July / August Issue
EDITION

VIEW ONLINE
SUBSCRIBE

Register with PP

Newsletter, Jobs & Event Alerts

Latest

Preparing for regulatory change

11 June 2018

How can financial adviser firms prepare themselves for new regulatory changes? The way firms responded to GDPR can provide insight, says Brooks Macdonald’s Andrew Denham-Davis

Why are major new regulatory systems for financial advisers like buses? It isn’t just that they are big and sometimes cumbersome, but also because they all seem to turn up at once.

This is a particularly heavy year for regulations. No sooner had advisers drawn breath after the introduction of MiFID II rules on January 3, 2018 – rules that affect the way that costs and charges are laid out and explained, and how and when clients are informed about the fall in value of their portfolios – than the deadline for compliance with GDPR arrived.

GDPR, or the General Data Protection Regulation, has the unfortunate potential to be the last straw for some advisory firms. It informs the way they handle and retain client data, and may also affect their database of prospective clients, all of whom must give consent to be contacted if firms are to hold their data at all.

The scramble to get ready for GDPR implementation on May 25, 2018 was made all the more difficult because financial advisers had to comply not only with the requirements of GDPR, which are enforced in the UK by the Information Commissioner’s Office (ICO), but also the requirements of the Financial Conduct Authority (FCA) around keeping data for investigation purposes.

Share the burden

Non-compliance with GDPR carries a severe penalty. As well as warnings and reprimands, the ICO can fine firms up to €20m, or 4 per cent of turnover, whichever is greater.

What’s the answer for beleaguered financial advice firms that must deal with appointing a data protection officer and running a full data audit to ensure correct consents have been obtained?

According to Matthew Pescott Frost, a director at Matthew Douglas financial advisers in Suffolk, when regulatory changes come in, the trick is to ensure the burden does not fall too heavily on any one member of the team.

“We have delegated responsibilities to various members of staff,” he says. “Divide and conquer is definitely the way to go.”

Nevertheless, he says that the “significant regulatory burden that the Government places on us” is something that keeps him awake at night. “There’s a serious cost in terms of both time and paperwork,” he adds.

Seek external help

While Pescott Frost says that the regulatory burden feels like the Government pressuring the financial services industry towards consolidation – “it is, of course, a lot easier to regulate big companies” – he’s not convinced that this is in the best interests of the clients he serves. Instead, he has chosen to bear the cost of an external compliance consultant to ensure he doesn’t fall foul of ICO or FCA rules.

“What can be hard is ensuring that you comply with the FCA and the ICO; we have been advised that the FCA trumps the ICO in terms of what data you keep.”

The FCA does not require financial advisers to appoint external compliance consultants and points out that even if you do choose to use one, you cannot outsource your regulatory obligations because the oversight still remains within your firm.

The ICO says that data protection officers can be either internal or external, so in theory you would be able to use one consultant to monitor compliance for both regulations – and many compliance consultancies offer this.

In addition to data audits and new consents from clients and prospective clients, to be GDPR compliant firms must have processes to deal with a data breach, including a plan for how to communicate with clients and the regulator. Under the new rules, this communication must happen fast, so it is vital to be prepared.

Companies that don’t wish to buckle under the strain of GDPR – or other regulatory changes – would be wise to heed Pescott Frost’s advice. The increase in penalties for firms in breach of the new rules mean that it is much better to be safe than sorry.