The ITC Compliance Network

Transcription

1 i The ITC Compliance Network The Concept From 14th January 2005, any business engaging in General Insurance activity must be regulated by the Financial Conduct Authority (FCA), formerly the Financial Services Authority (FSA). General Insurance activity is not limited to sales and includes other areas such as administration and claims handling. There may be a number of employees within your business that will be subject to the FCA rules and regulations. The ITC Compliance Network provides an alternative to full FCA authorisation, where a fully authorised Firm (ITC Compliance) takes responsibility for the regulated activities of Network Members. The sole purpose of the Network is to ensure that your customer s needs are at the forefront of everything you do, providing them with information that is clear, fair and not misleading. To ensure this ITC Compliance provide you with all of the administration tools, training resources; professional indemnity insurance (excluding travel companies) and processes you need to enable you to sell General Insurance products in line with the FCA s Treating Customers Fairly (TCF) outcomes. ITC Compliance also takes away the burden of being directly authorised by the FCA. In line with clause 3.1.iii of the Terms and Conditions of ITC Compliance Network Membership, ITC Compliance have provided this manual, which contains all the relevant policies needed in order to maintain compliance with current FCA regulations and TCF outcomes. 1

2 Table of Contents The ITC Compliance Network... 1 Table of Contents... 2 ITC Compliance Network Charter... 5 Treating Customers Fairly (TCF) Policy... 7 Introduction... 8 Purpose... 8 Responsibilities... 8 Application... 8 Monitoring & Reporting Management Information FCA Principles for Business Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Sales Practices Policy Introduction Purpose Responsibilities Application Reporting and Monitoring Remuneration Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Recruitment Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Complaint Handling Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Financial Promotions & Marketing Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Business Assurance Policy

3 Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Training & Competence Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Financial Crime Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Conflicts of Interest Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Gifts & Hospitality Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Risk Management Policy Introduction Purpose Responsibilities Application Business Continuity Plan Policy (BCP) Introduction Purpose Application Approved Persons Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Regulatory Breaches & Incidents Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Whistleblowing Policy

4 Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Record Keeping Policy Introduction Purpose Responsibilities Application Monitoring & Reporting Management Information Appendix 1: Financial Promotions Checklist Appendix 2: Example Balanced Scorecard Appendix 3: Complaint Reporting Form Appendix 4: Example Financial Promotions Register Appendix 5: Example Call Monitoring Check-Sheet Appendix 6: Potential Conflict of Interest Form Appendix 7: Conflict of Interest Self Assessment Form Appendix 8: Gifts & Hospitality Approval Form Appendix 9: Example Gifts and Hospitality Register Appendix 10: Impact Score Scale Appendix 11: Likelihood Score Scale Appendix 12: Exposure / Control Score Scale Appendix 13: Example Risk Register Appendix 14: Example Business Continuity Plan Appendix 15: Example Telephone Cascade List Appendix 16: Business Continuity Plan Test Scenarios Appendix 17: Form D Appendix 18: Incident Report Form Appendix 19: Regulatory Breaches

5 ITC Compliance Network Charter In allowing Network Members to operate under ITC Compliance s authorised regulatory status, ITC Compliance is obliged to provide you with tools, processes and procedures to enable you to trade in line with FCA rules, regulations and principles. The following Charter outlines the main commitments that ITC Compliance and you, the Network Member, agree to undertake. Network ITC Compliance commit to: 1. Supplying Network Members with Appointed Representative (AR), Introducer Appointed Representative (IAR), or Connected Contract Exemption (CCE) status to allow you to engage in General Insurance activity 2. Providing and updating as necessary the ITC Compliance Network Policies and Procedures Manual 3. Providing an on-line Training and Competence solution for all relevant staff Members 4. Providing and hosting an ITC Compliance portal for regular returns from appropriate Network Members 5. Giving 28 days notice of any changes that will affect Network Members (where possible) 6. Undertaking an audit of each site at least once a year 7. Providing a compliant sales process and systems to support this commitment 8. Complaints handling on your behalf 9. Provision of PI insurance (where applicable) 10. Provide Financial Promotions guidance and approval 11. Undertake Call monitoring (where applicable), providing feedback in a timely manner. 12. Undertake Mystery Shopping (where appropriate) to ensure continued compliance of Network Members. 13. Undertake desk based audits, ensuring Network Members continued compliance with the FCA Regulations and TCF Outcomes. 14. Undertake Website reviews, providing guidance and approval 15. Providing clear and concise feedback in a timely manner following a review that requires further action from the Network Member. 16. Undertake Terms of Business Agreement (TOBA) reviews to ensure adequate risk transfer is in place with regard to Client Money. 5

6 ITC Compliance Network Members commit to: 1. Treating Customers Fairly (TCF) in line with FCA and ITC Compliance requirements 2. Following the policies and procedures outlined within this manual in good faith 3. Where applicable, submitting the required periodic return in a timely and accurate manner 4. Notifying ITC Compliance of any changes to staff members that engage in regulated activity 5. Notifying ITC Compliance of any changes in Approved Person status 6. Notifying ITC Compliance of all insurance related customer complaints received, as soon as they are received. 7. Providing assistance and support at any audit 8. Nominating one individual to act as the Supervisor/Assessor of individual regulated staff 9. Informing ITC Compliance of any Conflicts of Interest that may have a negative impact upon the Network Member s ability to undertake the regulated activity compliantly or affecting ITC Compliance s supervision of the Network Member. 10. Inform ITC Compliance of any incidents that may impact upon the Network Member s customers, their ability to undertake the regulated activity or ITC Compliance s everyday activities or reputation, as per the Regulatory Breaches and Incidents policy. 6

7 Treating Customers Fairly (TCF) Policy 7

8 Introduction Treating Customers Fairly (TCF) is central to the corporate culture of ITC Compliance and therefore as a Network Member, you should also be able to demonstrate this. This ethos is underpinned by the FCA requirement to demonstrate the following TCF outcomes. 1. Consumers can be confident that they are dealing with firms where the fair treatment of customers is central to the corporate culture. 2. Products and services marketed and sold in the retail market are designed to meet the needs of identified consumer groups and are targeted accordingly. 3. Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale. 4. Where consumers receive advice, the advice is suitable and takes account of their circumstances. 5. Consumers are provided with products that perform as firms have led them to expect, and the associated service is of an acceptable standard. 6. Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint Purpose To ensure compliance with these outcomes, ITC Compliance have appropriate procedures which will encourage your staff to uphold the principle of TCF and the associated outcomes. This policy sets out guidance to aid understanding of the requirements to comply with the Treating Customers Fairly outcomes. Responsibilities The Approved Person should ensure they are able to evidence a culture of TCF across all staff and management levels Application The requirements for each key area are as follows: Product Development As part of the development of new and or enhanced products or service propositions prior to launch, the product provider will undertake the following: 8

9 adequate research must have been conducted to identify the target market for which they are being developed (TCF 2) the needs of clients within the target market have been satisfied by the product or service proposition (TCF 5) risks to clients must be identified and considered throughout the development process (TCF 1) development will not compromise the ability to comply with regulatory requirements (including TCF) product and service propositions must be robustly tested via marketing and financial modelling frameworks to ensure they are marketable, viable, profitable and serviceable (TCF 1) the complexity/simplicity of products or service propositions have been properly aligned with the competence and capability profiles of the clients at which they are aimed (TCF 2) product and service propositions must be clear in their pricing and charging structures so that clients can make clearly informed decisions (TCF 3) lessons learned from client feedback will be captured and fed into development processes (TCF 1) If for any reason, you feel that the products you offer fail to meet any of the above points, you should inform ITC Compliance immediately. Marketing (Financial Promotions) All marketing materials need to be clear, fair and not misleading and must comply with the FCA Rules on Financial Promotions, where applicable. (TCF 3) Promotion strategies and materials must be reviewed to ensure consistency with TCF requirements and compliance with FCA Rules. All marketing (financial promotions) must be designed to ensure that the promotion of brand, products and services, following the Financial Promotions checklist (Appendix 1) adhere to the following: Marketing must be clear, fair and not misleading, and must be approved by ITC Compliance prior to use. Marketing must ensure that clients are placed in an informed position to make well informed purchasing decisions Content should be balanced and must not promote benefits through the omission of risks Content must make clear how the product or service proposition meets the needs of the intended markets Marketing must be monitored for effectiveness in both commercial terms and reaction from clients Lessons learned from client feedback should be captured and the information used for improvement and development of material. 9

10 Sales and Advice Process As a Network Member you may conduct transactions through a number of distribution channels including face to face, the telephone, web-based, directly with clients, on both an advised and non-advised basis. An Advised Sale (you give advice) is where you give advice to a potential customer on the merits of them buying a specific general insurance product, explaining how this meets their demands and needs and recommending its purchase. This will be specific and individual advice to the customer and should not be generic. This is in addition to all of the relevant documentation, including the Status Disclosure Document, Policy Summary and full policy terms and conditions A Non-Advised Sale (you don t give advice) is where you provide information only to a potential customer leaving them to make a choice about how they wish to proceed and with no recommendation made. In this situation it is imperative that the customer is supplied with all of the relevant documentation, including the Status Disclosure Document, Policy Summary and full policy terms and conditions to enable the customer to make an informed buying decision. The following TCF Sales and Advice requirements apply to all: All sales and advice processes must be reviewed against the Financial Promotions Checklist (Apendix 1) and authorised by ITC Compliance before they are implemented. All sales and advice processes must be applied in a consistent and competent manner that complies with regulatory requirements such as being clear, fair and not misleading, informing customers of your regulatory status and providing the customer with enough information for them to make an informed buying decision. All sales documentation (paper and electronic) must satisfy appropriate creation and retention standards. Management information must enable the effective oversight of sales and advice to clients to ensure compliance with regulatory requirements. For example records of the number of complaints received, number of customer cancellations, and number of policies sold etc. Staff remuneration policies must not conflict with the overarching need to act in the interests of customers. Lessons learned from client feedback should be used for improvement and developments of sales and advice processes. To ensure compliance with this ITC Compliance provide a number of platforms on which to conduct sales, and through the online training tool, ITC Compliance ensure that your staff are able to undertake the specific regulated activity competently. After Sales Support This includes documentation of transactions, advice and evidence of cover, midterm adjustments and cancellations, renewals and access to products, services and information required by clients. 10

11 As a Network Member, you should ensure after sales support delivers the required TCF outcomes, by: ensuring clients are kept up to date with details of the business relationship with them ensuring that relationships with clients is underpinned with appropriate communications and contact to provide clients with access to relevant products, services and information ensuring that communications and contact with clients are appropriately targeted and are clear, fair and not misleading ensuring that clients are provided with the levels of service both promised to the clients and required by them as their needs dictate Claims and Complaints Handling It is extremely important that all complaints about the sale of a regulated insurance product are directed to ITC Compliance to investigate fully on your behalf. For more information, please refer to the complaints handling policy further on in this manual. When dealing with claims, whether acting for the policyholder or the insurer: Make it clear for who you are acting for with reference to the Conflicts of Interests Policy Ensure all communications are clear, fair and not misleading Deliver standards of service consistent with the importance of claims to customers Ensure that staff are appropriately trained to equip them with the necessary skills to deal with claims and complaints effectively Ensure regulatory requirements are observed at all times Gather appropriate management information to ensure lessons learned from feedback are fed into this and other processes Monitoring & Reporting ITC Compliance and the Network Members are responsible for maintaining compliance with the FCA Treating Customer Fairly outcomes. To ensure this happens ITC Compliance has robust procedures in place for the monitoring and the sign off of Financial Promotions, the monitoring of Network Member s websites and sales practises. As well as this, as a Network Member, you should act upon any feedback provided by ITC Compliance within agreed timescales and sales documentation must be completed clearly and with the customer s agreement. Management Information ITC Compliance collates Management Information including the number of policies sold and the number of complaints received. This is periodically reviewed and considered against the TCF Outcomes. This Management Information will also form a standard agenda point of periodic board meetings. 11

12 FCA Principles for Business Policy 12

13 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place. There are 11 Principles. Purpose These 11 Principles, along with the 6 Treating Customers Fairly (TCF) outcomes, are central to everything you do. This policy sets out the FCA 11 Principles for Business and explains how to adhere to them. Responsibilities You should understand that ITC Compliance are required by the FCA to commit to these Principles and recognise the importance as they impose a wider duty, not only to adhere to the regulatory rules, but also to conduct activities in the spirit of the principles. This includes ITC Compliance s Network Members. It is the responsibility of ITC Compliance, to ensure that you fully adhere to these Principles and therefore this forms the basis of the Terms and Conditions of ITC Compliance Network Membership. These Terms and Conditions can be found by logging onto ITC Compliance s website ( and once logged in clicking on the Terms and Conditions link on the footer of your Home page. Application The 11 FCA Principles for Business and how ITC Compliance adheres to them are set out below: 1. Integrity: A Firm must conduct its business with integrity. ITC Compliance ensures that ITC Compliance is able to demonstrate the business is based on honesty, trustworthiness and sound business dealings. This is demonstrated in the submission of your regular returns, documented sales practices, such as the provision of an Initial Disclosure Document (IDD), the completion of a Demands & Needs documents etc. and within clause 8 of the Terms and Conditions of the ITC Compliance Network Membership. 2. Skill, Care & Diligence: A Firm must conduct its business with due skill, care and diligence. ITC Compliance ensures that you are able to show that your business activities are structured in such a way that care and diligence are exercised on a continual basis. This is demonstrated through provision of the on-line training tool, ensuring that every member of staff is competent to perform their role within your firm. ITC Compliance also ensures that this Principle is met through monitoring Financial Promotions, website reviews and the reconciliation of your monthly figures. 3. Management & Control: A Firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. ITC Compliance has developed robust systems to stay in control of its affairs. These include the on-line training tool and as previously mentioned this enables ITC Compliance to demonstrate that all staff undertaking a regulated activity are competent to carry out that 13

14 activity. ITC Compliance has also developed systems to ensure that policies sold are done so in a compliant manner, providing the customer with all of the relevant documentation and information. As well as this ITC Compliance undertake regular audits, desk based and site based, monthly call monitoring (where applicable), website reviews and reviews of all Financial Promotions, providing guidance and approval before they are used in circulation. We collate all of the information received within Monthly MI and this is reviewed on a regular basis by Senior Management. 4. Financial Prudence: A Firm must maintain adequate financial resources. ITC Compliance ensures that it is a financially sound and suitably resourced firm to enable the undertaking of regulated activities. It is a requirement within ITC Compliance s Terms and Conditions of ITC Compliance Network Membership, under clause 4.1.i) that you shall remain solvent as assessed in accordance with the Regulations and throughout the term of ITC Compliance s Agreement. ITC Compliance shall use Credit Referencing firms to ensure that this is adhered to. 5. Market Conduct: A Firm must observe proper standards of market conduct. ITC Compliance conducts business affairs in a manner that is regarded as proper conduct and expects you, as a Network Member, to do the same. Section 4 of the Terms and Conditions of ITC Compliance Network Membership sets out how ITC Compliance expects you to comply with this Principle. For example, as an Appointed Representative Network Member, you must have an Approved Person who meets the FCA s criteria and you must be able to deliver the same level of protection to the Customer s as if they had dealt with ITC Compliance itself. This can be achieved by following the policies within this manual and making full use of the systems available to you through the Network. 6. Customers Interests: A Firm must pay due regard to the interests of its customers and treat them fairly. All customers must be placed at the centre of everything ITC Compliance do. ITC Compliance meet this Principle by reviewing Financial Promotions, websites and through call monitoring to ensure that information is presented in a way that is clear, fair and not misleading. As a Network Member, this Principle is extremely important and you must place the same importance upon this as ITC Compliance. For example this Principle can be met by issuing customers with appropriate IDD/SDD documents, undertaking Demands and Needs assessments (where appropriate) and by following authorised procedures when selling insurance to a customer. 7. Client Communication: A Firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading. This also falls in line with Treating Customers Fairly and is particularly important when using Financial Promotions and is the main reason ITC Compliance review all promotions before they are used. This is explained in more detail within the Financial Promotions and Marketing Policy. However you should note that this Principle applies to all communication you have with a customer, including information given/provided before, during and after point of sale. 14

15 8. Conflicts of Interest: A Firm must manage conflicts of interest fairly, both between itself and its customers and between a customer and another client. All Conflicts of Interest are to be identified and managed in line with the Conflicts of Interest policy. Examples of a Conflict of Interest would be if a member of staff was placing large amounts of business to a particular insurer because they previously worked at the insurer and still had friends there. Or a product provider who offers a loan and cash gift in the expectation of getting more business in return. Both of these would have to be reported to ITC Compliance, in line with the Conflicts of Interest Policy immediately. 9. Relationships of Trust: A Firm must take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to rely upon its judgement. When selling regulated insurance products, there are two routes that, as a Network Member, you can take. These are Advised and Non-Advised Sales. An Advised Sale (you give advice) is where you give advice to a potential customer on the merits of them buying a specific general insurance product, explaining how this meets their demands and needs and recommending its purchase. This will be specific and individual advice to the customer and should not be generic. The suitability of advice and any other recommendations made by you forms a key part of the insurance regulatory regime. Therefore the Statement of Demands and Needs is extremely important in regard to endorsing this Principle. You must always ensure that it is completed diligently on every occasion and used to examine (amongst other things) customer eligibility, attitude to risk, other existing insurance policies, and any major exclusions and benefits. A Non-Advised Sale (you don t give advice) is where you provide information only to a potential customer leaving them to make a choice about how they wish to proceed and with no recommendation made. 10. Clients Assets: A firm must arrange adequate protection for clients assets when it is responsible for them. It is a requirement within the Terms and Conditions of ITC Compliance Network Membership, under clause 30.1 that no Network Members handle Client Money and under clause 9.5.ii) that all Network Members shall have risk transfer granted by their Product Provider(s). This is usually granted within the Terms of Business Agreement (TOBA) between you and the specific product provider. In essence it means that all premium monies received by you should be held in a trust account, separate to all other assets you may hold, and receipt of these monies by yourself is deemed as being received by the insurer. You are therefore acting as agent of the insurer in the collecting of these premiums. 11. Relations with Regulators: A firm must deal with its regulators in an open and cooperative way, and must disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice. ITC Compliance makes a point of keeping the FCA informed as to business activities in an accurate and timely manner. In order to do this ITC Compliance, where applicable, obtain regular returns from you which enable completion of the Retail Mediation Activities Return 15

