the itc compliance · pdf fileitc compliance network member policies & procedures manual...

ITC Compliance Network Member Policies & Procedures Manual v1.3

1

i

The ITC Compliance Network

The Concept From 14th January 2005, any business engaging in General Insurance activity must be

regulated by the Financial Conduct Authority (FCA), formerly the Financial Services

Authority (FSA).

General Insurance activity is not limited to sales and includes other areas such as

administration and claims handling. There may be a number of employees within your

business that will be subject to the FCA rules and regulations.

The ITC Compliance Network provides an alternative to full FCA authorisation, where a fully

authorised Firm (ITC Compliance) takes responsibility for the regulated activities of Network

Members.

The sole purpose of the Network is to ensure that your customer’s needs are at the

forefront of everything you do, providing them with information that is clear, fair and not

misleading. To ensure this ITC Compliance provide you with all of the administration tools,

training resources; professional indemnity insurance (excluding travel companies) and

processes you need to enable you to sell General Insurance products in line with the FCA’s

Treating Customers Fairly (TCF) outcomes.

ITC Compliance also takes away the burden of being directly authorised by the FCA.

In line with clause 3.1.iii of the Terms and Conditions of ITC Compliance Network

Membership, ITC Compliance have provided this manual, which contains all the relevant

policies needed in order to maintain compliance with current FCA regulations and TCF

outcomes.


2

Table of Contents

The ITC Compliance Network ............................................................................. 1 Table of Contents ............................................................................................... 2 ITC Compliance Network Charter ....................................................................... 5 Treating Customers Fairly (TCF) Policy .............................................................. 7 Introduction............................................................................................................................................... 8 Purpose .................................................................................................................................................... 8 Responsibilities ........................................................................................................................................ 8 Application ................................................................................................................................................ 8 Monitoring & Reporting .......................................................................................................................... 11 Management Information ....................................................................................................................... 11 FCA Principles for Business Policy .................................................................... 12 Introduction............................................................................................................................................. 13 Purpose .................................................................................................................................................. 13 Responsibilities ...................................................................................................................................... 13 Application .............................................................................................................................................. 13 Monitoring & Reporting .......................................................................................................................... 16 Management Information ....................................................................................................................... 16 Sales Practices Policy ....................................................................................... 17 Introduction............................................................................................................................................. 18 Purpose .................................................................................................................................................. 18 Responsibilities ...................................................................................................................................... 18 Application .............................................................................................................................................. 18 Reporting and Monitoring ....................................................................................................................... 25 Remuneration Policy ........................................................................................ 26 Introduction............................................................................................................................................. 27 Purpose .................................................................................................................................................. 27 Responsibilities ...................................................................................................................................... 27 Application .............................................................................................................................................. 27 Monitoring & Reporting .......................................................................................................................... 28 Management Information ....................................................................................................................... 28

Recruitment Policy ........................................................................................... 29 Introduction............................................................................................................................................. 30 Purpose .................................................................................................................................................. 30 Responsibilities ...................................................................................................................................... 31 Application .............................................................................................................................................. 31 Monitoring & Reporting .......................................................................................................................... 32 Management Information ....................................................................................................................... 32

Complaint Handling Policy ................................................................................ 33 Introduction............................................................................................................................................. 34 Purpose .................................................................................................................................................. 34 Responsibilities ...................................................................................................................................... 34 Application .............................................................................................................................................. 34 Monitoring & Reporting .......................................................................................................................... 37 Management Information ....................................................................................................................... 38 Financial Promotions & Marketing Policy ......................................................... 39 Introduction............................................................................................................................................. 40 Purpose .................................................................................................................................................. 40 Responsibilities ...................................................................................................................................... 40 Application .............................................................................................................................................. 40 Monitoring & Reporting .......................................................................................................................... 42 Management Information ....................................................................................................................... 43 Business Assurance Policy ............................................................................... 44


