^Future Proofing Our usiness - Plymouth | Truro · •Future proofing our business, top down review...
Transcript of ^Future Proofing Our usiness - Plymouth | Truro · •Future proofing our business, top down review...
“Future Proofing Our Business”
6th April 2017
• www.tomfrench.co.uk
Agenda
• Open & Welcome - CG
• Introductions - CG
• 20 years in some facts and figures - CG
• Pessimist or Opportunist? - CG
• GDPR - CG
• Break
• Compliance Update, Disclosure & Inspection Report - TA
• Complaints history - TA
• New Tools- Electronic ID and Suitability Report writing system & Investment Planner - TA/MS/JS
• Due Diligence & Introducer Agreements - CH
• Lunch
• Guest Speaker – Behavioural Economics, Mark Pittaccio
• PFP - CG/PW
• Marketing - CM
• Close & Thanks - CG
20 years in and counting…..
• Turnover: 2013 - £2.2m, 2014 - £2.5m, 2015 - £2.9m, 2016 - £2.7m
• Business split: Inv £1.1m, Ret £763K, M&P £870K
• Regulatory Costs: FCA/FSCS 2014 - £55K, 2015 - £70K, 2016 - £61K
• PII: £80K and reducing
• Complaints: ????
• FUM: £???m, Clients ???K ?
• Back Office: ?????? lines of income per month ???? valuations
• T&G Retired
Funds by provider
Geographic Funds
Client age and assets
Pessimist or Opportunist?
20 years on…’fag packets’ to ‘fact finds’ the industry as we see it:• Modernising our business
• Regulatory change, senior managers regime, client bulk novation, disclosure issues, Defined Benefit advice issues surfacing, technology support (Sandbox)
• GDPR – General Data Protection Regulation, when where and how, the impact.
• Claim’s Management Companies, where next after PPI? Devon Life & TV (low risk appetite…TFA Defined Benefit exit)
• Financial Ombudsman Scheme, client centered, becoming first point of complaint (File completeness, suitability documentation TA later)
• Technology, ROBO advice - the meerkat army, Hargreaves Lansdowne (PFP later, secure message PW, CM data security) http://www.trussle.co.uk https://www.nutmeg.com http://www.santander.co.uk/uk/investments/investing-without-advice
• IR35 challenges, Government direction? Pimlico, Deliveroo, Uber (Re contract exercise, issue contracts!)
• RDR, servicing issues, complaints, the ‘tail’, PII questions…. Diary for servicing?
• Paper, got to go, filing costs ??, accessibility, data retrieval requirements, file checking, GDPR
Personal Data & GDPRChris Glazier
What?
• Any data relating to identifiable individuals – employees, suppliers, clients• Names
• Addresses
• Email addresses
• Telephone numbers
• Sensitive information
Why?
• Covered by the Data Protection Act 1998 which sets out legal conditions which must be satisfied in relation to • Obtaining • Handling• Processing• Storing• Transportation• Destruction of personal information
What is it & why is it important?
Breaches of confidentiality e.g. information being given out inappropriately, lost or overseen Failing to offer choice e.g. individuals should be free to choose how the company uses data relating to themReputational damage e.g. TFA should suffer if hackers successfully gain access to personal data.Clients should expect us to look after their data securely and in a professional manner, regardless of any regulations!
Personal Data Protection Risks
• Breaches have to be reported, significant to the ICO
• Potential fines for TFA, and! … the relevant adviser as Data Controller
• Reputational damage, Due Diligence risk
• Potential for TFA to be struck off panels e.g. Mortgage Panels
• Potential for investigations by FCA into TFA’s compliance
ULTIMATELY RISKS OUR FINANCIAL STABILITY
So what if ?
Future of Personal Data
Data ProtectionAct 1998
GDPR
General Data Protection Regulation – Effective from 25th May 2018
• A complete overhaul of data protection regulation with extensive updates of what can be considered identifiable
information
• Applies across all member states of the EU
• Applies to all organisations processing the data of EU subjects – wherever the organisation is geographically based
• Specific and significant rights for data subjects to seek compensation, rights to erasure and accurate representation
• Compensation can be sought against organisations and individuals employed by them
• Fines of up to 20,000,000 Euros or 4% of global annual turnover
GDPR- What’s New?
