Limited Time Special Offer 10% Off

discounted compliance project fca aml audit assess

Special Limited time offer FCA PRA authorisation application project

Just Quote The Coupon Code Below Whenever You Contact Us For FCA Authorisation, AML Audit, Regulatory Rules Mapping, Governance Review or Any FCA/PRA Regulatory Governance, Risk or Compliance (GRC) Project For Financial Services In The UK.

Only until 30th April 2018 Or For Maximum 15 Applications

Act Now, Our Allocations Are Filling Up Fast!

(subject to terms and conditions*)


+44 (0)20 3815 7939


Please use the relevant code when you Telephone or Email.

If You Found Us Via Google – “GGL10CC

If You Found Us Via Bing – “BING10CC

If You Found Us Via LinkedIn – “LINK10CC

*<new enquiries only from 11/2/18 – Deposit of £2,000 or 50% required. Typical Costs between £3,000 and £7,800>

fca authorisation quality cost-effective professional
FCA Authorisation Quality Submission Category: Excellent


Keywords: Fca Aifm Authorisation, Fca Authorisation, Fca Authorisation Advice, Fca Authorisation Aifmd, Fca Authorisation Application, Fca Authorisation Assistance, Fca Authorisation Check, Fca Authorisation Checklist, Fca Authorisation Consultants, Fca Authorisation For Firms, Fca Authorisation Individuals, Fca Authorisation Payment Institution, Fca Authorisation Process, Fca Authorisation Services, Fca Authorisation Uk, Fca Full Authorisation Application, How Long Does Fca Authorisation Take, Obtaining Fca Authorisation

GDPR and Financial Advisers: Establishing the right processes

compliance-consultant-ifa-suitability-check-how to check suitability

The key point to processing personal data with GDPR on individuals is it must be justifiable to do so.

There will need to be controls in position, part of GDPR’s central tenet of ‘privacy by design’ is to justify the use of the personal data and to process it as necessary.

Subject access requests must be abided by, so it is imperative to draw up how these will be done. In theory, they are not too challenging but engaging an independent firm to ensure that you have the right procedures in position ahead of time will ensure the correct personal data is provided to the requesting data subject in a timely fashion.

If there is no justification for processing the personal data, then it should be deleted. Firms will should carefully consider the process to enact this, since removing justifiably processed personal data, or preserving personal data that should be deleted, could bring about issues in the future. Decisions will want to be taken at a policy level to decide what embodies justifiable reasons to processing personal data, and who is responsible to take decisions if situations arise outside the normal.

There are a variety of regulations facing UK financial advice firms at present and it is easy to see why many have reached the conclusion there is something of a regulatory overload facing the industry at present. This only renders it even more important that firms put in the time to understand what each piece of regulation means to them.

Other than the Data Protection Act 1998 itself, the GDPR does not usurp other pieces of legislation, such as MiFID II. They do not contradict each other and the sub-clauses in each article of the GDPR lay out the caveats.

Again, this comes back to justifiable processing of data. If data must be retained under another regulation such as MiFID II, then this need actually then justifies the processing of the personal data and, effectively, will theoretically override the need to delete the personal data under the GDPR. Making the effort to understand the nuances is extremely important and paints a much clearer picture of what firms will want to do.

Rights Of The Individual
It is also crucial to understand the rights of the individuals whose personal data is being processed. They have the right to request access to their personal data and the right to request that it is erased. Formulating a program to take care of their rights will offer a more effective indication of what data firms should and should not be processing.

Not every request to be forgotten needs to be satisfied, there are circumstances under which the firm has rights to retain the personal data. Understanding where and when this applies will go a very long way to ensuring compliance with aspects relating to data retention and how you can respond to such requests for erasure.

Finally, firms must fully understand what constitutes a breach, when that breach should be reported to the Information Commissioner’s Office and when that breach is sufficiently serious to get reported to data subjects, and when caveats apply that mean the breach may not need to be reported.

Identifying breaches is also an essential factor. Mapping out how breaches will be handled will help to avoid panic when they do. It must be presumed that breaches will occur so advice firms need to have responses set out for all staff to understand. How will the breach be handled and subsequently categorised? What data will be reported to whom? What are the time frames? Working these things out as they happen will not be easy and an independent consultancy can help you identify your blind spots.

