If you would like to read this newsletter offline click here for a PDF download.
Note: You will need Adobe Reader to view this document.
1.
Mortgage and General Insurance Key Deadlines for Authorisation
2.
MCCB Complaints Return – Deadline 30th June
3.
Transfer & Opt Outs Reporting – Deadline Early July
4.
FSA – No More Monitoring Visits??…………Please read on
5.
Is There A Disadvantage When ‘Replacing’ Term Assurance and or Critical Illness?
6.
Self Certification Mortgages & Salaried Individuals
7.
MCCB issue updated ‘You and your mortgage’ leaflet (YAYM)
8.
MCCB issue updated ‘How to make a complaint’ optional leaflet
9.
New Stakeholder Suite and ‘Basic Advice’ Concept
10.
Mortgage endowments complaints: New rules on time barring
11.
Travel Insurance & ‘Connected Contracts’ Exemption
12.
Check your Introducers or risk losing an income stream – Act now
13.
Notification of material changes to GISC and MCCB prior to authorisation
14.
Money Laundering Guidance for General and / or Mortgage Advisers
15.
Supervisor Skills Workshop
16.
ATEB IT Solutions - IT Security & Offer of Free IT Audit
Ladies & Gentlemen
Please find enclosed the latest compliance and industry news.
As usual, sit back and enjoy!
Kind Regards
ATEB Consultants
Which article applies to me?
Please use the following table to decide which article applies to you, if any:
| Investment (IFA) |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
| Directors/Partners |
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Compliance / A&O Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Money Laundering Officer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Advisers & Trainees |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| T&C Supervisor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Pensions Transfer Specialist |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Back Office |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| *Mortgage (inc. IFAs) |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
| Director/Partner |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Compliance / A&O Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Sales Advisor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| T&C Supervisor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Back Office |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| General Insurance |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
| Director/Partner |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Compliance / A&O Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Sales Advisor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| T&C Supervisor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Back Office |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*Includes Mortgage arms of IFA and APF firms
1.
Mortgage and General Insurance key deadlines for authorisation
|
Mortgages |
Mortgage & General
(Includes Variation of permission)
|
General Only |
First deadline
31 March 2004
|
Apply by the 31 March 2004 to qualify for an early application fee discount
|
Apply by the 31 March 2004 to qualify for an early application fee discount
|
|
Second deadline
30 April 2004
|
This is the deadline for submitting applications if you want to be certain that the FSA will process it for 31 October 2004 start date*
|
This is the deadline for submitting applications if you want to be certain that the FSA will process it for 31 October 2004 start date*
|
|
First deadline
31 May 2004
|
|
|
Apply by the 31 May 2004 to qualify for an early application fee discount
|
Second deadline
13 July 2004
|
Warning: Do not miss this deadline! |
This is the deadline for submitting applications if you want to be certain that the FSA will process it for 14 January 2005 start date*
|
* Under the Financial Services and Markets Act 2000 the FSA has six months from the date the application is received to make a decision on a complete application (where no information is missing) and 12 months to decide on an incomplete application (where information is missing).
| ATEB view: |
| Don’t miss the deadlines |
| Action required by you: |
| Don’t miss the deadlines! |
Return to Features List or
Contact Us
2.
MCCB Complaints Return – Deadline 30th June
Under MCCB Registration Rule 5.1.6.7, each firm is required to send to MCCB an annual report for the period 1 May 2003- 30 April 2004, detailing the type and number of complaints received by the firm.
- Reports must be submitted in paper form only
- Deadline for receipt by MCCB is 30 June 2004.
- ‘Nil’ returns’ are required
- Records must be maintained for (a minimum of) 3 years from the date of receipt of the complaint by the firm.
MCCB expects a registered firm to ensure that its complaints handling process operates effectively in respect of any expression of dissatisfaction, whether oral or written and whether justified or not, from a customer or potential customer of the firm about the firm’s provision of, or failure to provide, services covered by the Mortgage Code.
| ATEB view: |
| Accordingly, firms should ensure that they have appropriate and effective procedures in place to receive, record, investigate and respond to complaints received by telephone, e-mail, in person, in writing or by any other written or oral form of communication. |
| Action required by you: |
| A proforma for use in submitting the report is available from the MCCB website www.mortgagecode.co.uk/Industry/Publications/Forms |
Return to Features List or
Contact Us
3.