• Future proofing our business, top down review of our practices, guidance and advice from Legal and Tanist
• New policies to comply with DPA 1998 & fit for GDPR• Data Protection Policy, Data Storage & Cloud Computing Policy, Clean Desk
Policy, Email Use Policy, Software Installation Policy
• Future audit by ICO
• Changes to working practices required in order to comply
• Common sense! nothing more than you would expect of YOUR data being held or used
What are we doing about it?
• New Data Storage Rules• Electronic
• Paper
• New Data Use Rules
• New Data Accuracy Rules
• Additional New IT Security Requirements• Bluetooth & mobiles
• Software installation
• Email use
• Internet use
• WiFi
Key Changes to our working practices
Paper Based
• Store securely where un-authorised people cannot see it, think BDM’s, family, friends, cleaners and contractors.
• Under lock and key when not in use
• Remove all documents with personal data immediately from communal areas such as printers
• Dispose of securely
• Upload all client files to IO and dispose of paper files securely upon completion of transaction. There is no reason to keep paper, it is a RISK
Data Storage Rules
Electronic
• Any personal data must be protected from un-authorised access, accidental deletion and malicious hacking attempts
• All personal data to be stored within the EU
• All personal data is to comply with the 8th principle when being transferred, i.e. not outside the EU
Data Storage Rules
TFA Approved Electronic Storage
• TFA Microsoft OneDrive• Storage facility for electronic client files/documents prior to uploading to IO • Phone scan, web based, backed up, secure, share facility
• IO • Store ALL client files in IO and delete all other paper and electronic copies upon
completion of the transaction.
1. Do not store any client personal data on your PC/Laptops hard drive, handheld & mobile devices, external storage devices.
2. Remove all client data from your PC/Laptop, any other external storage devices and non compliant cloud storage locations
Data Storage – Where?
• Lock screens when unattended, do not share personal data informally
• Electronic Client Communications• Use PFP Secure Messaging
• Encrypt Emails
• Do not transfer data outside of the EU
• Only access data via secure WiFi networks
Data Use Rules
The law requires TFA & Advisers to ensure data is kept up to date and accurate by
• Minimising storage locations. Client data to be held in IO & Microsoft OneDrive only as per the Data Storage Rules
• Update data at every opportunity & correct inaccuracies
• Provide clients access to update their details via PFP
• All marketing data to be compliant. Advisers to complete marketing consent section within the fact find and ensure it is recorded that clients have ‘opted in’ to receive marketing communications from TFA
Data Accuracy Rules
In addition to the changes in practices for Data Storage, use and accurate recording please ensure the following:• All PC & Laptop hardrives are encrypted, (New Windows 10 and Macs have
built in - turn on!)• Delete old emails with un-encrypted personal data• Set strong passwords - see TFA Password Policy for examples• Do not use Personal Storage Devices (USB sticks, external hard drives)• Cloud Based Applications – Where personal data is entered only use those
identified within the TFA Cloud Computing Policy• Email & Internet Use – Common sense approach• Wifi - new networks in TFA offices for guests
New IT Security Requirements
Adviser Compliance
• TFA to provide Microsoft OneDrive facility
• TFA to provide email Encryption with WinZip
• PC/LapTop hard drive encryption – BeCrypt cost £45 per device
IT Support – Dan Massey at Tanist
• Drop in sessions• Plymouth – 19th April 10am – 2pm
• St Austell – 21st April 10am – 2pm
• Telephone Support from Tanist at a time to suit you
IT Support
Future Proofing our business in short!• Secure where client data is stored paper free – IO & OneDrive
• Secure how you send clients personal data – PFP & WinZip
• Secure how you access & update clients personal data – BeCrypt, Secure WiFi, Secure Bluetooth
• Only hold client personal data that is relevant for the purpose
• Only market to clients lawfully & in line with their rights – Marketing ‘Opt-In’
In Summary
Compliance Overview, Disclosure & Inspection
Report
Theresa Atal
Complaints- 52 over the past 7 years.