Understanding the regulation and justifying processing data will prepare the backbone of a firm’s response to GDPR. Putting the correct processes in place will smooth the passage towards handling breaches and supplying the regulators, and possibly individuals, with the correct information at such times.

For the very first time, the GDPR will introduce special protection for children’s personal data, particularly in the context of commercial internet services which includes social networking. If your organisation offers internet services (‘information society services’) to children and relies upon consent to collect information about them, then you may need a parent or guardian’s consent in order to process their personal data lawfully. The GDPR sets the age when a child can give their own consent to this processing at 16 (although this may be lowered to a minimum of 13 in the UK). If a child is younger then you will need to get consent from a person holding ‘parental responsibility’.

This could have significant implications if your organisation offers online services to children and collects their personal data. Bear in mind that consent needs to be verifiable and that when collecting children’s data your privacy notice must be written in language that children will understand.

Call us on 0203 815 7939



Eu-wide General Data Protection Regulation, European General Data Protection Regulation, General Data Protection Regulation European Commission, General Data Protection Regulation Uk

Does the UK government’s new National Risk Assessment avert recognising important systemic weakness?

Are Their Important Changes That Weaken The UK NRA In Advance Of Brexit?

aml template policy procedures ctf money laundering

The UK’s original 2015 National Risk Assessment on Money Laundering and Terrorist Financing (NRA) presented an honest, if quite broad and superficial, idea of the ML and TF risks in the UK, in an attempt to ‘inform the efficient allocation of resources and mitigate those risks’.

This showed intelligence disparities, a shaky reaction to money laundering by law enforcement ‘for an extended period of time’ and weaknesses in supervision. These discoveries have shaped a variety of responses, featuring an Action Plan for anti-money laundering and counter-terrorist finance (AML/CTF) and an AML supervisory review. Further efforts to reform the UK’s Suspicious Activity Reports regime have also been advancing.

anti money laundering aml antimony kyc
Click This Link To Learn More

Behind much of this particular activity is the concealed hand of the Financial Action Task Force (FATF), the global standard-setter for AML/CTF, which will determine both the specialised compliance and effective application of the UK over the next six months before publishing its assessment in 2018.

By having this in mind, the British government published a modified NRA that lays out how the key ML and TF risks for the UK have modified since the previous edition, and the action taken since 2015 to address these risks.

While presenting some welcome learning (for example the sectoral adjustment of charities from ‘medium-high’ to ‘low’; the inclusion of capital markets ML risks; and the inclusion of the TF threat from Northern Ireland-related terrorism) and showcasing some notable legislative developments (in particular the Criminal Finances Act 2017 and the Money Laundering Regulations 2017), the NRA still overlooks some vital risks, particularly the ability of law enforcement to respond to the identified threats.

It is not clear, and indeed insufficiently delineated in the NRA itself, how this nuanced view of risks, that some services, in some circumstances, pose a high risk, can be exercised

The 2017 NRA has made a welcome attempt to focus more on activity that creates risks of money laundering, instead of taking a strict sectoral approach. In comparison to the 2015 NRA, the new document has chapters including accountancy, legal, and property/estate agency services, as opposed to the associated sectors (like accountancy services providers in 2015).

It also identifies that higher risks may emerge where these professional services correspond and that separate sectors can virtually offer the same services (such as company formation or use of client accounts).

fca operational risk management rules mapping handbookA distinction is drawn when comparing abuse of property itself and the provision of estate agency services. Nonetheless, the NRA stops short of analyzing these higher risk environments thoroughly. It thus seems inevitable that the risk ratings allocated to certain services, for example, accountancy services rated overall ‘high’ for money laundering, will be connected into customer risk models as a sectoral risk.

One remarkable element concerning this assessment is the downgrading of estate agents from medium to low risk given the sector has shown substandard awareness and compliance and is now tasked with due diligence on both sellers and buyers. The vulnerability posed by this sector is added to due to the difficulties HM Revenue and Customs (HMRC) face in supervising such a diverse sector. This regrading will seem obtuse to many and may reverse the efforts made to enforce greater compliance with ML regulations over recent years.