3

Introduction............................................................................................................................................. 45 Purpose .................................................................................................................................................. 45 Responsibilities ...................................................................................................................................... 45 Application .............................................................................................................................................. 45 Monitoring & Reporting .......................................................................................................................... 47 Management Information ....................................................................................................................... 48 Training & Competence Policy .......................................................................... 49 Introduction............................................................................................................................................. 50 Purpose .................................................................................................................................................. 50 Responsibilities ...................................................................................................................................... 50 Application .............................................................................................................................................. 50 Monitoring & Reporting .......................................................................................................................... 51 Management Information ....................................................................................................................... 52 Financial Crime Policy ...................................................................................... 53 Introduction............................................................................................................................................. 54 Purpose .................................................................................................................................................. 54 Responsibilities ...................................................................................................................................... 54 Application .............................................................................................................................................. 54 Monitoring & Reporting .......................................................................................................................... 57 Management Information ....................................................................................................................... 57 Conflicts of Interest Policy ............................................................................... 59 Introduction............................................................................................................................................. 60 Purpose .................................................................................................................................................. 60 Responsibilities ...................................................................................................................................... 60 Application .............................................................................................................................................. 60 Monitoring & Reporting .......................................................................................................................... 63 Management Information ....................................................................................................................... 63 Gifts & Hospitality Policy .................................................................................. 64 Introduction............................................................................................................................................. 65 Purpose .................................................................................................................................................. 65 Responsibilities ...................................................................................................................................... 65 Application .............................................................................................................................................. 65 Monitoring & Reporting .......................................................................................................................... 67 Management Information ....................................................................................................................... 67 Risk Management Policy ................................................................................... 68 Introduction............................................................................................................................................. 69 Purpose .................................................................................................................................................. 69 Responsibilities ...................................................................................................................................... 69 Application .............................................................................................................................................. 69 Business Continuity Plan Policy (BCP) .............................................................. 71 Introduction............................................................................................................................................. 72 Purpose .................................................................................................................................................. 72 Application .............................................................................................................................................. 72 Approved Persons Policy .................................................................................. 73 Introduction............................................................................................................................................. 74 Purpose .................................................................................................................................................. 74 Responsibilities ...................................................................................................................................... 74 Application .............................................................................................................................................. 74 Monitoring & Reporting .......................................................................................................................... 77 Management Information ....................................................................................................................... 78 Regulatory Breaches & Incidents Policy ........................................................... 79 Introduction............................................................................................................................................. 80 Purpose .................................................................................................................................................. 80 Responsibilities ...................................................................................................................................... 80 Application .............................................................................................................................................. 80 Monitoring & Reporting .......................................................................................................................... 82 Management Information ....................................................................................................................... 82 Whistleblowing Policy ...................................................................................... 83


4

Introduction............................................................................................................................................. 84 Purpose .................................................................................................................................................. 84 Responsibilities ...................................................................................................................................... 84 Application .............................................................................................................................................. 84 Monitoring & Reporting .......................................................................................................................... 85 Management Information ....................................................................................................................... 85 Record Keeping Policy ...................................................................................... 86 Introduction............................................................................................................................................. 87 Purpose .................................................................................................................................................. 87 Responsibilities ...................................................................................................................................... 87 Application .............................................................................................................................................. 87 Monitoring & Reporting .......................................................................................................................... 90 Management Information ....................................................................................................................... 90 Appendix 1: Financial Promotions Checklist ..................................................... 91 Appendix 2: Example Balanced Scorecard ........................................................ 92 Appendix 3: Complaint Reporting Form ............................................................ 93 Appendix 4: Example Financial Promotions Register ........................................ 94 Appendix 5: Example Call Monitoring Check-Sheet ....................................... 95 Appendix 6: Potential Conflict of Interest Form ............................................... 98 Appendix 7: Conflict of Interest Self Assessment Form .................................... 99 Appendix 8: Gifts & Hospitality Approval Form ............................................... 102 Appendix 9: Example Gifts and Hospitality Register ....................................... 103 Appendix 10: Impact Score Scale ................................................................... 104 Appendix 11: Likelihood Score Scale .............................................................. 106 Appendix 12: Exposure / Control Score Scale ................................................ 107 Appendix 13: Example Risk Register .............................................................. 110 Appendix 14: Example Business Continuity Plan ............................................ 111 Appendix 15: Example Telephone Cascade List .............................................. 120 Appendix 16: Business Continuity Plan Test Scenarios ................................... 120 Appendix 17: Form D ...................................................................................... 122 Appendix 18: Incident Report Form ............................................................... 136 Appendix 19: Regulatory Breaches ................................................................. 137


5

ITC Compliance Network Charter In allowing Network Members to operate under ITC Compliance’s authorised regulatory

status, ITC Compliance is obliged to provide you with tools, processes and procedures to

enable you to trade in line with FCA rules, regulations and principles.

The following Charter outlines the main commitments that ITC Compliance and you, the

Network Member, agree to undertake.