17 of those are from CMC-ambulance chasers.
17 are PPI claims. No plans sold but they still take time to investigate.
7 data access requests-had 40 calendar days to respond.
8 mortgage complaints-2 of those lifetime mortgages
6 term products complaints- “inappropriate advice”
7 investment complaints- “inappropriate advice”
4 pension complaints-”inappropriate advice”
2 lack of service complaints
1 WOL complaint- “inappropriate advice”
Complaints overview
One of the most recent complaints against us was down to a lack of evidence of servicing the client. As we were unable to evidence the servicing of the client FOS upheld the complaint against us and we were asked to refund all the ongoing adviser charges from 2013-2016. This amounted to £1,612.00.
• If you are receiving ongoing adviser charges it is VITAL you service your clients and evidence you have seen them regardless of whether any changes are made.
• This review documentation must be uploaded onto the IO client file.
• Ensure you have set up a diary system for all your servicing ideally on IO through tasks or the diary system.
Complaints Overview
• In February we decided to ask an independent firm of Compliance Consultants to perform a health check/audit on the company. Thank you to the 6 advisers who took time out of their day to assist us with this audit.
• 2 Key points of the compliance audit are as follows:• “TFA has probably been one of the best financial advice firms I’ve
audited.”
• “Compared to other firms TFA provide support to advisers above and beyond that provided by some other firms.”
Compliance Audit Overview
• Budget planners not added up • Budget figures not sought or outside of SVR final cost• Income figures on fact find not agreeing with payslips• No rationale for a specific rate period• Death in service not documented on fact find or included in a life assurance
shortfall calculation• Retail Client Agreements either not signed or signed after fact find commenced • Old versions of documents have been completed rather than the up to date
versions on IO• Fact finds not dated• Fees aren’t covered off in cash terms in every instance• There are not enough soft facts to enable a 3rd party to understand what is
going on
Client file check issues
Introduction to Genovo
• Launching today
• Intuitive
• Easy to use
• Modern looking reports unlike our existing wealth reports!
• Standard text in the reports is undated automatically when changes are made in legislation-de-risks us as a company
• All products including Mortgages, LTC and Equity Release are covered in the system.
• Mortgage advisers please try out the system. Aware current reports are in the IO Library.
Genovo Suitability Report Writing System
• Email invitation to “attend” a training webinar will be sent to everyone by close of play today
• Individual user names and passwords will be emailed to advisers after the meeting
• Training webinars are booked at 10am on Thursday 13th April and 10am on Friday 21st April
• 20 maximum per webinar
• Depending on the take up more can be arranged
• Recording of the training webinar will be available to all
What happens now?
• Once up and running all wealth suitability reports will be removed from the IO Library
• At some stage Genovo will integrate with IO.
• Have a play, create dummy clients or write a draft report on an existing client and see what you all think!
What happens now?
• We are also launching today the Electronic ID system on IO.
• Easy to use once you have the ID information entered on the IO either through the fact find or client details when you are on the clients’ dashboard.
• Link to user guide on IO
• 5 step process
Electronic ID Verification
• All advisers have been set up on the ID system
• Be aware the system will not allow you to verify the client twice if there have been no changes made
• If, for some reason, the client cannot be verified you need to pass the case to Compliance for sign off
• Once the CVI certificate and CVI report are opened they are automatically loaded in the clients’ documents on IO
Electronic ID Verification
• Demonstration how to conduct an ID check on the IO system once the ID documentation has been uploaded to the client file.