Transfer & Opt Outs Reporting – Deadline early July
Don’t forget to send in your Transfer & Opt Out statistics by the end of this month (first week in July). All the information you need is in ATEB news April 2003.
- The ‘reporting’ rule only affects those firms which are authorised to conduct ‘Pension Transfer and Pension Opt Out’ transactions.
- There are no specific reporting dates, however most firms have adopted six-month returns in early January to coincide with 6 months after the end of the ‘transitional period’.
- These do not include transfers from personal pension (or stakeholder) to personal pension (or stakeholder).
- Nil returns are not required.
Dates summary:
January – Six monthly and quarterly
April - quarterly
July – Six monthly and quarterly
October - quarterly
The return will need to indicate the number of cases falling into category of Insistent client, execution only & correspondence only (These three categories should also be split between transfer, opt-out and non-joiner cases).
| ATEB view: |
| None, for information only |
| Action required by you: |
| Ensure that you send your return in on time and that you continue to keep clear records for an indefinite period and are able to report accurately on time with the minimum of fuss. If you need a proforma to report or you are unsure, please speak with your local ATEB consultant. |
Return to Features List or
Contact Us
4.
FSA – No more monitoring visits??…………Please read on
In a conversation with ATEB the FSA has confirmed that it is going to carry out regional visits to smaller IFAs. Here is the process:
- The first step is for all IFAs in the region to be told about the possibility of visits to their firm and to receive an invitation to short ‘surgeries’.
- Visits will then be made to select IFAs
- Finally, all the IFAs written to in the first instance will be invited to a 'road show', at which the findings will be given to all.
The first region to be chosen to start the procedure is Gloucestershire. The surgeries and visits will be during the last week in July, with the feedback in August/September.
| ATEB view: |
It is reasonable to assume that visits may be made on either IFAs who have:
- Remedial work to do, or
- Who have not been visited for quite a long time (Pre N2) or
- Newly authorised
|
| Action required by you: |
| Speak to ATEB if you are worried about any particular aspect of your compliance. We continue to discuss general issues at our regular visit. |
Return to Features List or
Contact Us
5.
Is there a disadvantage when ‘replacing’ term assurance and or critical illness?
As you know, when recommending a client to replace any existing policy with a new one, you must disclose all actual and potential disadvantages (preferably in writing).
Question: You are recommending that a level term assurance policy be replaced. The new plan will be identical to the old one – same term, sum assured, etc. There is no loss of benefits (e.g. renewability). The premium however, is lower. Apart from the obvious disadvantage of not cancelling the existing policy until underwriting the new, is there any other disadvantage you can think of?
Answer: Most life assurances now contain a suicide clause, whereby the policy will not pay a death benefit if the policyholder commits suicide during the first ‘n’ months (can vary) of the plan. Additionally, you should ensure that policyholders read the declaration part of the application carefully before signing. This should also ensure that all material facts are disclosed which, of course, could be different to those when the plan was taken out originally.
And Critical Illness?
Following on from the above, what about replacing critical illness policies?
This one is far more complicated, but key will be ensuring that the policy matches or enhances the conditions covered by the existing plan.
If you recommend a plan which omits conditions covered by the existing plan, then it is essential that the reason for this, together with the conditions not covered by the new plan, are disclosed in writing. We would suggest this be done pre-sale with a signature to confirm client understanding.
Indeed, when recommending new critical illness policies, rate should be a consideration, but not the overriding factor, when choosing the policy/provider.
It is the conditions covered which matter most. Your fact find should detail any particular concerns that the client may have and you should seek a policy that best matches their requirements.
(thanks go to Bill Fletcher of Metropolitan Insurance Services for providing this article).
| ATEB view: |
| It all seems fairly obvious, but could be very easy to miss. |
| Action required by you: |
| Ensure that your systems and controls can support the above. |
Return to Features List or
Contact Us
6.
