As you are aware, there are many changes coming as a result of Brexit, especially to those brokers who have links to EU risks as well as Insurance Distribution Directive (IDD) and Passporting. One sentence that is common in my regular discussions with other Compliance professionals is “my permissions are all good and have not changed since authorisation….”.
This does start some debates and my guidance is always the same, that you should be checking your firm’s permissions on a regular basis to ensure they evolve with the business activities and, of course, change prior to undertaking new activities and with clear evidence in a durable medium held on file for any future reference.
As we know, an FCA authorised firm will have permissions to provide certain regulated products and services, an assessment by your firm should not be time consuming and could prevent regulatory action and associated reputational risk.
The first step is to assess the type of customers your firm deals with and ensure your existing permissions match these. Some firms may have started as retail customers and only have these permissions, but over time that “one-off commercial risk” has turned into a few more and now you have a small commercial portfolio.
This brings a risk to your firm if you have no regulatory customer type for “commercial business” and as such you could be acting outside of your permissions and breaching the FCA rules and principles (#11 Relations with regulators - A firm must deal with its regulators in an open and cooperative way, and must disclose to the FCA appropriately anything relating to the firm of which that regulator would reasonably expect notice).
The most common permission that I and those I talk to come across when undertaking due diligence on UK brokers, is the broker not having “assisting in the administration and performance of a contract of insurance”, and of course if you don’t undertake the regulatory activity associated with this permission then you may not need it; often the firm does need it because their activities have changed over time and they did not update permissions or it may be an error for various other reasons.
Your firm will also have to consider the RMAR implications and associated fees resulting from the relevant business type.
If your firm does identify a permission that is required then swift action is needed and should not to ignored. If in doubt, check with the FCA.
One suggestion is to assign ownership of this assessment to the person responsible for your firm’s insurance distribution as registered with the FCA. In addition, with the recent SM&CR regime implementation and requirement for Statement of Responsibilities (SoR) for each SMF, this assessment function could feature in this SoR linking with accountability.
This is a good assessment which could assist with other regulatory and legal obligations as well, so covering various requirements by undertaking one assessment.
One last simple, quick check I would also recommend is checking your firm’s Companies House number listed on the FCA register to ensure it is correct, this has come up many times and firms are having to correct it.
Here is the disclaimer (of course, it is compliance related!!)
You and your firm cannot outsource your regulatory (or legal) obligations and the responsibility for oversight still remains with your firm and its senior management.
Dip(Comp) MICA, Spec.Cert(Sanctions), Spec.Cert(CorpGov), Spec.Cert(Conduct), Cert.(FinCrime), Cert.(Comp), Cert.(AML), AwSRE, Spec.Cert(AML- PrivBanking), AwCCH MLIBF, UKFR, Cert.(KYC/CDD), Cert.(CFT), Spec.Cert(ABC)