Money service businesses (MSBs) stand out from the NRA: in form, given that MSBs are not discussed with other financial services, but inserted between cash and non-profit organisations; and in substance, because the ML risks related to the MSB sector have been re-evaluated from medium to high.

The justifications for this adjustment include challenges for the sector’s effective supervision by HMRC; and several cases corroborating the view of law enforcement agencies that complicit MSBs are ‘a favoured and readily available money laundering vehicle for organised crime groups’.

The UK government will be evaluated mainly by FATF on whether or not it has the capacity to strengthen the MSB sector’s supervision in the UK in such a way in order to restore banks’ confidence in the sector.

Most importantly, the NRA recognises MSBs’ growing difficulties accessing banking services have even further reduced the transparency of the sector composition and operations.

The NRA refers to several of the government’s responses to these findings, including at the international level. However, as said above, the government will still be judged predominantly by FATF on whether it is able to strengthen the MSB sector’s supervision in the UK in such a way as to restore banks’ confidence in the sector. Ultimately, this will reduce the risk mitigation costs incurred by banks that provide services to MSBs.

A persistent theme through both NRAs is the importance and challenge of effective supervision. One innovation since the 2015 NRA, which identified several vulnerabilities in the UK’s supervisory regime, has been the formulation of the Office for Professional Body AML Supervision (OPBAS).

This takes into account the fact that 22 of the UK’s 27 watchdogs are professional body supervisors (rather than statutory bodies such as the Financial Conduct Agency and HMRC) that display an inconsistence, and sometimes ineffective, treatment.

Up and running at the end of 2017, OPBAS look after ‘the adequacy of the AML/CTF supervisory arrangements of professional body supervisors in the UK.’

Digital currencies remain a ‘low risk’ for both ML and TF, mirroring the continued lack of significant evidence of their greater use by organised criminals and terrorists

Greater supervisory rigour and coherence is clearly called for, yet as both the MSB and estate agency cases imply, it is not merely professional body supervisors that ought to display greater commitment to creating an effective deterrent to preserve the integrity of the system.

The NRA singles out e-money, digital currencies and crowdfunding as products that are most ‘relevant from the perspective of ML and TF’. TF risk for e-money increases from ‘low’ to ‘medium’ in response to emerging evidence of terrorists’ intent to exploit pre-paid cards to transfer funds across borders undetected.

A welcome addition is the recognition of the potential for FinTech to mitigate financial crime. This is positive, and mirrors the important work undertaken through the FCA’s regulatory ‘sandbox’ that has allowed enterprises to test products in an unencumbered environment. These opportunities, specifically in the regulatory technology (RegTech) space are likely to increase, thus an acknowledgement in the NRA is timely.

compliance consultant consultancy supportAlthough new laws and initiatives for example, the Joint Money Laundering Intelligence Taskforce feature prominently, there is a striking omission from the NRA. Risk assessments should not only identify the risks at hand, but also the extent to which they can be mitigated (the control measures). The 2017 NRA has, perhaps intentionally, side-stepped talking about the latter given it is here the UK is found wanting.

The NRA 2015 noted that ‘the law enforcement response to money laundering has been weak for an extended period of time’. The degree to which this weakness has been addressed is left open in the most recent Risk Assessment, with talk about ‘enhancing the law enforcement response’ limited primarily to updates on legislation.

With police budgets chopped by 20% since 2010 at the same time as law enforcement is being asked to answer a greater array of strategic threats, the levels of resource delegated to investigate complex (or perhaps simplistic) money laundering cases are decreasing.

Ultimately, a successful AML/CTF regime has to do with delivering results. The jury is out and will return with its verdict a year or so from now.

