top of page

Regulatory Round-Up: August 2022

The Financial Conduct Authority has published the number of new whistleblowing reports they have received between January and March 2022. The FCA uses whistleblowing information to inform their work and identify actual or potential harm to consumers, markets, the UK economy or the wider society. While the details remain confidential, the data shows that over the three-month period, 276 new reports were received. The majority (43.5%) were received via the online reporting form.

Whistleblowers can choose to remain anonymous when using any reporting option. The majority of whistleblowers chose not to remain anonymous, with 68% across Q1 providing contact details to the FCA.

Most whistleblowing cases were about fitness and propriety (37.7%) and treating customers fairly (25.4%). Other categories include FSMA, business culture, compliance, fraud and ‘SYSC 18’ or internal whistleblowing procedures. The FCA followed up SYSC 18 cases through its Supervision division, due to concerns that multiple reports about a firm could highlight problems with its approach to staff speaking up.

Funeral Plan Providers: New FCA Regulations




Marketing of high-risk investments to consumers

The FCA has published final rules aimed at setting a standard for adverts that encourage investment in high-risk products. Under these rules, firms must:

  • Have appropriate expertise in the promotions they approve

  • Conduct stricter checks to ensure the consumer and the investment product are well matched

  • Use clearer and more prominent risk warnings

  • Understand which incentives to invest (such as refer-a-friend bonuses) are now banned.

Firms that approve financial promotions must now have appropriate expertise in the type of investment product being promoted, but do not necessarily need expertise in the day-to-day commercial activities of the company issuing the investment. Firms will now need to self-assess whether they have the “necessary competence and expertise (C&E)” in the product before approving or communicating a financial promotion. If the firm decides it does not have C&E in the product, it must find an authorized person that does, which will need to confirm compliance of the promotion with the financial promotion rules before the promotion is communicated.

Appointed Representatives – New Rules Confirmed

The new rules to be added to the Supervision Manual (SUP) from 8 December 2022 – will introduce new obligations for principal firms around their supervision of their Appointed Representatives (ARs). The overall aim is to “help prevent consumers being mis-sold or mis-led by ARs and to prevent misconduct by ARs undermining markets operating fairly and safely.” The new rules will mean that principal firms need to:

  • Introduce enhanced oversight of ARs, making sure they have adequate systems, controls and resources.

  • Monitor the risk that their ARs pose to consumers and markets, in line with the oversight they apply to their own business.

  • Review information on their ARs’ activities, business and senior management, at least annually.

  • Understand when and in what circumstances a relationship with an AR should be terminated and have procedures in place should this need to happen to ensure an orderly wind down.

  • Tell the FCA of future AR appointments 30 calendar days before they take effect.

  • Provide the FCA with complaints and revenue information for each AR annually.

The new rules come alongside news that the FCA is undertaking targeted supervision of principal firms, using data and analytical tools to identify breaches and harms.

Data Protection

The Information Commissioner's Office presented a draft response to the Transfer Risk Assessment. While not yet in force – and the ICO is at pains to point out that firms cannot take the wording as final – the response was described as giving a ‘strong flavour’ of the direction of travel. Firms should also be aware that the ICO has not yet discussed the content with the EU.

The main themes include:

  • EU processors will not need to undertake a Transfer Risk Assessment (TRA) when they transfer data back to non-EU controllers.

  • Only the exporting firm – whether they are a controller or a processor - is responsible for the TRA. As such, controllers will need to make sure that contracts include relevant restrictions if they want to have input into their processors’ TRAs.

  • TRAs can follow the EDPB approach or compare the position of the data subject if the data stayed in the UK vs if the transfer went ahead.

The ICO says to expect an updated TRA by the end of the summer.

Potential measures to oversee critical third parties

Together, the Bank of England, the PRA and the FCA have published potential measures “to oversee and strengthen the resilience of services provided by critical third parties (CTPs) to the UK financial sector.”

CTPs provide UK based firms with services that could affect financial stability, and cause harm to consumers if they fail or their services are disrupted. The measures focus on outsourcing arrangements with third parties – which the Bodies acknowledge provide a range of benefits including efficiency, reduced costs, and faster innovation – but the potential for fairly significant stability issues if there is disruption in a small number of CTPs is significant enough to warrant action.

The Discussion Paper sets out these potential measures, including:

  • A framework for identifying potential CTPs

  • Minimum resilience standards, to apply to the services that the CTPs provide

  • A framework for testing the resilience of material services that CTPs provide.

The paper suggests that the measures are designed to sit alongside already existing responsibilities to manage third-party risks. Comments are open until 23 December 2022.

We offer a number of online training courses that support operational resilience in your firm through preparing staff to understand and work within the FCA and other regulators’ rules and expectations.

Our Complaints Handling course provides all the skills needed to engage with the complainant, and to investigate, resolve and respond to complaints.

We also offer courses on Data Protection and Information Security, which delivers the background to applicable legislation and how to avoid security breaches.

Our Understanding Data Protection Regulation courses have two options – one for front-line staff, and one for senior staff.

Mortgage switching update published

On 2 August, the FCA confirmed that its data shows that the number of mortgage borrowers not switching their mortgage deal when they could save money by doing so has declined significantly since 2016 – down from 800,000 in 2016 to 370,000 currently.

The regulator also reminded lenders that offering support for customers to do this is what is expected and reminded firms that a recent communication from the FCA asked them to consider what more they can do to encourage mortgage borrowers to think about switching to a less costly option where that is available.

The emphasis placed on the fair treatment of customers – particularly given the tough economic outlook – means that firms cannot afford not to be ahead of the curve on customer outcomes. The Consumer Duty is due in around 12 months, but the FCA have made it clear that firms should be doing as much as possible in the meantime to ensure good outcomes for customers who are in financial difficulties and who are vulnerable.

The foundation of every firm’s approach to customer treatment is staff training. Training helps staff understand why it's important to ask the right questions, what options are available for supporting customers, and how to offer support in practice.

We offer a dedicated online training course on The Fair Treatment of Vulnerable Customers. Priced at just £20 per user, the course is accessible at the delegate’s convenience and provides a certificate upon successful completion, allowing firms to track and record each user’s progress.

Our Financial Difficulties course takes learners through techniques that have been tried and tested, covers questioning skills, empathy and active listening, what to say, when to say it, and how to support customers.

For large groups, we can offer a simplified enrolment service and pricing, simply email


Conduct Rules Training.png
Corporate Compliance Training

Our online compliance training platform is specially designed for firms looking to book a number of learners on our courses

Stacked Books
Compliance Resources

Our online compliance resources provide all the information you need to know in relation to compliance hot topics.

bottom of page