation Authority (“PRA”), to regulate firms that manage complex risks on their balance sheets – specifically, all deposit takers, insurers and some large investment firms; and
  • A focused conduct of business regulator, the Financial Conduct Authority (“FCA”), to ensure that business across financial services and markets is conducted in a way that advances the interests of all users and participants.

The FS Act imposes an obligation non the two new regulators and the Bank of England to establish a scheme for the investigation of complaints on how they have exercised,  or failed to exercise, any of their “relevant functions”. From 1 March 2014, following amendments made by the Financial Services (Banking Reform) Act 2013 (Banking Reform Act), section 85(2) of the FS Act gives HM Treasury the power to specify which of the FCA and PRA’s functions are relevant functions.

The Order, which was made on 8 May 2014, provides that the following FCA functions are relevant functions:

HM Treasury consulted the FCA, the PRA and the Bank of England in the preparation of the Order. The Order comes into force on 1 June 2014.


On 6 May 2014, the Chancellor of the Exchequer announced that HM Treasury would undertake a review of the enforcement decision making processes of the Financial Conduct Authority (“FCA”) and Prudential Regulation Authority (“PRA”) (the “Review”).

The Review will consider whether the institutional arrangements and processes that the FCA and PRA have in place in relation to their enforcement processes strike an appropriate balance between fairness, transparency and efficiency.

As a first step, HM Treasury has issued a ‘call for evidence’ which is similar to a consultation process. As part of the call for evidence, HM Treasury has invited interested parties to provide responses to a number of questions. Responses to these questions must be submitted by 5.00 p.m. on 4 July 2014.

The Review will consider the following key areas:

  • Effectiveness: The Review is to consider whether the current enforcement processes and supporting institutional arrangements used by the FCA and the PRA engender ‘credible deterrence’ amongst firms and individuals.
  • Referral of cases to Enforcement: In the call for evidence, HM Treasury emphasised the importance of the way in which the FCA and the PRA apply the criteria they use when considering whether to refer a matter to Enforcement in terms of following, and being seen to follow, a fair and transparent process. With this in mind, the Review will consider whether the FCA’s published enforcement referral criteria is clear and used appropriately in practice. It will also consider whether the PRA should give more guidance about its enforcement processes, including whether it should publish its enforcement referral criteria, which it currently does not do.
  • Co-ordination of investigations and enforcement action between the FCA and the PRA: Securing ‘effective co-ordination between the enforcement processes of prudential and conduct regulators’ was one of the key challenges for the FCA and the PRA which was identified by the Parliamentary Commission on Banking Standards. Although the FCA and the PRA have a Memorandum of Understanding which specifically refers to investigation and enforcement processes, the Review will assess the effectiveness of co-operation between these two regulators in practice.
  • Making representations to the FCA and the PRA: Firms and individuals who are the subject of enforcement action have the opportunity to make representations at various stages in the FCA and PRA enforcement processes. However, feedback published by the FCA in 2013 indicated that some firms and individuals felt that the FCA had already made their decision before the investigation had begun. As a result, the Review will consider issues such as whether the scope of enforcement investigations is made sufficiently clear to subjects, whether regulators should offer to hold regular update meetings throughout the course of an investigation and whether sufficient time and opportunity is given to firms and individuals to make representations during the enforcement process.
  • Settlement process: Both the FCA and the PRA encourage early settlement of enforcement matters and offer ‘settlement discounts’ of up to 30% of a proposed financial penalty to firms or individuals who agree to settle at early stages in their enforcement processes. The Review will explore whether the current approaches taken by the FCA and the PRA to settlement deliver fairness to firms and individuals who are subject to enforcement action. The Review will also consider whether it is appropriate to offer ‘settlement discounts’ in certain cases or at all.
  • Decision making process: The Review indicates that ‘a perceived lack of independence in the disciplinary decision making process at the regulators has been a familiar theme’ over the years. In particular, the Review appears to focus on the role of the Regulatory Decisions Committee (“RDC”). A number of questions in the call for evidence focus on the RDC and the interaction between the RDC and the Upper Tribunal.
  • International comparisons: As part of the Review, HM Treasury intends to conduct a comparative analysis of arrangements and processes for enforcement decision making in other jurisdictions. With this in mind, the call for evidence asks for respondents to suggest what lessons the UK could learn from international practice, as well as whether there are any specific feature of other jurisdictions’ enforcement processes that could be introduced in the UK.

