Welcome to the latest edition of our bi-monthly Regulatory update, which pulls together recent developments from across the UK’s regulators. As regulatory enforcement action increases, and consequences of noncompliance escalate. RPC’S Regulatory update helps you to see the full picture, join the dots and navigate the ever-changing regulatory maze. In this November edition highlights include, the launch of a Consumer Duty digital learning suite, key updates in the Food and Drink sector, latest developments on the Economic Crime and Corporate Transparency Bill, updates on the Online Safety Act, CMA’s new Green Agreements Guidance, new advertising laws to tackle illegal ads and protect children online and an overview of the November AI Safety Summit. Please do not hesitate to contact me, or your normal RPC contact, if you would like to discuss any of the topics highlighted or have any suggestions for areas you would like to see in future updates.
Financial services FCA issues 146 alerts on first day of new crypto marketing regime The UK’s Financial Conduct Authority (FCA) has implemented new regulations requiring firms promoting cryptoassets to be authorised by the FCA or have their marketing approved by an authorised firm. The FCA issued 146 alerts about illegal cryptoasset promotions on the first day of the new regime, urging social media platforms, app stores, search engines, domain name registrars, and payment firms to co-operate in protecting consumers. The FCA’s Warning List helps consumers identify potentially illegal promotions, emphasising the high risks associated with cryptoasset investments. Firms can lawfully promote cryptoassets through authorised channels, registered crypto firms, or exemptions in the Financial Promotion Order. The FCA has been warning firms since February to prepare for these changes and will take strong action against non-compliance, removing illegal content to safeguard consumers. These regulations align cryptoassets with other highrisk investments and support the FCA’s commitment to preventing harm, setting higher standards, and promoting positive change as outlined in their 2023/24 Business Plan. Click here to read more. Back to contents > PRA consults on approach to insurance branch authorisation and supervision A consultation by the Prudential Regulation Authority (PRA) outlines their plans to consolidate and formalise existing policies concerning overseas insurers operating in the UK through thirdcountry branches. The aim is to provide clearer guidelines for these branches based on the PRA’s experience of authorising and supervising them post-Brexit. The proposed changes also align with previous consultations on insurance branches (CP12/23). The PRA intends to replace supervisory statement (SS) 2/18 with a new policy statement and make amendments to SS44/15 and SS20/16. Feedback is welcomed until 12 January 2024. Click here to read more. Back to contents > FCA unveils results from multi-firm review on life insurance terminal illness benefits The Financial Conduct Authority (FCA) conducted a multi-firm review of terminal illness (TI) benefits in life insurance protection products and published its findings on 2 October 2023. The review aimed to ensure that life insurers were providing fair outcomes for terminally ill individuals. While the FCA did not find widespread poor customer outcomes or a significant number of declined TI claims, it identified areas for improvement. These included the requirement for a 12-month prognosis of death from a medical practitioner, the quality and timeliness of the claims process, the use of firms’ internal medical experts, and potential conflicts with claims process and policy wordings. The FCA is engaging with insurers to address issues and improve customer outcomes. Insurers, as well as brokers and advisers, are encouraged to consider the FCA’s findings to enhance outcomes for customers making or potentially making TI claims. The FCA is also open to discussions with firms exploring alternative approaches to TI benefit wording to improve customer benefits and outcomes. Click here to read more. Back to contents > LSB joins UK Regulators’ Network The Lending Standards Board (LSB) announced its membership of the UK Regulators’ Network (UKRN). This collaboration aims to promote co-operation among regulators across different sectors, ensuring improved outcomes for consumers, small businesses, and the economy. By joining forces with regulators from financial, utility, transport, and housing sectors, including the Financial Conduct Authority (FCA) and Payments Systems Regulator (PSR), the LSB seeks to enhance its mission of ensuring fair treatment for both personal and business customers within the financial services sector through independent oversight of standards and codes. Click here to read more. Back to contents > Cracking down on high-risk investments: FCA considers industry performance The UK’s Financial Conduct Authority (FCA) has introduced stricter rules for promoting Restricted Mass Market Investments (RMMIs), non-readily realisable securities (such as shares in an unlisted company, peer-to-peer agreements, peer-to-peer portfolios, and certain qualifying cryptoassets). The FCA aims to reduce retail investors’ exposure to these investments. After implementing rules between August 2022 and February 2023, the FCA reviewed 13 firms’ compliance. Good practices included providing clear investment information, offering tools to assess suitability, and warning clients if investments weren’t suitable. However, poor conduct was also observed, such as leading questions, altering risk warnings, and downplaying risks. Firms not meeting requirements were criticised, and the FCA expects them to review the report and make necessary internal changes. Continued monitoring is anticipated, and non-compliant firms might face stringent actions, emphasising the FCA’s commitment to protecting consumers from risky investments. Click here to read more. Back to contents >
PFS introduces a digital learning suite for Consumer Duty The Personal Finance Society (PFS) and the Chartered Insurance Institute (CII) have launched a Consumer Duty digital learning suite to assist their members in complying with FCA regulations. Developed with financial experts, the suite offers new courses and a diagnostic tool tailored to individual business needs. The courses cover various aspects: • overview of Consumer Duty Regulations provides an introduction for personal finance professionals • spotlight: Consumer Duty Good Practice Examples offers indepth insights for senior staff and leaders • spotlight: Consumer Duty Action Planning Process provides a framework for prioritising consumer-centricity, compiling evidence, and driving cultural shift within teams and firms. Additionally, a diagnostic tool identifies implementation weaknesses in the implementation of the Duty. In addition to the new suite, the PFS’s Consumer Duty resources hub includes: • the Consumer Duty Good Practice Guide for Insurers • the PFS Consumer Duty toolkit • the ESG and Sustainable Investment Advice spotlight course. PFS launches Consumer Duty digital learning suite. Click here to read more. Back to contents > Drafts regulations withdrawn On 16 October, the government confirmed the withdrawal of draft regulations that would have seen new reporting requirements for large listed and private companies. The decision to withdraw the draft regulations was made following a consultation with companies, which expressed concern for the red tape brought on by the new requirements. The government stressed its commitment to bring a reform package that will be simpler and more targeted. Click here to read more. Back to contents > The OBL submits two data collection frameworks The Joint Regulatory Oversight Committee (JROC) has welcomed the submission of two data collection frameworks by Open Banking Limited (OBL). One of the frameworks focuses on the collection of API data to improve availability and performance of open banking, while the other focuses on financial crime reporting. Click here to read more.
