CPD Seminars April 2019 Compliance Update Emily Corcoran Items - - PowerPoint PPT Presentation

cpd seminars
SMART_READER_LITE
LIVE PREVIEW

CPD Seminars April 2019 Compliance Update Emily Corcoran Items - - PowerPoint PPT Presentation

Apr 11, 2023 286 likes •587 views

Brokers Ireland CPD Seminars April 2019 Compliance Update Emily Corcoran Items Covered No-Deal Brexit Anti Money Laundering Regulation GDPR Insurance Distribution Regulation (IDR) Investment Intermediary Act 1995 (IIA)

slide-1
SLIDE 1

Brokers Ireland CPD Seminars

April 2019

slide-2
SLIDE 2

Compliance Update

Emily Corcoran

slide-3
SLIDE 3

Items Covered

  • No-Deal Brexit
  • Anti Money Laundering Regulation
  • GDPR
  • Insurance Distribution Regulation (IDR)
  • Investment Intermediary Act 1995 (IIA)
  • Non- Life Insurance (Provision of Information)

Regulation 2018

slide-4
SLIDE 4

No Deal Brexit

4

Dealing with UK Wholesalers/MGAs

  • The use of UK wholesale brokers to place risks into the UK market would not be

permissible under the IDR, under a hard Brexit scenario.

  • The use of UK wholesale brokers to sell products of an EU insurer to EU brokers is only

permitted if the UK broker registers in the EU in line with the requirements of the IDR.

  • It is permitted to use Lloyds MGAs as Lloyds Brussels (that has opened a branch in the UK)

has outsourced its underwriting activity to the MGAs.

slide-5
SLIDE 5

No Deal Brexit

5

Temporary Permissions Regime (TPR) & Authorisation under the FCA.

  • The Temporary Permissions Regime will allow EEA firms passporting into the UK to operate

for a limited period while they seek authorisation if the passporting regime falls away.

  • This means that firms under the TPR will be subject to the same regulatory and

supervisory framework as any UK regulated firm.

  • Brokers should keep in mind the cost associated with becoming registered with FCA. These

costs include levies along with Professional Indemnity Insurance costs etc which Brokers must apply to their UK authorisation.

slide-6
SLIDE 6

No Deal Brexit

6

Temporary Permissions Regime (TPR) & Authorisation under the FCA. Change to notification deadline

  • Firms and funds now have until the end of 11 April 2019 to notify the FCA if they want to

enter the Temporary Permissions Regime (TPR).

  • To enter the TPR, you need to notify the FCA by using their Connect system.
slide-7
SLIDE 7

No Deal Brexit

7

Financial Services Contracts Regime (FSCR)

  • The FSCR will automatically apply to EEA passporting firms that do not notify the FCA that

they wish to enter the Temporary Permissions Regime, but have pre-existing contracts in the UK which would need to continue to be serviced.

  • The FSCR comprises two regimes: Contractual Run-Off (CRO) and Supervised Run-Off

(SRO).

slide-8
SLIDE 8

No Deal Brexit

8

Financial Services Contracts Regime (FSCR) (UK legislation) Contractual Run-off (CRO)

  • CRO applies to firms without a UK branch (which operate under a freedom of services

(FOS) passport immediately before exit day)

  • Firms enter CRO automatically (if they haven’t availed of the TPR)
  • Firms in CRO are principally permitted to carry out regulated activities which are necessary

to perform pre-existing contracts.

slide-9
SLIDE 9

No Deal Brexit

9

Financial Services Contracts Regime (FSCR) (UK legislation) Supervised Run-Off (SRO)

  • Multiple categories of firms fall within the SRO.
  • This includes firms with a UK branch (operating under a freedom of establishment (FOE)

passport immediately before exit day) that did not enter the Temporary Permissions Regime.

  • Qualifying firms also enter the SRO automatically.
  • If you are unsure of which category you fall into, you should contact the FCA.
slide-10
SLIDE 10

No Deal Brexit

10

Withdrawal of the United Kingdom from the European Union (Consequential Provisions) Bill 2019

  • The Irish legislation will allow a temporary run-off regime, which, subject to a number of

conditions, will enable UK insurance undertakings and intermediaries to continue to fulfil contractual obligations to their Irish customers for a period of three years after the date of the withdrawal of the UK from the EU.