The Review will not consider individual cases, the merits of individual decisions, or the processes of the Upper Tribunal.


On 8 May 2014, the FCA published a policy statement (PS14/7) on changes to its use of dealing commission rules for investment managers. The statement will be of direct interest to investment managers, alternative investment managers (“AIFMs”) and UCITS management companies.

Firms are currently allowed to pay for eligible goods and services using dealing commission and these are limited to the provision of research and services directly relating to execution. Whilst this will not fundamentally change, the FCA provide a number of clarifications, amendments and further guidance on the subject. In doing so, they are sending a strong message about the standards of conduct expected in this area, and reiterating that the definition of eligible goods and services is (and has always been) narrowly defined, and should be interpreted as such by firms.

The revised rules clarify that corporate access must not be paid for using dealing commission, and the FCA make clear their expectation that firms should disaggregate bundled services and allocate value between the different components. The FCA has also provided new guidance on how firms might go about pricing these disaggregated goods and services. This includes a “fact-based analysis” using proxies of other comparable priced goods and services available in the market, as well as estimating the cost of providing a comparable good or service internally.

In response to revised rules and guidance, firms should consider:

  • Carrying out a comprehensive review of what goods and services they currently pay for using dealing commission, and carefully assess these against the new rules;
  • Identifying bundled goods and services paid for with dealing commission and select an appropriate methodology for pricing disaggregated non-priced goods and services;
  • Implementing periodic compliance monitoring to satisfy themselves that goods and services remain eligible and, specifically, that they are relevant to the customers paying for them; and
  • Updating relevant compliance policies and procedures, as well as operational processes, to ensure these reflect the new rules.

The FCA consulted on the proposed changes to Chapter 11.6 of its Conduct of Business sourcebook in November 2013 (CP13/17). In PS14/7 the FCA responds to the feedback it received to those proposals. It explains that it has made some minor amendments to the final rules and guidance as a result of the feedback, but has decided to proceed with the main elements of the original proposals.

The FCA has also published the related handbook instrument: Conduct of Business Sourcebook (Use of Dealing Commission) (Amendment No. 2) Instrument 2014 (FCA 2014/29), made by the FCA Board on 1 May 2014. These handbook provisions come into force on 2 June 2014.

The FCA notes that PS14/7 does not comment on views expressed to it on the potential need for wider reform to the regime in the medium term. It will consider and comment on these as part of a further update later in 2014. The update will report on the findings of the FCA’s thematic supervisory work and discussions with both buy-side and sell-side firms, carried out between November 2013 and February 2014.


On 27 May 2014, the FCA published a report (TR14/9) of the findings from its thematic review of conflicts of interest and intermediary remuneration in commercial insurance intermediaries.

The review involved the FCA looking at seven large intermediaries/intermediary groups who serve UK customers that are small and medium-sized enterprises (“SMEs”). It considered how the business structures of these firms and groups, and the remuneration they receive, could create conflicts of interest that work against the best interests of customers. The FCA focused its review on small business customers as they have more complex insurance needs than retail customers, but are not always more sophisticated buyers of insurance. The FCA also carried out consumer research to understand SMEs’ expectations of the services intermediaries provide to them.

The FCA found that inherent conflicts within insurance intermediaries are not being properly managed. In some firms, the control framework and management information (“MI”) have not developed at the same pace as business models. As a result, they are no longer suitable for the size and complexity of the business. The FCA also found that the structure of some intermediaries’ businesses and their sources of revenue created significant conflicts of interest, particularly where firms or groups fulfilled multiple roles in the distribution chain and acted as agent for both the customer and insurer in the same transaction. Many intermediaries relied on disclosures as the main way to address conflicts of interest, rather than having effective control frameworks that prevent conflicts working against customers’ interests. In addition, the FCA’s research suggested that few SME customers understood it was possible that their insurance intermediary may be conflicted.