16 (RMAR) report. It is also a requirement under clause 8.3 of the Terms and Conditions of ITC Compliance Network Membership that all Network Members co-operate fully with the FCA if they gather information on their own initiative. This will include information on any Notifiable Incidents that may have occurred. Such Incidents should also be reported to ITC Compliance in line with the Regulatory Breaches and Incidents Policy. Monitoring & Reporting As previously mentioned, there are a number of ways that ITC Compliance expect you to report this required information and further details are provided in subsequent policies within this manual. Management Information If ITC Compliance s systems are used, accurate records in regard to all activities affecting these Principles will be maintained. However ITC Compliance also expects you to keep your own records, reviewing them periodically to ensure that compliance is maintained. 16

17 Sales Practices Policy 17

18 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 1, 2, 3, 6, 7 & 9 are the most relevant in relation to selling practises. In addition TCF outcomes 1, 2, 3, 4 and 5 also apply. The Insurance Conduct of Business Sourcebook (ICOBs) within the FCA Handbook outlines the requirements for the selling of insurance products. Its overall aim is to ensure that customers are treated fairly by providing them with clear and fair information when they are sold an insurance product. Purpose This document outlines ITC Compliance and Network Member s regulatory requirements with regard to undertaking regulated insurance sales (non-advised and advised). It provides guidance on what should be incorporated into face to face and telephone sales processes in order to ensure sales are made in a compliant manner and that customer detriment is avoided. Responsibilities ITC Compliance as the Principal will ensure that as a Network Member, you are able to evidence a culture of good sales practices across all staff and management levels Application As per clause 9.2 in the Terms & Conditions of ITC Compliance Network Membership, the following process should be followed. This process applies to all sales staff on the Network. It is your responsibility to ensure that the information contained within this policy is provided to, and understood by, all members of staff for whom ITC Compliance have regulatory responsibility. The Sales Process The sales process described below and the requirements imposed apply to all sales of insurance products. There are essentially five broad stages to the sales process (not including the renewal process): Step 1 Step 2 Step 3 Step 4 Step 5 Status Disclosure Eligibility and Disclosure of Material facts Statement of Demands and Needs Product Disclosure Price Disclosure The specific requirements that need to be followed under each of the headings above are discussed in more detail below. The sales process that needs to be followed will vary depending upon whether the firm operates on an advised or a non-advised basis and applies to all customers. ITC Compliance operates on both an advised and a non-advised basis, i.e. some firms operate an advised sales process and others have a non-advised sales process. 18

19 Advised Sale An Advised Sale (you give advice) is where you give advice to a potential customer on the merits of them buying a specific general insurance product, explaining how this meets their demands and needs and recommending its purchase. This will be specific and individual advice to the customer and should not be generic. In this situation it is imperative that the customer is supplied with all of the relevant documentation, including the Status Disclosure Document, Policy Summary and full policy terms and conditions to enable the customer to make an informed buying decision If a firm (Network Member) elects to operate on an advised basis then it must hold the relevant permissions to do so with ITC Compliance. It is therefore essential that all staff and agents are aware of what they can and can t say when selling insurance products on behalf of the business. Status Disclosure and Scope of Service As part of the sales process (both advised and non-advised) all customers must be provided with the following information: The name of the firm and the address. That the firm is an Appointed Representative of ITC Compliance that is authorised and regulated by the FCA. The scope of the service to be provided (i.e. that the customer will receive advice). Whose products the firm will offer, i.e. does the firm only deal with one insurer or will products/service from a range of insurers be offered? Whether the customer will have to pay a fee for the services offered. The process for making a complaint and the availability of the Financial Ombudsman Service. That the firm is covered by the Financial Services Compensation Scheme (FSCS). This information must be provided before the sale is completed. In most cases this information is provided in an Initial Disclosure Document (IDD). A paper based, bespoke version of this document can be found under the Compliance Documents section of the ITC Compliance website. The ITC system will also generate a bespoke copy of this document as you proceed to undertake a sale. For a face to face sale it is sufficient to provide the customer with a copy of the IDD at the time of the sale. For a telephone sale, it is permissible for limited information to be provided over the telephone, if express consent to receiving only limited information is obtained from the customer. This is of course on the basis that the full information (i.e. an IDD) is provided to the customer in written format immediately afterwards (i.e. sent via the post or by , in a pdf format, to the customer). For telephone sales there are two possible scenarios that can be followed, depending on whether the customer agrees to receive limited information. If the customer agrees to receive limited information verbally the information that must be provided is: 19

20 The name of the sales agent, the firm they represent and the purpose of the call. Details about the service that can be provided by the firm, i.e. You are an insurance broker, you will be providing advice. Whether the customer will have to pay a fee for the services offered. The possibility of other taxes that may be payable. Details on the cancellation rights (cancellation rights are only applicable for retail consumers). That other information is available on request. Important: If the customer does not agree to receive limited information, the full information as set out in the IDD, must be provided verbally to the customer. Statement of Demands and Needs If you are following an advised sales process, you must complete a Statement of Demands and Needs form with the customer. The suitability of advice and any other recommendations made by you forms a key part of the insurance regulatory regime. Therefore the Statement of Demands and Needs is extremely important. You must always ensure that it is completed diligently on every occasion and used to examine (amongst other things) customer eligibility, attitude to risk, other existing insurance policies, and any major exclusions and benefits. The form should include the following: The customer s specific demands and needs An assessment of the customer s affordibility to ensure that purchasing the product will not cause financial hardship Confirm that a personal recommendation has been made Confirm the reasons why that contract is being recommended i.e. the reasons why the policy meets the demands and needs of the customer When operating on an advised basis there are additional requirements that must be fulfilled. Primarily you must take appropriate steps to ensure the suitability of the insurance product that you are recommending. This Statement of Demands and Needs is available through ITC Compliance s different systems and therefore does not need to be generated by you. However if for any reason you feel that the Statement of Demands and Needs does not fit the product being sold, you must notify ITC Compliance immediately so that any amendments can be made. The following additional steps should be incorporated into the advised sales process: Step 1 Establish the customer s demands and needs Seek relevant information from the customer concerning their circumstances and objectives in order to identify their requirements. This must include any facts that would affect the type of insurance recommended, such as any relevant existing insurance policies. Take into account information known to them, in respect of other contracts where advice or information has been provided. Explain to the customer their duty to not misrepresent any material facts both before the contract commences and throughout its 20

21 Step 2 Matching suitability to products duration. The Adviser must take into account the information the customer discloses. In assessing whether a contract is suitable to meet a customer s demands and needs an Adviser must take into account: Whether the level of cover is sufficient for the risks the customer wishes to insure. The cost of the contract where it is relevant to the customer s demands and needs. The relevance of any exclusion, excesses, limitations or conditions in the contract. The Adviser must inform the customer of any demands & needs which are not met. Step 3 Presenting solutions Advisers must take reasonable steps to ensure that any personal recommendation made is suitable for the customer s demands and needs at the time the recommendation is made. The reason why a specific recommendation is being made must be clarified. A recommendation may be made that does not meet all of the customer s demands and needs provided: There is no suitable contract available. The Adviser identifies to the customer, when the personal recommendation is made, the demands and needs that are not met. If details of the customer s existing insurance arrangements are not available and they would significantly affect the personal recommendation that would be made then the Adviser should: Not make a personal recommendation until details are available without making it clear to the customer that this may not be suitable because not all details can be accounted for. If the customer acts on the personal recommendation then all these records/details must be retained and clearly identifiable on the customer s file. 21

22 Non Advised Sales A Non-Advised Sale (you don t give advice) is where you provide information only to a potential customer leaving them to make an informed choice about how they wish to proceed and with no recommendation made. In this situation it is imperative that the customer is supplied with all of the relevant documentation, including the Status Disclosure Document, Policy Summary and full policy terms and conditions to enable the customer to make an informed buying decision. Status Disclosure and Scope of Service As part of the sales process (both advised and non-advised) all customers must be provided with the following information: The name of the firm and the address. That the firm is an Appointed Representative of ITC Compliance that is authorised and regulated by the FCA. The scope of the service to be provided (i.e. no advice will be given). Whose products the firm will offer, i.e. does the firm only deal with one insurer or will products/service from a range of insurers be offered? Whether the customer will have to pay a fee for the services offered. The process for making a complaint and the availability of the Financial Ombudsman Service. That the firm is covered by the Financial Services Compensation Scheme (FSCS). This information must be provided before the sale is completed. In most cases this information is provided in an Initial Disclosure Document (IDD). This document can be found under the Compliance Documents section of the ITC Compliance website. For a face to face sale it is sufficient to provide the customer with a copy of the IDD at the time of the sale. For a telephone sale, it is permissible for limited information to be provided over the telephone, if express consent to receiving only limited information is obtained from the customer. This is of course on the basis that the full information (i.e. an IDD) is provided to the customer in written format immediately afterwards (i.e. sent via the post or by to the customer). For telephone sales there are two possible scenarios that can be followed, depending on whether the customer agrees to receive limited information. If the customer agrees to receive limited information verbally the information that must be provided is: The name of the sales agent, the firm they represent and the purpose of the call. Details about the service that can be provided by the firm, i.e. You are an insurance broker and you will not be able to provide any advice. Whether the customer will have to pay a fee for the services offered. The possibility of other taxes that may be payable. Details on the cancellation rights (cancellation rights are only applicable for retail consumers). That other information is available on request. 22

23 Important: If the customer does not agree to receive limited information, the full information as set out in the IDD, must be provided verbally to the customer. Statement of Demands and Needs When following a non-advised sales process, the format of the Statement of Demands and Needs is different as it is simply a statement informing the customer, which of their demands and needs have been met by the policy. For example; This product meets the demands and needs of those wishing to insure the contents of their home. A Demands and Needs statement must be provided in writing to the customer before they buy the policy. If the customer is sold the insurance policy over the telephone this information can be provided verbally but must be sent to the customer in writing immediately afterwards. This Statement of Demands and Needs is available through ITC Compliance s different systems and therefore does not need to be generated by you. However if for any reason you feel that the Statement of Demands and Needs does not fit the product being sold, you must notify ITC Compliance immediately so that amendments can be made. Eligibility and Misrepresentation Eligibility As a Network Member, it is your responsibility to ensure that their sales process confirms a customer s eligibility to claim under the policy. If there are any known exclusions, checks should be undertaken to see whether these would mean that the customer would be unable to claim on a policy should the need arise. For example, if the policy would not cover a car for racing purposes should the policy be sold to the driver looking to take his car racing at the weekends? If during the sales process it is identified that only parts of the insurance cover apply to the customer, then steps must be taken to ensure that the customer is made aware of this. The golden rule is that the customer must be provided with sufficient information about what the insurance policy will and will not do, to be able to make an informed decision about whether that policy is right for them. Misrepresentation The insurer will use the information provided by the customer to assess the risks of providing the cover and to determine whether or not to accept that risk and what the premium will be. Since the CIA (Consumer Insurance Act) came into effect in April 2013 customers are under a duty not to misrepresent. It is therefore imperative that the customer is asked specific questions for underwriting purposes and you should not rely solely on the customer s disclosures. If key information is omitted during the sales process but comes to light during the claims process, the insurer could be entitled to reject the claim. However Insurers cannot decline claims if they have not asked the correct and relevant question. 23

24 Important: At any time during the contractual relationship the consumer is entitled, at their request, to receive the contractual terms and conditions on paper. The consumer is also entitled to change the means of distance communication used unless this is incompatible with the contract concluded or the nature of the service provided. Product Disclosure As part of the sales process (both advised and non-advised) customers must be provided with sufficient and appropriate information about the product to allow them to make an informed decision. The information should be modified to reflect the type of customer purchasing the policy. The information can be provided in a Policy Summary, which must be provided in writing and must be provided to the customer at the time of the sale (for a face to face sale) or immediately afterwards (for a telephone sale). It is not mandatory to provide a policy summary for all products however where this is provided, the responsibility for creating a policy summary rests with the insurer, whilst the responsibility for providing the policy summary to the customer rests with you. Price Disclosure Before the customer makes the decision to purchase the policy they must be provided with details of the full price to be paid for the insurance product to ensure that purchasing the policy will not cause any financial hardship to the customer. This will need to be broken down to include: The cost of the insurance policy, including IPT The cost of any optional extras (i.e. legal expenses), including IPT The total cost payable (i.e. the insurance premium plus the cost of optional extras) Providing Evidence of Cover Following the conclusion of the sale the customer should be provided with: Confirmation of the insurance, including a breakdown of the total premium paid Evidence of the cover provided Full policy wording containing all the terms and conditions Details on how to cancel the policy (NB cancellation rights are only applicable for retail consumers) Details on how to make a claim Details on how to complain and the right to refer complaints to the Financial Ombudsman Service (FOS) Details of the Financail Services Compensation Scheme (FSCS) Cancellations Retail consumers are provided with cancellation rights. Effectively this means that they have 14-days (30 days for protection policies) in which to change their mind about the purchase of their insurance policy. If a retail consumer wants to cancel their insurance policy they do not have to provide any reason for the cancellation. The cancellation period begins from the day the policy is sold; or if later, from the day that the retail consumer receives the policy terms and conditions. 24

25 Where a retail consumer chooses to cancel their policy within the cancellation period they are entitled to a full refund of the premium paid. The only exceptions to this are where a claim has already been made and paid under the policy, or if a cancellation/administration fee is payable. Renewals This section is only applicable if you carry out policy renewals on behalf of an Insurer. The customer must be provided with full renewal terms, including a breakdown of the cover and price. The renewal terms must include the following information: Details of the insurance cover provided, including any optional extras selected (NB it must be clear to the customer what level of cover is provided and which extras selected are optional). A full breakdown of the renewal premium (see Section 3.7 Price Disclosure) Details of the renewal date and whether the policy will renew automatically or if the customer needs to take some action Evidence of the cover provided. A statement of any changes to the terms of the policy and an explanation of those changes. A statement advising the customer who they should contact if their circumstances have changed and they need to make amendments to their policy. The materials facts disclosure (see Section 3.4) As a general rule, customers should be provided with renewal documentation at least 21 days before the renewal date. This is to ensure that all customers have sufficient time to review the documents, make any amendments if necessary or seek alternative providers. Reporting and Monitoring ITC Compliance s bespoke system allows for the monitoring and reporting of both advised and non-advised sales. Where appropriate it is your responsibility to report your sales figures to ITC Compliance through your periodic returns. All scripted sales processes are approved by ITC Compliance prior to use; any new script request should follow the Financial Promotions Policy procedure. 25

26 Remuneration Policy 26

27 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principle 3 is the most relevant to remuneration. In addition Treating Customers Fairly outcome 1 also applies. In addition the following rule from the Systems and Controls Rulebook: SYSC 3.1.1R A firm must take care to establish and maintain such systems and controls as are appropriate to its business. Purpose ITC Compliance is required to manage Network Member s staff remuneration, including incentives in such a way that any potential risk of miss-selling is reduced. As per clause 5.3 within the Terms and Conditions of ITC Compliance Network Membership, you may not accept any secret profit, income or inducement from any Product Provider, which provides an incentive to promote or recommend any one product in preference to other products. The FCA has published guidance in this area including good and bad practice. This policy refers to that guidance to aid understanding of the requirements when considering how staff and management working in an FCA regulated environment should be remunerated. It also details the risk mitigation actions that both ITC Compliance and you should take. Responsibilities ITC Compliance has documented and implemented robust procedures for the effective management of remuneration schemes. Application It is acceptable to incentivise staff to sell, but this must never be at the customer s expense and the risks will be managed appropriately. The FCA has highlighted a series of failings, which are detailed below. Management must consider these when any incentive or remuneration scheme is created or reviewed: Firms failing to identify how incentive schemes might encourage staff to miss-sell, suggesting they had not sufficiently thought about the risks. Firms failing to understand their own incentive schemes because they are so complex, therefore making it harder to control them. Firms not having enough information about their incentive schemes to understand and manage the risks. Firms relying too much on routine monitoring, rather than taking account of the specific features of their incentive schemes. Sales managers with clear conflicts of interest that are not properly managed. Firms having links to sales quality built into their incentive schemes that were ineffective. Firms not doing enough to control the risk of miss selling in face-to-face situations. 27

28 Your remuneration scheme must be documented and available upon request at audits undertaken by ITC Compliance. ITC Compliance use the term mis-selling in this document to refer to a failure to deliver the following fair outcomes for consumers: customers are treated fairly (TCF 1) customers understand the key features of the product and whether they are being given advice or information (TCF 3, 4) customers are given information that is clear, fair and not misleading (TCF 3) information that enables them to make an informed decision before purchasing a product or service (TCF 3) customers buying on an advised basis are recommended suitable products. (TC4) As part of your remuneration policy, management must consider the following: if the incentive schemes increase the risk of mis-selling review whether the governance and controls are adequate take action to address any inadequacies this might involve changing the scheme where risks cannot be mitigated, take action to change the scheme consider the impact of performance management for scheme members A good Incentive Scheme should include the following: a quality (compliant) element consideration of client cancellations a capped (or decreasing) incentive i.e. reducing or capping bonus when a sales volume is approached. This avoids the temptation to rush sales through deferred bonus payment (maybe subject to quality over a longer period e.g. half year, yearly) balanced scorecard, incorporating 4 measures that the sales staff will be assessed against. One of these measures must be from a customer s perspective (TCF). An example of this is shown in Appendix 2. No scheme must contain significant remuneration boosts for achieving sales targets alone at given points in time. These are known as cliff edges or precipices. Monitoring & Reporting You must maintain records of all incentive schemes for all employees Management Information You should ensure all staff have documented Key Performance Indicators (KPI s) which may be periodically reviewed to ensure there are no incentives to mis-sell as per the FCA guidance. 28