For all your UK regulatory compliance needs, including AML specialist services, go to Compliance Consultant (, One of the UK’s Leading Consultancies. Buy their top-selling AML & CTF Policy & Manual at

Money Laundering, Money Laundering Act, Money Laundering Examples Uk, Money Laundering Regulations Cash Limit, Money Laundering Regulations Uk, money laundering,aml,kyc,antimony,what is money laundering,money laundering regulations,money laundering regulations 2007,money laundering definition,anti money laundering regulations,money laundering act,aml checks,money laundering uk,examples of money laundering,aml kyc,aml compliance,anti money laundering checks,report money laundering,what is aml,uk money laundering regulations,joint money laundering steering group,aml regulations,money laundering process,aml analyst,aml search,money laundering placement,money laundering cash limit,anti money laundering act,

Achieving Authorisation with the FCA

Ben Mason explains how FCA authorisation application works, what firms should expect from the process, the pros and cons of being an Appointed Representative, and how Compliancy Services can help.

Alternatively, you can contact us on 0203 815 7939 or email and we will make the process simpler, clearer and more straightforward for you. A recent (Feb 2018) authorisation firm, said;

“Compliance Consultant provided us with a smooth, fast and professional service, clarifying what was needed at every step with prompt and accurate communication throughout. Would highly recommend Lee and Compliance Consultant” about us.

Likes: 0



Compliance ManualGet Our Best Selling Compliance Manual

Putting together a Firm’s Money Laundering and Terrorist Financing Risk Assessment and the Independent Compliance Assessment

Risk Assessment and the Independent Compliance Assessment

Lee Werrell, Chartered FCSI, CEO of Compliance Consultant, explores the changes to risk assessment and the basic principles of the independent compliance assessment benefits effected by the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Money laundering Reporting Officers operating within the regulated sector will want to be aware of and appropriately integrate these two essential elements into their broader anti-money laundering and counter terrorist financing policies and procedures.

As regulators reinforce their focus on the ideal discharge of money laundering obligations involving customer due diligence (CDD) by the regulated sector, the changes introduced by the new Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, known as the Money Laundering Regulations 2017 or “MLR 2017” are of great seriousness. This is particularly true for money laundering reporting officers within the definition of Part 7 of the Proceeds of Crime Act 2002.

Risk assessment by the firm or business
Some of the key changes achieved by regulation 18 of the MLR 2017 relates to the obligation on firms and businesses working within the regulated sector to identify and assess the risks of money laundering and terrorist financing to which its organisation is vulnerable. This is easier said than done, since as being able to undertake this task, the risk assessor ought to have a sound grasp of the methods which criminals can use the firm’s services when handling the proceeds of their crimes. Criminals may range from organised criminals who are laundering the proceeds of drug trafficking and the like to white collar criminals who have paid or received bribes, committed fraud, breached economic sanctions, or trifled a spot of insider trading. It follows that a firm or business operating in the regulated sector may be vulnerable to money laundering or terrorist financing in a myriad of different ways. Regulation 18( 4) of the MLR 2017 requires a written record to be made from all steps carried out by a firm in the identification and assessment of its money laundering and terrorist financing risk.

Pursuant to regulation 19( 1 )(a) of the MLR 2017, the firm’s risk assessment of its susceptability must dictate the development of its policies, controls and procedures which have been designed to mitigate and manage effectively the risks of money laundering and terrorist financing. What’s more, under the regulation 21(c) of the MLR 2017, having regard to the size and nature of the firm’s business, a firm is now required to establish an independent audit function with responsibility to analyze and evaluate the effectiveness of the firm’s policies, controls, and procedures, to generate suggestions about them, and to check compliance with them.

The high quality of the firm’s risk assessment is therefore critical, because when it pertains to an individual who is obligated to apply CDD measures, regulation 28(12) of the MLR 2017 requires the analysis of the money laundering or terrorist financing risk posed by the clients or customer or the transaction in question to show, amongst other things, the level of risk which their firm has identified in the firm’s risk assessment. In short, the generality of the risk assessment completed by the firm in respect of its susceptability to money laundering or terrorist financing serves to inform the particularity of risk assessment undertaken by the individual in relation to the customer or client concerned. The improvement of a risk profile for a customer or client is typically put together by dedicated professionals in the risk/ compliance function. The risk profile helps the individual on-boarding the customer in their assessment of whether any grounds for suspecting money laundering or terrorist financing has emerged during the Know Your Customer (KYC) process. Medium sized and small sized firms may not be able to afford this luxury and in this instance, it is vital that the firm’s risk assessment is adequately comprehensive to provide a sound framework for the staff’s risk assessment of a customer or client to be informed and effective.