Self Certification Mortgages & Salaried Individuals
There is some evidence that a minority of customers are being recommended self-certification mortgages in order that they obtain higher loans than would otherwise be available, particularly in areas of high housing cost, where traditional ‘salary multiples’ would fall short.
Under section 3.1(a) of the Mortgage Code the level of service provided is “advice and a recommendation as to which mortgage is most suitable for you.” This necessitates a careful assessment of the customer’s needs, circumstances and objectives and any recommendation should reflect the customer’s particular requirements and the market conditions at the time.
Therefore, it is clear that if service level 3.1(a) - advice and a recommendation – is provided, the adviser must make a suitable recommendation to the client, taking into account, among many other factors, issues of affordability in order to help the client select a mortgage based on their needs and to fit their circumstances, future objectives and attitude to mortgage risk. It would, therefore, be a serious breach of the Code if an adviser, under a self-certification arrangement, encouraged his client to make a false income declaration for the purposes of obtaining a higher loan than could otherwise be obtained.
From November this year, the FSA will be looking closely at this area in future compliance monitoring to see how sales of these products are being justified as being ‘most suitable’ for the customer, particularly in cases of salaried individuals.
| ATEB view: |
| ATEB are extremely worried about this area. Remember that customers have everything to gain and mortgage advisers have everything to lose. Your documentation has to be watertight. If the client has other means to repay the loan if things go wrong, for example, a relative with additional finance, investments etc., ensure that these are documented as part of your rational. Make sure that you cover charges and implications clearly and we would urge you not to rely solely on computer generated letters to give you protection. |
| Action required by you: |
Everyone who is involved with self-certification mortgages should read the MCCB guidance (see link below) and compliance supervisors should run checks to help ensure that no customers are providing false income declarations. Do not be fooled by those lenders who (cleverly) do not provide an income box on their proposal form – this will come back to bite you and not the lender for the reasons given above.
Link to Good Practice Notes ‘Self Certification’ Mortgages
Best Practice - Self-Certification Guidance |
Return to Features List or
Contact Us
7.
MCCB issue updated ‘You and your mortgage’ leaflet (YAYM)
Firms must ensure that the new leaflet only is in use and given to customers from 1 August 2004.
MCCB and the Council of Mortgage Lenders (CML) have issued a revised version of the ‘You and your mortgage’ (YAYM) leaflet. The changes reflect the transition to statutory regulation and highlight to consumers the fact that the FSA will be responsible for regulating the activities of lenders and intermediaries from 31 October 2004.
A new edition of the ‘You and your equity release mortgage’ leaflet (YAYERM) has also been issued and is subject to the same introductory process as outlined above for customers interested in lifetime mortgages.
Under the provisions of the Code, all potential mortgage customers must be given a copy of the leaflet when first discussing a mortgage.
| ATEB view: |
| None, for information only |
| Action required by you: |
| The new leaflet has been given the issue reference 03/04 and stock can be ordered in the normal way using the MCCB Order Form available from the website www.mortgagecode.org.uk (also available from the helpline on 01785 218200). |
Return to Features List or
Contact Us
8.
MCCB issue updated ‘How to make a complaint’ optional leaflet
Firms must ensure that the new leaflet only is in use and given to customers from 1 August 2004.
MCCB’s consumer guide for mortgage borrowers on how to resolve problems and complaints about mortgage services covered by the Mortgage Code is also now available in a new version, which reflects the transition to statutory regulation. It also highlights to consumers the fact that the FSA will be responsible for regulating the activities of lenders and intermediaries from 31 October 2004.
The ‘How to make a complaint under the Mortgage Code’ leaflet is designed to make the complaints process more open, understandable and accessible for consumers and many firms use it as an aid to explaining the processes required.
| ATEB view: |
| None, for information only |
| Action required by you: |
| The new leaflet is available on the Mortgage Board’s website www.mortgagecode.org.uk and has the issue reference 04/04. Firms wishing to obtain copies of the leaflet can do so using the Order Form available from the website, or through the MCCB helpline on 01785 218200. |
Return to Features List or
Contact Us
9.