29 Recruitment Policy 29

30 Introduction The Financial Conduct Authority (FCA) expects businesses to conduct their business within the rules and Principles for Business they have put in place. There are 11 Principles in total; however Principles 1 and 3 are most relevant to recruitment: 1. Integrity: A Firm must conduct its business with integrity. 3. Management & Control: A Firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. In addition the following rule applies from the Systems and Controls Rulebook: SYSC 3.1.1R A firm must take care to establish and maintain such systems and controls as are appropriate to its business. In addition, Treating Customers Fairly customer outcome 1 is; 1. Customers can be confident that they are dealing with a firm where the fair treatment of consumers in central to the corporate culture. If the recruitment is for an Approved Person then there is an additional requirement that ITC Compliance satisfies the FCA that a candidate is fit and proper to perform the controlled function applied for. Purpose ITC Compliance perform adequate due diligence when recruiting new staff into a regulated environment Recruiting an inappropriate individual could lead to customer detriment and/or negative action against ITC Compliance which could lead to regulatory fines or penalties. This policy sets out guidance to aid understanding of the requirements when recruiting in an FCA regulated environment. It is not intended to cover all Human Resource or Equal Opportunities obligations. Responsibilities ITC Compliance has documented and implemented robust procedures for the effective recruitment of new staff. 30

31 Application ITC Compliance has implemented robust procedures around recruiting new staff. If the recruitment is for an Approved Person i.e. someone who carries out one of the below defined FCA controlled functions then additional fitness and Propriety requirements apply. Significant influence functions (SIF) Customer functions CF 1 Director function CF 2 Non-executive director function CF 3 Chief executive function CF 4 Partner function CF 5 Directors of an unincorporated association CF 6 Small friendly society function CF 8 Apportionment and oversight function (Non-MiFID business only) CF 10 Compliance oversight function CF 10A CASS Oversight Operation Function CF 11 Money laundering reporting function CF 12 Actuarial function CF 12A With-profits actuary function CF 12B Lloyd's Actuary function CF 28 System and controls function CF 29 Significant management function CF 30 Customer function The requirements around Approved Persons fitness and Propriety are covered in more detail in the Approved Persons Policy. Regardless of whether an individual holds a controlled function they still need to be competent to perform their work in a regulated environment. It is the responsibility of the CEO and Director to ensure that all staff are competent to fulfil such roles. Given the risk that poor management can pose to our financial soundness, ITC Compliance ensure that such Approved Persons are fit and proper to carry out their roles. As an ITC Compliance Network Member you should ensure all staff engaged in regulated activity are able to meet the required standards set out in this policy. This includes the ability to pass training modules and conduct sales in a competent and compliant manner. ITC reserve the right to decline an individual s approval to conduct regulated activity, should they fall short of the required standard. Monitoring & Reporting ITC Compliance maintain our own records in relation to recruitment, this will include: References obtained on individuals covering the last two years Work history over the past five years Form A and FCA correspondence if holding a controlled function (CF) Details of history where this may have an impact on ITC Compliance or could potentially lead to consumer detriment Proof of ID and entitlement to work in the UK 31

32 The CEO and Director within ITC Compliance will have overall responsibility for adherence to this policy. Management Information ITC Compliance verifies work and personal history appropriately in relation to the function they are to perform. Record Keeping ITC Compliance will retain copies of recruits references These records will be retained in line with ITC Compliance record keeping policy. This policy will be reviewed periodically and historical records of changes retained for 6 years. 32

33 Complaint Handling Policy 33

34 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 5, 6, 8, 9 and 11 are most relevant to complaint handling. In addition Treating Customers Fairly Outcomes six is also relevant. Purpose The definition of a complaint is: Any expression of dissatisfaction, either oral or written, whether justified or not, from or on behalf of, a customer or prospective customer, in relation to a regulated activity. As a Network Member of ITC Compliance, ITC Compliance expects all complaints, as defined above, to be passed to them as soon as they have been received. Further details can be found later in this policy. Responsibilities In the event that a customer wishes to complain or express dissatisfaction about an insurance product sold by you, you must ensure that all staff are familiar with the complaints process and understand how to handle such a situation. As per section 10 in the Terms and Conditions of ITC Compliance Network Membership, all complaints received with regard to General Insurance Products, for sales made or advice given whilst you are/were a member of the ITC Compliance Network, must be submitted to ITC Compliance IMMEDIATELY. Application In order to deal with complaints, ITC Compliance use and maintain a comprehensive Complaints Management System. You must provide ITC Compliance with any information, assistance or clarification as required to investigate the complaint fully and thoroughly. All complaints must be registered whether or not the complainant appears to be justified in his/her actions. You can register the complaint using the Complaint Reporting Form (Appendix 3) or through ITC Compliance s website. When registering the complaint through the ITC Compliance website select the add a complaint option from the navigation page and follow the onscreen instructions. Once you have submitted your complaint you will be presented with a Complaint ID for your reference. From the complaints submission you will also be able to access active and archived complaints, simply follow the onscreen instructions. In the event of a serious complaint being upheld against you, ITC Compliance reserves the right to amend or revoke Membership of the Network. Should the customer complaint be upheld and compensation payable in line with ITC Compliance Terms & Conditions of Business, this will be your responsibility. If you receive a complaint with regard to the sale of a General Insurance Products prior to you becoming an ITC Compliance Network member, it should be dealt with directly by you. 34

35 Upon receipt of the form ITC Compliance shall: Date stamp it, and log it on the Complaint Management System. Assess if the complaint is for you or a third party, e.g. insurer. If the complaint is not for ITC Compliance, the Complaint Handler will ensure it is passed to the correct business immediately, by use of the quickest method, e.g. scan to or fax to their nominated Complaint Handler. Once the complaint has been logged and it has been established that the complaint is to be handled, ITC Compliance shall undertake a thorough review to ascertain if the complaint can be resolved by close of play of the next working day. If ITC Compliance feels it can be resolved within this timescale, ITC Compliance shall contact you and provide their findings so that you can decide if you wish to proceed with the resolution. If a complaint is resolved by the close of the next working day, there is no requirement for it to be reported to the FCA. Investigating the complaint Once a complaint has been received, ITC Compliance has 8 weeks or 56 days to undertake a thorough investigation. During the investigation of the complaint ITC Compliance may ask for further information from the complainant and yourselves. When this request is received, ITC Compliance must receive a prompt response from you, even if you do not have the information requested. If this is the case, your prompt response will allow ITC Compliance to pursue other avenues to obtain the required information. If after 8 weeks or 56 days, the required information has still not been received from the complainant or Claims Management Company, which would allow ITC Compliance to resolve the complaint, an 8 week holding letter is issued to the customer. This will detail the exact information outstanding and explain the reasons why ITC Compliance is not able to respond without this information. If the information ITC Compliance are waiting for has been requested from the customer, ITC Compliance shall confirm ITC Compliance are closing their complaint, however, upon receipt of the required information, the complaint will be re-opened and investigated fully. If the information has been requested from you or another third party, ITC Compliance shall explain this to the customer and provide them with a timescale for when ITC Compliance expect to issue a response. ITC Compliance will also provide them with details of how to contact the Financial Ombudsman Service and the applicable 6 month time limit, if they are not satisfied with this outcome. Upon receipt of all of the required information ITC Compliance shall present its findings to you with a recommendation of how to answer the complaint. Should you disagree with this recommendation, ITC Compliance will make a decision based on all available evidence, taking into account regulatory and FOS precedents and our previous experience of any similar related complaints. This is in our capacity of Principal and being directly responsible to the FCA. Throughout this process ITC Compliance shall be on hand to offer advice if it is required. 35

36 A table of decision definitions is below: Decision definitions: Upheld Partially Upheld Rejected Where ITC Compliance agree with all the issues being raised by the complainant and may recomend redress/compensation or ex gratia payment. Where ITC Compliance agree that some of the issues being raised were the fault of the Network Member and may recomend redress/compensation or ex gratia payment. Where ITC Compliance do not agree with the complainant, no payment of redress/compensation or ex gratia will be made. Once the decision has been made, a final response letter is drafted and sent to you for review before being issued to the customer via recorded delivery post. This letter will also provide the customer with details of how to contact the Financial Ombudsman Service and the applicable 6 month time limit, if they are not satisfied with this outcome. Redress/Compensation All redress and compensation payments are the responsibility of the Network/Former Network Member. In many cases the amount of redress/compensation will involve an element of judgment as to what is appropriate; however, care should be taken to ensure that any redress is fair and consistent across complaints that are of a similar nature. The fundamental objective of redress is to put the eligible complainant back into the position they would have been in if the issue had not occurred. All redress, including compensation, ex gratia and goodwill gestures should be approved and authorised by ITC Compliance, before being offered. The Financial Ombudsman Service (FOS) The FOS is an independent dispute resolution service available to eligible complainants. Complainants have 6 months from the date of the final response letter to take their complaint to the Ombudsman if they remain unhappy with the final decision. If the complainant exercises this right, the Ombudsman will contact ITC Compliance in order to obtain sufficient information to carry out their own investigation. The FOS will charge a fee to the company for every complaint that it has to adjudicate upon. Any correspondence you receive from the FOS must be sent to ITC Compliance, who will check the Complaint Management System to establish the status of the complaint (new or existing, open or closed). ITC Compliance is responsible for all FOS correspondence and assessing whether the FOS involvement can be challenged or negotiating where settlement can be arranged informally. The FOS will consider complaints from an eligible complainant, where a final response has been issued or where the complaint has been outstanding for a period of over 8 weeks. An eligible complainant can be classed as: 36

37 A Consumer: an Individual acting in his or her own private capacity. Examples would be customers with GAP, SMART, Mechanical Breakdown Insurance and Rescue and Recovery Insurance. A Micro-Enterprise: a business which employs fewer than 10 people and has a turnover that does not exceed 2 million. If a consumer takes a complaint to the FOS before complaining to ITC Compliance, the FOS will refer the complaint back to ITC Compliance to be fully investigated. If the complaint is then resolved to the consumer s satisfaction, they will have no further involvement in the case. Financial Ombudsman Process When the FOS receives a complaint they will notify ITC Compliance in writing. At this point ITC Compliance shall inform you of their involvement and provide them with the Final Response and all supporting Documentation. They will conduct an independent review and respond to ITC Compliance and the customer when a decision has been made. If the FOS find in favour of the customer and decides that redress is payable, ITC Compliance are able to appeal this decision. Details of the FOS decision will be sent to you with confirmation of how ITC Compliance is to proceed. If ITC Compliance are appealing the adjudication ITC Compliance will explain the decision to the FOS and ask that an Ombudsman to review the case. The case shall then be passed to an Ombudsman, who will make a final decision on whether to uphold or reject the complaint. If the complaint is upheld by the Ombudsman, this outcome is binding on ITC Compliance and yourselves and will be dealt with promptly. The FOS will generally try to negotiate an agreed settlement with both parties before reaching a final decision. Case fees Under Clause 5.5 and 12.1 in the Terms and Conditions of ITC Compliance Network Membership, you are responsible for settling your own fees when the invoice is received by ITC Compliance from the FOS. A case fee becomes chargeable when the complaint is passed on for investigation to the FOS casework teams and is payable when the case is settled and closed. An invoice for the case fee will usually be sent to ITC Compliance at the end of the month in which the case is closed. The current case fee is 550 for general insurance; however this fee will not be chargeable if ITC Compliance can negotiate a settlement with the complainant prior to investigation by FOS. Monitoring & Reporting ITC Compliance maintains complaint records to ensure that all complaints are dealt with within the FOS 8 week timescale. ITC Compliance will also monitor the causes of a complaint to ensure that any common causes are identified to mitigate future complaints. One way of achieving this is through Root Case Analysis (RCA). 37

38 Management Information Management information pertaining to the results of Complaint handling will capture: The outcome and any redress paid The root cause of complaints and resultant action Any FOS referred complaints Any feedback necessary and given to the AR or Network members 38

39 Financial Promotions & Marketing Policy 39

40 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 6 and 7, as detailed in the FCA Principles for Business Policy, are most relevant to financial promotions and marketing material. In addition, TCF outcomes 2, 3 and 5 also apply To ensure that these principles and TCF outcomes are met, the FCA has set out specific rules and guidance around financial promotions, within the FCA Handbook, Insurance Conduct of Business sourcebook chapter 2.2 Communications to clients and financial promotions. This policy sets out procedures to allow you to adhere to the handbook. Purpose As your Principal, it is ITC Compliance s responsibility to ensure that financial promotions and marketing material produced by you are clear, fair and not misleading. ITC Compliance also ensures that you incorporate all the legal requirements and can evidence meeting the principles and TCF customer outcomes. This policy sets out guidance for Network Member s staff to follow to aid development and approval of financial promotions and marketing material. Responsibilities ITC Compliance have documented and implemented robust procedures for the effective management, design, production and use of all Financial Promotions. All Network Members must have financial promotions approved by ITC Compliance, prior to use. It is extremely important, that the Financial Conduct Authority s logo is not used on any documentation produced by you as this is subject to copyright. Application The Financial Promotions, Marketing and Customer Facing Material that ITC Compliance will approve include the following: advertising standard letters press releases forms internet copy (i.e. text) and websites mobile phone, radio and television communications, and new media (including social networking websites, forums, blogs and iphone applications), telesales scripts face to face system generated questions The above list is not exhaustive As a Network Member, you are responsible for creating the financial promotion and submitting them to ITC Compliance for sign off and authorisation for use. However before 40

41 submitting the financial promotion to ITC Compliance you should complete the Financial Promotions Checklist (Appendix 1). This should be attached to the Financial Promotion when it is submitted for sign off. We will not accept any Financial Promotion that does not have a completed checklist attached. You should submit all Financial Promotions to the Compliance Department for review via complianceteam@itccompliance.co.uk. Once received you should allow 5 working days for the Compliance team to review the promotion and provide feedback. Where feedback is given, this should be acted upon swiftly. It is your responsibility to ensure that the feedback is acted upon and any amendments are sent back to the Compliance Officer, handling the promotion, for final sign off. Once the required amendments have been received or the Compliance Officer is happy that the promotion satisfies all of the regulatory requirements, final sign off shall be given. This will be given via and will be accompanied by a reference number and a validity period. Please note ITC Compliance only look at adverstiments or promotions in line with FCA requirements. It is your responsibility to ensure that your advertisment meets with other relevant advertising codes and legislation. Under no circumstances can a promotion be used without first obtaining this sign off or outside of the validity period (normally 1 year from the date the promotion is signed off). If the validity period expires you must resubmit the promotion for review and sign off. ITC Compliance will keep sufficient records of all financial promotions submitted. This will include version control, target audience, medium used (e.g. magazine), validity period and sign off. 41

42 When signing off a financial promotion, ITC Compliance will consider the following: - The content should include reference to the company (or trading) name and an address or contact point; this should also include the telephone number at which the company may be contacted The content should clearly state the Firms Regulatory Status e.g. as an Appointed Representative Where a promotion features benefits and associated exclusions these must be shown in equal prominence, this also includes the font size used in the promotion. All statements and comparisons should be accurate, have been checked and can be supported by evidence. Marketing language should not be exaggerated or over-promised. Benefits should be factual and not over-stated. The product being promoted in the advertisement/financial promotion should be suitable for the target audience. The language used should be clear and as jargon-free as possible (particularly in relation to terms, conditions and exclusions). Jargon terms that are included should be explained or a cross reference provided. Product restrictions, exclusions or limitations must be in plain English. If the premium is shown, it should be clear that this includes Insurance Premium Tax. Where applicable a firms VAT number should be clearly displayed. The following regulatory statement should be included on the promotion; [Enter firm name] is an appointed representative of ITC Compliance Limited which is authorised and regulated by the FCA (their registration number is ) and which is permitted to advise on and arrange general insurance contracts. Adherence to this policy is vitally important failure to comply could result in you being in breach of regulations and possible mis-representation of products and/or services. As a result you may be liable to both ITC Compliance and regulatory focus and possible censure. Monitoring & Reporting ITC Compliance will maintain records of all financial promotions, including: type of material, e.g. letter, website text target audience, e.g. end customer, AR, Broker the business owner/requestor evidence of TCF consideration document how this has been considered date submitted for business sign off and who to date returned following business sign off and who approved it approved/not approved and reasons for non approval version control all correspondence e.g. s relating to financial promotion/marketing material; how long approval is valid for As a Network Member you should also maintain records of all financial promotions submitted, especially the validity period assigned to a specific promotion. This should be kept within your Financial Promotion Register (Appendix 4) 42

43 Management Information ITC Compliance will review financial promotion Management Information to identify and monitor any relevant trends. This could include, for example, complaints Management Information resulting from a misleading financial promotion. Appropriate action will be taken for any trends identified. 43

44 Business Assurance Policy 44

45 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 2, 3, 6 and 9 are most relevant to business assurance. In addition Treating Customers Fairly Outcomes 1, 2, 3, 4, 5 and 6 also apply. Purpose ITC Compliance ensure that all regulated activities are undertaken within the scope of the FCA rules and regulations by means of site audits, document reviews, website reviews, call monitoring, mystery shopping, file reviews and reviews of your regular returns. This policy sets out how ITC Compliance ensures Business Assurance and the procedures you need to follow to achieve this. Responsibilities ITC Compliance has documented and implemented robust procedures for the effective management of Business Assurance and you are responsible for assisting ITC Compliance in providing the required information to allow them to fulfil these obligations. Application Document Reviews ITC Compliance has robust procedures for the production and approval of compliance documents. This includes, but is not limited to: Initial Disclosure Document Statement of Demands and Needs Status Disclosure Document All approval requests should be submitted as per the Financial Promotions Policy. Documents will be periodically reviewed in the event of changes in FCA regulations. Any non-compliant or non-approved material should be destroyed. Failure to comply with this policy could result in being in breach of regulations and possible miss-representation of products and/or services and therefore liable to regulatory focus and possible censure. Website Reviews In line with clause 9.4 within the Terms & Conditions of ITC Compliance Network Membership, ITC Compliance shall undertake reviews of your website(s). This is to firstly ascertain if insurance is sold via the website. If this is the case, ITC Compliance shall review the entire sales path to ensure that all insurance policies are being sold compliantly. ITC Compliance follows a checklist that maps the requirements against the ICOBS rulebook and TCF outcomes to ensure that the website meets regulatory requirements. 45

