At the start of the year, we explored the 5 new regulations coming into force this year. We looked at what the new rules meant and what firms should do to ensure their approach is compliant.
Now, halfway through the year – and with four of those five regulations now in force – it seems a good time to revisit them. How are firms tackling the new requirements? What has reaction been to their introduction? And are you doing everything you can to make sure you comply?
Came into force: 1 January
The first change to regulation you faced this year. Regulation on Key Information Documents for Packaged Retail and Insurance-based Investment Products (PRIIPs), came into force on New Year’s Day.
The intention behind the new rules was to extend the standards of consumer protection introduced by MiFID II to insurance-based investment products. If you’re still uncertain of its implications, our blog on what PRIIPs regulation is and how to comply gives a good grounding.
Since the regulation came into effect, there have been rumblings of discontent from within the industry. One of its key requirements is the need to produce Key Information Documents (KIDs) on the investments you offer, with prescriptive rules around the format and content of these documents.
But before January was out, the regulator was having to clarify expectations on PRIIPs communications – specifically around the performance scenarios required to be included in KIDs.
By February we were reporting that concerns about the regulation were making headlines, and at the FCA’s Asset Management Conference in June, chief executive Andrew Bailey made it clear that the Authority was looking to address concerns around the regulation’s disclosure requirements.
PRIIPs certainly seems a contentious one – but for now, we just need to knuckle down and comply. This means understanding the potential pitfalls in preparing your KIDs and making sure they are sufficiently user-friendly.
Came into force: 3 January
MiFID II also came into effect in the first week of the year. It introduces a range of new demands for financial services firms.
The rules expand the definition of financial promotions to include communications to professional clients as well as introducing a number of other new requirements.
As with PRIIPs, reaction to the MiFID II requirements has not been wholeheartedly positive, with Andrew Bailey setting out plans to tackle what are perceived as MiFID II failings.
But, again as with PRIIPs, whatever the reaction to the regulation, it remains something that regulated firms need to comply with.
If you want to ensure you’re taking the right approach, our MiFID II checklist will help you to identify the changes that need to be made and to keep track of the actions you take.
Came into force: 13 January
PSD2 (the Revised Payment Service Directive) enables customers, both consumers and businesses, to use third-party providers (like Facebook or Google) to manage their finances while retaining their existing bank accounts.
Under the new rules, banks are obligated to give these third-party providers access to their customers’ accounts. This has the potential to transform competition; as a bank, you’re no longer competing just with other banks, but with any firm that offers financial services.
Although the PSD2 implementing legislation came into force in January, the Regulatory Technical Standards (RTS) that prescribe the safety and security requirements for the new regulation are not in place – and according to a speech given by the FCA in November are unlikely to be finalised until mid-2019.
However, don’t think this gives you licence to ignore the new requirements in the meantime. The FCA has said that it will ‘expect firms to ensure that customers receive clear and consistent messages on open banking, and access to online accounts’.
Insurance Distribution Directive
Comes into force: 1 October
The IDD concerns the distribution of insurance and reinsurance, and also applies to firms that help with the administration and performance of insurance contracts post-sale.
It’s designed to create a level playing field for all those involved in the sale of insurance products; it introduces enhanced requirements around information and conduct of business.
The regulation was due to come into force on 23 February 2018, but has been pushed back to 1 October.
An update from the FCA on 25 May said that ‘Member States, including the UK, must implement the Directive into national law by 1 July 2018...The requirements will apply to firms from 1 October 2018’.
The regulator also stated that ‘As the introduction of the Directive was delayed, we recognise that firms may be in a position to comply with the IDD early...firms may adopt some, or all, of the new IDD requirements early if they so choose’.
One of the IDD’s key requirements is the need to produce the new Insurance Product Information Document (IPID). This is the responsibility of the manufacturer of the insurance product, and there are some very prescriptive rules around its format and what it should include. These are summarised in our blog on What is the IDD and how can insurance firms comply?
Automating some of your processes can help with IPID production and IDD compliance; read more in The new IDD – how can automation help you comply?
Came into force: 25 May
Before the General Data Protection Regulation came into effect, we looked in some detail at the new regulation’s implications in blogs on How to separate GDPR myths from reality, and GDPR compliance – do you know everything you need to?
By now you should be up to speed with the new rules and processing data in a way that complies with their requirements. Our blog published on May 25th, GDPR comes into force today – all you need to know about compliance has advice and tips, including details of why, contrary to much that was written before it came into effect, consent is not the be-all and end-all of GDPR compliance.
Keep on top of new requirements as 2018 progresses
Six months into the year and it’s clear that – even for those regulations already in force – the story is not over on new rules in 2018. Calls for tweaks to PRIIPs and MiFIDII are ongoing, while firms continue to navigate their way through GDPR.
Many firms are recognising the benefits of using some form of automation to help with regulatory compliance. Automating some or all of your marketing processes saves firms time and money, reduces the risk of human error and minimises the chances of compliance breaches.