Network

ITC Compliance commit to:

1. Supplying Network Members with Appointed Representative (AR), Introducer Appointed

Representative (IAR), or Connected Contract Exemption (CCE) status to allow you to engage in General Insurance activity

2. Providing and updating as necessary the ITC Compliance Network Policies and Procedures Manual

3. Providing an on-line Training and Competence solution for all relevant staff Members

4. Providing and hosting an ITC Compliance portal for regular returns from appropriate Network Members

5. Giving 28 days’ notice of any changes that will affect Network Members (where possible)

6. Undertaking an audit of each site at least once a year

7. Providing a compliant sales process and systems to support this commitment

8. Complaints handling on your behalf

9. Provision of PI insurance (where applicable)

10. Provide Financial Promotions guidance and approval

11. Undertake Call monitoring (where applicable), providing feedback in a timely manner.

12. Undertake Mystery Shopping (where appropriate) to ensure continued compliance of

Network Members.

13. Undertake desk based audits, ensuring Network Members continued compliance with the

FCA Regulations and TCF Outcomes.

14. Undertake Website reviews, providing guidance and approval

15. Providing clear and concise feedback in a timely manner following a review that requires

further action from the Network Member.

16. Undertake Terms of Business Agreement (TOBA) reviews to ensure adequate risk transfer is

in place with regard to Client Money.


6

ITC Compliance Network Members commit to:

1. Treating Customers Fairly (TCF) in line with FCA and ITC Compliance requirements

2. Following the policies and procedures outlined within this manual in good faith

3. Where applicable, submitting the required periodic return in a timely and accurate manner

4. Notifying ITC Compliance of any changes to staff members that engage in regulated

activity

5. Notifying ITC Compliance of any changes in Approved Person status 6. Notifying ITC Compliance of all insurance related customer complaints received, as soon as

they are received.

7. Providing assistance and support at any audit

8. Nominating one individual to act as the Supervisor/Assessor of individual regulated staff

9. Informing ITC Compliance of any Conflicts of Interest that may have a negative impact

upon the Network Member’s ability to undertake the regulated activity compliantly or

affecting ITC Compliance’s supervision of the Network Member.

10. Inform ITC Compliance of any incidents that may impact upon the Network Member’s

customers, their ability to undertake the regulated activity or ITC Compliance’s everyday

activities or reputation, as per the Regulatory Breaches and Incidents policy.


7

Treating Customers Fairly (TCF) Policy


8

Introduction Treating Customers Fairly (TCF) is central to the corporate culture of ITC Compliance and

therefore as a Network Member, you should also be able to demonstrate this.

This ethos is underpinned by the FCA requirement to demonstrate the following TCF

outcomes.

1. Consumers can be confident that they are dealing with firms where the fair treatment of

customers is central to the corporate culture.

2. Products and services marketed and sold in the retail market are designed to meet the

needs of identified consumer groups and are targeted accordingly.

3. Consumers are provided with clear information and are kept appropriately informed

before, during and after the point of sale.

4. Where consumers receive advice, the advice is suitable and takes account of their

circumstances.

5. Consumers are provided with products that perform as firms have led them to expect,

and the associated service is of an acceptable standard.

6. Consumers do not face unreasonable post-sale barriers imposed by firms to change

product, switch provider, submit a claim or make a complaint

Purpose

To ensure compliance with these outcomes, ITC Compliance have appropriate procedures

which will encourage your staff to uphold the principle of TCF and the associated outcomes.

This policy sets out guidance to aid understanding of the requirements to comply with the

Treating Customers Fairly outcomes.

Responsibilities

The Approved Person should ensure they are able to evidence a culture of TCF across all

staff and management levels

Application

The requirements for each key area are as follows:

Product Development

As part of the development of new and or enhanced products or service propositions prior to

launch, the product provider will undertake the following:


9

adequate research must have been conducted to identify the target market for which

they are being developed (TCF 2)

the needs of clients within the target market have been satisfied by the product or

service proposition (TCF 5)

risks to clients must be identified and considered throughout the development process

(TCF 1)

development will not compromise the ability to comply with regulatory requirements

(including TCF)

product and service propositions must be robustly tested via marketing and financial

modelling frameworks to ensure they are marketable, viable, profitable and serviceable

(TCF 1)

the complexity/simplicity of products or service propositions have been properly aligned

with the competence and capability profiles of the clients at which they are aimed (TCF

2)

product and service propositions must be clear in their pricing and charging structures

so that clients can make clearly informed decisions (TCF 3)

lessons learned from client feedback will be captured and fed into development

processes (TCF 1)

If for any reason, you feel that the products you offer fail to meet any of the above

points, you should inform ITC Compliance immediately.