46 All reviews are documented within ITC Compliance s website review log and any feedback will be sent to you. Once this feedback has been received you should act upon it accordingly and in a prompt manner. This is extremely important as your website will be live 24 hours a day and therefore if there are problems, a customer may be mis-sold a general insurance policy at any time. This could lead to poor TCF outcomes and complaints. If, during the review ITC Compliance find any major issues, or if you have not acted on feedback within a timely manner, ITC Compliance may ask you to take down your website until such a time that ITC Compliance are satisfied it meets regulatory standards. All new Network Member applications shall be subject to a website review and if any issues are found the same process will apply. Once ITC Compliance is happy with the content of your website ITC Compliance shall provide you with final sign off. This will be provided in writing to allow a record to be kept. All websites will be subject to an annual review to allow for any regulatory changes that may occur. Call Monitoring ITC Compliance recognises the importance of ensuring that all sales comply with the Treating Customers Fairly outcomes and Insurance Conduct of Business Sourcebook (ICOBS) rules, where applicable. Although it is not a FCA requirement, ITC Compliance also understands that in order to achieve this, best practice dictates that calls are recorded. With this in mind ITC Compliance monitor recorded sales calls and have stringent processes in place to ensure that if any discrepancies are found, these are dealt with efficiently by both providing feedback to the individual employee and contacting the customer to rectify any errors. In order to achieve this, ITC Compliance use a call monitoring check-sheet, an example of which can be found in Appendix 5. This has specific criteria, which must be met by the individual Sales Agents and if the criteria is failed it provides details on the specific ICOBS rule, TCF outcome and non-regulatory requirements it has failed against, thereby making it easier to evidence when providing feedback to the individual. In order to comply with this, it is a requirement that where you sell via the telephone, all sales calls should be uploaded by the 10 th of each month via the secure FTP server, Winscp. This program can be downloaded from the internet and a how to guide is available within the documents section on the ITC Compliance website. Where available, ITC Compliance shall monitor a sample of the sales calls per month and provide feedback via . You should then act promptly following receipt of this feedback to allow for any errors or issues to be rectified. The feedback is provided in writing to ensure a record is kept. As per clause 9.3 of the Terms and Conditions of ITC Compliance Network Membership, all calls should follow the previously authorised telesales scripts available on the ITC Compliance website. If you wish to change this in any way, this should be submitted to ITC Compliance for approval before being used. ITC Compliance shall review these scripts periodically to ensure they are in line with any regulatory changes. 46

47 Mystery Shopping Depending on the nature of the products sold and the sales channels you use, ITC Compliance may conduct thematic risk based mystery shopping on you. Questions will predominately be based on ascertaining product knowledge and the staff members understanding of the sales process. Feedback will be given to the Network Member once findings are completed and any remedial action plan will be agreed. File Reviews ITC Compliance undertake random file reviews, as a way of ensuring Network Members remain compliant with ICOBS rules and TCF outcomes. ITC Compliance will review a sample of all sales made at all audit visits, reviewing the electronic and paper files attached to a sale. The reviews will be documented on a File Review Form, with an electronic copy of this form saved on the system. Once the review has been completed, any required feedback will be given to you in writing, allowing for any issues, errors or discrepancies to be resolved. Periodic Returns Where appropriate you are required to submit a return to ITC Compliance. This confirms policy numbers sold as well as premium and commission. It also includes questions in relation to remuneration and Approved Persons. In addition there is the ability to advise of any staff changes, there is also a requirement to reconfirm adherence to the ITC Compliance terms and conditions of being a Network Member. This document is checked by ITC Compliance to ensure that they have been completed correctly. If any issues are identified following this process, you will be notified in a timely manner. Observations Where appropriate you are required to have staff involved in regulated activity observed in this process. This would include such activity as sales and claims management. This is an ITC Network Membership requirement. Any exempt staff must be agreed with ITC Compliance. Examples of exempt staff would include those in an admin only function with no client interaction. Examples of observation forms are available on the ITC Compliance website. These must be kept on file and may be requested for review at any audit Monitoring & Reporting ITC Compliance monitor that you are compliant with ICOBS rules and the TCF Outcomes as set out by the FCA through way of Business Assurance. If, through the process of monitoring calls or reviewing compliance documents or files, an error is identified, ITC Compliance have robust procedures in place to mitigate any losses that may occur. 47

48 All reviews are recorded on ITC Compliance s system and any feedback required is provided to you, in writing. This ensures that the process is transparent and if any issues occur on multiple occasions, it is easier to identify them. If, through the review of a file, document or sales call, it is clear that an issue identified has affected a customer, ITC Compliance shall contact you as soon as it becomes apparent. You should then contact the customer affected at the earliest opportunity to rectify the identified error. If the original Sales Agent is unable to resolve the issue, you will need to decide on the best course of action to bring the issue to a speedy resolution. If you require additional support and guidance to meet this requirement ITC will provide all guidance required. Where applicable, Returns are assessed once submitted and any discrepancies will be clarified with you. Failure to submit returns can lead to suspension or termination from the Network. As a Network Member, you will be subject to periodic site based audits, these audits will include: File Reviews Training Review (including Observations) Financial Promotions and Documentation Review Periodic return submission Staff and Management Interview Action plan for any identified issues or concerns If you should fail to comply with repeated reasonable requests from ITC Compliance then your account can be suspended, meaning you will be unable to transact any regulated insurance business. Examples of reasonable requests would include, but are not limited to; Staff outstanding training and observations Outstanding Periodic Returns Outstanding audit action points Management Information ITC Compliance review the Management Information collected while carrying out call monitoring, document and file reviews to identify any issue trends. ITC Compliance act upon this information to ensure that any recurring issues are mitigated and, if necessary, processes are changed to achieve this. 48

49 Training & Competence Policy 49

50 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 2, 3, 6 and 11 are most relevant to training and competence. In addition Treating Customers Fairly outcome 1 and 2 also apply. To ensure that these principles and TCF outcomes are met, the FCA has set out specific rules and guidance around Training & Competency, these can be found in the FCA Handbook, Senior Management Arrangements, Systems and Controls sourcebook (SYSC) chapter System and Controls and FCA Handbook Training & Competence Sourcebook (TC). Purpose ITC Compliance ensure that all staff carrying out regulated activities, e.g. selling an insurance product, receive adequate training and are competent in the role they perform. ITC Compliance incorporates all the legal requirements and evidence meeting the principles and TCF customer outcomes. This policy sets out how ITC Compliance ensures that all Network Member s staff are trained and competent in the role they perform. Responsibilities ITC Compliance document and implement training programmes to ensure that all staff carrying out regulated activities are competent within their role. Your Approved Person has overall responsibility for ensuring that all relevant staff follow this programme. Application The FCA defines competence as: Having the skills, knowledge and expertise needed to discharge the responsibilities of an employee's role. This includes achieving a good standard of ethical behaviour. As per section 7 of the Terms and Conditions of ITC Compliance Network Membership, ITC Compliance have implemented an online training tool to ensure that all staff (users) carrying out regulated activities are competent within their role. Each user has their own log in that is linked with their accounts within the sales systems. Therefore if the user has not completed their training, the system will not allow them to undertake the regulated activity specific to the training i.e. sell regulated products You must not under any circumstances use a colleague s log in to undertake a regulated activity. Once the user has logged into the training system they will need to open a training course to complete, this has been specifically allocated by ITC Compliance to ensure that the correct training is being undertaken. 50

51 Once the training course has been selected the user must complete their CV. This provides ITC Compliance with some details of the user such as their employment history and qualifications and information about their fitness and propriety. The user is then able to select the optional (product specific) training modules that require completion. ITC Compliance will pre select these, although the user must tick the modules within their CV to ensure they appear within the course. The user is then able to start their training. The first step is to complete an assessment against the core and optional (product specific) modules. ITC Compliance have designed the online training tool to meet the regulatory requirements set out by the FCA and as such expect each user to complete the following core modules; Treating Customers Fairly Money Laundering Data Protection Act Introduction to the Financial Conduct Authority (FCA) Risk Contract & Agency Insurable Interest Utmost Good Faith Proximate Cause Indemnity Contribution & Subrogation The optional (product specific) training modules are determined by the products you sell. Therefore although these are classed as optional, it is imperative the user completes these modules as not doing so, will prevent them from selling. Once the assessments have been completed, the user is provided with a bespoke action/development plan with comprehensive study material for any assessments they may have failed. This ensures the user s training is specifically targeted at areas of weakness within their regulatory and product knowledge. The user is then able to read the study material before completing a second module specific assessment. If they fail this assessment they are able to review the study material as many times as they wish to aid them in passing the required assessments. Once all of the relevant training has been completed, the user is able to sell the insurance products allocated. A user s training will expire after a year and must be retaken annually. If the user is unsure of anything or requires a reminder of any of the aspects covered by the training, they may refer back to all of the study material provided under the training course at any time. All users have accesse to a copy of their personal training records, held by ITC Compliance, which can be viewed online at any time. Monitoring & Reporting ITC Compliance will maintain suitable supervision as per the Business Assurance Policy. ITC Compliance will also provide details to the FCA on the number of employees selling 51

52 general insurance on an advised basis, via the RMAR (Retail Mediation and Activities Return). Management Information ITC Compliance will review all Management Information on employee training records to ensure all of your staff are competent within their individual job roles. 52

53 Financial Crime Policy 53

54 Introduction The Financial Conduct Authority (FCA) expects Firms to conduct their business within the rules and Principles for Business they have put in place. Principles 2, 3, 5 and 6, as detailed in the FCA Principles for Business Policy are most relevant to financial crime. In addition TCF outcome one is also relevant. There are also additional laws under The UK Bribery Act 2010 (the Bribery Act ), Proceeds of Crime Act 2002 (POCA), Terrorism Act 2000 (TACT), and Joint Money Laundering Steering Group (JMLSG) guidance. To ensure that these principles and the TCF outcomes are met, the FCA has set out specific rules and guidance around financial crime within the FCA Handbook, Financial Crime parts 1 & 2. This policy sets out procedures to allow you to adhere to the handbook and applicable laws. Purpose ITC Compliance will assist you in mitigating and identifying any financial crime activity. However it is the responsibility of your Approved Person to ensure that you meet the regulatory requirements and to evidence meeting the FCA principles and TCF customer outcomes. This policy sets out guidance for you as a Network Member to aid understanding and identification of potential financial crime risk areas. Responsibilities ITC Compliance has documented and implemented procedures for the effective identification, reporting and mitigation of financial crime. As a Network Member, it is your responsibility to identify and report any occurrences of Financial Crime (as explained later within this policy) via the Contact Us part of the ITC Compliance website ( Once received, this will be allocated and escalated accordingly. Application There are three specific areas of concern in relation to financial crime: Bribery & Corruption Money Laundering Fraud Below is an overview of each area: Bribery Bribery is the offering, promising, giving, solicitation or the receipt or agreement to receive any financial or other advantage, or any other inducement from any person or company, (wherever they are situated and whether they are a public official or body, or a private person or company) by an individual employee, agent or other person or body acting on another s behalf. 54

55 For example if your product provider offered you substantial payments, in return for you selling their products, over those of another product provider s, this would be construed as an act of bribery and must be reported to ITC Compliance immediately. Corruption Corruption is the abuse of entrusted power for a private gain. Bribery and corruption may occur internally or externally and may be perpetrated by employees, clients, suppliers, contractors, service providers, agents or anyone else doing business. ITC Compliance reject bribery in any form and customers and any other person with whom ITC Compliance interact can be confident that their reputation Is valued very highly and that they are dealing with a firm that will not risk damage to its reputation by getting involved in illegal or unethical business practices. ITC Compliance will actively cooperate with law enforcement authorities for the investigation and punishment of any act of bribery. The Bribery Act Offences The UK Bribery Act 2010 (the Bribery Act ) came into force on the 1 st defines the following offences: July 2011 and Paying bribes: offering, promising or giving a financial or other advantage to induce someone to perform their function or activity improperly (the active bribe offence). Receiving bribes: requesting, agreeing to receive or accepting a financial or other advantage for performing your function or activity improperly (the passive bribery offence). Failure by a company to prevent bribery by associated persons (the corporate offence) Under the UK Bribery Act if a person associated with an organisation bribes a person with the intention of gaining or retaining a business advantage for a commercial organisation, then the organisation may be guilty of an offence under the Act. This is particularly important, as ITC Compliance is authorised and regulated by the Financial Conduct Authority and liable for an unlimited fine. Associated persons include anyone who performs services for or on behalf of the company e.g. an Appointed Representative. The FCA does not enforce the Bribery Act Its regulatory powers apply in obtaining evidence of corrupt conduct to take regulatory action against a firm. In order to ensure compliance with the Bribery Act 2010 it is essential that all Network Members comply with this financial crime policy and all staff undertake the regulatory training provided on an annual basis. ITC Compliance also undertake thorough due diligence on all new and existing Network Members acting within its permissions. Non-compliance with the Bribery Act may lead to the following actions being taken against the firm or the individual involved: Individuals convicted for paying or receiving bribes face up to ten years imprisonment. 55

56 Companies convicted of failing to prevent bribery by associated persons face unlimited fines. Directors and senior officers of companies involved can face criminal and civil liabilities. Gifts & Hospitality Corporate hospitality, promotions and gifts have the potential to create a perception of bribery and it is essential to draw a distinction between what is legitimate in business situations and what is bribery; any gift or hospitality that seeks to influence the recipient into performing their function improperly would be considered a bribe. To ensure this is not the case, all Gifts & Hospitality must be: Made openly: if made secretly and undocumented then the purpose will be open to question In accordance with stakeholder perception: the transaction would not be viewed unfavorably by stakeholders if it were to be made known to them Documented: the expense is properly recorded in your books and records For further details, please refer to the Gifts & Hospitality policy. Money Laundering When a criminal activity generates substantial profits, the individual or group involved must find a way to control the funds without attracting attention to the underlying activity or the persons involved. Criminals do this by disguising the sources, changing the form, or moving the funds to a place where they are less likely to attract attention. Stages In the initial, or placement, stage of money laundering, the launderer introduces the illegal profits into the financial system. This might be done by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account, or by purchasing a series of insurance policies that are then almost immediately cancelled. After the funds have entered the financial system, the second or layering stage takes place. In this phase, the launderer engages in a series of conversions or movements of the funds to distance them from their source. This use of widely scattered accounts for laundering is especially prevalent in those jurisdictions that do not co-operate in anti-money laundering investigations. In some instances, the launderer might disguise the transfers as payments for goods or services, thus giving them a legitimate appearance. Having successfully processed the criminal profits through the first two phases the launderer then moves them to the third stage integration in which the funds re-enter the legitimate economy. The launderer might choose to invest the funds into real estate, luxury assets, or business ventures. As a Network Member, it is extremely important that all staff are aware of the need to identify Money Laundering. As you are selling insurance products, it is possible to become a target of Money Laundering and any suspicions should be reported to your Money Laundering Reporting Officer (MLRO) and ITC Compliance as soon as you become aware. 56

57 Fraud Fraud is a type of criminal activity, defined as the abuse of position, or false representation, or prejudicing someone's rights for personal gain'. ITC Compliance has implemented the following procedures for all Network Members to follow: appropriate measures to minimise the risk of fraud; (see Risk Management and Breaches & Incidents Policies) formal procedures to investigate fraud when it is suspected; (see Risk Management Policy) appropriate mechanisms for employees to voice their genuine concerns and protect those who do so; (see Whistleblowing Policy) Procedures When Fraud is suspected As a Network Member, you are responsible for referring any suspected irregularities to ITC Compliance. ITC Compliance shall then decide how to proceed and if the irregularity warrants escalation to the appropriate law enforcement agency. The normal sequence of events, should an irregularity be suspected, will be as follows: If employees suspect an irregularity has occurred, or is likely to occur, they should normally report this to the appropriate Director or person within their organisation e.g. MLRO (unless the concerns relate to the Director, in which case employees should have regard to the alternative mechanisms outlined below) who should advise ITC Compliance using the Contact Us part of the ITC Compliance website. Should preliminary investigations suggest the suspicion is reasonable, further investigations will be undertaken by ITC Compliance without delay. Where further investigations indicate an offence may have occurred, ITC Compliance and the AR should decide how to handle the matter according to Disciplinary Procedures and whether to involve the relevant authorities. Where financial impropriety is suspected, the Police must be informed. Monitoring & Reporting ITC Compliance has a zero tolerance to all financial crime. As previously mentioned ITC Compliance will maintain records for identifying, reporting and mitigating the potential risk of financial crime. This includes: keeping training records up to date to ensure that all staff understand how to identify and report suspicions of financial crime; recording instances of potential financial crime; identifying trends and implementing control systems, using the gathered information, to help mitigate future occurrences of financial crime. reporting any instances of potential financial crime to the relevant authorities as soon as is reasonably possible. As a Network Member, you should keep records of the same to ensure that you are abiding by this policy. Management Information As a Network Member, you are jointly responsible, with ITC Compliance, to maintain accurate Management Information of all instances of attempted or actual financial crime. 57