  • However, those insurers/intermediaries will no longer be able to write new insurance

contracts or continue insurance distribution in respect of new insurance contracts in Ireland until they obtain a relevant authorisation from the Central Bank.

slide-11
SLIDE 11

No Deal Brexit

11

Green Cards

  • Green Cards are internationally recognised insurance documents which provide proof of

insurance cover to law enforcement agencies. It is a hard copy document which is printed

  • n green paper or with a green background.
  • Any motorist who plans on driving their Irish registered vehicle in Northern Ireland or the

UK is advised to ensure they have a Green Card or they could possibly be subjected to the penalties for driving uninsured after that date.

  • Different means for distributing Green Cards have been adopted by insurance providers.

Some are issuing Green Cards to all their policyholders, some are issuing Green Cards to policyholders in select areas (particularly Border counties) and some are issuing Green Cards to policyholders upon request.

  • You must process a Green Card request.
slide-12
SLIDE 12

4th AML Directive

12

The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act, 2018 What does this mean?

  • Transposed on 14 November 2018
  • Effective 26 November 2018
  • Purpose is to give effect to the recommendations of the Financial Action Task Force,
slide-13
SLIDE 13

4th AML Directive

13

Business Risk Assessment

  • Identify and assess risks to the firm; assess the level of risk of money laundering/terrorist

financing involved in carrying out your business activities.

  • Various specified risk factors must be taken into account: the type of customer, products

and services, countries or geographical areas, type of transactions, delivery channels.

  • The Business Risk Assessment must be documented
  • Reviewed and managed by a designated person at regular, predefined intervals and it

must be approved by senior management.

  • It is an offence to fail to comply with these requirements.
slide-14
SLIDE 14

4th AML Directive

14

Customer Due Diligence

  • CDD must be executed at any time, including situations where the relevant circumstances
  • f a customer have changed, where the risk of money laundering/terrorist financing

warrants its application.

  • Where a person purports to act on behalf of a customer, you must verify
  • the identity of that person, and
  • that they are authorised to so act.
slide-15
SLIDE 15

4th AML Directive

15

Customer Due Diligence

  • Simplified Due Diligence
  • Low Risk
  • Enhanced Due Diligence
  • High Risk Third Country
  • Relationship/transaction presents a higher risk
  • Politically Exposed Persons - now also apply to PEPs resident in Ireland.
  • It is an offence to fail to comply with these requirements.
slide-16
SLIDE 16

4th AML Directive

16

Life Assurance Policies/PEPs

  • Additional requirements are imposed where the PEP is a beneficiary of a life assurance

policy.

  • Where you know or have suspicions that a beneficiary/beneficial owner is a politically

exposed person, or an immediate family member or a close associate of a politically exposed person, you must: (a) inform senior management before pay-out of policy proceeds and (b) conduct enhanced scrutiny of the business relationship with the policyholder

  • Due diligence measures that previously applied only to PEPs resident outside of Ireland

now also apply to PEPs resident in Ireland.

slide-17
SLIDE 17

4th AML Directive

17

Internal Policies, Controls and Procedures

  • Policies, controls and procedures must be approved by senior management and shall keep

these policies, controls and procedures under review in particular when there are changes to the business profile or risk profile of your firm. These policies, controls and procedures shall have regard to any guidelines issued by the competent authority.

  • A designated person must ensure that persons involved in the conduct of the business

(includes directors, other officers and employees) receive instruction and training in respect of the law and on how to identify transactions or other activity that may relate to money laundering or terrorist financing (suspicious transactions) and how to proceed once identified.

  • As list of the policies, controls and procedures are included in our AML Summary as issued

to members on 7 February.

slide-18
SLIDE 18

GDPR

18

Came into force 25 May 2018

  • Enhanced rights for individuals and their data
  • Enhanced obligations on firms
  • Non-compliance can result in up to €10m or 2% of global annual turnover for some

infringements, or up to €20m or 4%, whichever is the higher

slide-19
SLIDE 19

Processing Personal Data

19

GDPR requires you to maintain a record of your data processing activities and the parties

  • involved. Applicable to data controllers and data processors alike
  • Company Details, contact name of our Data Protection Officer (if you have one)
  • Purpose of the processing
  • Description of the categories of data subjects and categories of personal data
  • Categories of recipients of the personal data
  • Where applicable transfers to countries outside the EEA
  • Retention policy
  • General description of technical and organisational measures taken to ensure security of

the data

slide-20
SLIDE 20

Data Mapping

20

Must implement appropriate and effective measures to demonstrate compliance of processing activities with our data protection legislation. In order to do this you must know what data you have and where you keep it.

  • What personal data do you gather?
  • For what purpose?
  • What categories of data do you hold?
  • Who has access?
  • Who do you share it with?
  • Where is it stored?
  • How secure is it?
  • How long will you retain it?
  • How will you destroy/erase it?
slide-21
SLIDE 21

Data Mapping

21

The GDPR requires you to retain records of your data processing activities and the parties

  • involved. These are applicable to data controllers and data processors alike.