Marketing (Financial Promotions)

All marketing materials need to be “clear, fair and not misleading” and must comply with

the FCA Rules on Financial Promotions, where applicable. (TCF 3)

Promotion strategies and materials must be reviewed to ensure consistency with TCF

requirements and compliance with FCA Rules.

All marketing (financial promotions) must be designed to ensure that the promotion of

brand, products and services, following the Financial Promotions checklist (Appendix 1)

adhere to the following:

Marketing must be clear, fair and not misleading, and must be approved by ITC

Compliance prior to use.

Marketing must ensure that clients are placed in an informed position to make well

informed purchasing decisions

Content should be balanced and must not promote benefits through the omission of

risks

Content must make clear how the product or service proposition meets the needs of the

intended markets

Marketing must be monitored for effectiveness in both commercial terms and reaction

from clients

Lessons learned from client feedback should be captured and the information used for

improvement and development of material.


10

Sales and Advice Process

As a Network Member you may conduct transactions through a number of distribution

channels including face to face, the telephone, web-based, directly with clients, on both an

advised and non-advised basis.

An Advised Sale (you give advice) is where you give advice to a potential customer on the

merits of them buying a specific general insurance product, explaining how this meets their

demands and needs and recommending its purchase. This will be specific and individual

advice to the customer and should not be generic. This is in addition to all of the relevant

documentation, including the Status Disclosure Document, Policy Summary and full policy

terms and conditions

A Non-Advised Sale (you don’t give advice) is where you provide information only to a

potential customer leaving them to make a choice about how they wish to proceed and with

no recommendation made.

In this situation it is imperative that the customer is supplied with all of the relevant


terms and conditions to enable the customer to make an informed buying decision.

The following TCF Sales and Advice requirements apply to all:

All sales and advice processes must be reviewed against the Financial Promotions

Checklist (Apendix 1) and authorised by ITC Compliance before they are implemented.

All sales and advice processes must be applied in a consistent and competent manner

that complies with regulatory requirements such as being clear, fair and not misleading,

informing customers of your regulatory status and providing the customer with enough

information for them to make an informed buying decision.

All sales documentation (paper and electronic) must satisfy appropriate creation and

retention standards.

Management information must enable the effective oversight of sales and advice to

clients to ensure compliance with regulatory requirements. For example records of the

number of complaints received, number of customer cancellations, and number of

policies sold etc.

Staff remuneration policies must not conflict with the overarching need to act in the

interests of customers.

Lessons learned from client feedback should be used for improvement and

developments of sales and advice processes.

To ensure compliance with this ITC Compliance provide a number of platforms on which to

conduct sales, and through the online training tool, ITC Compliance ensure that your staff

are able to undertake the specific regulated activity competently.

After Sales Support

This includes documentation of transactions, advice and evidence of cover, midterm

adjustments and cancellations, renewals and access to products, services and information

required by clients.


11

As a Network Member, you should ensure after sales support delivers the required TCF

outcomes, by:

ensuring clients are kept up to date with details of the business relationship with them

ensuring that relationships with clients is underpinned with appropriate communications

and contact to provide clients with access to relevant products, services and information

ensuring that communications and contact with clients are appropriately targeted and

are clear, fair and not misleading

ensuring that clients are provided with the levels of service both promised to the clients

and required by them as their needs dictate

Claims and Complaints Handling

It is extremely important that all complaints about the sale of a regulated insurance product

are directed to ITC Compliance to investigate fully on your behalf. For more information,

please refer to the complaints handling policy further on in this manual.

When dealing with claims, whether acting for the policyholder or the insurer:

Make it clear for who you are acting for with reference to the Conflicts of Interests Policy

Ensure all communications are clear, fair and not misleading

Deliver standards of service consistent with the importance of claims to customers

Ensure that staff are appropriately trained to equip them with the necessary skills to

deal with claims and complaints effectively

Ensure regulatory requirements are observed at all times

Gather appropriate management information to ensure lessons learned from feedback

are fed into this and other processes

Monitoring & Reporting

ITC Compliance and the Network Members are responsible for maintaining compliance with

the FCA Treating Customer Fairly outcomes. To ensure this happens ITC Compliance has

robust procedures in place for the monitoring and the sign off of Financial Promotions, the

monitoring of Network Member’s websites and sales practises.