• https://intelligent-office.net/nio/authentication/login
Electronic ID Verification Process
DisclosureTheresa Atal
Initial Disclosure-Generic
Initial Disclosure-Specific
Is a main focus area for the FCA• Disclosure is vital for your clients to understand the services and
products you can offer them
• Your regulatory status
• What they can expect and what they will be charged
• It is a mandatory regulatory requirement
Disclosure
Investment Plannerhttp://analytics.financialexpress.net/login.aspx
Due Diligence & Introducer Agreements
Charly Higman
Introducers & Due Diligence
• Update and recap on our current process
• Why do we do Due Diligence
• Charles Barnard Estate Agents and John Apicella
• Santander & Bank of Ireland
• What is Due Diligence?
• What constitutes an introducer or a referral?
• What does the FCA require?
• What is the scope of this policy?
• What is the policy?
• Timescales
• Future
http://www.somersetlive.co.uk/estate-agent-reassures-clients/story-12314939-detail/story.html
Taken from Money Marketing magazine 30.04.2010
• John Apicella, trading as Mortgages 4 You, has been banned for lack of competency by leaving his business open to the risk of involvement in financial crime. Apicella was a sole trader at the Newbury firm.
• The FSA found that Apicella failed to meet the minimum standards required of a mortgage broker by not always completing a fact find document for new customers or taking the time to research their attitude to risk.
• During interviews with the FSA, Apicella said of researching a customer’s income, “if a lender doesn’t require it then I don’t ask for it”, and added that for a self-employed customer’s income figure he would “accept it at face value”.
• Furthermore, Apicella did not carry out due diligence on a mortgage introducerfrom whom he subsequently accepted seven mortgage applications. The FSA found all of these applications to contain false and misleading information, therefore making them fraudulent.
Santander fraud and Bank of Ireland
• Santander approximate 90% of their intermediary fraud results from cases that have been introduced to the intermediaries via a third party
• Any lender can ask for the due diligence checks/ evidence for any introduced business at any time.
• New providers such as the Bank of Ireland always conduct Due Diligence on us prior to allowing us to join their panel. This always includes providing a detailed description of our due diligence process.
What is Due Diligence
• Due Diligence means “taking reasonable measures” to protect any business from potential risk posed by third parties, i.e. Introducers.
FCA Definition of an “introducer”
• an individual appointed by a firm, an appointed representative or, where applicable, a tied agent, to carry out in the course of designated investment business either or both of the following activities:
• (a) effecting introductions;
• (b) distributing non-real time financial promotions.
What is a “referral”
• A referral is an introduction made to an adviser from either; a previous customer, a friend, a family member or similar.
• The referral would not usually result in any remuneration (unless taking part in a TFA referral promotion)
• A referral generally offers no financial reward. BUT, If you have a business who introduces to you, regardless of whether you pay a fee, they are still introducers, not referrers as there is a business/commercial element involved..
What does the FCA require?
Carry out robust due diligence on the introducers you transact with.
Have in place a robust vetting procedure to ensure the introductions have been sourced legitimately.
Regularly review and ensure your systems and controls are adequate to demonstrate you have full and complete ownership of the advice you are providing.
What is the scope of TFA’s due Diligence policy
• Self Employed advisers are responsible for conducting the Due Diligence and obtaining introducer agreements for THEIR own introducers.
• Our Due Diligence policy applies to introducers of all types of business
• TFA compliance function is responsible for oversight of the process
• All neccesary documents are stored in the IO library
What is our Due Diligence policy
• Document as much information as you can regarding the new introducer, such as a CV, details of previous employers, corporate website address etc. and retain on file.
• Perform Google searches on company name and/or introducer’s name. To narrow your search to more potentially relevant results, precede it with key words such as “fraud”, “convicted” or “disqualified” e.g. fraud:John Doe Ltd. At this point in the process, any significant “red flag”, such as a confirmed conviction for fraud (not an allegation), should take you to point 8 in the process.
• Access Companies House website and verify that the business and officer’s information is still “active”; and check that the principal names and address match. Check documents have been filed on time and note any obvious concerns, such as notice of liquidation. https://beta.companieshouse.gov.uk/
• Check Companies House-Disqualified Directors- print off relevant pages.
https://beta.companieshouse.gov.uk/ Enter director’s name, click “search”, and then click on “disqualification”.