New Stakeholder Suite and ‘Basic Advice’ Concept
Well, many years ago we had ‘best advice’. This was superseded by ‘suitable advice’ and now we have a new addition to the family ‘basic advice’.
A new suite of ‘simplified products’ should be with us by April 2005. The Treasury has announced that the charge cap that will apply to stakeholder products will be 1.5% for the first 10 years that the product is held, reducing to 1% thereafter. Existing Stakeholder Pension regulations will need to be amended to reflect revised specifications for that product.
Why simplify?
The FSA now accepts that there is clear evidence that firms are reluctant to give advice to customers making low-value transactions because firms cannot be sure of recovering their costs. Also, fee-based advice can be an unattractive option for low-income customers. So, advice tends to be an option only for the more affluent or those making significant investments. Interestingly, its the less affluent consumers who form the Government’s target market for stakeholder products.
What does simplification involve?
- the service provides basic advice with a huge reduction in regulatory hoops.
- salespeople providing basic advice are not required to hold formal financial planning qualifications.
- the sales interviews are pre-scripted by the firm
Variation of Permissions
Firms who are already authorised will need to seek an addition to their Part IV Permission
No requirement for an ‘RU64-style’ approach
The FSA will not introduce an ‘RU64-style’ approach to the sale of other packaged products in anticipation of the new stakeholder products. You may recall that the main thrust of RU64 [PIA’s Regulatory Update 64] was to prevent consumers being locked into high charging pension contracts once it had become clear that a cheaper, more flexible alternative was soon to be available.
Next steps
Following the introduction of the new regime, the FSA plans to carry out a detailed post-implementation review from which they hope to gain a good understanding of the new market and the effectiveness of the regulatory controls. Subject to the effectiveness of the regime, the FSA will then consider whether or not to extend the scope to comparable non-stakeholder products.
| ATEB view: |
| In theory, the new standards mean that firms should be able to devise sales processes that are shorter and cheaper to deliver than ‘full’ advice. Sales support could be employed to give ‘basic advice’ thus increasing sales and profitability. Whilst we accept that most IFAs deal with the higher end of the market, this new concept will assist those firms wanting to offer an all encompassing service. |
| Action required by you: |
None, for information only
FSA has published CP 04/11 A basic advice regime for the sale of stakeholder products at the following link http://www.fsa.gov.uk/pubs/cp/04_11/index.html Consultation document ‘Stakeholder products’, is available on HM Treasury’s website www.HM-Treasury.gov.uk |
Return to Features List or
Contact Us
10.
Mortgage endowments complaints: New rules on time barring
FSA has introduced new rules on the time limits for making a mortgage endowment complaint which may be referred to the Financial Ombudsman Service. The rule change makes use of FSA's emergency powers, which allow them to introduce a new rule without consultation on the grounds that delay would be prejudicial to consumers' interests.
From 1 June 2004, clients must, in order to protect their right to refer a complaint to the Ombudsman, have made a complaint within three years from the time they first received a 'red' letter. (A 'red' letter is the one telling you there is a high risk that the policy will not repay the target sum.) However, the firm must have explained to the client at least six months before the end of the three-year period that the time to make such a complaint would expire at the end of that time.
The new rules require firms to make explicit reference in letters to policyholders, that they have 3 years from their first red letter in which to complain. They also have to issue this warning at least 6 months in advance of the date from when the client would be time-barred from making a complaint.
| ATEB view: |
| None, for information only |
| Action required by you: |
IFAs who want to implement time bars will need to make sure that their clients are given the appropriate warning. But in practical terms, this could be problematic and costly. Providers have been issuing re-projection letters for a number of years, but IFAs have not always been made aware of what has been sent to their clients or when. It will be important for IFAs to be kept fully informed of the process, which individual providers adopt, when dealing with IFA clients. We therefore recommend that IFAs contact individual providers and ascertain their stance.