How is the firm’s risk assessment to be made?
In executing the risk assessment a firm must take into account risk factors relating to its clients, the countries, or geographic areas through which it functions, its products or services, its transactions, and its delivery channels. But how is the firm to know the nature and intensity of the risk posed by these risk factors? The MLR 2017 consider that the firm may be helped by taking into consideration information provided by the supervisory authorities. Regulation 17( 9) of the MLR 2017 offers that if information from a risk assessment completed by a supervisory authority would support a firm operating in the sector to accomplish its own money laundering or terrorist financing risk assessment, the supervisory authority has to, where suitable, make that information easily available unless to do so would be irreconcilable with restrictions on giving out relevant information under the data protection legislation.

Information from Government authorities is likely to be limited
Among the key troubles for government agencies is the significant deficiency in their levels of knowledge about how highly developed money laundering is committed when the financial markets are involved. In one of the main findings in the UK’s National Risk Assessment (“NRA”) of Money Laundering and Terrorist Financing published in October 2015, HM Treasury and the Home Office conceded that there were significant intelligence gaps relative to “high-end” money laundering. This type of laundering is specifically relevant to major frauds and serious corruption, where the profits are often kept in bank accounts, residential or commercial property, or other financial investments, in lieu of in cash. The NRA judges the danger in the banking sector to be significant, since around 60% of ongoing money laundering cases being investigated by HMRC have funds initially shifted through banks. The intelligence picture in other areas, such as high value dealers, gambling, and new payment methods, was judged as being mixed.

What information is available to a MLRO?
Most likely, if a firm’s policies, controls, and procedures are to come through with flying colours, the firm’s money laundering reporting officer will have to supplement the guidance as to risk factors contained in the MLR 2017 and provided by the supervisory authorities with some comprehensive investigation of their own. The typology and sector-specific reports released by the Financial Action Task Force (FATF) are a good starting place. In addition, a money laundering reporting officer can consult the evaluations of money laundering and terrorist financing regimes run by its member countries which the FATF publishes regularly. Having said that, to meet the regulatory requirement a lot more will should be done. Money laundering reporting officers will have to digest reports prepared by, amongst other organisations, FATF-Style Regional Bodies (” FSRB’s”) and annual reports prepared by the Council of Europe’s Moneyval, mining them for information about how particular types of business might be used for money laundering and terrorist financing purposes, and which jurisdictions are considered more prone than others, concerning the integrity of the client and the nature of the business in question. The United States Central Intelligence Agency publishes a Global Factbook, and some beneficial information is available on the Anti-Money Laundering Forum operated by the International Bar Association. Furthermore, there is a significant amount of information readily obtainable on the web which money laundering reporting officers can access. For example, there are publicly available indices from HM Treasury’s Office of Financial Sanctions Implementation, Transparency International’s Corruption Perception Index, the Foreign and Commonwealth Office’s Human Rights Reports, and UK Trade and Investment’s pages on overseas country risk and quality of regulation. The MLRO or appropriate compliance team member, can review this information, digging for it for relevant material which will advise the firm’s things to consider as to whether the risk of money laundering and terrorist financing inherent in the form of work undertaken and the country with which it is associated, is low, medium, or high.

One apparent resource for a MLRO sits within the firm itself. As firms progressively more focus the delivery of their services in specialist areas, the first line of defence should be well placed to support the firm’s risk assessment.