As well as this, as a Network Member, you should act upon any feedback provided by ITC

Compliance within agreed timescales and sales documentation must be completed clearly

and with the customer’s agreement.

Management Information

ITC Compliance collates Management Information including the number of policies sold and

the number of complaints received. This is periodically reviewed and considered against the

TCF Outcomes.

This Management Information will also form a standard agenda point of periodic board

meetings.


12

FCA Principles for Business Policy


13

Introduction

The Financial Conduct Authority (FCA) expects firms to conduct their business within the

rules and Principles for Business they have put in place. There are 11 Principles.

Purpose

These 11 Principles, along with the 6 Treating Customers Fairly (TCF) outcomes, are central

to everything you do.

This policy sets out the FCA 11 Principles for Business and explains how to adhere to them.

Responsibilities

You should understand that ITC Compliance are required by the FCA to commit to these

Principles and recognise the importance as they impose a wider duty, not only to adhere to

the regulatory rules, but also to conduct activities in the spirit of the principles. This includes

ITC Compliance ’s Network Members.

It is the responsibility of ITC Compliance , to ensure that you fully adhere to these Principles

and therefore this forms the basis of the Terms and Conditions of ITC Compliance Network

Membership. These Terms and Conditions can be found by logging onto ITC Compliance’s

website (www.itccompliance.co.uk) and once logged in clicking on the ‘Terms and

Conditions’ link on the footer of your Home page.

Application

The 11 FCA Principles for Business and how ITC Compliance adheres to them are set out

below:

1. Integrity: ‘A Firm must conduct its business with integrity’. ITC Compliance ensures that

ITC Compliance is able to demonstrate the business is based on honesty, trustworthiness

and sound business dealings.

This is demonstrated in the submission of your regular returns, documented sales practices,

such as the provision of an Initial Disclosure Document (IDD), the completion of a Demands

& Needs documents etc. and within clause 8 of the Terms and Conditions of the ITC

Compliance Network Membership.

2. Skill, Care & Diligence: ‘A Firm must conduct its business with due skill, care and

diligence’. ITC Compliance ensures that you are able to show that your business activities

are structured in such a way that care and diligence are exercised on a continual basis.

This is demonstrated through provision of the on-line training tool, ensuring that every

member of staff is competent to perform their role within your firm. ITC Compliance also

ensures that this Principle is met through monitoring Financial Promotions, website reviews

and the reconciliation of your monthly figures.

3. Management & Control: ‘A Firm must take reasonable care to organise and control its

affairs responsibly and effectively, with adequate risk management systems’.

ITC Compliance has developed robust systems to stay in control of its affairs. These include

the on-line training tool and as previously mentioned this enables ITC Compliance to

demonstrate that all staff undertaking a regulated activity are competent to carry out that

http://www.itccompliance.co.uk/


14

activity. ITC Compliance has also developed systems to ensure that policies sold are done

so in a compliant manner, providing the customer with all of the relevant documentation

and information.

As well as this ITC Compliance undertake regular audits, desk based and site based,

monthly call monitoring (where applicable), website reviews and reviews of all Financial

Promotions, providing guidance and approval before they are used in circulation.

We collate all of the information received within Monthly ‘MI’ and this is reviewed on a

regular basis by Senior Management.

4. Financial Prudence: ‘A Firm must maintain adequate financial resources’. ITC

Compliance ensures that it is a financially sound and suitably resourced firm to enable the

undertaking of regulated activities.

It is a requirement within ITC Compliance’s Terms and Conditions of ITC Compliance

Network Membership, under clause 4.1.i) that you shall remain solvent as assessed in

accordance with the Regulations and throughout the term of ITC Compliance’s Agreement.

ITC Compliance shall use Credit Referencing firms to ensure that this is adhered to.

5. Market Conduct: ‘A Firm must observe proper standards of market conduct’. ITC

Compliance conducts business affairs in a manner that is regarded as ‘proper conduct’ and

expects you, as a Network Member, to do the same.

Section 4 of the Terms and Conditions of ITC Compliance Network Membership sets out how

ITC Compliance expects you to comply with this Principle. For example, as an Appointed

Representative Network Member, you must have an Approved Person who meets the FCA’s

criteria and you must be able to deliver the same level of protection to the Customer’s as if

they had dealt with ITC Compliance itself. This can be achieved by following the policies

within this manual and making full use of the systems available to you through the Network.