Further Information: Changes can be found in DISP 2.3.1R and DISP 2.3.6R. FSA Handbook Notice 33 provides full details. The ABI has revised its Code of Practice for mortgage endowment policy reviews. This can be accessed at www.abi.org.uk under Information Zone / Life and Pensions / Life and Pensions codes. |
Return to Features List or
Contact Us
11.
Travel Insurance & ‘Connected Contracts’ Exemption
It has been widely published by the FSA and other industry Gurus that ‘travel insurance sold as part of a package will be exempt from FSA regulation”
Quote from FSA authorisation manual AUTH 5.11.11 G – connected contracts of insurance “……….travel policies which provide cover in respect of the policyholder’s personal liability while traveling may fall within the exclusion by virtue of 5.11.10G, where sold as part of a package by travel agents and other providers of services related to travel…..”
Its only when you examine the connected contracts of insurance exemption more closely and you see the words
AUTH 5.11.10 G
In broad terms, a “connected contract of insurance” is a contract of insurance which:
……
(4) covers the risk of –
(b) damage to, or loss of, baggage and other risks linked to travel booked with the provider (“travel risks”);
The implications being that the ‘travel insurance exemption’ will only at best support the larger tour operators who actually book flights with holiday accommodation included. If the provider does not book the travel the exemption will not apply.
| ATEB view: |
| We are deeply frustrated by the FSAs lack of guidance in this area. At no point have they been specific in this area in consultation or rule references. This information has only come as a result of ‘behind the scenes discussions’ with trade associations. Although ATEB confirmed the point in a telephone conversation with the FSA, there has been no detailed public / industry guidance. It absolutely essential that the FSA expand on their ‘broad’ rules and give greater guidance to enable firms to fully understand whether they require authorisation. |
| Action required by you: |
| General Insurance Brokers should encourage their introducers to take professional guidance. |
Return to Features List or
Contact Us
12.
Check your Introducers or risk losing an income stream – Act now
This article is aimed at General Insurance Brokers
In most cases, any person who carries on a regulated activity in the United
Kingdom by way of business must either be an authorised person or an exempt person (generally this means an appointed representative) Otherwise, the person commits a criminal offence and certain agreements may be unenforceable.
From January 2005, the IMD (Insurance Mediation Directive) is going to be extremely far reaching. Currently, many General Insurance Brokers have introduced business that originates from Secondary Agents (Travel Firms, Property Managing Agents, Retail, Removal, Freight, etc). Obviously, all of these industries do not consider insurance activity as its main business, although many of them will receive a sizeable income from the activity. Unless there is a particular exemption which can be used to avoid the need for authorisation, then for most of these firms it will not be ‘business as usual’ from January next year.
Consumer research would seem to suggest that Primary Agents (i.e. General Insurance Brokers) have got the regulation message and most will have applied for FSA authorisation prior to the 13th July 2004 deadline. However, the feedback on Secondary Agents is that many are either undecided or are unaware of the implications that the IMD brings. It is believed that over 90% of commercial property agents believe that they will need authorisation, but just over a quarter have actually applied for authorisation.
| ATEB view: |
If you are not prudent and careful you will do one of two things from January next year:
- Lose a proportion of your business because the introducer has not registered for authorisation or they have become an Appointed Representative of another firm or worse,
- You become involved in introducer chains where the principal introducer is committing a criminal offence.
The FSA requests a six-month minimum time period to process an application, hence the 13th July cut off date for application submission. ATEB suspect though that the FSA will need to process applications more quickly than this because of the lack of understanding and procrastination which currently exists in the secondary market in particular. |
| Action required by you: |
| Do not waste time - Encourage your ‘introducers’ to take professional guidance; this may be assistance from their trade association, solicitor or a compliance firm such as ATEB consulting. As a minimum, you need to bring the significance of inaction to their attention. |
Return to Features List or
Contact Us
13.
Notification of material changes to GISC and MCCB prior to authorisation
Your future obligations to the FSA include notification of material changes to the information originally supplied in your application for authorisation.