FCA to review treatment of Politically Exposed Persons The Financial Conduct Authority (FCA) aims to review how firms in the UK deal with Politically Exposed Persons (PEPs), including how they apply PEPs definitions, risk assessments, due diligence controls, communications, and review of controls in place. The FCA aims to report the review by the end of June 2024. Click here to read more
White collar crime
HMRC publishes Economic Crime Levy Manual On 1 September HMRC published an internal manual on the Economic Crime Levy. The guidance is aimed at HMRC staff to help them understand how the Economic Crime Levy applies to customers. The guidance includes definitions, liability under the Economic Crime Levy and ensuing calculations, as well as enforcement and debts and insolvency. HMRC publishes Economic Crime Levy Manual. Click here to read more. Back to contents > New Director of the Serious Fraud Office Nick Ephgrave QPM took office as Director of the Serious Fraud Office (SFO) on 25 September 2023. He has over 30 years of experience in law enforcement having worked as Assistant Commissioner of the Metropolitan Police Service and Chief Constable for Surrey Police. He has also held various roles on the Criminal Procedure Rules Committee and at the Sentencing Council and served as Chair of the National Police Chiefs’ Council Criminal Justice Co-ordination Committee. Click here to read more. Back to contents > Launch of independent review of disclosure and fraud offences On 12 October 2023, it was announced that Jonathan Fisher KC was appointed Chair of the Review for an independent review on disclosure and fraud offences aimed at making the criminal justice system more efficient. The review comes at a time of heightened attention for online and digital fraud and will look into assessing whether the current systems is appropriate for the challenges of fraud in the digital age. This will also include a review of punishments for fraud offences to ensure they are proportionate to the severity of the offence. The review will also consider whether there is a need for a new civil power to halt those who commit fraud. Click here to read more. Back to contents > Economic Crime and Corporate Transparency Act – large organisations should now prepare for the failure to prevent fraud offence The Economic Crime and Corporate Transparency Act (the “Act”), that received royal assent on 25 October 2023, introduces significant changes to UK corporate criminal law that present companies with increased criminal risks and require action on their financial crime compliance procedures. Pursuant to this new offence of failure to prevent fraud, large organisations (determined by financial/employee thresholds) will be held criminally liable where their employees, agents and subsidiaries commit a fraud offence where that fraud is intended to benefit the organisation or a person to whom services are provided on behalf of the organisation. There will be a complete defence where an organisation can demonstrate it had in place reasonable procedures at the time of the offending. The failure to prevent fraud offence expected to become law before the end of the first quarter 2024 and large organisations can now start to prepare. Work is already underway on drafting the statutory guidance on what will constitute reasonable prevention procedures, and companies can begin to review their existing policies and procedures to determine whether there are provisions relating to the prevention of fraud by employees, subsidiaries, and agents against third parties. If there are not, organisations should decide how they wish to implement such policies and procedures through their existing compliance framework. For more information on this new offence (as well as the Act’s revision to the identification doctrine for economic crimes) and how to prepare, find the link to our article here.