6. Customers’ Interests: ‘A Firm must pay due regard to the interests of its customers

and treat them fairly’. All customers must be placed at the centre of everything ITC

Compliance do.

ITC Compliance meet this Principle by reviewing Financial Promotions, websites and through

call monitoring to ensure that information is presented in a way that is clear, fair and not

misleading. As a Network Member, this Principle is extremely important and you must place

the same importance upon this as ITC Compliance. For example this Principle can be met by

issuing customers with appropriate IDD/SDD documents, undertaking Demands and Needs

assessments (where appropriate) and by following authorised procedures when selling

insurance to a customer.

7. Client Communication: ‘A Firm must pay due regard to the information needs of its

clients, and communicate information to them in a way which is clear, fair and not

misleading’.

This also falls in line with Treating Customers Fairly and is particularly important when using

Financial Promotions and is the main reason ITC Compliance review all promotions before

they are used. This is explained in more detail within the Financial Promotions and

Marketing Policy.

However you should note that this Principle applies to all communication you have with a

customer, including information given/provided before, during and after point of sale.


15

8. Conflicts of Interest: ‘A Firm must manage conflicts of interest fairly, both between

itself and its customers and between a customer and another client’.

All Conflicts of Interest are to be identified and managed in line with the Conflicts of Interest

policy. Examples of a Conflict of Interest would be if a member of staff was placing large

amounts of business to a particular insurer because they previously worked at the insurer

and still had friends there. Or a product provider who offers a loan and cash gift in the

expectation of getting more business in return. Both of these would have to be reported to

ITC Compliance, in line with the Conflicts of Interest Policy immediately.

9. Relationships of Trust: ‘A Firm must take reasonable care to ensure the suitability of

its advice and discretionary decisions for any customer who is entitled to rely upon its

judgement’.

When selling regulated insurance products, there are two routes that, as a Network

Member, you can take. These are Advised and Non-Advised Sales.




advice to the customer and should not be generic.

The suitability of advice and any other recommendations made by you forms a key part of

the insurance regulatory regime. Therefore the Statement of Demands and Needs is

extremely important in regard to endorsing this Principle. You must always ensure that it

is completed diligently on every occasion and used to examine (amongst other things)

customer eligibility, attitude to risk, other existing insurance policies, and any major

exclusions and benefits.


potential customer leaving them to make a choice about how they wish to proceed and with

no recommendation made.

10. Clients Assets: ‘A firm must arrange adequate protection for clients’ assets when it is

responsible for them’.

It is a requirement within the Terms and Conditions of ITC Compliance Network

Membership, under clause 30.1 that no Network Members handle Client Money and under

clause 9.5.ii) that all Network Members shall have risk transfer granted by their Product

Provider(s).

This is usually granted within the Terms of Business Agreement (TOBA) between you and

the specific product provider. In essence it means that all premium monies received by you

should be held in a trust account, separate to all other assets you may hold, and receipt of

these monies by yourself is deemed as being received by the insurer. You are therefore

acting as agent of the insurer in the collecting of these premiums.

11. Relations with Regulators: ‘A firm must deal with its regulators in an open and

cooperative way, and must disclose to the FCA appropriately anything relating to the firm of

which the FCA would reasonably expect notice’.

ITC Compliance makes a point of keeping the FCA informed as to business activities in an

accurate and timely manner. In order to do this ITC Compliance, where applicable, obtain

regular returns from you which enable completion of the Retail Mediation Activities Return


16

(RMAR) report.

It is also a requirement under clause 8.3 of the Terms and Conditions of ITC Compliance

Network Membership that all Network Members co-operate fully with the FCA if they gather

information on their own initiative. This will include information on any Notifiable Incidents

that may have occurred. Such Incidents should also be reported to ITC Compliance in line

with the Regulatory Breaches and Incidents Policy.


As previously mentioned, there are a number of ways that ITC Compliance expect you to

report this required information and further details are provided in subsequent policies

within this manual.


If ITC Compliance’s systems are used, accurate records in regard to all activities affecting

these Principles will be maintained. However ITC Compliance also expects you to keep your

own records, reviewing them periodically to ensure that compliance is maintained.


17

Sales Practices Policy


18

Introduction


rules and Principles for Business they have put in place and Principles 1, 2, 3, 6, 7 & 9 are

the most relevant in relation to selling practises. In addition TCF outcomes 1, 2, 3, 4 and 5

also apply.