While the FCA is not proposing any immediate industry-wide action on conflicts, it identified a number of areas for firms to consider when assessing their own conflicts managements systems and controls, including amongst others:

  • Brokers need to ensure that their policyholder clients understand and appreciate the capacity in which the broker is acting in relation to every transaction;
  • Senior managers must take steps to identify conflicts in their business model, deploy appropriate and effective safeguards to manage those conflicts and ensure the production and review of suitable quality management information to continually assess the sufficiency of those safeguards;
  • Where a broker operates as an “integrated” broker (i.e. activities for policyholders and for underwriters), senior managers must seek to ensure internal segregation of the operations, remuneration and information supporting and deriving from those conflicting roles to the greatest extent possible;
  • Disclosures to clients about conflict management is beneficial but senior managers must ensure it is adequate; in particular, generic disclosures were criticised by the FCA as insufficient;
  • Brokers must ensure that they can clearly and accurately demonstrate the independent basis on which they source and place business for their policyholder clients, i.e. that competing interests did not play any part in the placement of the business;
  • Disclosures to clients about conflict management do not discharge the broker’s regulatory conflict management obligations. Brokers must still ensure that they have appropriate systems and controls to identify and manage conflicts; and
  • The reliance by brokers on high level conflict mitigation principles, while commendable, should not be too great. Brokers must ensure that those high level principles are manifested in appropriate procedures, controls and management information that show measurable client outcome.

The report found that the evolving structure of commercial SME brokers inherently gave rise to conflicts. There was a blurring of lines between, on the one hand, the traditional broker model as a policyholder advisor and, on the other hand, the “integrated” broker model in which a broker acts as a managing general agent (“MGA”) or has an insurer “facility” arrangement. Those “integrated” broker firms were more likely to have inherent conflicts of interests. While management at brokers that operate entirely (or almost entirely) as traditional policyholder advisors had less risk of conflicts, they still needed to evaluate the risk of conflicts and take all reasonable action to manage those risks.


On 27 May 2014, the PRA issued a policy statement (PS4/14) setting out its response to feedback received on the proposals in its March 2014 occasional paper (CP5/14). This policy statement publishes final miscellaneous and minor policy amendments to the PRA’s rules, guidance and a supervisory statement and follows the same structure as CP 5/14. It includes the PRA’s responses to the feedback received following consultation. CP5/14 consisted of four chapters and PS4/14 contains the PRA’s response and final rules, as follows:

  • Chapter 1: Financial conglomerates capital adequacy.

No responses were received on this consultation and The Financial Conglomerates Directive (Handbook Amendments) Instrument 2014 (PRA 2014/10), the text of which is set out in Appendix 1 to PS4/14, came into force on 26 May 2014.

  • Chapter 2: Proposed amendments to supervisory statement on the internal capital adequacy assessment process (“ICAAP”) and the supervisory review and evaluation process (“SREP”) (SS5/13).

No responses were received on this consultation and the amended version of SS5/13, the text of which is set out in Appendix 2 to PS4/14, came into force on 27 May 2014.

  • Chapter 3: Eligible liquid assets for Shari’ah-compliant firms.

The four responses received on this consultation welcome the PRA’s proposals to allow Shari’ah-compliant firms to include a wider set of assets in their liquid assets buffers. Concerns were raised that the haircuts and limits applied on the sukuk eligible for inclusion are too restrictive. However, the PRA believes the proposals remain appropriate. The Prudential Sourcebook for Banks, Building Societies and Investment Firms (Liquidity Standards) Amendment Instrument 2014 (PRA 2014/11), the text of which is set out in Appendix 3 to PS4/14, came into force on 26 May 2014.

  • Chapter 4: Risk management of asset encumbrance.

The two responses received on this consultation both support the PRA’s proposals. In response to a comment made by one of the respondents, the PRA notes that it is important that a firm’s systems and controls include assets that can be freely withdrawn from encumbrance, to ensure the firm is appropriately monitoring and controlling these positions. The Prudential Sourcebook for Banks, Building Societies and Investment Firms (Liquidity Standards No 2) Amendment Instrument 2014  (PRA 2014/12), the text of which is set out in Appendix 4 to PS4/14, came into force on 26 May 2014. The PRA expects firms to discuss with their supervisors the steps that are needed to comply with the rules and guidance and to agree appropriate timescales for any necessary enhancements.

On its webpage, the PRA explains that the policy on financial conglomerates capital adequacy and the amended version of SS5/13 are relevant to all PRA-authorised firms. The policies on eligible liquid assets for Shari’ah-compliant firms and risk management of asset encumbrance are relevant to banks, building societies and designated investment firms subject to chapter 12 of the Prudential sourcebook for Banks, Building Societies and Investment Firms.