58 58

59 Conflicts of Interest Policy 59

60 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 1, 5 and 8 are most relevant to conflicts of interest. In addition, Treating Customers Fairly outcome one is also relevant. Purpose This document outlines how, as a Network Member of ITC Compliance, you should be identifying and managing Conflicts of Interest in order to address the regulatory obligations and avoid any detriment to your customers, it includes some examples of particular Conflicts of Interest and potential solutions. This policy applies to all staff, managers and senior management. Responsibilities Any Conflict of Interests identified by ITC Compliance will be highlighted and documented within the Conflict of Interest Log. ITC Compliance will maintain this record and report any identified conflicts to you. In addition you must disclose any identified Conflicts of Interest to ITC Compliance in order that any mitigating controls can be agreed. Examples of potential Conflict of Interests are given within the table on the next page. Application Conflict of Interest - a situation in which a member of staff s business decisions could be influenced by their personal interests, for example a Salesman that places the majority of a Firm s business with a particular Insurer due to a family member working for the Insurer. Inducement - a benefit offered to a firm, or any person acting on its behalf, with a view to that firm, or that person, adopting a particular course of action. This can include, but is not limited to cash, cash equivalents, insurance premium, commission, goods, hospitality or training programmes. A Conflict of Interest can include Inducements as defined above. Please refer to the separate Gifts and Hospitality Policy for specific guidance on this. The existence of a Conflict of Interest is not necessarily evidence of wrongdoing and the FCA recognises that it is impossible to avoid all potential Conflicts of Interest, but where such conflicts cannot be eliminated then they must be properly managed. Process and Responsibilities In line with the Terms & Conditions of ITC Compliance Network Membership, as a Network Member, you are responsible for highlighting and mitigating any potential Conflicts of Interest. Whenever a conflict is identified it must be immediately escalated, to your Approved Person, using a Potential Conflict of Interest form (Appendix 6). The Approved Person should log this on your internal Conflict of interest Log, carry out an investigation and where possible take steps to mitigate it. Your internal Conflicts of Interest Log should be available upon request at audits undertaken by ITC Compliance. 60

61 In the event that the Approved Person requires advice or guidance, ITC Compliance are available to provide this. If the Approved Person feels that the Conflict requires escalation as it cannot be dealt with within your firm, the Potential Conflict of Interest form should be submitted to ITC Compliance via by sending it to Upon receipt of a Potential Conflict of Interest form, ITC Compliance will assess and confirm the requirement to register issues in the local Conflicts of Interest log, and if action is required allocate it to the most appropriate person within the firm for completion. Examples of Conflicts of Interest The following examples show some specific conflicts and their solutions, however, all Conflicts of Interest will need to be considered separately and appropriate management action taken to avoid any customer detriment and ensure the conflict is managed and mitigated appropriately. Issue Potential conflict of Interest Typical procedures to manage the potential conflict Preferential commission rates from a particular insurer Sales staff placing business with that insurer without considering the needs of the customer. Commission across the panel arranged so that no one insurer has appreciably different commission deals for the same product. Disclosure document includes the basis and criteria for selecting insurers for particular products and for effective monitoring of placements. Only use one Insurance Provider per product type. Profit share arrangements with a particular insurer Volume overrides arrangements with a particular insurer Sales staff placing business with that insurer without considering the needs of the customer. When operating under a Binding Authority, claims staff may want to limit loss ratios by directing business with a bad loss history to other markets. Sales staff placing business with that insurer without considering the needs of the customer. Only use one Insurance Provider per product type. Profit share arrangements not disclosed to sales staff. Disclosure document includes the basis and criteria for selecting insurers for particular products and for effective monitoring of placements. No direction/instructions from senior management where to place business, if this is likely to result in customer detriment. Volume override arrangements not disclosed to sales staff. Disclosure document includes the basis and criteria for selecting insurers for particular products and for effective monitoring of placements. 61

62 Sales staff remuneration based on sales targets Delegated claims handling Hospitality and Gifts (Inducements) Relationships or financial interests with insurers or other third parties with whom ITC Compliance deal Conflicts between customers when acting for both Staff members or member of their immediate family has an interest in an outside entity Undertaking a tender exercise to select supplier or product provider Incentive payments or competitions made to sales staff to complete insurance sales without considering the needs of the customer. Acting for insurer when the customer reasonably believes that intermediary is acting for them. Significant hospitality and gifts could influence the fair treatment of customers. Business placed with a particular insurer or other contracts entered into without consideration of the customer s best interest. Acting for competing customers could affect ability to treat both fairly. Where the interest is substantial enough for it to be perceived to affect their judgement with respect to transactions between the Network Member/ITC Compliance and that entity i.e. a material interest exists. Appointment of supplier or product provider without considering the impact on customers. Robust management controls in place to ensure that customers have been treated fairly including; Rewards that take into account quality as well as quantity such as the incidence of upheld complaints, adherence to procedures and findings from internal monitoring. Appraisal and development arrangements including TCF and quality considerations. Disclosure documents include details. Claims handling procedures to include Treating Customers Fairly principles. Policy and procedures for the registration and approval of hospitality and gifts. Only use one Insurance Provider per product type. A register maintained of all such arrangements. Disclosure document includes the basis and criteria for selecting insurers for particular products. Disclose conflict and obtain agreement to proceed for both parties. Set up Chinese Walls segregation of duties information barriers so that each customer is treated fairly and as if the other was not present. Staff members with a material interest in any service provider, insurer or product provider must declare this interest to HR. If the Network Member cannot manage a conflict adequately, it will disclose this to the client, before undertaking any business for that client. Before undertaking any tender exercise the proposed tender process needs to be signed off by a Project Sponsor/appropriate Senior Management in advance of issuing to the invited tender participants. Proposals/recommendations resulting from any tender process are signed off in advance of any final ratification and communication to tender participants. Close personal relationships Where the relationship potentially results in some form of influence, either Staff members should disclose any personal relationships that may result in any form of influence on another staff 62

63 positive or negative, on another employee or business process. member. Line management to ensure that roles, responsibilities and team structures are reviewed to minimise or avoid any potential conflicts arising from staff relationships. If you are at all unsure as to whether a situation is a potential conflict of interest you should complete the Conflict of Interest Self Assessment form (Appendix 7) Monitoring & Reporting As a Network Member, you and all your staff are responsible for identifying possible Conflicts of Interest,recording these on the Potential Conflict of Interest form and escalating these to your Approved Person. Where the Approved Person feels that the conflict cannot be mitigated by your firm, it should be escalated to ITC Compliance who will record this on the Conflicts of Interest Log. Any failure to treat customers fairly as a result of a Conflict of Interest should be recorded as an Incident, as required in the Regulatory Breaches & Incidents Policy. Management Information Where Conflicts are escalated to ITC Compliance, this information will be reviewed to identify and monitor any relevant trends or insufficient controls. If anything is highlighted appropriate action will be taken. 63

64 Gifts & Hospitality Policy 64

65 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 1, 5 and 8 are most relevant to gifts and hospitality. In addition, Treating Customers Fairly outcomes one is also relevant. Purpose Inappropriate gifts, hospitality and entertainment can be used to generate a position of obligation and prepare the way for a dishonest act, which compromises integrity and your ability to treat customers fairly. This policy sets specific rules that define what Gifts and Hospitality are considered appropriate and acceptable to both offer and receive and defines how the behaviour of staff should be monitored. It also sets out procedures to ensure that Gifts and Hospitality are managed to avoid the risk of conflict with your duties towards your customers and provides advice on how to ensure compliance with regulatory and legislative requirements. This policy applies to your staff, Management and Directors. Responsibilities As a Network Member, you must document and implement robust procedures for the effective management of giving and receiving gifts, inducements and hospitality. Application Definitions Inducement an inducement is a benefit offered to a firm, or any person acting on its behalf, with a view to that firm, or that person, adopting a particular course of action. This can include, but is not limited to, cash, cash equivalents, goods, hospitality or training programmes. Gift Gifts can be money, goods, services or loans given, without the expectation of consideration or value in return. Gifts therefore should have no role in the business process. Commission or fees would not be regarded as gifts. Hospitality - Social events hosted by the company for clients or suppliers in order to obtain or maintain their patronage or goodwill and build relationships. Hospitality includes entertaining, meals, receptions and attendance at sporting events. Tickets for events where no host is present are classified as a cash equivalent gift. Bribery The giving and receiving of money, a gift or other advantage as an inducement to do something that is dishonest, illegal or a breach of trust in the course of business. 65

66 Gifts and Hospitality offered and received In order for gifts or hospitality to be acceptable they must be made: openly without placing the recipient under any obligation for example a clear act of appreciation for good service without any expectations appropriate to the relationship and local business practice not of a frequency which could be interpreted as excessive or inappropriate legal and appropriate in accordance with the laws and cultures of the relevant country Gifts and hospitality must be: of an appropriate value, whether individually or in the aggregate over a period of 12 months recorded and reported to management Gifts and Hospitality must NOT be given or received when nearing the completion of material contract negotiations i.e. where the gift or event could influence the end result of negotiations. Individuals are strictly forbidden to offer or accept a gift of cash (or a cash equivalent such as un-hosted concert or sports tickets) under any circumstances as this could be construed as an act of bribery. This includes the payment of credit card charges, fees, soft loans (i.e. loans with below market or no interest payments) or shares. Hospitality and Entertainment All events must be hosted in the company s name and be justifiable for the business in the legitimate interest. All Hospitality must be authorised in advance using the Gifts & Hospitality Approval Form (Appendix 8) and recorded on the Gifts and Hospitality Received. Hospitality offered to spouses, partners and immediate relatives accompanying third parties to events is appropriate only in exceptional circumstance and in each case, approval must be sought from appropriate line management. Gifts and Hospitality registers Gifts and Hospitality must be logged on the Gifts and Hospitality Register (Appendix 9). This log must be available for review both on request and at any audit conducted on you by ITC Compliance. Gifts and Hospitality received When a gift or hospitality event is offered to employees (other than low value branded items) it must be authorised by management and recorded in the Gifts and Hospitality Register (Appendix 9) with the appropriate authorisation. Managers are required to show reasonable validation of the values they place against items (for example a link to a relevant theatre website). It is not permitted for any member of staff to sign off an item for their own benefit. 66

67 Gifts and Hospitality made to Third Parties Prior to making an offer of hospitality or presentation of a gift externally, authorisation must be obtained. The relevant manager must then record the item on the Gifts and Hospitality Register (Appendix 9). Monitoring & Reporting The Gifts and Hospitality registers are owned by and the responsibility of you as a Network Member. The Approved Person is also responsible for monitoring the Gifts and Hospitality registers, conducting spot validations and auditing the registers. Management Information Management Information should be compiled at least annually to assess the information contained on the registers and identify any conflicts or potential conflicts that arise. This is the responsibility of the Approved Person. 67

68 Risk Management Policy 68

69 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principle 3 is most relevant to Risk Management. Purpose ITC Compliance have internal procedures for the mitigation of risk. These risks are not constrained to regulatory aspects only and will include other internal or external factors. E.g. a new computer system may be a risk to business continuity. This policy sets out guidance for Network Members to aid understanding of the requirements to comply with the risk mitigation rules and policy. Responsibilities Senior Management are responsible for defining your risk appetite and ensuring that your Risk Register is completed and reviewed periodically. Your Risk Register must be available on request for review during audits undertaken by ITC Compliance. Application Regardless of whether risk is a defined function the principles of managing the inherent and residual risk will apply to you and your risk appetite should be reviewed regularly at minuted meetings. Your risk appetite will be defined as one of the following: Averse Avoidance of risk and uncertainty is a key organisation objective. Cautious; Preference for safe options that have a low degree of risk and may only have limited potential for reward. Balanced; Consideration of all options resulting in a mid-line approach and a mediocre potential for reward Open; Willing to consider all potential options and choose the one most likely to result in successful delivery, while also providing an acceptable level of reward and value for money. Hungry; Eager to be innovative and to choose options offering potentially higher business rewards, despite greater inherent risk. However, importantly this does not mean that where the appetite is hungry or open that any regulatory rules can be breached. Any additional product requests and new applications should be reviewed in line with your risk appetite. 69

70 The appropriate level will depend on the nature of the work undertaken and the objectives pursued. For example, where public safety is critical (e.g. operating a coach tour) appetite will tend to be low, while for an innovative project (e.g. early development on an innovative car) it may be very high, with the acceptance of short term failure that could pave the way to longer term success. As a Network Member, your senior management are responsible for compliance with your risk strategy. This includes oversight of: a) Risk register b) Business Continuity Plan (BCP) Risk Register As a Network Member it is your responsibility to keep a risk register specific to your business, following the guidelines set out in Appendices 10, 11 and 12. An example of a Risk Register can be found in Appendix

71 Business Continuity Plan Policy (BCP) 71

72 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principle 3 is most relevant to risk and business continuity. Purpose You should implement internal procedures for the mitigation of risk. These risks are not constrained to regulatory aspects only and will include other internal or external factors. E.g. a new computer system may be a risk to business continuity. This policy sets out guidance to aid your understanding in compiling a Business Continuity Plan, including Call Cascade List (Appendix 15). An example Business Continuity Plan can be found in Appendix 14. Responsibilities You should have a Business Continuity Plan for managing business interuption risk. It is the responsibility of Senior Management to ensure that this is kept up to date and Application The Approved Person within your firm should have oversight of the Business Continuity Plan (BCP). Business Continuity Plan A major risk to you is business interruption or disaster recovery. Therefore you should have a Business Continuity (recovery) Plan. This plan should give consideration to the regulatory aspects of your business. ITC Compliance has compiled a couple of scenarios in order to test your Business Continuity Plan (Appendix 16). These test scenarios will help you understand how your business will cope with the impact of each situation as the events unfold and where weaknesses appear steps should be taken to mitigate these weaknesses. The Business Continuity Plan should be available, upon request, during audits undertaken by ITC Compliance. 72

73 Approved Persons Policy 73

74 Introduction An Approved Person is an individual who has been approved by the FCA to perform one or more controlled functions.. A controlled function is a role or responsibility that has particular regulatory significance. For the purpose of the Network, this means being responsible for implementing the rules and processess outlined in this manual and the FCA principles. Under the Financial Services and Markets Act 2000, the FCA may approve an individual only where it is satisfied that a candidate is fit and proper to perform the controlled function(s) applied for. When considering a candidate s fitness and propriety, the FCA considers: i. honesty, integrity and reputation; ii. competence and capability; iii. financial soundness. Approval must be obtained before a person can perform a controlled function. ITC Compliance must satisfy the FCA that a candidate is fit and proper to perform the controlled function applied for. If your business is a Primary Intermediary (insurance is your main business), then all Directors and/or individuals undertaking a controlled function must be an Approved Persons, however if you act as a Secondary Intermediary (insurance being a secondary business activity) you will only require one Approved Person. All Appointed Representative Network Members will need at least one Approved Person. Purpose This policy sets out the requirements for any Approved Person working within an FCA regulated environment. Responsibilities ITC Compliance will perform adequate due diligence when presenting any Approved Person to the FCA for approval, paying particular regard to the points above. This will include; asking for proof of the applicant s identification asking for proof of the applicant s address obtaining a director s report from a credit referencing agency obtaining a consumer report from a credit referencing agency reviewing the answers given on section 5 of the Form A reviewing the employment history provided on the Form A ITC Compliance have documented and implemented robust procedures for the appointing of any Approved Person. Application An Approved Person is someone who carries out one, or more, of the below defined FCA controlled functions and must therefore satisfy the FCA fitness and proprietary requirements. 74

75 Significant influence functions (SIF) CF 1 Director function CF 2 Non-executive director function CF 3 Chief executive function CF 4 Partner function CF 5 Directors of an unincorporated association CF 6 Small friendly society function CF 8 Apportionment and oversight function (Non-MiFID business only) CF10 Compliance oversight function CF 10A CASS Oversight Operation Function CF 11 Money laundering reporting function CF 12 Actuarial function CF 12A With-profits actuary function CF 12B Lloyd's Actuary function CF 28 System and controls function CF 29 Significant management function Customer functions CF 30 Customer function Within a Limited Company, the Approved Person should be a Director and they would carry out the CF 1 function. Within a Limited Liability Partnership (LLP), the Approved Person should be a Partner and they would carry out the CF 4 function. However within a Sole Trader, there is no requirement to appoint an Approved Person. Being an Approved Person brings with it a number of important responsibilities, including a duty to be aware of and comply with FCA regulatory requirements and expectations and, understand how they apply to the day to day exercise of controlled functions. Specifically, Approved Persons must: meet and comply, on an ongoing basis, with the FCA s Fit and Proper (FIT) test for Approved Persons; comply with the Statements of Principle and the Code of Practice for Approved Persons set out in the FCA s Statements of Principle and Code of Practice for Approved Persons handbook (APER). The Statements of Principle describe the conduct that the FCA requires and expects of the individuals it approves; report to ITC Compliance and to the FCA any matter that may impact on their ongoing fitness and propriety via Form D (Appendix 17) - Notification of changes in Personal Details or Application Information. This is also a requirement within section 6 of the Terms and Conditions of ITC Compliance Network Membership as non compliance with these regulatory requirements may result in the FCA taking enforcement action against ITC Compliance and any Approved Persons. Fit and Proper Test The Fit and Proper test is not an exam; merely a benchmark of an individual s standing. It is broken down into: Honesty, Integrity and Reputation Competence and Capability Financial Soundness 75