Data protection UK-US data bridge On 21 September 2023, the Department for Science, Innovation & Technology published an explainer for the UK-US data bridge, following the UK Secretary of State for Science, Innovation, and Technology’s decision to establish it. The data bridge with the US is established through the UK extension of the EU-US Data Privacy framework, which has been deemed to have high standards of data protection. On the same day, to enact the decision, adequacy regulations were laid in Parliament, coming into force on 12 October 2023. As a result, UK organisations will be able to transfer personal data securely to certified organisation in the US. UK individuals whose data has been transferred to the US will be able to access the redress mechanism if they believe that US authorities have unlawfully accessed their personal data for national security purposes, following the US Attorney General designating the UK as a “qualifying state” on 18 September 2023. Click here to read more. Back to contents > Data security concerns prompt ICO to review period and fertility tracking apps On 7 September 2023, the Information Commissioner’s Office (ICO) announced that it is set to review period and fertility apps as a poll commissioned by the ICO itself showed that 59% of women surveyed cited transparency of usage of their data as a concern when choosing which app to use. The percentage for transparency concerns was higher than costs and ease of use, both at 55%. A third of the women polled stated to have used these types of apps. In addition, over half of those who use fertility or period tracking apps stated to have seen an increases in adverts related to those topics after signing up, with some finding it distressing. The ICO is now holding a call for evidence and liaising with companies providing these services to assess how they process the personal information of their users. Click here to read more. Back to contents > DRCF publishes a blog on how to assess algorithmic systems On 13 September 2023 the Digital Regulation Cooperation Forum (DRCF) published a blog post to help member regulators assess algorithmic systems in order to ensure they are meeting good governance standards. Currently, regulators like the ICO, FCS and CMA have powers to investigate algorithmic systems, including obtaining data from companies. With the Online Safety Bill and the Digital Markets, Competition and Consumers Bill, some DRCF regulators will have more powers enquire about firms’ algorithmic systems. DRCF member regulators are also upskilling and training staff in this regard, including with multidisciplinary teams and appropriate tools and infrastructure. In addition, the DRCF is also interested in researching companies providing algorithmic audit services, including how these are carried out and marketed as these services are starting to emerge. Click here to read more.
ICO responds to a report by Which? on data harvested by smart devices On 7 September 2023 the Information Commissioner’s Office (ICO) released a statement to respond to a report by Which?, where their analysis found that different smart devices on the market harvest the data of their users. The ICO emphasised the importance of data transparency from companies, including its usage and how it is shared. The regulator also pointed out their current work on guidance in relation to data and Internet of Things (IoT) devices. Click here to read more. Back to contents > “Recommended for you” – Data risks in AI-powered customer solutions Retailers and consumer brands are increasingly using AI online and in stores, and data regulators in the UK and EU are starting to catch up to the use of these technologies and making their positions known. Regulators have confirmed that data protection laws apply to all technologies that use personal data, including any AI systems. Data protection authorities (including the UK ICO) are focussing heavily on the issues raised by AI. This underlines the potential harm that could be caused to individuals due to the misuse or misguided use of AI. For retailers and consumer brands using these technologies, a key obligation to remember is that set out in the UK and EU GDPR around automated decision making (ADM). Click here to read more. Back to contents > New advertising laws to tackle illegal ads and protect children online The UK Government has announced plans to implement new rules to crack down on illegal ads and influencer scams, with the objective of safeguarding consumers and protecting children online. On 25 July 2023, the Department for Digital, Culture, Media and Sport (DCMS) unveiled its response to the Online Advertising Programme (OAP) consultation that was launched in March 2022. The Government’s plan involves the introduction of new legislation aimed at addressing specific issues in online advertising, with the proposed laws honing in on advertisements that facilitate illegal activities, including fraud, illegal products, malware and human trafficking. Click here to read more. Back to contents >
Health, safety and environmental Key updates in the Food and Drink sector from the latest RPC Bites • New FSA guidance on CBD consumption • Tesco makes headlines for alleged greenwashing • Environmental Strategy – is UK food and drink going green? • Government to launch “healthy sales” reporting system for large food companies • Another alcohol ad oversteps the mark • Ban on single-use plastics comes into force To read the full details on RPC Bites click here. Back to contents > The Greenhouse Gas Emissions Trading Scheme Auctioning (Amendment) Regulations 2023 On 13 September, the Greenhouse Gas Emissions Trading Scheme Auctioning (Amendment) Regulations were laid in Parliament. These regulations amend previous Regulations from 2021. The Auctioning Regulations provide for the auctioning of allowances following the UK Emissions Trading Scheme (UK ETS). The amendments will provide for the auction share, meaning the number of allowances circulated in line with the net zero consistent cap. Click here to read more. Back to contents > TNFD recommendations on nature-related financial disclosures On 18 September 2023, the Taskforce on Nature-Related Financial Disclosures (TNFD) published 14 recommended disclosures after a consultation lasting two years which included pilot testing from companies and financial institutions. The recommendations take into account standards from the International Sustainability Standards Board (ISSB) and the Global Reporting Initiative (GRI), and are in compliance with the Kunming-Montreal Global Biodiversity Framework. The TNFD will start tracking voluntary adoption from 2024, with GSK already stating they will publish TNFD disclosure for 2025 data in 2026. Click here to read more. Back to contents > Findings from the FSA Consumer Insights Tracker The Food Standards Agency (FSA) tracks consumer behaviour in relation to food via its monthly Consumer Insight Tracker. Key findings from the September 2023 edition showed that consumers are mostly concerned with food prices (90%); food poverty and inequality (76%); ultra-processed foods (72%); and diet health (71%). Other findings from the survey include an increase in the percentage of respondents who state to have bought food close to its expiry date at discounted prices, from 36% per cent last month to 41% in September. The percentage of respondents worried about being able to afford food for the month is in line with the previous survey at 25%. The Consumer Insight Trackers surveys 2,000 adults registered to YouGov’s panel across England, Wales and Northern Ireland. Click here to read more. Back to contents > Food Fraud Working Group proposals On 11 October 2023, the FSA published a stakeholder message containing the proposals of the Food Working Group in order to tackle food crime more efficiently. The proposals include the launch of a new freephone number for the food fraud hotline; encouraging food fraud whistleblowing; better information sharing agreements between auditors of food businesses and the FSA; and improving how the FSA alerts food businesses about food fraud in their supply chain. The FSA estimates that the UK economy loses up to £2b each year due to food fraud. Click here to read more. Back to contents > Updates to FSA guidance on food allergen labelling On 23 September, the FSA published technical guidance on food allergen labelling. The guidance includes changes on how businesses should apply the Precautionary Allergen Label (PAL) including: • limit the use of a PAL when risk of cross-contamination is unavoidable and cannot be controlled with cleaning and segregation methods • businesses should be specific about which of the 14 major allergens the PAL is referring to • where cross contamination with an allergen is identified, a PAL label should be used in conjunction with a vegan label rather than a free-from label, which is aimed at a different group of consumers. Click here to read more
High-rise building registry 1 October 2023 marked the deadline for Principal Accountable Persons (PAPs) to register high-rise buildings following the Building Safety Regulator’s (BSR) new regulatory regime. All high-rise residential buildings that are at least 18 metres or seven storeys tall, with two or residential units, must be registered – occupying non-registered building now constitutes an offence. As of the deadline day, over 13,000 applications by dutyholders were started or completed, with the BSR urging dutyholders who still have to complete the registration to comply or risk facing sanctions. The BSR will then use the information provided in the registration to identify which building to prioritise during the building assessment certificate project that will start in April 2024. Click here to read more. Back to contents > Dust Kills health campaign The Health and Safety Executive (HSE) has carried out site inspections to prevent risks from construction dust, with the support of the educational campaign Dust Kills, which aims at providing advice and information on the risks associated to dust exposure. The 1,000 inspections carried out between May and July have identified good and bad practice examples at construction businesses and sites, including the use of protective equipment and water suppressions systems, air fed hoods in carpentry processes to avoid exposure to wood dust; and the circulation of educational and informative material to raise awareness on dust exposure. Poor practice examples identified by the HSE include lack of on-tool extraction and poor maintenance of extraction equipment, lack of respiratory protective equipment (RPE), or inadequate controls to ensure workers are using RPE as well as a general disregard of workers’ general health when carrying out simple tasks. The regulator is concerned with the lack of control hierarchy in some sites, including lack of planning to reduce dust risk exposure. Click here to read more. Back to contents > Safety Notice on trackside vehicle restraint barriers In September 2023, the HSE in conjunction with Fife Council published a Safety Notice on trackside vehicle restraint barriers aimed at motorsport/leisure track owners, operators, event organisers and those with duties for the safety of activities on tracks and circuits. The notice invites the relevant stakeholders to be aware and informed on the difference in the design and type between vehicle restraint barriers and general barriers. Those with safety duties need to be aware of the correct application of vehicle restriction barriers, including their suitability for the track/circuit, correct installation and their maintenance and life cycle. The Safety Notice emphasises that general barriers used in other sectors may not be designed and suitable for motorsport, leisure tracks and circuits and may not have been tested for vehicle impact. Click here to read more.
Smarter Regulation: Fire safety of domestic upholstered furniture A government consultation has sought views on a new approach to the fire safety of domestic upholstered furniture. This comes as part of updates to the Furniture and Furnishings (Fire) (Safety) Regulations 1988, which were intended to protect consumers from harm resulting from flammable upholstered furniture, but which the government and stakeholders believe need updating to consider modern day risks. The consultation considers the scope of the regulations, labelling requirements, the conformity assessment procedure, and proposed timescales for new regulations, along with other issues. The approach is based on new safety outcomes that will be supported by essential safety requirements, which all products produced under the regulations must meet in order to be placed on the market. Updates aim to improve fire safety by better representing the safety of the product as it appears in their home. The consultation closed on 24 October 2023, with stakeholder feedback expected to be released soon. Click here to read more. Back to contents > UK Product Safety Review The Office for Product Safety and Standards (OPSS) has launched the Product Safety Review to protect consumers and businesses whilst growing the economy. The consultation proposes reforms to the UK’s product safety framework, aiming to increase accountability and proportionality as well as helping businesses innovate, grow, and create more jobs. Proposals include putting clear responsibilities on online marketplaces so that online shopping is as safe as on the high street, further regulation of e-labelling, and obligations on businesses that are proportionate to their product’s risk. Responses are sought from a range of individuals, businesses, manufacturers, trade associations and consumers. The OPSS believes the UK’s product safety framework, which currently exists as a patchwork of legislation, technical requirements, and guidance, needs consolidating into a more agile and responsive regulatory framework. This will improve innovation in businesses and make the process easier to understand for new entrants to the market. The consultation closed on 24 October 2023. Feedback from stakeholders is expected in the near future. Click here to read more.