• If relevant, check the FSA Register to confirm that the company and/or individual are active and print off any details listed. https://register.fca.org.uk
Policy continued• If relevant, check the Solicitors Regulation Authority and print off any details listed.
http://www.sra.org.uk/solicitors/solicitors.page Search both the individual and the firm and print off pages that confirm registration.
• Check the London Gazette; the Gazette is often cited in legislation and considered by the courts and other legal organisations to be the most effective portal to achieve this.
https://www.thegazette.co.uk/
Enter the name of the firm or individual into the search box and then set the filter to “money”. Print off the search screen and click on any concerning issues for more detail.
• If no negative information has come to light in your enquiries, complete the Professional Introducer Agreement (PIA) with the introducer. In the event that negative information is found, please refer to the Compliance Director before proceeding with any formal agreement.
• Send a copy of the completed PIA form to Philly Grose and a further copy to the Compliance Director, together with all due diligence documentation, for final approval.
• Repeat annually your due diligence process for each introducer; and send the paperwork to the Compliance Director (an IO task will be generated to remind you).
Timescales
• The new Due Diligence process and introducer agreements need to be completed by 31st May 2017.
• Introducers that we have dealt with in the past will be sent a letter ending our relationship with them in the event no new Due Diligence and Introducer agreements are forthcoming.
• Repeat process annually or sooner if there are any material changes to the introducers circumstances, i.e. Company changes hands.
Future
• When we investigate other companies in order to fulfil our due diligence requirements we should also investigate (from May 2018) the level of data breaches a company has had in order to ascertain the quality of their client data handling.
• No doubt providers will also investigate as well!
LUNCH
Behavioural EconomicsMark Pittaccio
PFPChris Glazier & Pete Watts
http://www.tinydesign.co.uk/sandbox/intelliflo/home-redesign-v3/index.html
Personal Finance Portal – Secure messaging
• Mandatory for all new clients as of….
• www.tomfrench.co.uk Log in for clients
• Register…how? How do you introduce to your clients?
• How does it work?
• Experience?
• Training webinars: https://www.intelligent-office.net/documents/help/new/userguide/Content/Training_Videos.htm?Highlight=personal%20finance%20portal
Marketing OverviewCharlotte Malcolm
Our Digital Presence
WebsiteLaunched October 2016
Enhancements made:
• Split Family Matters to create standalone Wealth Management Section
• Adviser Profile
• Events Calendar
• TFA Moonlit Cycle Event Section
New Enhancements Launching Today:
• Secure Adviser/Employee Section
Social Media
Twitter LinkedIn
Financial Promotions & Social Media
How to ensure compliance
• Compliance bulletin to follow with links to presentation & the TFA Social Media Policy explaining how to undertake social media compliantly.
• All social media content constitutes a Non real time Financial Promotion and is governed by strict FCA guidelines.
• It must be approved by marketing & compliance prior to publishing any of your social media channels
Social Media
Partner MarketingJoint marketing activities with third parties:
• Website pages & links
• Social Media Sharing
• Joint client facing collateral & customer communications
Partners to date:
• Parkers Property Consultants
• George James Properties
• Medical Independent
Forthcoming partners:
• Autograph Estate Agents
• ?
Our Client Facing Material
Pull Up Banners A Boards
Client Facing Material
Client Referral Cards Promotional Post Cards
Client Facing Material
Client Facing posters Adviser Profile Flyers
Client Facing Material
Our Social Responsibility
Social Responsibility
New Cycle Jersey New Event Website
TFA Moonlit Cycle 2017
TFA Moonlit Cycle 2017
Twitter Instagram
Pete Watts Dave Harding
Adviser led
Our Brand
Our Brand Evolution
New TFA Brand Varieties
What’s Next?
TFA Brand Rollout
What’s Next?
Advertising & Promotion
BlogsClient Newsletters
Events SEOPartner Marketing
Client ProfilingClient Feedback & Referrals
Website Enhancements
Close & Thanks