While your focus will probably be on FSA compliance issues, it is important that material changes up to 1st November 2004 & 14 January 2005 are notified to MCCB and GISC respectively, not least because they may be asked at any time by the FSA for information on an applicant and, should there be inconsistencies, the FSA has the right to withdraw authorisation even if a firm has been issued a “Minded To Approve” letter.
You should note, in particular, the requirement to notify MCCB & GISC of the following material changes:
- the sale or acquisition of a business;
- a change in status of the legal entity (becoming incorporated as a limited liability company, for example, from sole trader or partnership status);
- a change in company name or trading name(s).
| ATEB view: |
| None, for information only |
| Action required by you: |
| None, for information only |
Return to Features List or
Contact Us
14.
Money Laundering Guidance for General and / or Mortgage Advisers
While the FSA money laundering sourcebook rules will not apply to general insurance and mortgage intermediaries, firms will be required to maintain appropriate safeguards against financial crime: in particular, all firms still have obligations under the Proceeds of Crime Act. The Proceeds of Crime Act covers all types of crime, not just arising from organised crime, terrorism or drugs, but also from other crimes such as tax or customs and excise evasion, or state benefit fraud.
It is a criminal offence to:
- provide any service which helps an individual to acquire, possess, conceal or transfer the proceeds of crime;
- fail to report someone that you know or suspect is laundering the proceeds of crime;
- disclose to an individual that they are under investigation.
| ATEB view: |
| None, for information only |
| Action required by you: |
| The law imposes obligations on employees personally, and firms are required to establish procedures and train staff to meet their legal obligations. |
Return to Features List or
Contact Us
15.
Supervisor Skills Workshop
Reminder: The need to have supervisor training is a relevant and up to date issue having been remarked upon during a recent FSA visit and the FSA compliance conference see article 11.
Overview:
Day 1- overview (9.30am until 4.30 pm)
- Setting field sales process standards
- Consistent and accurate assessment skills
- Using an objective observation aid
- T&C Knowledge
|
Day 2 - overview (9.30am until 4.30 pm)
- Theory of coaching and training
- SMARTA development plans
- Giving consistent feedback
- Structuring one to ones
- Monitoring performance and training needs analysis
|
Who should attend?
- Qualified supervisors wishing to top up existing supervisor knowledge
- Newly appointed supervisors
- Supervisors who had previously been classified as ‘self supervising’ (under PIA)
Do I need to attend both days?
- You may wish to attend only a single day at present; there will be other days later in the year.
Course details:
Dates: |
Day 1 – Thursday 22nd July and Day 2 – Friday 23rd July |
Location: |
York (Selby Fork Hotel) |
Cost: |
£165 plus vat per day per person
|
| ATEB view: |
| Where relevant and suitable training has not been undertaken within firms, it will result in a serious breach of the regulations and the consequences may be significant. It is more than possible that the FSA will suspend the firm from trading until this requirement is met. Although we often quote the regulatory requirements, let’s not forget that quality supervisor training will almost certainly have a positive impact on your business. |
| Action required by you: |
| Please let us know if you would be interested in attending by email or telephone. |
Return to Features List or
Contact Us
16.
ATEB IT Solutions - IT Security & Offer of Free IT Audit
This is the first in a series of articles on IT and how it relates to compliance and general best practice. If you feel that the areas covered in the article are relevant, you may wish to accept our offer of a free audit and/or consultation, which we are promoting on, a first come, first served basis.
It is a common misconception that IT security only deals with the detection and removal of viruses. However, there are many other risks associated with storing data electronically and this article aims to address the most important questions every firm should ask themselves.
Is our firm’s network secure from outside attack?
Any corporate network which is attached to the Internet is vulnerable to attack from outside. You don’t have to understand why people would want to get access to your network, but simply accept the fact that someone somewhere is scanning the Internet for vulnerable networks. There are a variety of reasons why people do this, but making sure your firm has adequate protection against them should be a top priority.