76 Honesty, Integrity and Reputation The considerations ITC Compliance will make prior to submission to the FCA for their scrutiny will include: whether the person has been convicted of any criminal offence, any spent convictions; particular consideration will be given to offences of dishonesty, fraud, financial crime or an offence under legislation relating to financial services, whether or not in the United Kingdom whether the person has been the subject of any adverse finding or any settlement in civil proceedings, particularly in connection with financial business, misconduct or fraud whether the person has been the subject of, or interviewed in the course of, any existing or previous investigation or disciplinary proceedings, by the appropriate regulator whether the person is or has been the subject of any proceedings of a disciplinary or criminal nature, or has been notified of any potential proceedings whether the person has contravened any of the requirements and standards of the regulatory system whether the person has been the subject of any justified complaint relating to regulated activities whether the person has been involved with a company, partnership or other organisation that has been refused registration, authorisation, membership or a licence to carry out a trade, business or profession, or has had that registration revoked whether, as a result of the removal of the relevant licence, registration or other authority, the person has been refused the right to carry on a trade, business or profession requiring a licence or registration whether the person has been a director, partner, or concerned in the management, of a business that has gone into insolvency, liquidation or administration while the person has been connected with that organisation or within one year of that connection whether the person, or any business with which the person has been involved, has been investigated, disciplined, censured or suspended or criticised by a regulatory or professional body, a court or Tribunal, whether publicly or privately whether the person has been dismissed, or asked to resign and resigned, from employment or from a position of trust, fiduciary appointment or similar; whether the person has ever been disqualified from acting as a director or disqualified from acting in any managerial capacity whether, the person has been candid and truthful in all his dealings with any regulatory body and whether the person demonstrates a readiness and willingness to comply with the requirements and standards 76

77 Competence and Capability In determining a person's competence and capability, the FCA and ITC Compliance will consider the following: whether the person satisfies the relevant FCA training and competence requirements in relation to the controlled function the person performs or is intended to perform; whether the person has demonstrated by experience and training that the person is suitable if approved, whether the person has adequate time to perform the controlled function and meet the responsibilities associated with that function. Financial Soundness In determining a person's financial soundness, the FCA and ITC Compliance will consider: whether the person has been the subject of any judgment debt or award, in the United Kingdom or elsewhere, that remains outstanding or was not satisfied within a reasonable period; whether, in the United Kingdom or elsewhere, the person has made any arrangements with their creditors, filed for bankruptcy or been adjudged bankrupt, had assets sequestrated, or been involved in proceedings relating to any of these. ITC Compliance will not normally require the candidate to supply a statement of assets or liabilities. The fact that a person may be of limited financial means will not, in itself, affect their suitability to perform a controlled function. FCA Application All Approved Persons applications are submitted on the FCA s Online Notifications and Applications system The onus is on ITC Compliance to provide sufficient information on the Application Form (Form A) to satisfy the FCA that the candidate is fit and proper. ITC Compliance may therefore need to provide to the FCA details of: the due diligence undertaken; references obtained, including regulatory references, and details of the rationale the firm has used to conclude that the candidate is fit and proper to perform the role for which approval is sought. Monitoring & Reporting Once the Approved Person has submitted the requested information, ITC Compliance shall keep records, which will include: 77

78 References obtained on individuals Work history Form A and FCA correspondence Any Approved Person Declaration(s) Copy CV s Any correspondence pertaining to any clarification of further detail required Proof of residency Proof of identification Management Information ITC Compliance verifies Approved Person s employment and personal history appropriately in relation to the FCA s fit and proper requirements. ITC Compliance also verifies this information through the collection of regular information from you. It is your responsibility to ensure that the details of your Approved Person(s) are accurate and any changes are reported to ITC Compliance as soon as is reasonably possible. 78

79 Regulatory Breaches & Incidents Policy 79

80 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principle 11 is the most relevant in relation to regulatory breaches. Purpose ITC Compliance are required to disclose to the FCA appropriately anything relating to the firm (and its Network Members) of which the FCA would reasonably expect notice as defined in the Financial Services and Markets Act Failure to comply with this rule could mean negative action against ITC Compliance, which could lead to regulatory fines or penalties. It could also result in negative publicity about ITC Compliance and its Network Members. This policy sets out guidance to aid understanding of the requirements when a regulatory breach has occurred. Responsibilities As a Network Member, you are responsible for reporting any identified breaches immediately to ITC Compliance. Application Whilst ITC Compliance has implemented robust procedures to help mitigate the risk of a regulatory breach, the risk can never be completely eliminated. The FCA expect to be informed about any regulatory breach, usually as soon as possible, if it is to be able to carry out its supervision function effectively and react in good time to developments that may require a regulatory response. This policy applies to your staff, managers and senior management. Definitions The Act Financial Services and Markets Act Notifiable Event A serious incident (detailed below) that contravenes the Regulator s Statements of Principles and/or the Handbook of rules and potentially brings a financial or reputational risk to ITC Compliance and/or the individual concerned. Notifiable Events are; Matters having a serious regulatory impact 80

81 failing to satisfy one or more of the threshold conditions, such as appropriate resource to carry out the regulated activity undertaken and the suitability of the Approved Person; any matter which has a significant impact on ITC Compliance or Network Member s reputation. For example widespread mis-selling of Insurance Policies that leads to unwanted media coverage and publication on the FCA s website; any matter which could affect the ability to continue to provide adequate services to your customers and/or result in serious customer detriment. For example a gap in Professional Indemnity Insurance cover, during which a significant claim is made against ITC Compliance, leading to the winding up of the business; Breaches of rules and other requirements in or under the Act In assessing if a breach is significant ITC Compliance will consider potential financial losses to customers, frequency of the breach, systems and controls implications and if there are any delays in identifying or rectifying the breach. Civil, criminal or disciplinary proceedings against ITC Compliance or Network Members civil proceeding are brought against ITC Compliance and the amount of any claim is significant in relation to financial resources or reputation; disciplinary measures or sanctions are imposed by any statutory or regulatory authority, subject to an investigation into ITC Compliance s affairs; You are prosecuted for or convicted of any offence involving fraud, dishonesty, or any penalties are imposed on you for tax evasion. Fraud, errors and other irregularities (considered significant by senior management) an employee may have committed fraud against a customer; a person (whether employed or not) is acting with intent to or has committed fraud against ITC Compliance or a Network Member; ITC Compliance or a Network Member identifies accounting irregularities; ITC Compliance or a Network Member suspects that an employee involved in regulated activities may be guilty of serious misconduct concerning their honesty or integrity. In assessing if an incident is significant ITC Compliance will consider the size, or potential size, of any monetary loss, reputational risk and whether the incident(s) reflect a weakness in its controls. Insolvency, bankruptcy and winding up calling of a meeting to consider the winding up; an application to dissolve or strike ITC Compliance off the Companies Register; presentation of a winding up order; entering into any arrangement with one or more creditors; appointment of a bankruptcy administrator or receiver; application, under section 252 of the Insolvency Act 1986, for an interim order against. 81

82 Other; Communication with the Regulator in accordance with Principle 11 This includes; any significant systems and control failure; and actions taken which result in a material change in ITC Compliance s capital adequacy or solvency. Process If a breach or incident is identified it must be immediately escalated to ITC Compliance and an Incident Report form (Appendix 18) must be completed. This can be submitted to ITC Compliance either by , to mail@itccompliance.co.uk, or via the Contact Us part of ITC Compliance s website. Once received, ITC Compliance shall assess the notification and make a decision as to whether it should be escalated to the FCA as a reportable event. Following agreement and content approval of the notification, ITC Compliance is responsible for making the necessary communication with the FCA. Further details of what constitutes a regulatory breach and the type of breach are detailed in Appendix 19. Inaccurate, false or misleading information ITC Compliance shall take all reasonable steps to ensure the information on any Notifiable Event provided to the Regulator is factually accurate, or in the case of estimates and/or judgements, fairly and properly based on information obtained after appropriate enquiries have been made and includes anything the Regulator would reasonably be expected to be told about. Monitoring & Reporting You should initially advise ITC Compliance and, PI Insurers (if applicable) of all incidents and breaches by submitting a fully completed incident form with investigation as soon as practical after the breach has been identified. ITC Compliance will provide a copy of the Notifiable Event communication sent to the Regulator and keep them informed of all subsequent developments, until such time as the situation is concluded. Management Information ITC Compliance will retain records of all incidents and breaches in a register or log. Senior Management will review all open incidents on a periodic basis to ensure correct management and timely closure. 82

83 Whistleblowing Policy 83

84 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principle 11 is most relevant to Whistleblowing: In addition The Public Interest Disclosure Act 1998 (hereinafter referred to as 'the Whistleblowers Act') protects employees against detrimental treatment or dismissal as a result of any disclosure of normally confidential information in the interests of the public. This document refers to the FCA regulatory obligations only under SYSC 18. Purpose ITC Compliance have appropriate internal procedures which will encourage workers with concerns to blow the whistle about matters which are relevant to the functions of the FCA. This policy sets out guidance for Network Members to aid understanding of the requirements to comply with the Whistleblowing rules and policy. Responsibilities ITC Compliance, as your Principal, will ensure there is a Whistleblowing procedure to comply with The Whistleblowers Act' and in particular the FCA requirements. Application It is the FCA s policy to encourage whistleblowers to use the whistleblowing procedures in their own workplace, but they may contact the FCA's Whistleblowing Desk in the following circumstances: if there aren t any procedures in their own workplace; if a whistleblower is uncomfortable or not confident about using the procedures; or the procedures have been followed but the whistleblower is concerned by the nature of the response, or lack of response, by their firm. Under The Whistleblowers Act, any clause or term in an agreement between an Employee and a Network Member is void if it precludes the worker from making a protected disclosure (that is, "blow the whistle"). In accordance with section 1 of The Whistleblowers Act: A qualifying disclosure is a disclosure, made in good faith, of information which, in the reasonable belief of the worker tends to show that one or more of the following has been, is being, or is likely to be, committed: a) a criminal offence b) a failure to comply with any legal obligation c) a miscarriage of justice d) the putting of the health and safety of an individual in danger e) damage to the environment f) deliberate concealment relating to any of the above 84

85 It is immaterial whether the relevant failure occurred, occurs or would occur in the United Kingdom or elsewhere, and whether the law applying to it is that of the United Kingdom or of any other country or territory. Internal procedures You should adopt appropriate internal procedures, which will encourage workers with concerns to blow the whistle internally about matters, which are relevant to the functions of the FCA. Appropriate internal procedures will include: telling workers that the firm takes failures seriously and explaining how wrongdoing affects the organisation; telling workers what conduct is regarded as failure; telling workers who raise concerns that their confidentiality will be respected, if they wish this; making it clear that concerned workers will be supported and protected from reprisals; nominating a senior officer as an alternative route to line management and telling workers how they can contact that individual in confidence; making it clear that false and malicious allegations will be penalised by the firm; telling workers how they can properly blow the whistle outside the firm if necessary; providing access to an external body such as an independent charity for advice; and encouraging managers to be open to concerns. You should advise your employees (through the firm's internal procedures) that they can blow the whistle to ITC Compliance, as the principal prescribed in respect of financial services and market matters under The Whistleblowers Act. ITC Compliance will give priority to live concerns or matters of recent history. Should an individual have concern about ITC Compliance they may approach the FCA directly on during office hours or leave a message on voic . Or you can write to the FCA at: Intelligence Department (Ref PIDA) The Financial Conduct Authority 25 The North Colonnade Canary Wharf London E14 5HS Monitoring & Reporting ITC Compliance will maintain records of compliance with the FCA and The Whistleblowers Act s Whistleblowing rules. The internal procedure will include records on Whistleblowing reports and the relevant actions taken in order to evidence fitness and propriety to the FCA. Management Information The Directors of ITC Compliance will review any whistleblowing reports in order to identify any trends and any remedial required action. The content of a whistleblowing report may trigger the requirement to report an event to the FCA. 85

86 Record Keeping Policy 86

87 Introduction The Financial Conduct Authority (FCA) expects firms to conduct their business within the rules and Principles for Business they have put in place and Principles 1, 2 and 11 are most relevant to record keeping. In additions Treating Customers Fairly outcomes 1 and 6 also apply. To ensure that these principles and TCF outcomes are met, the FCA has set out specific rules and guidance around record keeping, these can be found in the FCA Handbook, Senior Management Arrangements, Systems and Controls 9.1 and Conduct Of Business Sourcebook 9.5. The Data Protection Act 1998 as amended also sets out rules in relation to how a business can keep records. Purpose As a Network Member of ITC Compliance, you should ensure that records are kept in line with the Data Protection Act and FCA rules and any records disposed of are done so securely. The purpose of this policy is to provide guidelines for you, as a Network Member, regarding your responsibilities for record keeping indicate appropriate retention periods under broad categories and emphasise the importance of disposing of records in a secure manner. Responsibilities You are required by law and the FCA to adhere to the rules set out in the Data Protection Act and the FCA Handbook and to have stringent process in place to ensure this. Application Definitions Record Essential Records Confidential Records The International Organisation for Standardisation (ISO) defines a record as information that has been created, received and maintained as evidence and information by an organisation or person in the pursuance of legal obligations or in the transaction of business. Essential records contain information that the business cannot operate without; the information is either irreplaceable or difficult to replace and will typically contain some confidential information. Confidential records contain privileged or non-public information pertaining to the company s business, which may relate to internal matters e.g. strategic and operational plans, staff remuneration, etc. as well as dealings with customers and third parties, such as insurers, agents, regulators, etc. Examples of items that are deemed to be records include; documents (including written and typed documents and annotated copies); paper based files (i.e. sales/client and non insurance transaction files); computer files (including word processed documents, databases and presentations); s; diaries; faxes; brochures and reports; intranet and internet web pages; 87

88 forms and applications; audio and video tapes, including CCTV; photographs. Your management team is responsible for ensuring records are properly retained and disposed of in accordance with your legal obligations. If paper and computer based records are used, care is taken in the design of record keeping arrangements and the protection of records. Retention of records Information should be retained within structured record keeping systems, which may include documents as well as information in electronic format. Records must be retained in an appropriate manner and should be easily retrievable, therefore; documents contained in both paper and electronic files are stored in a logical manner that allows ease of access and retrieval of records. Sales/client, agency and non insurance transaction files are segregated by transaction stages or events; e.g. quotations, responses to queries, application form, etc; call recordings are clear and capable of being transcribed; amendments or corrections following a transaction or event are clearly shown as such and the original information remains visible; it is not be possible for details of transactions or events in paper files i.e. sales/client, agency and non insurance transaction files (including referencing records) to be manipulated or altered without a record of the change being captured so as to avoid the potential for fraud; it is possible for records in other languages to be reproduced in English; any records of consent obtained from or instructions given by employees, customers, suppliers or any other third parties regarding the use of personal, sensitive or confidential data are retained securely. The degree of security required around accessibility and storage should reflect the sensitivity and confidential nature of any information recorded. Retention Periods The schedule below details minimum retention periods for a range of categories, which have statutory requirements for record keeping/retention periods. Some records will be retained by ITC Compliance and some by you. Record category Company information Corporate Governance Property documents Retention period Incorporation documents Permanently Statutory returns Permanently Register of Member Permanently Pension schemes records - Permanently Banking records 6 years Charities and Political Donations -12 years Permanently Deeds of Title until sold or transferred Leases 12 years from termination Agreements with architects and builders - 6 years after completion 88

89 Human Resources Job application and interview records 6 months after notifying unsuccessful candidate Personnel and training records 6 years after employment ceases Payroll records (including maternity, sick pay) 6 years Health and Safety records all notifiable accidents, dangerous occurrences, reportable diseases 6 years after employment ceases. Tax documents 6 years Contracts Contracts under seal - 12 years after expiry of contractual obligations Other contracts (i.e. insurer contracts, delegated authority agreements) - 6 years after expiry of contractual obligations Trust deeds - Permanently Insurance business Public liability, Product liability and Employer s liability policies - Permanently Other policies 2 years following policy lapse or until claims under the policy are barred (whichever is the longer). Cancelled or lapsed policies 2 years from cancellation or policy lapse date Complaints 3 years from the date the complaint was received (DISP 1.9.1) Intellectual Property Records Certificates of Registration of trade/service marks 6 years after cessation of registration Intellectual property agreements and licenses 12 years after expiring Property Documents under seal 12 years after expiring Other contract - Current year plus 6 years Trust Deeds - Permanently Supplier agreements Contracts for products with suppliers 10 years after the contract was terminated or product no longer used, whichever is the latter Paper & Electronic Records ITC Compliance, Network Members and the respective management teams should ensure paper and electronic records (especially those that contain confidential information; e.g. personal details of customers or the company s business plans etc.) held on office premises are kept secure and; 89

90 access is restricted to staff members authorised to use such information; paper records are placed in lockable cupboards or if necessary, in fire resistant cabinets; and if essential for the running of the business, such records are retrievable in a reasonable timeframe in accordance with the Business Continuity Plan. Disposal of Records All information of a confidential or sensitive nature held on paper or in electronic format should be securely destroyed when no longer required. This is a requirement under the Data Protection Act and an expectation of the FCA. The disposal of records, in any format, should be conducted with utmost care and diligence and the confidentiality rights of employees, clients or customers and third parties should be considered. Safe and Secure Disposal of Records When disposing of records (in whatever media paper or electronic) either on or off-site, after the expiry of the retention period, it is important to use a secure method which does not allow future use or reconstruction of information by unauthorised individuals. When outsourcing destruction to a third party a destruction certificate should be obtained and subsequently retained in a secure place to evidence that you followed a proper process to carry out the destruction. Disposal of Paper Records Paper records containing confidential and/or personal information should be cross-cut shredded and disposed of through reputable waste collection companies. Under no circumstances is confidential and/or personal information disposed of with other rubbish or general papers. Electronic Records Special care should be taken with electronic records, which can be reconstructed from deleted information if the data has not been erased thoroughly. The deletion of electronic records ultimately means the complete destruction of the electronic record and should be organised in conjunction with your IT Department. Simply erasing or reformatting computer disks or personal computers with hard drives, which once contained personal information, is not enough. Monitoring & Reporting You are responsible for ensuring adequate processes are in place for checking that records are maintained adequately, are accurate, not excessive, archived when appropriate and not held for longer than is necessary. Management Information ITC Compliance and Network Members should maintain robust processes on record keeping, reviewing them periodically to ensure that compliance is maintained. 90