Just as a solicitor specialising in the financing of energy transactions will understand the extent of corruption and bribery within this sector, an estate agent with a practice based in Kensington will be strongly cognisant of the risks of money laundering which purchases by Eastern European oligarchs and politically exposed persons pose. As a starting point for assessing the risks of money laundering and terrorist financing in an enterprise operating in the regulated sector, the MLRO could begin the method of risk assessment by commencing the process of self-assessment. As a practical suggestion, you could always purchase an Anti-Money Laundering & Counter Terrorist Financing Manual as provided by Compliance Consultant at

Assessing risk on rationally defensible criteria
Where a firm grows its risk assessment in this manner, and includes in its policies, controls and procedures provisions which detail how the risk is to become managed, the requirement in regulation 19(3)(a) of the MLR 2017 to include risk management practices will be satisfied. Interestingly, this requirement falls short of the requirement laid out in Article 8(4) of the EC Fourth Directive on Money Laundering which specifically pertains to “the development of internal policies, controls, and procedures, including model risk management practices …” Although the reference to “model” risk management practices is not something which appears in the Financial Action Task Force Revised Recommendations, larger companies operating in the regulated sector will ignore this requirement at their peril.

Reliance on qualitative proficient judgment when creating risk assessments continues to hold, but there is an inherent subjectivity within this approach and there is a danger that perhaps its thought to be self-serving if challenged by a regulator in a case where a less obvious risk of money laundering or terrorist financing was not identified. The EC Fourth Directive on Money Laundering is seeking to support firms and businesses operating in the regulated sector to apply a more sophisticated course of action, by leveraging quantitively derived models which allocate risk scores calculated by algorithms which have been developed from analysis of AML scenarios and typologies.

Management consultancies have developed a variety of model risk management practices for application in anti-money laundering and counter-terrorist financing incidents. The application of model risk management in the assessment of money laundering and terrorist financing vulnerability will also aid a firm or business in the regulated sector when seeking to display that its risk assessment policies are effective pursuant to the independent audit requirement introduced in regulation 21(c) of the MLR 2017. There is, however, an important caveat which must be borne in mind. As the Joint Money Laundering Steering Group (“JMLSG”) has cautioned, “where a firm uses automated systems purchased from an external provider to allocate overall risk scores to categories business relationships or occasional transactions, it should understand how such systems work and how it combines risk factors to achieve an overall risk score.” The JMLSG adds that “a firm must always be able to satisfy itself that the scores allocated reflect the firm’s understanding of the [money laundering and terrorist financing] risk, and it should be able to demonstrate this to the [regulator] if necessary.”
As a cheaper solution to acquiring a scoring system from an external provider, it is open to MLROs to develop their own scoring system. This would involve allocating scores to a wide range of risk factors based upon information available internally and externally such as the nature of the client, the type of transaction involved, and the geographical location in which it is taking place. As an example of the flexibility inherent in the allocation of scores, the JMLSG notes that “firms may decide that a customer’s personal links to a jurisdiction associated with higher [money laundering and terrorist financing risk] is less relevant in the light of the features of the product they seek.” [1]

Independent Compliance Assessment
It is uncertain exactly what is required of a firm or enterprise operating in the regulated sector to establish an Independent Compliance Assessment. By introducing a requirement for the Compliance Assessment to be independent, the person performing this responsibility should be unconnected with the implementation or operation of the firm’s anti-money laundering and counter-terrorist financing compliance programme. The JMLSG suggests that the task can be undertaken “by, as an example, an internal audit function (where one is established), external auditors, specialist consultants or other qualified parties”.

For all your regulatory compliance needs, including AML specialist services, go to Compliance Consultant (, One of the UK’s Leading Consultancies. Buy their top-selling AML & CTF Policy & Manual at

[1] The Joint Money Laundering Steering Group, ‘Prevention of Money Laundering/Combating Terrorist Financing: 2017 Consultation Version’ (March 2017) page 45.


Keywords: money laundering,aml,kyc,antimony,what is money laundering,money laundering regulations,money laundering regulations 2007,money laundering definition,anti money laundering regulations,money laundering act,aml checks,money laundering uk,examples of money laundering,aml kyc,aml compliance,anti money laundering checks,report money laundering,what is aml,uk money laundering regulations,joint money laundering steering group,aml regulations,money laundering process,

Do You Still Want To Run The Risk Of Using Large Consultancies?

compliance regulatory specialist expert value roi excellent

After Years Of White-labeling for The Big Firms,     And Seeing Their Mistakes

We Are Now Expanding Our Discrete and Confidential Projects For All Sizes Of Clients.

aml ctf governance compliance specialist expert value confidentiality

Compliance Check, Compliance Consultant, Compliance Online, Compliance Report, Compliance Risk, Compliance Services Uk, Compliance Uk, Compliance Uk Qualifications

How Good Are You? GDPR Preparation underway?

gdpr uk financial services fca

How Is Your Preparation Coming Along?