One of the easiest ways to protect a network is through a firewall. It is recommended that every computer linked to the Internet through a permanent connection (e.g. broadband) should have one. Firewalls are simply devices which filter all traffic travelling between your computer and the Internet. They are available in software or hardware form and each has their own benefits. With all Internet traffic being scanned the device can be configured to block anything that could be harmful.
Is our firm’s wireless network secure?
With the advent of each new computer technology, it brings along a new host of security problems. Even though ‘wireless networks’ (no cables in layman’s terms) are still in their infancy, firms have been eager to harness the usefulness of mobile networking. This has lead to companies having wireless networks installed by reputable IT firms that (in ATEB’s opinion) have not taken into consideration the possible security problems which can occur. The possible security concerns are obvious when you allow anyone in range of an access point to connect to your Local Area Network.
[In layman’s terms, a Local Area Network (LAN) is a data communications system using high-speed connections and consisting of a group of interconnected computers, sharing applications, data and peripherals. The geographical area is usually a building or group of buildings]
However there are simple and often cost free methods to dramatically increase the security of your wireless network and prevent access from unauthorised users connecting from outside your firm’s premises. Try clicking on this article, it highlights the importance of security http://news.bbc.co.uk/1/hi/technology/3826323.stm
Does our firm have adequate virus protection?
Although my original point was that IT security is not only concerned with virus protection, it should, however, be a major consideration for any firm. As many of you will have experienced at some point in the past, viruses can cause a great deal of disruption to a firm’s IT systems and are also a nuisance when they constantly arrive in your email inbox. There are many different ways to tackle the problem, some removing viruses from email before they arrive in your inbox, others constantly watching for viruses as they arrive. We must also not forget that viruses can attack through other mediums other than email.
The best way to deal with viruses is to make sure you have a comprehensive strategy to protect your firm. The most important part of an anti virus strategy is ensuring that your virus scanners are always up-to-date. New viruses can spread across the entire world in a few hours so you need to make sure you are protected when a new one is first spotted. The latest virus scanners can be centrally administered from a server making sure that every client computer is always kept up-to-date with the latest anti-virus tools.
Does my firm have adequate disaster recovery plans?
The last consideration in this article is what to do if it all goes wrong. Every firm should make sure that all mission critical data is recoverable. Have you considered what would happen if your client information database were suddenly no longer available? How would your business continue? These are typical questions that should be answered in a business continuity strategy plan.
The simplest and most effective way of managing this problem is ensuring all data is backed up as part of an on going backup strategy. This strategy should make sure that copies of data are held securely and periodically checked. Firms often have a backup strategy but don’t periodically verify to check that the backups are going to be of use if there is a problem. Good procedures will pay off in the event of a disaster.
| ATEB view: |
In summary, this article aims to make firms aware of potential problems with their existing IT systems. It is worth remembering that the bulk of data held on IT systems is confidential client specific information, which is critical to the running of a business. It is a firm’s responsibility to ensure the integrity of the data and that storage and application meets with requirements of the Data Protection Act.
IT is now central to maintaining compliance with FSA rules and guidance, it is the future and the way forward, and firms will need to invest wisely in this area. |
| Action required by you: |
| If you are unsure about any of the issues raised here or any other wider ranging IT issues please feel free to arrange a no obligation IT consultation and/or audit to discuss these matters further. |
Return to Features List or
Contact Us
Important Note:
The ATEB Newsletter is intended to provide general guidance on areas of compliance and T&C; however it is not a replacement for the main Rules and Guidance contained within the FSA Handbook.
We welcome all feedback. If you have any feedback or questions relating to any articles then please direct them to your local ATEB consultant or the newsletter editor Steve Bailey email steve@atebconsulting.co.uk
Unless you have consulted specifically (as part of a regular visit) with ATEB on a particular issue then ATEB Consulting accept no liability for any actions taken based on the information contained solely within the newsletter. |
Contact Us:
ATEB Consulting
The Old Post House
29 Nedderton Village
Northumberland
NE22 6AX
T: (01670) 822984
M: (07703) 576951
E: steve@atebconsulting.co.uk
W: www.atebconsulting.co.uk