Tax HMRC publishes tax debt strategy Following recommendations made by the National Audit Office in its 2021 report into HMRC’s management of tax debts during the pandemic, HMRC has published its tax debt strategy. The strategy sets out how HMRC will improve the management of tax debt from 2023/24 onwards, with the stated goal of minimising the volume and value of tax debt. The strategy is centred around four pillars: preventing tax debt; tailoring interventions; effective and efficient resolution; and being adaptable. Back to contents > Interpretation of VAT and excise legislation The government has published draft legislation clarifying how VAT and excise legislation should be interpreted in light of changes made by the Retained EU Law (Revocation and Reform) Act 2023 (REULA). The draft legislation is intended to take effect from the end of 2023 and confirms that, in relation to VAT and excise law, and in line with REULA, it will no longer be possible for any part of any UK Act of Parliament or domestic subordinate legislation to be quashed or disapplied on the basis that it was incompatible with retained EU law. It also ensures that UK VAT and excise legislation continues to be interpreted as Parliament intended, drawing on rights and principles that currently apply in interpreting UK law. Consultation on the draft legislation is currently open and will close on 17 November 2023. Back to contents > Data Usage Agreement: National Fraud Initiative – HMRC and local authority counter-fraud pilot two HMRC has announced the second tranche of its pilot with the National Fraud Initiative (NFI), matching data from local authorities with the aim of identifying and preventing fraud. Under the pilot, the NFI will share records containing personal data from local authorities with HMRC, which will then be matched against HMRC records. Matches will then be returned to the NFI along with additional information from HMRC, and the NFI will then release the records to NFI participants for them to review and investigate as applicable to prevent and detect fraud. The second tranche of the pilot will focus on data relating to household composition, household earnings and indicators of property ownership, and will be used for the purpose of identifying fraud and error, and then as a basis of investigation of fraud or error. Back to contents > Business in Europe: Framework for Income Taxation (BEFIT) The European Commission has recently adopted a package of measures to reduce tax compliance costs for large, cross-border businesses in the EU. The Business in Europe: Framework for Income Taxation (BEFIT), will reduce tax compliance costs for large businesses, primarily those who operate in more than one Member State and make it easier for national authorities to determine which taxes are rightly due. The measures include common rules to compute the tax base at entity level, which means that all companies that are members of the same group will calculate their tax base in accordance with a common set of tax adjustments to their financial accounting statements. The new rules will be mandatory for groups operating in the EU with an annual combined revenue of at least €750m, and where the ultimate parent entity holds, directly or indirectly, at least 75% of the ownership rights or of the rights giving entitlement to profit. Once adopted by the Council, the proposals should come into force on 1 July 2028.
Cyber security Joint MoU between NCSC and Information Commissioner On 12 September 2023, the CEO of the National Cyber Security Centre (NCSC) and the Information Commissioner signed a joint Memorandum of Understanding (MoU) to agree on the cooperation between their organisations. In particular, the MoU details how the two organisations can cooperate on developing cybersecurity standards and guidance and enactive improvements in cybersecurity for ICO regulated organisations. The provisions of the MoU emphasise reciprocal engagement between the two bodies, especially in relation to cybersecurity incidents. It is also pointed out that the NCSC will not pass on organisations’ confidential details to the ICO without prior consent. Click here to read more. Back to contents > NCSC and NCA publish white paper on ransomware, extortion and the cybercrime ecosystem On 11 September 2023, the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) published a whitepaper to provide a more current view of the current cyber crime ecosystem following a previous report of the NCSC made in 2017. The whitepaper shows how cybercriminals have updated their tactics since the 2017 report, with extortion and ransomware becoming popular types of attacks. Click here to read more. Back to contents > FCA fines Equifax Ltd £11m for cyber security and outsourcing failings The Financial Conduct Authority (FCA) has fined Equifax Ltd. £11m for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US. In 2017, Equifax’s parent company, Equifax Inc., was subject to one of the largest cybersecurity breaches in history where cyberhackers were able to access the personal data of approximately 13.8 million UK consumers because Equifax outsourced data to Equifax Inc.’s servers in the US for processing. They were unaware of the breach until six weeks after Equifax Inc. discovered it, causing delays in informing UK customers. Equifax also mishandled complaints and made inaccurate public statements about the incident’s impact. The FCA emphasised financial firms’ responsibility to maintain robust cybersecurity measures, update systems, and promptly notify affected individuals in case of a data breach, regardless of outsourcing, as highlighted by the Consumer Duty. Click here to read more.