The European Union’s General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. GDPR will introduce new accountability obligations and stronger rights and restrictions on international data flows.

If You Need To Know About Consent, Erasure, and Accuracy standards – Go HERE!

Against a backdrop of radical technological advances and the Snowden revelations about data surveillance, the new framework is ambitious, complex and strict. It presents any organisation that has so far failed to begin preparations with a steep challenge to become compliant in time.

GDPR introduces new obligations for any organisation that handles data about EU citizens – whether that organisation is located in the EU or not. It introduces data breach notification into European law for the first time. And it places stricter responsibilities on organisations to prove they are adequately managing and protecting personal data.

For a 20 Page Q&A see our post HERE

compliance meaning-compliance officer-compliance definition-compliance



Gdpr 2018, Gdpr Article 9, Gdpr Consent Examples, Gdpr Data Protection, Gdpr Implementation, Gdpr Implementation Date, Gdpr Regulation, Gdpr Timeline, Gdpr Uk, Gdpr What You Need To Know

Brochure for DB Pension Transfers

DB Transfer profits ifa service

How You Can Make Money From Defined Benefit Pension Transfer Business

Download the brochure by filling in your details below

Keywords: pension transfer value,pension transfer bureau,pension transfer charges,pension transfer discharge form,pension transfer exam,pension transfer fees,pension transfer guidance,pension transfer hurdle rate,pension transfer incentives,pension transfer jobs,transfer uk pension to nz kiwisaver,pension transfer leads,pension transfer multiples,pension transfer news,pension transfer options,pension transfer process,pension transfer qualification,pension transfer rules,pension transfer specialist,pension transfer timescales,pension transfer uk,pension transfer value,pension transfer without advice,critical yield pension transfer,uk pension transfer to new zealand,0 balance transfer for pensioners,pension fund act section 14 transfer,pension transfer 2 year rule,pension transfer 30000,transfer 401k to uk pension,uk pension transfer 5 year rule,pension transfer 6 months,transfer 80 pension

The GDPR and UK Financial Advisers: Consent, Erasure & Accuracy

GDPR general data protection regulation 2018 eu presentation kit

General Data Protection Regulation (GDPR) Data Subject Consent is essentially targeted at giving data subjects more control over use of their data – for example in connection with marketing activities, which (in the absence of consent) could not otherwise be legally warranted by a data controller.

Giving a data subject the option to give or refuse consent protects individuals from unwanted and unjustified communication from service providers and is highly aimed at the business-to-consumer world. It will affect advisers given that it will dictate how they can approach new business opportunities from new or existing clients.

If an email, SMS message or phone call is sent or made to an individual and that individual follows it up with a request to understand where they gave permission for such correspondence, then it is the obligation of the firm to be able to prove the individual in question has indeed consented to receiving such correspondence. If the firm cannot provide this evidence, then this constitutes a breach.

GDPR and financial advisers: The Right Of Erasuregdpr uk financial services fca
While this does have an effect on correspondence with clients, it only affects certain types. The other relevant condition for advisers to be aware of here is the ‘necessary for the performance of the contract’ condition.

A client may well opt out of marketing communications, such as a firm’s newsletter, but the firm would still have to send them correspondence on things like portfolio updates and contracts as such correspondence is essential for the performance of the contract between the data subject and the firm. What would the data subject be expecting to receive from the firm?

The opt-in process for obtaining valid consent under the incoming General Data Protection Regulation (GDPR) will be quite onerous for firms marketing to individuals. It is therefore a good idea to get into started early and consider how the firm will market to prospects post-GDPR.
You can obtain a full GDPR presentation along with two question packs at

GDPR and financial advisers: Data Accuracy
Simple steps could be taken now, for instance, updating the privacy policy to make sure that the firm has made some inroads towards compliance. In marketing materials that are submitted now, it deserves including the double “opt-in” option in such correspondence. Provided the guidelines for obtaining valid consent under the GDPR are met, if people opt in now, then the firm will have the ability to correspond with them after 25 May 2018.

