Brokers Ireland Compliance Update June 2020 Linda Doyle
Items Covered • AML - Non-face to face interaction with consumers • Cyber Security and Data Protection • COVID 19 – Impact on Business Processes • Professional Indemnity Changes in Levels • Central Bank Authorisation Assistance • Consumer Insurance Contracts Act 2019
Non-face to Face interaction with Clients Life/Pensions/Investments When interacting from a distance with clients, firms should continue to be mindful of the Criminal Justice (Money Laundering and Terrorist Financing) Act and the Central Bank Guidance for the Financial Sector issued September 2019. Life offices will have communicated to their broking partners what they will accept in respect of I.D. verification. Due diligence exercises will still have to be conducted – Depending on the type of product or service being provided, the extent of the due diligence will vary. 3
Non-face to Face interaction with Clients Where the business relationship is initiated, established, or conducted in non-face to face situations or an occasional transaction is done in non-face to face situations, firms should • take adequate measures to be satisfied that the customer is who he/she claims to be; and • assess whether the non-face to face nature of the relationship or occasional transaction gives rise to increased ML/TF risk and if so, adjust their CDD measures accordingly. 4
Cyber Security and Data Protection Cybercrime can be described as a criminal activity carried out using computers and the internet. The most common method of perpetrating cybercrime is through a phishing attack and includes financial fraud, theft of confidential data, ransomware and denial of services. • Phishing • Smishing • Vishing • Social Engineering and Business Email Compromise (BEC) • Remote Access Trojans (RAT) 5
Cyber Security and Data Protection Cyber-attacks on businesses are increasing in frequency, scale and impact , There is a heightened risk of IT systems failure and cyber ‘trigger events’ e.g. data theft or destruction. COVID-19 situation presented IT personnel, businesses and other users with cyber security challenges that - experienced on a significantly larger scale than ever before. Impersonation increasing for some time and has accelerated since the outbreak. 6
Cyber Security and Data Protection GDPR and Data Security Brokers should not lose sight of their obligations under GDPR. Data security must remain high on the agenda. Avoid personal data breaches Processing employee health data See communications from Brokers Ireland 6 May, 14 May, 28 May 2020 7
Cyber Security and Data Protection Cyber security and your practice Scam mitigation or preferably scam prevention Cyber criminals are targeting firms via remote users to intercept money transfers and other sensitive client information. 8
Cyber Security and Data Protection Be mindful • Phishing • Fraudulent Bank Accounts • Transmitting sensitive information 9
Cyber Security and Data Protection Best practice guidance and tips All business sectors are vulnerable to the reality of cyber crime, which is becoming increasingly sophisticated and exposes sensitive data and client monies to great risk. There are a number of steps that can be taken to guard against cyber-attack. 1. Keep anti-virus software up to date and maintain caution when opening attachments from unknown or unsolicited emails. 2. Carry out regular scans for malware and spyware. 3. Use a VPN (Virtual Private Network) to securely access your office database. This is a network that allows remote users to securely access office IT resources, such as email and the firm’s network. Contact your IT support service for more information. 4. If working without a VPN, back up your data in a secure offline manner. 5. Take inventory of which employees require full access to your entire office network and ensure that full access is not through personal devices. 10
Cyber Security and Data Protection 6. Consider logging into your office IT system using Multi-Factor Authentication or a Two- Factor Authentication. 7. Consider restricting use of personal devices to email and cloud services and issue the device with a license for the same anti-malware available in the office. In addition, consider limiting the ability to download and copy data to that device. 8. Ensure that laptops are encrypted and systems installed (such as Bitlocker) to track and delete data from tablets and phones if they are lost or stolen. 9. Only connect via a secure private Wi-Fi connection. Set all virtual meetings to private, with password-only access. 10. Set all virtual meetings to private, with password-only access. 11
COVID 19 – Impact on Business Processes Internal Risk Management ▪ Business Continuity Processes ▪ Operational Procedures 12
Professional Indemnity changes on levels There has been a change to the Professional Indemnity Insurance (PII) levels of Indemnity. New PII requirements: €1,300,380 per claim and €1,924,560 in aggregate. Was: €1,250,000 per claim and €1,850,000 in aggregate; This increase was effective from 12 June 2020 . Ring-fencing of cover Check your PII Schedule 13
Central Bank Authorisation Assistance If a member firm is applying for authorisation with the Central Bank, whether as a result of setting up a new company, dividing its existing company into two or more entities, changing from being a Soletrader or Partnership to a limited company, or changing the structure or ownership of the firm, you may require assistance with the application process. To that end, Brokers Ireland suggest that you contact the Compliance Unit as we should be able to assist in this regard. Alternatively, we have a list of third party compliance consultants, from which members can choose that better suits their needs. Contact the Compliance Unit at compliance@brokersireland.ie 14
Consumer Insurance Contracts Act 2019 New legislation was signed into law 26 December 2019 The provisions have yet to be implemented The Act will have a significant impact on all those who distribute insurance products, including brokers transacting both life and non-life business. The principle of utmost good faith and duty of disclosure by a consumer have been replaced. The Act imposes duties on both the consumer and insurer pre-contract and post contract stage, as well as in respect of claims handling. 15
Consumer Insurance Contracts Act 2019 Summary of Changes Impacts: ➢ Insurer ➢ Consumer ➢ Broker Definition of Consumer 16
Consumer Insurance Contracts Act 2019 Consumer Protection Code Financial Services and Pensions Ombudsman Act 2017 “consumer” means any of the following: “consumer”, in relation to a financial service, means— (a) a person or group of persons, but not an incorporated body with an annual turnover in (a) (i) a natural person, not acting in the course of business, excess of €3 million in the previous financial year (for the avoidance of doubt a group (ii) a sole trader, partnership, trust club or charity (not being a body corporate), with an of persons includes partnerships and other unincorporated bodies such as clubs, annual turnover in its previous financial year (within the meaning of section 288 of the charities and trusts, not consisting entirely of bodies corporate); or Act of 2014) of €3 million or less, or (iii) an incorporated body that — (b) incorporated bodies having an annual turnover of €3 million or less in the previous (I) had an annual turnover in its previous financial year (within the meaning of section financial year (provided that such body shall not be a member of a group of companies 288 of the Act of 2014) of €3 million or less, and having a combined turnover greater than the said €3 million); and (II) is not a body corporate that is a member of a group of companies (within the meaning of section 8 of the Act of 2014) with a combined annual turnover (in the includes where appropriate, a potential ‘consumer’ (within the meaning above); previous financial year (within the meaning of section 288 of the Act of 2014) of the group of companies), of greater than €3 million, that — (A) is a customer of a financial service provider, (B) is a person or body to whom a financial service provider has offered to provide a financial service, or (C) has sought the provision of a financial service, (b) a consumer who was, in relation to a credit agreement, a customer of the financial service provider in a case where a credit servicing firm undertakes credit servicing in respect of the credit agreement concerned, (c) an actual or potential beneficiary of a financial service, or (d) an employee or a former employee entitled to benefit from an income continuance plan; “consumer”, in relation to a pension product, means an actual or potential beneficiary of an occupational pensions scheme, a trust RAC or a PRSA who believes they have suffered financial loss because of maladministration of the scheme, trust or PRSA, as the case may be; 17
Recommend
More recommend