AI regulation Speech at The AI Regulation Summit 2023 On 5 October 2023, Jessica Rusu, Chief Data, Information and Intelligence Officer at the FCA delivered a speech on AI at the City and Financial Global AI Regulation Summit 2023. The speech touched on the need to talk and engage about AI taking into consideration how the technology is interdependent with digital infrastructure, cloud systems and data systems, which need to be reliable and ensure customers safety. The speech also highlighted the importance of AI regulation to ensure the technology’s benefits are visible, citing the example of the GFIN Greenwashing TechSprint, where AI tools were used to identify greenwashing practices in financial services. The FCA is also already using AI tools to identify scam websites, detect money laundering activity and identify sanctioned individuals. Click here to read more. Back to contents > EU AI ACT-ion stations The EU is forging ahead with its vision for AI. Wrapping up talks on the EU AI Act between the EU governments, the Commission and the parliamentary negotiators are imminent, after the AI Act was first proposed in a White Paper in 2020. The AI Act is based on a risk framework. The intention is to achieve proportionality by setting the regulation according to the potential risk the AI can generate to health, safety, fundamental rights or the environment. AI systems with an unacceptable level of risk to people’s safety would therefore be prohibited. The legal framework laid down in the AI Act will apply to both public and private actors inside and outside the EU as long as the AI system is placed on the EU market, or its use affects people located in the EU. It covers all entities within the AI value chain from providers through importers and distributors to deployers. The full article by RPC provides an overview of the EU’s risk based approach, the scope of the Act, a timeline, key points that will form the basis of the discussions, and next steps. Click here to read more. Back to contents > Pilot scheme to facilitate business to launch AI and digital innovations On 19 September 2023, the Department for Science, Innovation and Technology announced the launch of a pilot scheme where businesses and organisations can receive tailored advice and support to ensure their AI and digital innovations are meeting regulatory requirements. The multi-agency service will be developed by regulators, and it is backed by £2m of funding from the UK government. The involvement of different regulators, namely members of the DRCF) – including the ICO, Ofcom, the CMA and the FCA – will allow for a streamlined service in order for businesses to receive advice from all those involved in regulating AI and digital technologies. The launch of this pilot, which will last a year, is seen to be part of the commitments that the government has made under the AI Regulation white paper. Click here to read more.
AI regulation (continued) AI UK – DSIT discussion paper on the capabilities and risks from frontier AI The publication by Department for Science, Innovation and Technology (DSIT) of a discussion paper describes the risks of frontier AI, which was published ahead of the summit. The report is made up of three parts: • Capabilities and risks from frontier AI • Safety and Security Risks of Generative Artificial Intelligence to 2025 • Future Risks of Frontier AI The paper describes possible frontier AI capabilities and the risks it may present, including societal harms, misuse, and loss of human control. The paper is accompanied by two annexes: • Future risks of frontier AI (Annex A), suggests that any AI safety strategy must deal with novel risks which are highly uncertain. • Safety and security risks of generative artificial intelligence to 2025 (Annex B) sets out a more high-level overview of safety and security risks. Back to contents > AI Safety Summit overview On 1 and 2 November the UK hosted a global artificial intelligence safety summit at Bletchley Park with a glittering attendee list consisting of key nations and Tech giants and with a media grabbing appearance by Elon Musk. Over the two days, representatives of the 28 attending nations including China, the US and the EU signed the Bletchley Declaration on AI Safety, committing to a global effort on the safe development of AI and for the transformative opportunities of AI to be used for good. There were announcements of three AI Safety Institutes that will be used to underpin the foundations of regulation: the UK’s AI Safety Institute aims to be a key feature of an otherwise light touch approach to regulation and will shape regulators’ approach to the emerging technology by studying the potential risks, but without acting as a regulator itself. The UK said its Institute will work alongside a global expert panel and in a formal partnership with the US’ new AI Safety Institute set up by the Department of Commerce within the National Institute of Standards and Technology. The US body was announced in parallel with President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence that also requires companies creating large foundation models to share their testing under the Defense Production Act. The EU followed these announcements by revealing plans to establish a European AI Office that could contribute to the future design of AI governance. A Chinese government minister also stated their country’s willingness to work with other nations on AI safety and governance. The UK maintained its overall position that it was too early to consider an AI Act, preferring regulation informed by risks that will be assessed by the AI safety Institute.
Security Minister delivers speech on fraud and AI The Home Office has published a speech given by the Security Minister, Tom Tugendhat, on fraud and artificial intelligence (AI). In the speech, Tugendhat highlights the potential challenges posed by AI within the fraud space and confirmed that the UK intends to host a summit in London in March 2024 to agree a coordinated action plan to reform the global system and respond to the growing threat. He continued by stating that the UK ‘can’t be passive in the face of this threat’ and needs to be ‘thinking about... how we move forward.’ Tugendhat explained the UK should begin with considering how to build safe AI models that are resilient to criminal intent, how to harness AI to ensure that harmful content online is quickly identified and removed and what governments need to be doing globally to balance progress and growth with safety and security.