91 Appendix 1: Financial Promotions Checklist This document is available on the ITC Compliance Website, within the Documents Section Promotion Description: Sent By: Address: Area Rule Detail Guidance Tick Box Comments: Does the document make reference to the company name, an address or address and a telephone number? ICOBS Is it clear who the customer will be dealing with if they act upon the promotion? Is your Regulatory Status clearly stated on the document? ICOBS GEN 4 Example: [Enter firm name] is an appointed representative of ITC Compliance Limited which is authorised and regulated by the FCA (their registration number is ) and which is permitted to advise on and arrange general insurance contracts If the promotion features exclusions, have these been referred to in equal prominence to the benefits? TCF 5 Are there any applicable limits or restrictions. These should be referred to in plain English. Are all statements and comparisons factual and correct? TCF 2 ICOBS 6.2 Would you be able to provide evidence of the facts behind the statements within the promotion? Is the promotion suitable for the target audience? TCF 2 Is the language used, product advertised etc suitable for the people being targetted by the promotion. E.g. Travel Insurance being advertised within a Travel Agent. Who is the target audience?: Where will the Document be used? TCF 2 Will it be published in a magazine, online, on a flyer, used internally etc Is the language used clear, fair and not misleading? TCF 3 TCF 5 ICOBS Is the content jargon free, or have any jargon phrases been explained and cross referenced? If the premium is shown does is it clear that it includes Insurance Premium Tax? TCF 3 This can be an asterisk that states including IPT Where applicable is it clear that prices are inclusive of VAT and is your VAT number clearly shown? TCF 3 This can be placed in the footed of the document Where applicable is it clear that statements are subject to Terms and Conditions? TCF 5 For example within a SMART insurance product dents and chips will be covered up to a certain size. Therefore the promotion would state; "Repairs to Dents and Chips covered (subject to Terms and Conditions) By completing the below, I confirm that all required elements have been completed. I understand that ITC Compliance have a 5 day SLA, from the date of submission, to review this document and return with any amendments that may be required. Please send this form, along with the document to be authorised to complianceteam@itccompliance.co.uk Signed: Date: FP Submission Checklist V0.1 91

92 Appendix 2: Example Balanced Scorecard Financial Perspective Goals & Measures* erspective (TCF) Goals & Measures* Internal Business Perspective Goals & Measures * Innovation & Learning Perspective Goals & Measures * 92

93 Appendix 3: Complaint Reporting Form 93

94 Appendix 4: Example Financial Promotions Register This document is available on the ITC Compliance Website, within the Documents Section 94

95 ITC Compliance Network Member Policies & Procedures Manual v0.9 Appendix 5: Example Call Monitoring Check-Sheet Last Spreadsheet Update: 28/05/2014 Call Monitor Name Monitored Date File Name Date of Sale Call Upload Date Call Duration Customer Title Customer Forename Customer Surname Company ID Company Name Sales Agent Name Sales Agent User ID Was the sales agent trained at the point of sale? Type of Sale Advised General Requirements / Abbreviated Distance Marketing Information Additional Notes Received Maximum Penalties Failure Rules Marks Did the sales agent provide their name and details of their link with the firm? No Did the sales agent inform the customer that calls are monitored for training and monitoring purposes? No The sales agent failed to provide the customer with adequate information about themselves and their link with the firm, please ensure the customer is given the sales agent's name and link with the firm in all future calls. 0 / 2 ICOBS The sales agent failed to let the customer know that calls are recorded, it is important for the customer to know this as they are allowed to terminate the call if they do not want to be recorded. 0 / 2 TCF Outcome 3 Was the customer informed that Travel Insurance is regulated by the Financial Conduct Authority? Did the customer consent to the abbreviated script being read? (If no, was the full disclosure read?) Was the customer informed of the firm's regulatory status? Did the sales agent offer the customer details of how to verify the firm's regulatory status? If they requested these details, was the customer correctly informed of how to verify the regulatory status of the firm? Scope of Service Did the sales agent make the customer aware that they are able to provide advice and recommend products based on the customer's needs? Were the sales agent's recommendations suitable for the customer's demands and needs? No No No No No No No The sales agent failed to inform the customer that General Insurance is regulated by the FCA, please ensure this is done in all future calls. 0 / 2 ICOBS (2) Please refer to the notes section at the bottom of the page for details of why this question was answered 'No'. 0 / 2 ICOBS The sales agent failed to tell the customer about the firm's regulatory status, please ensure this is done in all future calls. 0 / 2 ICOBS (2) The sales agent failed to offer the customer details on how to verify their regulatory status, please ensure this is done in all future calls. 0 / 2 ICOBS (2) The sales agent failed to give the customer all of the correct information on how to verify the firm's regulatory status. Please make sure the customer is correctly informed in all future calls. 0 / 2 ICOBS (2) Additional Notes The sales agent failed to tell the customer that they would be receiving advice and recommendations. 0 / 3 ICOBS The sales agent's recommendations did not suit the customer's demands and needs; it is imperative that only suitable products are recommended to the customer. 0 / % ICOBS

96 ITC Compliance Network Member Policies & Procedures Manual v0.9 Features, Benefits and Exclusions Additional Notes Did the sales agent provide the customer with an adequate amount of features and benefits? Was the customer provided with an adequate amount of exclusions? Was the customer told that the maximum total claim limit would be the amount the customer paid for their vehicle and that a 1,000 cover limit applies to each individual claim? Price Disclosure and Other Charges Did the sales agent provide the customer with details of any other charges that may be payable other than premium monies, or the lack thereof? No No No No The sales agent failed to provide the customer with a sufficient amount of features and benefits, please make sure this is not done in future calls. 0 / % ICOBS The customer was not provided with an adequate amount of exclusions, please make sure this is not done in future calls. 0 / % ICOBS The customer was not informed of the total and individual cover limits; please make sure these are mentioned in future calls. 0 / % ICOBS Additional Notes The sales agent failed to mention any additional charges that may be payable or the lack thereof, please ensure this is done in all future calls. 0 / 2 ICOBS 3 Annex 3 (3) If the policy was bought by a consumer in connection with other goods or services did the firm disclose the premium separately from any other prices? No Please ensure that the price of insurance is provided seperately to other goods for all future sales 0 / 3 ICOBS When the customer was presented with the price of the insurance were they informed that IPT was included? Was the customer offered both the monthly and annual payment options? Eligibility Questions Were the following questions asked: Is the vehicle to be used within the restrictions placed on it by the policies available (e.g. no racing, rallying, commercial uses, etc)? Is the vehicle eligible for cover (make, age, mileage, etc)? Is the customer likely to keep the vehicle long enough to benefit from any policies sold? Does the customer satisfy policy residency requirements (e.g. resident of the UK, Channel Island, Isle of Man or EU if applicable)? Does the customer hold any insurance policy, which may already provide suitable cover? (If yes please note below e.g. rescue recovery, which may be covered within a warranty policy, replacement new vehicle which may be covered in year one/two of a comprehensive motor insurance policy). No No No No No No No The sales agent failed to tell the customer that the price was inclusive of IPT, please ensure this is done in all future calls. 0 / 3 ICOBS 3 Annex 3 (3) The sales agent failed to offer the customer the monthly and annual payment options, please make sure these are both offered in future calls. 0 / 3 TCF Outcome 2 Additional Notes The sales agent either failed to ask this question correctly or did not obtain an adequate response from the customer; please ensure these questions are asked and answered adequately in all future calls. 0 / % ICOBS (4) The sales agent either failed to ask this question correctly or did not obtain an adequate response from the customer; please ensure these questions are asked and answered adequately in all future calls. 0 / % ICOBS (4) The sales agent either failed to ask this question correctly or did not obtain an adequate response from the customer; please ensure these questions are asked and answered adequately in all future calls. 0 / % ICOBS (4) The sales agent either failed to ask this question correctly or did not obtain an adequate response from the customer; please ensure these questions are asked and answered adequately in all future calls. 0 / % ICOBS (4) The sales agent either failed to ask this question correctly or did not obtain an adequate response from the customer; please ensure these questions are asked and answered adequately in all future calls. 0 / % ICOBS (4) 96

97 ITC Compliance Network Member Policies & Procedures Manual v0.9 If your vehicle were to develop a mechanical defect would you prefer a third party to pay for the repair, including parts and labour? (Subject to a maximum specified claim limit, terms and conditions) Based on the answers they provided throughout the call was the customer eligible for the policy they purchased? Pre-Contract Information Did the sales agent read one of the following (based on the payment option selected): No No The sales agent either failed to ask this question correctly or did not obtain an adequate response from the customer; please ensure these questions are asked and answered adequately in all future calls. 0 / % ICOBS (4) The customer was not eligible for the policy they purchased; it is imperative that in future calls the sales agent ensures the customer is only offered products of which they are eligible to claim on. 0 / % ICOBS (1) Additional Notes Premium Credit You will receive in the post two sets of documents; one will be from us, which will be your policy documents, the other will be confirmation of your direct debit arrangement with a company called Premium Credit. Premium credit will provide you with two copies of the agreement, in which they will ask you to sign one and return it to them. We do recommend that you do this but if you do not sign and return it to them, the policy and direct debit will still be in place. Once you have received your policy documents, you have 14 days in which to cancel the policy unless you make a claim, however if you do cancel the policy after 14 days it will leave an outstanding balance that will need to be settled. The payments will show on your statement as payment to World of Warranty Ltd. Credit Card/Debit Card You will receive your policy documents in the post in the next 3-5 Working days. Once you have received your policy documents, you have 14 days in which to cancel the policy unless you make a claim. We will also send you a copy of our FCA Initial Disclosure Document together with a copy of the questions we have gone through today. It is very important that when you receive this documentation that you check it to ensure that you are eligible for any policy you decide to purchase and that you are happy with the levels of cover. You will receive your documents in the post in the next 3 to 5 working days. Consent No No The sales agent failed to read these declarations to the customer; please make sure they are read in all future calls. 0 / % ICOBS The sales agent failed to read this declaration to the customer; please make sure it is read in all future calls. 0 / % ICOBS Additional Notes Did the customer give their explicit consent for the policy to be set up? No The sales agent failed to gain the customer's explicit consent to set up the policy, this is extremely important and must be done in all future calls. 0 / % ICOBS / 70 Total. Results Failure Rules Results Questions Answered 26 Number of ICOBS Failures 24 Additional Penalty: Positive Answers 0 Number of TCF Failures 2 Negative Answers 26 Number of PI Failures 0 Percentage Achieved 0% Number of Non-regulated Failures 0 The Call Monitoring Check-Sheet will also include remedial actions that ITC Compliance require you to undertake. These will be noted within the document, underneath the check list. The remedial actions will depend on the specific areas failed within the call. 97

98 ITC Compliance Network Member Policies & Procedures Manual v0.9 Appendix 6: Potential Conflict of Interest Form This document is available on the ITC Compliance Website, within the Documents Section Date Conflict of Interest Discovered Identified by Details of the Conflict Action required (ITC Compliance use) Logged on Conflicts of Interest register by; Date 98

99 ITC Compliance Network Member Policies & Procedures Manual v0.9 Appendix 7: Conflict of Interest Self Assessment Form This document is available on the ITC Compliance Website, within the Documents Section How to use this Conflict of Interest Self Assessment Form: You should review the form and read each issue and if any of the issues are identified as occurring within your firm, you should put a tick in the tick box. The form will then help identify potential conflicts of interest affecting your firm and state the procedures you must adopt to help manage and mitigate the conflict. Issue Potential conflict of Interest Tick Box Typical procedures to manage the potential conflict Preferential commission rates from a particular insurer Profit share arrangements with a particular insurer Volume overrides arrangements with a particular insurer Are sales staff placing business with that insurer without considering the needs of the customer? Are sales staff placing business with that insurer without considering the needs of the customer? Are sales staff placing business with that insurer without considering the needs of the customer? Commission across the panel arranged so that no one insurer has appreciably different commission deals for the same product. Disclosure document includes the basis and criteria for selecting insurers for particular products and for effective monitoring of placements. Profit share arrangements not disclosed to sales staff. Disclosure document includes the basis and criteria for selecting insurers for particular products and for effective monitoring of placements. No direction/instructions from senior management where to place business, if this is likely to result in customer detriment. Volume override arrangements not disclosed to sales staff. Disclosure document includes the basis and criteria for selecting insurers for particular products and for effective monitoring of placements. 99

100 ITC Compliance Network Member Policies & Procedures Manual v0.9 Sales staff remuneration based on sales targets Delegated claims handling Hospitality and Gifts (Inducements) Relationships or financial interests with insurers or other third parties with whom we deal Conflicts between customers when acting for both Staff members or member of their immediate family has an interest in an outside entity Undertaking a tender exercise to select supplier or product Are incentive payments or competitions made to sales staff to complete insurance sales without considering the needs of the customer? Are you acting for the insurer when the customer reasonably believes that you are acting for them? Have significant hospitality and gifts influenced the fair treatment of customers? Has business been placed with a particular insurer or have other contracts entered into without consideration of the customer s best interest? Are you acting for competing customers, affecting your ability to treat both fairly? Is the interest substantial enough for it to be perceived to affect their judgement with respect to transactions between the Network Member/ITC and that entity i.e. a material interest exists? Has the supplier or product provider been appointed without considering the impact on 100 Robust management controls in place to ensure that customers have been treated fairly including; rewards that take into account quality as well as quantity such as the incidence of upheld complaints, adherence to procedures and findings from internal monitoring. Appraisal and development arrangements including TCF and quality considerations. Disclosure documents include details. Claims handling procedures to include Treating Customers Fairly principles. Policy and procedures for the registration and approval of hospitality and gifts. A register maintained of all such arrangements. Disclosure document includes the basis and criteria for selecting insurers for particular products. Disclose conflict and obtain agreement to proceed for both parties. Set up Chinese Walls segregation of duties information barriers so that each customer is treated fairly and as if the other was not present. Staff members with a material interest in any service provider, insurer or product provider must declare this interest to HR. If the AR Network member cannot manage a conflict adequately, it will disclose this to the client, before undertaking any business for that client. Before undertaking any tender exercise the proposed tender process needs to be signed off by a Project Sponsor/appropriate Senior Management in advance of issuing to

101 ITC Compliance Network Member Policies & Procedures Manual v0.9 provider customers? the invited tender participants. Proposals/recommendations resulting from any tender process are signed off in advance of any final ratification and communication to tender participants. Close personal relationships Will the relationship potentially result in some form of influence, either positive or negative, on another employee or business process? Staff members should disclose any personal relationships that may result in any form of influence on another staff member. Line management to ensure that roles, responsibilities and team structures are reviewed to minimise or avoid any potential conflicts arising from staff relationships. 101

102 ITC Compliance Network Member Policies & Procedures Manual v0.9 Appendix 8: Gifts & Hospitality Approval Form This document is available on the ITC Compliance Website, within the Documents Section Gifts & Hospitality Approval Form Gift/Hospitality Description: Received by Name & Dept: Reason for Gift/Hospitality: Given by Name & Company: Date: Value - please provide breakdown and any supporting evidence e.g. website link Name Signature applicant: & of Name Date Signed I confirm I am satisfied that this meets the Gifts & Hospitality Policy and there are no identified Conflicts of Interest Approval Name & Position Date Signed 102

103 Appendix 9: Example Gifts and Hospitality Register This register is available to download from the ITC Compliance Website, within the Documents section. 103

104 Appendix 10: Impact Score Scale All of the columns will be considered when making a judgement. Where different columns give different ratings for the same risk, a balanced judgement will be made of the overall impact. The impact will be considered without taking into account any controls or mitigation set up. It will also be noted that the impact score is different to the impact score used in the Risk Appetite. Factors influencing Impact Score Rating Customer Service (TCF Risk) 1 Insignificant Customers not impacted or aware of the problem 2 Minor Some customers aware but the impact is negligible. or affects less than 25 customers 3 Moderate Customers aware and results in temporary loss of service or affects more than 25 but less than 50 customers Reputational Risk Very high reputation Routine sniping in the media. Routine criticism from trade bodies, e.g. SAIF Critical article in media Regulatory Risk Regulator recognises high compliance standards Adverse verbal and written comments from the regulator but no regulatory fine Regulatory action with the potential of a small fine Legal Risk People Risk Criminal Risk Approx. Direct Loss (e.g. ex gratia, fine, compensation) Based on percentage of income No threat of legal action Threat of legal action but unlikely to succeed Threat of legal action with probable settlement out of court No effect Potential for minor injury or key man or team to leave. Injury requiring hospital treatment for more than one member of staff or minor scale down sizing High standard publically recognised Unsuccessful fraud. System breach unsuccessful Physical or System penetration attained but not successful Under 1% of income 1% of income 10% of income 4 Major Significant A negative Regulatory Legal action Significant Police 25% of income 104

105 number of customers aware of the problems and encounter some inconvenience or affects more than 50 but less than 100 customers story in industry action with a potential fine between 1,000 and 50,000 or enforcement investigation brought against the Network Member with limited opportunity for settlement injuries or significant downsizing or key man or key team have left investigation launched. Systems may be compromised 5 Catastrophic Most customers suffer a major inconvenience or affects more than 100 customers or loss of cover where the Network Member are liable Negative story in media / regulatory website resulting in loss of public confidence Regulatory action with a significant threat of a fine of more than 50,000 or enforcement action. Legal action brought against the Network Member for significant violation and likely to succeed Major effect on staff lives or wide scale downsizing or key man or key team have left taking significant business with them Major successful fraud against the Network Member. Systems totally compromised more than 25% of income 105

106 This is the likelihood of the identified risk taking place. Appendix 11: Likelihood Score Scale Factors influencing Likelihood Score Rating Likelihood of occurrence Example of percentage Example of frequency 1 Rare Not expected to occur for years Less than 1% chance of Negligible, may occur only in occurring exceptional circumstances 2 Unlikely Once every 2 years 1% to 10% chance of occurring Unlikely to occur at some time 3 Often Once every annually 11% to 51% chance of occurring Should occur at some time 4 Likely Likely to occur monthly 51 to 80% chance of occurring Probably occur at some time 5 Expected Expected to occur weekly More than 80% chance of Will occur occurring 106