The records should state:

  • Company details, contact details of the Data Protection Officer (if applicable)
  • A general description of the security measures implemented
  • Technical (such as encryption)
  • Organisational (such as restricting who has access to your systems)
  • If transferring your data outside of the EU, document where the data is going and the

safeguards in place to protect the data.

slide-22
SLIDE 22

Employee Responsibilities

22

Process client personal data (both physical and automated) in a secure and safe manner, use it only for the purpose for which it was collected, retain it only for as long as is necessary,

  • nly share it with those who require legitimate access to it.
  • Awareness of company policies
  • Password security
  • Email security
  • Physical environment
slide-23
SLIDE 23

IT and Data Security Obligations

23

“Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”

  • Use encryption
  • Controls in place to ensure ongoing confidentiality and integrity and availability of data
  • Be able to restore access to data in timely manner in the case of physical or technical

incidents

  • Have processes in place for testing, evaluating the ongoing effectiveness of your security

measures

  • Train staff on how to keep personal data secure
slide-24
SLIDE 24

Data Protection and Brexit

24

In the event of a No Deal Brexit

  • If you or one of your service providers is transferring data to the UK, you should review the

data flows and transfer mechanisms in your firm to make sure there will be no breach in your data operations if there is a no-deal Brexit. This includes transfers of personal data from the EU to the UK and onward transfers of that data from the UK to third countries (in particular where contracts include clauses where transfer of data outside of the EU is prohibited)

  • Post No-Deal Brexit, the UK will be just like any other third country “without an adequate

data protection” regime

  • Map the personal data being transferred between your firm and the UK
  • Be fully aware if you, your outsourced providers and third parties carry out any onward

transfers between the EU and the UK

slide-25
SLIDE 25

Insurance Distribution Regulation

25

Referrals The activity of “referring” or “introducing” in respect of an insurance product is not contained within the IDR and therefore does not fall with the definition of regulated activities. This means, provision 3.25 of the Consumer Protection Code 2012 does not apply. = a fee, commission, other reward or remuneration may be paid for referrals/introductions. HOWEVER, THIS REFERS TO INSURANCE PRODUCTS ONLY AND NOT INVESTMENT OR MORTGAGE INTRODUCTIONS OR REFERRALS, WHICH CONTINUE TO BE SUBJECT TO THE REQUIREMENTS OF THE CODE.

slide-26
SLIDE 26

Insurance Distribution Regulation

26

Section 30 Receipts Provision 55 of the Insurance Distribution Regulations 2018 (IDR) removes “insurance products” and other “insurance” references from the Investment Intermediaries Act 1995 (IIA). The effect of this is that ‘Section 30’ of the IIA does not apply to insurance products. Section 30 lays out the wording of the Receipt that you issue to your customers for insurance and investment products. As of from 1 October last, ‘Section 30’ no longer applies. However, Chapter 3.5 of the Consumer Protection Code still applies. The title of your receipt should be amended by removing “Section 30”. All other wording within the receipt should remain as is. Again, this is for insurance products only.

slide-27
SLIDE 27

Investment Intermediaries Act 1995 (IIA)

27

Revocation Central Bank communication to retail intermediaries and the Intermediary Times (Dec 2018) “If an investment intermediary held its IIA registration to provide insurance policies only, in addition to its IDR registration, it should now voluntarily revoke its IIA registration.” Central Bank recently contacted Brokers to request that they revoke their IIA authorisation if it was not in use. Keep in mind that if you are revoking to amend your Terms of Business, website and all relevant documentation which may make reference to this. Check the register at www.registers.centralbank.ie if you are unsure of your authorisation.

slide-28
SLIDE 28

Non-Life Insurance (Provision of Information)(Renewal

  • f Policy of Insurance)(Amendment) Regulation 2018

28

  • Will come into effect on the 1st November 2019
  • The enhanced measures are:

a) Insurers will be required to provide the total premium for each policy option available for the customer in renewal notices (i.e. comprehensive; third party, fire and theft cover; third party only, if it is offered by the insurer); b) Extension of the renewal notification period from 15 working days to 20 working days for motor insurance and all other non-life insurance classes covered under S.I. No.74; and c) Insurers will be required to provide the amount of the insurance premium paid in the previous year for private motor insurance renewals or, where any mid-term adjustments were made to the policy during the year, an annualised premium figure.

  • Brokers Ireland will be issuing more information on this closer to November 2019.
slide-29
SLIDE 29

Any Questions?