Digital advertising and marketing Ofcom decides against removing stricter TV advertising rules for PSBs On 19 September 2023, Ofcom announced that following a review, it will not remove stricter TV advertising rules for public service broadcasters (PSBs). These rules only apply to commercially funded PSBs such as ITV and Channel 4. The decision considered the potential of an increase in advertising on commercially funded PSBs during the evening peak time, which is the slot when news programs are aired, with the potential of reducing the time allotted to news content. Ofcom will consider changes in TV advertising rules within the context of changes of the overall PSB system that will take place in the coming years, also taking into consideration the implementation of the Media Bill. Click here to read more. Back to contents > Rules for advertising cryptoassets issued by the FCA As of 8 October 2023, the Financial Conduct Authority (FCA) will be responsible for the regulation of cryptoassets ads, namely those that are transferable and fungible. Including cryptocurrencies. Non-transferable and non-fungible cryptoassets, such as NonFungible Tokens (NFTs), are not covered by the new rules and regulation of their advertisement will remain under the remit of the Advertising Standards Authority (ASA). All firms that are marketing qualifying cryptoassets will have to abide by the FCA rules, regardless of their location or the technology behind the assets. In addition, qualifying cryptoassets are now classified as Restricted Mass Market Investments and as such are subjects to restrictions such as the requirement to include risk warnings and summaries as well as a ban on incentives to invest. Click here to read more. Back to contents > The Retained EU Law (Revocation and Reform) Act 2023 31 December 2023 will mark the beginning of the UK’s divergence from EU law. Under the Act, around 600 pieces of legislation across 16 Government departments will be revoked and some key EU law principles will no longer be applicable. The Act represents more of a post-Brexit tidying up exercise than a wide-scale reform as had initially been planned, providing more certainty for businesses as the legislation that is due to be revoked has now been specified. All other retained EU law will remain in force unless, and until, reformed by the relevant Government department. Click here to read more.
Online Safety Act After six-years, the Online Safety Act received Royal Assent on 26 October 2023. The wide-ranging and ambitious legislation requires user-to-user services and search engines to tackle illegal content and protect children from harmful content on their services. Ofcom, as the appointed regulator, will enforce the law and will shortly be consulting on codes of practice to indicate what steps platforms will need to take to comply with the legislation. On 9 November, Ofcom published its first draft codes and guidance on illegal harms duties, covering how online platforms deal with child sexual abuse and terrorism content, harassment, stalking and threats to kill. Draft guidance will swiftly follow later this autumn, including on age assurance for accessing pornography. For more information, see Ofcom’s roadmap to regulation. RPC are publishing a series of blogs on the Online Safety Act, which can be found here. Back to contents > ASA updates guidance on misleading environmental claims The Advertising Standards Authority (ASA) has issued updates to its guidance on green claims in advertising, demonstrating a continuing intention to clampdown on misleading environmental claims. In a new section of the Guidance entitled “Claims about initiatives designed to reduce environmental impact”, the ASA draws on the principles established within recent ASA rulings as well CMA guidance on environmental claims in goods and services. The Guidance highlights a number of factors which make ads more or less likely to comply with the rules on environmental claims. Click here to read more.
Overview of the key risks affecting the Professional and Financial Risks market In October, RPC’s Professional and Financial Risks team hosted a panel discussion to address the evolving challenges and responsibilities faced by professional clients in the current economic landscape. The expert panellists provided concise snapshots of the key challenges and opportunities across the professions, including: accountants, brokers, construction, technology and cyber, and lawyers. The panel covered a wide variety of issues including the impact of COVID, regulatory changes, ESG, AI, as well as a look into the future of the claims landscape to examine what else might impact the industry. A document containing key insights from the session is available. To explore the key insights from the session click here. Click here to read more. Back to contents > SRA updates guidance on risk assessments for law firms On 21 September 2023, the Solicitors Regulation Authority (SRA) published an update to its guidance for firm-wide risk assessments under money laundering regulations. The firm-wide assessment needs to reflect the nature and size of the business and take into account risks such as customers, geographical areas of operation, products and services provided by the firm and their delivery, and transactions. The SRA points out that while most firms have a risk assessment in place, there is a significant number of firms that do not meet their expectations, including firms who only put the risk assessment in place after a specific request by the SRA to review it. On 21 September 2023, the Solicitors Regulation Authority (SRA) updated its guidance on law firm risk assessments. Click here to read more.
Sanctions FCA assessment on the UK’s increasing sanctions The FCA has conducted an assessment of sanctions systems and controls in over 90 financial services firms following the rapid increase and volume size of sanctions that the UK has imposed after Russia’s invasion of Ukraine. The assessment, carried out using an analytics tool called Sanctions Screening Tool (SST), self-reporting and intelligence, found several areas of good practice including: • proactive approaches by firms to limit their sanctions exposure, carrying out risk assessments and scenario planning • implementation of sanction screening systems while ensuring the tools are calibrated efficiently in order to identify name variations. The FCA also identified several areas that need improvement including: • lack of adequate oversight of sanction risks from senior management, in particular in the case of multinational firms operating in different jurisdictions • misalignment between UK sanctions regime and global sanction policies • lack of understanding of how third-party sanctions screening tools work, including lists of individuals being screened and how the tools are calibrated, leading to a mismanagement of their risk of breaching sanctions • poor or inadequate resources to handle the volume of sanctions alerts leading to backlogs in the identification of risks and exposures • screening capabilities not tailored adequately • backlog of Customer Due Diligence (CDD) and Know your Customer (KYC) checks. Financial Conduct Authority has published new advice on an adhering to the country’s sanctions regime. Click here to read more.