107 Appendix 12: Exposure / Control Score Scale Rating Factors influencing exposure / control score Control Procedures / Control Definition Tests Effectiveness Business Change Control Design Contingency External Mitigation 1 Minor Well designed and documented controls that have been thoroughly tested 2 Limited Controls are well designed, but a few limited exceptions are evident 3 Medium Number of exceptions have occurred indicating limited design or insufficient management supervision 4 Significant Primary control failures are occurring and secondary controls are not detecting failures Procedures have been reviewed and tested in the last 12 months Procedures covering all areas and some parts of the procedures were reviewed in the last 12 months Procedures covering most key areas Some testing Little testing Some key areas not covered in procedures Testing thoroughly for all problems Management support but use by staff varies No adherence No Management or staff Support Limited change to update existing processes Some changes to the business due in the next 6 months New project about to be implemented Fundamental business change which will lead to significant changes to working Detailed roles and responsibilities. Automated controls Clear roles and responsibilities for most functions Mostly automated controls Most jobs defined Automated and manual controls Most controls are manual and detective not preventive Plans mean that work can continue with no interruption Full recovery within 24 hours Full recovery within 5 days Plan not tested or little detail Risk fully transferred to third party with no residual exposure Risk largely transferred to third party Risk partly transferred to third party Minimal risk transfer 107

108 5 Major Controls are very weak or no controls Few or no procedures Staff not aware of control and no support practices Rapid change and uncertainty No control levels No plan in place No risk transfer 108

109 Absolute Risk Score Impact X Likelihood The risk is calculated by the following calculation: 1. Scoring risks for potential impact and likelihood, to derive the inherent level of risk (impact score x likelihood score = inherent score). The inherent score excludes any mitigation or internal controls i.e. gross risk 2. Scoring risks for the exposure / control (identifying and assessing the level of mitigation controls currently in place) 3. Producing an overall risk assessment of either an A, B, C or D risk using the table below. The example register on the following page gives a clearer example of how the scoring is derived. EXPOSURE / CONTROL SCORE >10 C B B A A 8-10 C C B B A 5-7 C C C B B 3-4 D C C C B 0-2 D D C C C 109

110 Primary Risk Type Overall Absolute Score Exposure Likelihood Impact Current Ranking Previous Ranking Strategic Regulatory Appendix 13: Example Risk Register This register is available to download from the ITC Compliance Website, within the Documents section. Date of last review by Risk Register Owner: xx June 20xx Risk Register Owner: Risk Appetite:e.g. Balanced Risk Description Impact Comments Likelihood Comments Control Comments Action / Current Status / KRIs 1 1 Commercial Objectives Not hitting targets Not meeting budget Loss of key/platinum accounts Cash flow, redundancy Is happening currently Close monitoring of targets and budget Management meets monthly to update progress, with compliance attendance. Monthly business review A KRI Measures: Staff Reduction Costs reduction Training emphasis Insurance manager input New product reviews Achieving regulatory obligations Client contact Loss of Reputation Regulatory visit expected August xxxx Extra resource allocated in preparation C Plan in place for with Directors oversight

111 Appendix 14: Example Business Continuity Plan An editable version of this document will be available to download from the ITC Compliance Website, within the documents section. Business Continuity Plan A major risk to Firm A is business continuity or disaster recovery. A Business Continuity (Recovery) Plan has been created as detailed below in order to manage the associated risks. Introduction Business Continuity Overview It is Firm A s policy that the Company s Business Continuity Plan is complete, effective and upto-date. This plan will provide valuable information in the event of a disaster/incident and will provide the basis for ensuring that any recovery operation can be achieved as smoothly and as efficiently as possible. Senior Members of Firm A staff will form an Emergency Management Team (EMT), which will provide management level support to facilitate a speedy and effective disaster recovery. The Emergency Management Team will initiate contact with all staff by way of the call cascade list. The EMT members are responsible for ensuring they have access to the list outside of the normal working environment. The Finance Dept, as part of the HR function, are responsible for maintaining the accuracy of the list and providing copies to the EMT members. The CEO and/or a Director will decide whether to activate the Company s plan based on information received from the Emergency Management Team. The Emergency Management Team are defined within the companies Organisation Chart. Policy There are three main areas of business recovery that need to be considered for the Company. These include:- access to building denied loss of network server telephone systems unavailable This plan is to be used by the Company in the event of a disaster rendering building, telephone or computing facilities unusable for a significant period of time. Overall Business Impact: Some disruptions would be inevitable but the amount depends on the nature and extent of the disaster. Depending on the nature of the disaster, staff may be required to perform duties relating to other business functions. This is permitted under their contracts of employment. 111

112 Precautionary Measures Storage of Critical Information Paper-Based A copy of this plan and Firm A s policies will be retained at our secondary location. Workgroup Server Based All business critical data is currently backed up. Off site servers are backed up fortnightly. These store Firm A s main critical functions of website and admin system. Data on laptops and mobile phones Data stored on mobile equipment will be adequately and securely protected through passwords or other security methods. Requirements For Firm A Requirements In the event of a major disaster rendering the host building unusable for an extended period of time, Firm A requires access to a temporary work area and would require the resources detailed below. Staff The Emergency Management Team will decide on the number of staff required in relation to: the disaster faced the anticipated timescale to return to full functionality at the appropriate premises Facilities Based on the above, consideration will need to be given to: desks chairs computers (including printers and peripherals) telephones stationary and broadband access photocopier postal facilities fax machine 112

113 Telephones can only be diverted to one specific phone number Team Structure The structure of the Emergency Management Team is contained within the Organisation Structure Chart. Nominee replacements for EMT members are detailed below: Name Mr X Ms Y Mr Z Ms A Replacement Mr B Ms C Mr D Mr E Responsibilities Emergency Management Team: to decide to invoke the recovery procedures and to what extent they are to be followed. to act as single point of contact for staff during the recovery effort. to liaise with any external stakeholders, including emergency services, with regards to recovery requirements and recovery updates. maintain overall management of the recovery teams and the recovery effort. to ensure that all their teams' functions have been accounted for and either recovered or suspended. to co-ordinate the efforts of their team members and to keep them informed of progress. to ensure that contact is made with all team members working off site, on holiday or absent through sickness. Response - During Normal Working Hours Initiate Evacuation Procedures If Appropriate evacuate all personnel in an orderly manner and assemble outside, including clients attending meetings. fire marshals to ensure that all departmental staff are out of the building. if possible, request staff to remove important documentation from their work area. Notify Staff Members Each Emergency Team Member will notify all team members of the situation and issue a contact number for them. A complete copy of all the team members' home phone numbers or mobile numbers will be retained by each EMT member. This is the call cascade list. 113

114 Situation Assessment It may be some time before the full extent of the disaster is known. During this time the Emergency Management Team will assemble to initially appraise the situation and begin to consider whether to invoke the recovery procedures. Out of Normal Working Hours Initial Contact The initial contact out of normal working hours will be the Emergency Management Team who will be apprised of the situation. Form Emergency Team The Emergency Management Team member contacted, depending upon the information received, will decide whether to gather the Emergency Management Team. It will be discussed with at least one other Emergency Management Team member, before a decision is made. If access to the normal place of work is impractical, the Emergency Management Team will convene at the secondary location, to use as an Emergency Command Centre: Emergency Process As each emergency scenario can be different, the below is intended as a guide to EMT to ensure all relevant points are considered. This section details the actions that may be required following invocation of this BCP. Actions Required on Day One of the Recovery 1) Compile a list of any missing persons and known casualties. Ensure that the list includes both members of staff and visitors. 2) Contact the Emergency Services to pass on any list of missing persons and receive information on casualties. 3) Contact the IT representative on the EMT to advise them of the situation and to request assistance for IT and other infrastructure issues, and to invoke recovery space at the secondary location and home working. 4) Contact the families and next-of-kin of affected staff. 5) Verify: a) Emergency security at the Primary Location if the site has sustained structural damage. If necessary, work with the landlord to ensure that the site is made safe and secure. Consider additional security personnel if required. b) When entry to the site will be allowed, if access has been denied. 6) Confirm that access to recovery space at the secondary location is available and that those allocated as home workers are notified. 7) Assemble the EMT at the Emergency Command Centre (ECC), the secondary location. 114

115 8) Establish and staff a Co-ordination Point near to the Primary Location site. Notify the Emergency Services of the Co-ordination Point location. 9) Direct business visitors to the Co-ordination Point, if appropriate. 10) Complete an interim business impact assessment. 11) Consider: a) Impact on the ability to provide services normally undertaken at these offices. b) Impact on the ability to undertake other activities such as IT development etc. c) Loss of assets. d) Direct costs. 12) Which losses will be sustained if the BCP is not invoked? 13) Decide whether to continue BCP invocation. If the BCP is not to be invoked then resolve any problems and implement stand-down procedure. Otherwise, continue with the planned response. 14) Contact all members of staff and provide immediate instructions. Consider the following: a) Provide the minimum information to initiate the response and explain the current situation. b) Verify specific Emergency Response tasks. c) Identify any business-critical activities that should receive priority. d) Confirm staff members immediate contact details. e) Give notice of the staff briefing time and place. 15) Instruct those staff that are immediately required to work from home 16) Provide emergency cash to staff involved in the recovery. 17) Instruct staff that are not required to remain at home and in contact. 18) Clearly state the need for secrecy pending a formal press release. 19) Inform third party contacts of the disruption affecting Firm A s operations and the recovery action being taken. Consider the following points: a) Wherever possible, send standard broadcast fax; otherwise, explain circumstances verbally using the latest approved statement. b) Ask contacts not to call back and explain that they will be notified of events that affect them. 20) Contact relevant banks if electronic payments are pending, informing them of the disruption affecting Firm A and the recovery action being taken. Discuss any appropriate actions and advise of interim working arrangements. 21) Verify with IT, voice line redirection, message content and call routing / handling to EMT mobiles 22) Redirect postal mail 115

116 23) Record details of damage to the building using a still or video camera. These pictures will be required for insurance purposes and damage must be recorded before the salvage and clean-up operations begin. 24) Verify that the landlord has been advised 25) Compile list and obtain readily available consumables (retaining receipts) that may be required including: a) Stationary b) Desks c) Chairs d) Computers (including printers and peripherals) e) Telephones f) and broadband access g) Photocopier h) Postal facilities i) Fax machine 26) Consider ability to notify Third Parties via website or other media if remotely accessible 27) Consider notifying relevant suppliers detailed in supplier contact list for both the Primary Location and the secondary location. Actions Required by Day Two of the Recovery 1) Review key priorities in current recovery site workload. 2) Arrange trauma counselling for affected staff if this is felt to be appropriate. 3) Conduct a briefing for all members of staff, both at the recovery site and elsewhere, covering the following: a) Internal press release, résumé of events and status. b) PR issues. c) Damage and impact assessment. d) Salvage status. e) Recovery strategy. f) Operating recovery targets. g) Roles and responsibilities. h) Department reporting and problem escalation guidelines. i) Voice, internet and fax communications availability and usage. j) Progress reporting. 4) Assess the need for extra staff or shift work to address any backlogs and any urgent tasks at the recovery site 5) Resume accounts ledger activities at the recovery site 6) Help-desk activities should resume 7) Staff should begin to re-create lost or corrupted system data and paper-based work-in-progress. 116

117 8) Establish when access to the Primary Location will be allowed. If so, try to determine: a) What can be salvaged and its condition. b) What has been irretrievably lost or destroyed. c) What is intact, but inaccessible? d) Infrastructure damage and access availability. e) Expected rebuild time frames. f) Location for reconstruction activities. 9) Liaise with key Network Members to ensure that they are kept aware of the incident. 10) Arrange a meeting to establish insurance and reconstruction responsibilities Actions Required by Day Five of the Recovery Longer-Term Actions 1) Monitor staff morale and confidence in employment continuity 2) Staff at the recovery site should continue re-creation of lost or corrupted system data and paper-based work-in-progress 3) Compile and submit insurance claims. Co-ordinate activities of loss adjusters / assessors. 4) If necessary, begin reconstruction of damaged or destroyed documents. 1) In conjunction with staff, begin to develop a long-term business recovery plan. 2) Decide if a refit of the site is viable. If the damaged site will not become habitable within one month, meet with property agents to identify a suitable alternative site. Otherwise, authorise reconstruction and refit of the site in conjunction with landlord/insurers. 3) If necessary, search for local office space for short-term rental. 4) Review progress on the long-term site in conjunction with infrastructure staff, in particular: a) Construction and / or refurbishment. b) Design of floor layout(s). c) Plans for occupancy of the site. d) Procedures for security, cleaning, post and other services. e) Time frame for business transfer to the site. f) Emergency procedures. g) Procurement, installation, commissioning and testing of replacement computer systems. 5) Prepare a staff briefing note on the new site. Include: a) The level of equipment and facilities available. b) Site layout plans. 117

118 Final Actions c) Directions to the site. d) The date of transfer of operations. e) The expected length of stay. f) Special arrangements regarding transport of staff. g) Altered working arrangements for staff. h) Recompense for disruption of work patterns. i) Liaise with IT over systems as well as voice and data transfer to the new site. 6) Review timescales for occupation of the new site. 7) Resume normal operations from the new site. 1) Retrieve and review copies of Incident Logs and meeting notes. Identify: a) Exceptional performance. b) Sources of delay or inefficiency. c) Errors or inappropriate responses. d) Actual timescales for activity completion. 2) Hold a post-incident review meeting and quantify the cost of the incident in terms of: a) Lost information. b) Additional resource requirements. c) Missed opportunity. d) Inability to provide services and products internally and to customers. e) Fines, charges, compensation and penalties. f) Loss of staff and assets. g) Additional cost of working. 3) Update the BCP, if necessary 4) Update internal operating and emergency procedures Throughout the Recovery 1) Maintain the Incident Log 2) Maintain notes of meeting decisions 3) Maintain contact with all members of staff 4) Respond to requests for information 5) Inform them of changes in strategy 6) Inform them of notable occurrences that may affect priorities. 7) At regular intervals: a) Review recovery progress against target timescales. b) Assess recovery progress section 8) Prepare updates for all members of staff. Include the following: 118

119 a) Incident status and recovery progress. b) Objectives and deadlines. c) Individual objectives, roles and responsibilities. d) Specific instructions. e) Handling personal problems caused by, or contributed to by the incident. f) Security issues. g) Current statements for handling incoming calls. 9) Liaise with senior management regarding all expenditure decisions. 10) Maintain regular contact with the Primary Location and with key third parties. 11) Ensure the prompt submission of any insurance claims. 12) Check salvage status - availability of paper-based records and extent of information lost. 13) Assess the well-being of staff and identify need for professional support. 14) Consider either buying a shredder or calling on a shredding company to dispose of confidential waste. Contact Directory Emergency Services Contact List Service Contact Police 999 Local Contact 101 Fire 999 Ambulance 999 Hospitals 1 Hospital Road, AB1 2CD Hospital Close, CD1 3EF

120 Appendix 15: Example Telephone Cascade List An editable version of this document can be downloaded from the ITC Compliance Website, within the documents section. This should be completed to ensure that all staff receive notification in the event of the Business Continuity Plan is invoked. 120

121 Appendix 16: Business Continuity Plan Test Scenarios Scenario 1 Pandemic Flu A flu pandemic has hit the UK and is being reported on national and local news, with high levels of sickness in large cities. Week 1 Staff absence is higher than usual and many staff members are complaining of feeling unwell throughout the work day. Week 2 Staff absence has now moved to around 20% and 2 large firms have advised that they have stopped operating for the foreseeable future due to the pandemic. Week 3 The local council has closed all schools in the area due to staff shortages and to stop the spread of the illness. 50% of staff members with children have advised they will be staying at home to care for either sick children or due to the school closure as they have no other child care options. Week 4 Staff absence is now approaching 40% due to the pandemic. 2 absent staff members are seriously ill and in hospital. Local news outlets have caught wind of this and have asked for comment on the situation. Week 6 The pandemic has started to ease and staff absence has now reduced to 10%. However key members of staff still remain off work due to illness. Week 8 The pandemic is now close to being over and staff absence levels have returned to normal for the time of year. Scenario 2 Office Fire A disgruntled ex-employee has thrown a brick through the staff room window and has started a fire in the early hours of the morning. The fire spreads to the IT department and continues to damage the ground floor of the office until the fire brigade arrives just before 7am. Day 1 7am The fire brigade has stopped the fire spreading any further and is close to putting the fire out. Employees start arriving to work by this time. Day 1 9am The fire brigade has extinguished the fire and declared the office unsafe for at least the next 72 hours while they investigate the arson and inspect the safety of the building. The car park is now full of employees, employees from nearby offices have also come over to see what is happening and local news has just arrived and is looking for comment on the situation. Day 2 The fire brigade has completed their investigation and inspection of the office. The good news is the perpetrator has been apprehended by local police. The bad news is they have advised that the building cannot be used until the staff and IT room have been repaired which could take up to 7 working days. It is unclear the extent of the damage to the IT room and ecommerce hardware. Day 7 The office has been repaired and the fire brigade has declared it safe. Some employees are cautious about returning to the office due to the events. 121

122 Appendix 17: Form D Application number (for FCA/PRA use only) The FCA and PRA have produced notes which will assist both the applicant and the approved person in answering the questions in this form. Please read these notes, which are available on the FCA and PRA s website at: Both the applicant and the approved person will be treated by the FCA and PRA as having taken these notes into consideration when completing their answers to the questions in this form. Form D Notification of changes in personal information or application details FCA Handbook Reference: SUP 10A Annex 7R PRA Handbook Reference: SUP 10B Annex 7R 1 April 2013 Name of individual (to be completed by applicant) Name of firm (as entered in 2.01) Financial Conduct Authority 122