The Insurance Conduct of Business Sourcebook (ICOBs) within the FCA Handbook outlines

the requirements for the selling of insurance products. Its overall aim is to ensure that

customers are treated fairly by providing them with clear and fair information when they are

sold an insurance product.

Purpose

This document outlines ITC Compliance and Network Member’s regulatory requirements

with regard to undertaking regulated insurance sales (non-advised and advised). It provides

guidance on what should be incorporated into face to face and telephone sales processes in

order to ensure sales are made in a compliant manner and that customer detriment is

avoided.

Responsibilities

ITC Compliance as the Principal will ensure that as a Network Member, you are able to

evidence a culture of good sales practices across all staff and management levels

Application

As per clause 9.2 in the Terms & Conditions of ITC Compliance Network Membership, the

following process should be followed. This process applies to all sales staff on the Network.

It is your responsibility to ensure that the information contained within this policy is

provided to, and understood by, all members of staff for whom ITC Compliance have

regulatory responsibility.

The Sales Process

The sales process described below and the requirements imposed apply to all sales of

insurance products.

There are essentially five broad stages to the sales process (not including the renewal

process):

Step 1 Status Disclosure

Step 2 Eligibility and Disclosure of Material facts

Step 3 Statement of Demands and Needs

Step 4 Product Disclosure

Step 5 Price Disclosure

The specific requirements that need to be followed under each of the headings above are

discussed in more detail below.

The sales process that needs to be followed will vary depending upon whether the firm

operates on an advised or a non-advised basis and applies to all customers. ITC Compliance

operates on both an advised and a non-advised basis, i.e. some firms operate an advised

sales process and others have a non-advised sales process.


19

Advised Sale




advice to the customer and should not be generic.



terms and conditions to enable the customer to make an informed buying decision

If a firm (Network Member) elects to operate on an advised basis then it must hold the

relevant permissions to do so with ITC Compliance.

It is therefore essential that all staff and agents are aware of what they can and can’t say

when selling insurance products on behalf of the business.

Status Disclosure and Scope of Service

As part of the sales process (both advised and non-advised) all customers must be provided

with the following information:

The name of the firm and the address.

That the firm is an Appointed Representative of ITC Compliance that is authorised and

regulated by the FCA.

The scope of the service to be provided (i.e. that the customer will receive advice).

Whose products the firm will offer, i.e. does the firm only deal with one insurer or will

products/service from a range of insurers be offered?

Whether the customer will have to pay a fee for the services offered.

The process for making a complaint and the availability of the Financial Ombudsman

Service.

That the firm is covered by the Financial Services Compensation Scheme (FSCS).

This information must be provided before the sale is completed. In most cases this

information is provided in an Initial Disclosure Document (IDD). A paper based, bespoke

version of this document can be found under the “Compliance Documents” section of the

ITC Compliance website. The ITC system will also generate a bespoke copy of this document

as you proceed to undertake a sale.

For a face to face sale it is sufficient to provide the customer with a copy of the IDD at the

time of the sale.

For a telephone sale, it is permissible for limited information to be provided over the

telephone, if express consent to receiving only limited information is obtained from the

customer. This is of course on the basis that the full information (i.e. an IDD) is provided to

the customer in written format immediately afterwards (i.e. sent via the post or by email, in

a pdf format, to the customer).

For telephone sales there are two possible scenarios that can be followed, depending on

whether the customer agrees to receive limited information.

If the customer agrees to receive limited information verbally the information that must be

provided is:


20

The name of the sales agent, the firm they represent and the purpose of the call.

Details about the service that can be provided by the firm, i.e. You are an insurance

broker, you will be providing advice.


The possibility of other taxes that may be payable.

Details on the cancellation rights (cancellation rights are only applicable for retail

consumers).

That other information is available on request.

Important: If the customer does not agree to receive limited information, the full

information as set out in the IDD, must be provided verbally to the customer.

Statement of Demands and Needs

If you are following an advised sales process, you must complete a Statement of Demands

and Needs form with the customer. The suitability of advice and any other

recommendations made by you forms a key part of the insurance regulatory regime.

Therefore the Statement of Demands and Needs is extremely important. You must always

ensure that it is completed diligently on every occasion and used to examine (amongst

other things) customer eligibility, attitude to risk, other existing insurance policies, and any

major exclusions and benefits. The form should include the following:

The customer’s specific demands and needs

An assessment of the customer’s affordibility to ensure that purchasing the product will

not cause financial hardship

Confirm that a personal recommendation has been made

Confirm the reasons why that contract is being recommended – i.e. the reasons why the

policy meets the demands and needs of the customer

When operating on an advised basis there are additional requirements that must be fulfilled.