Competition law Going green – the CMA publishes its Sustainability Guidance On 12 October 2023 the UK’s Competition and Markets Authority’s (CMA) published the final version of its guidance on environmental sustainability agreements (ESAs) following its consultation. As a recap, the CMA’s new guidance applies to ESAs and climate change agreements. These are agreements or concerted practices between actual and/or potential competitors which aim to prevent, reduce or mitigate the adverse impact of their activities on environmental sustainability, or aim to assess their impact. The guidance sets out which types of agreements are unlikely to infringe the Chapter I Prohibition under the Competition Act 1998 (CA98), those that could infringe it, and when an exemption might apply. As part of its most recent annual plan, the CMA set out its ambition and priorities for the next 3 years. A key component of the CMA’s stated ambition is to promote an environment where the whole UK economy can grow productively and sustainably. The CMA considers sustainability issues are an important parameter of competition (an aspect of the quality of a product or service) and also a policy goal in itself. Given the scale and the urgency of the challenge to ensure environmental sustainability and combat climate change, the CMA’s guidance is welcome in helping companies navigate the forms of cooperation which may be permissible. The guidance helpfully elaborates on the types of collaboration that are unlikely to infringe competition law and those which could be considered anti-competitive, and includes several further examples in the final form guidance. The greater clarity in the CMA’s new guidance is to be welcomed. Where parties remain in doubt, the CMA urges them to seek informal guidance on their proposed initiatives. The CMA has an open-door policy and is keen to ensure that concerns with competition law compliance do not unduly prevent business from seeking to collaborate to promote environmental sustainability, provided the principles of the guidance are adhered to. Businesses may be surprised to read that they have more scope to collaborate on environmental issues than they may have previously thought. As the CMA has made clear, its door is very much open. • For further background, see: Going Green – Draft sustainability Guidance from the CMA. • For our article on how to stay on the right side of competition law, see: Going Green – staying on the right side of competition law. • The new Guidance is here. Back to contents > CMA publishes new Prioritisation Principles The Competition and Markets Authority (CMA) has published its revised Prioritisation Principles on 30 October 2023 following consultation. The Prioritisation Principles set out how the CMA will decide which projects, cases and programmes of work to prioritise to make the best use of its limited public resources. Various factors are taken into account by the CMA in deciding whether or not to take action in the areas where the CMA has discretion whether to act.
As a recap, the principles comprise 5 key factors: • Strategic significance: does CMA action in this area fit with the CMA’s objectives and strategy? • Impact: how substantial is the likely positive impact of CMA action? • Is the CMA best placed to act: is there an appropriate alternative to CMA action? • Resources: does the CMA have the right capacity in place to act effectively? • Risk: what types of risks are associated with CMA action, and how significant are they? In many respects the new principles are a refresh to the CMA’s previous version. However, there has been a reordering of the various factors. ‘Strategic significance’ is now the first consideration and ‘Is the CMA best placed to act?’ has also been separated out as a principle (it was previously subsumed in ‘strategic significance’). The key change is that the new version links far more clearly to the CMA’s annual plan. For the first time this year, in its Annual Plan the CMA has set out its medium term priorities for the next 3 years. The new prioritisation principles make it clearer how the CMA’s decisions about which work to prioritise tie in with its strategic focus. With significant reforms to the CMA’s remit on the horizon (the Digital Markets, Competition and Consumers Bill is at report stage before Parliament), it is timely for the CMA to clarify how it chooses to prioritise its discretionary work.
Product regulation Government announces temporary measures to allow farmers to access pesticides The draft Plant Protection Products (Miscellaneous Amendments) Regulations 2023 were laid in Parliament on 24 October 2023, and will come into effect on 31 December 2023. The Amendments will allow British farmers to continue to buy and use seeds treated with EU-approved pesticides up until 1 July 2027. Cost-effective pesticides identical to those authorised in Britain can continue to be imported, with trade permits reinstated for a maximum of two years. The measures have been introduced to provide certainty to farmers ahead of the next growing seasons, as the existing treated seed scheme was due to expire on 31 December 2023. Continuing accessibility of these products will improve their availability and reduce costs. Farming Minister Mark Spencer said, “… Ensuring that British farmers and growers have access to the tools they need to produce food sustainably and affordably is a priority. The measures announced today will address the potential impacts and concerns raised by our valued farming sector.” The government aims to support farmers in developing and adapting their practices through integrated pest management approaches, in the hope of helping to increase resilience by diversifying crop protection techniques. Click here to read more. Back to contents > MDCG publishes guidance on medical device software that works in combination with hardware The Medical Device Coordination Group (MDCG) has published new guidance on regulatory considerations applicable to products that combine medical device software with hardware. The guidance provides advice to developers on how to comply with the applicable regulatory requirements under Regulation EU 2017/746 on medical devices (MDR). The guidance notes that many medical device software (MDSW) applications require hardware (including sensors and monitors) to fulfil their intended purpose. The three regulatory options that manufacturers have in relation to such products are: 1. The hardware or hardware component can be marketed as an accessory to an MSDW 2. The hardware or hardware component can be marketed as a medical device. This could be as part of “a system” under Article 22 of the MDR, as a combination with another medical device under Article 2(1) of the MDR, as an integral part of a medical device 3. The hardware of hardware component does not have an intended medical purpose and so is marketed as an integral element of a general consumer product Each option has its own detailed guidance on applicable regulatory requirements. For the first two options, there are general safety and performance requirements that must be followed, as the hardware or hardware component is being marketed as part of a medical device. There may also be pre-market clinical investigations or surveillance obligations that must be undertaken