If consent from an individual is sought, they must respond to be considered to have opted in. Their silence or inaction are not indicative of consent. Similarly, where someone has opted into correspondence at an event, in person, the firm should consider a mechanism to follow up to gain their unequivocal written consent as a form of best practice.

This applies to of electronic opt-ins too and is called ‘double opt-in’. This is to avoid circumstances whereby an individual’s details may have been shared under false pretences, or by mistake. A face-to-face meeting does not constitute an explicit response. Compliance Consultant (http://www.complianceconsultant) can help you through this.

fca operational risk management rules mapping handbookConcerns Raised
How would you know if someone had given consent to be marketed to and, beyond that, how are they going to get clients to say yes in the future.

The topic of consent, is one of the few black and white areas of GDPR with draft guidance. If the person being marketed to – that is to say, being contacted outside the bounds of the performance of a contract – has not explicitly and unambiguously agreed to be contacted, then this would constitute a breach of the GDPR.

Clients can not be deceived at all. Having a pre-ticked box below an online form, for example, does not constitute consent. The user must be made aware of what their contact details will be used for, how their data will be processed and have the opportunity to make their own choice about whether or not they receive communication from the firm.

When it comes to legacy clients, where a firm may wish to contact them to notify them about new products and services, then it was agreed the firm would will need to seek their permission to do so.

This will have to be done in advance of GDPR entering force, since any correspondence after 25 May 2018 in this fashion will constitute a breach, since those individuals will not have consented to be contacted at all. If firms have not begun to seek consent – or fresh consent in order to meet the higher threshold under the GDPR – from existing contacts within their database, then they should seek to do so now.

If these individuals do not respond to requests, it is to be believed they do not wish to be contacted. It is worth demonstrating the benefits they will lose out on from desisting so, like special deals, new investment opportunities, industry news etc.

Beyond receiving their unambiguous consent to be marketed to, a firm also needs to keep it very easy for an individual to change their communication selections – or in other word, withdrawing consent. This is just like offering an unsubscribe option on emails – something firms should currently be doing.

There is often discussion whether it would be acceptable to include a small amount of marketing in documents that are distributed to individuals as part of the performance of the contract. This could, for example, be used as a vehicle to update them of new investment opportunities. The answer is that yes it can, but the marketing must, however, be relevant to the overarching reason of the letter and should not detract from that as the main message.smr smcr fca aper

Data subject consent: Key actions and considerations

As consent from individuals must be unambiguous and they must also have the opportunity to redefine their communication preferences at any time. How will you achieve this?

How will you ensure the person competing the form/questionnaire/application is over the minimum age?

Even if the client “Opts-Out” certain correspondence may be necessary for the performance of the contract with the individual concerned, in which case consent would not be required; how will you explain this?

The fall back position is simple; If there is ANY uncertainty about whether a firm has consent from an individual, then it should consider that it does not have consent.

Data subject consent: Questions for the all industry advisers

Have you started gathering consent from clients and prospects and if so, how? How is it recorded?

Does this data form part of Senior Management MI Packs?

How and when are you going to seek consent from legacy clients?

Do you currently capture consent and, if so, how would yo demonstrate this?


Compliance Consultant can assist you in all your GDPR preparation and can work with most websites, back office systems and financial promotion strategies. Contact us now on 0203 815 7939


Specialist Regulatory Compliance Consultancy

Keywords: General Data Protection Regulation (Gdpr), General Data Protection Regulation 2018, General Data Protection Regulation Compliance, General Data Protection Regulation (Gdpr) Requirements, General Data Protection Regulation Articles, General Data Protection Regulation Business, General Data Protection Regulation Changes, General Data Protection Regulation Date, General Data Protection Regulation Effective Date, General Data Protection Regulation Fca, General Data Protection Regulation Uk, General Data Protection Regulation Uk Gov, General Data Protection Regulation Uk Implementation