Primarily you must take appropriate steps to ensure the suitability of the insurance product

that you are recommending.

This Statement of Demands and Needs is available through ITC Compliance’s different

systems and therefore does not need to be generated by you. However if for any reason

you feel that the Statement of Demands and Needs does not fit the product being sold, you

must notify ITC Compliance immediately so that any amendments can be made.

The following additional steps should be incorporated into the advised sales process:

Step 1 Establish the

customer’s demands

and needs

Seek relevant information from the customer

concerning their circumstances and objectives

in order to identify their requirements. This

must include any facts that would affect the

type of insurance recommended, such as any

relevant existing insurance policies.

Take into account information known to them,

in respect of other contracts where advice or

information has been provided.

Explain to the customer their duty to not

misrepresent any material facts both before the

contract commences and throughout its


21

duration. The Adviser must take into account

the information the customer discloses.

Step 2 Matching suitability

to products

In assessing whether a contract is suitable to

meet a customer’s demands and needs an

Adviser must take into account:

Whether the level of cover is

sufficient for the risks the customer

wishes to insure.

The cost of the contract where it is

relevant to the customer’s demands

and needs.

The relevance of any exclusion,

excesses, limitations or conditions in

the contract.

The Adviser must inform the

customer of any demands & needs

which are not met.

Step 3 Presenting solutions Advisers must take reasonable steps to ensure

that any personal recommendation made is

suitable for the customer’s demands and needs

at the time the recommendation is made. The

reason why a specific recommendation is being

made must be clarified.

A recommendation may be made that does not

meet all of the customer’s demands and needs

provided:

There is no suitable contract

available.

The Adviser identifies to the

customer, when the personal

recommendation is made, the

demands and needs that are not

met.

If details of the customer’s existing insurance

arrangements are not available and they would

significantly affect the personal

recommendation that would be made then the

Adviser should:

Not make a personal

recommendation until details are

available without making it clear to

the customer that this may not be

suitable because not all details can

be accounted for.

If the customer acts on the personal

recommendation then all these records/details

must be retained and clearly identifiable on the

customer’s file.


22

Non Advised Sales


potential customer leaving them to make an informed choice about how they wish to

proceed and with no recommendation made.



terms and conditions to enable the customer to make an informed buying decision.

Status Disclosure and Scope of Service

As part of the sales process (both advised and non-advised) all customers must be provided

with the following information:

The name of the firm and the address.

That the firm is an Appointed Representative of ITC Compliance that is authorised and

regulated by the FCA.

The scope of the service to be provided (i.e. no advice will be given).

Whose products the firm will offer, i.e. does the firm only deal with one insurer or will

products/service from a range of insurers be offered?


The process for making a complaint and the availability of the Financial Ombudsman

Service.

That the firm is covered by the Financial Services Compensation Scheme (FSCS).

This information must be provided before the sale is completed. In most cases this

information is provided in an Initial Disclosure Document (IDD). This document can be

found under the “Compliance Documents” section of the ITC Compliance website.

For a face to face sale it is sufficient to provide the customer with a copy of the IDD at the

time of the sale.

For a telephone sale, it is permissible for limited information to be provided over the

telephone, if express consent to receiving only limited information is obtained from the

customer. This is of course on the basis that the full information (i.e. an IDD) is provided to

the customer in written format immediately afterwards (i.e. sent via the post or by email to

the customer).

For telephone sales there are two possible scenarios that can be followed, depending on

whether the customer agrees to receive limited information.

If the customer agrees to receive limited information verbally the information that must be

provided is:

The name of the sales agent, the firm they represent and the purpose of the call.

Details about the service that can be provided by the firm, i.e. You are an insurance

broker and you will not be able to provide any advice.


The possibility of other taxes that may be payable.

Details on the cancellation rights (cancellation rights are only applicable for retail

consumers).

That other information is available on request.


23

Important: If the customer does not agree to receive limited information, the full

information as set out in the IDD, must be provided verbally to the customer.


When following a non-advised sales process, the format of the Statement of Demands and

Needs is different as it is simply a statement informing the customer, which of their

demands and needs have been met by the policy. For example; “This product meets the

demands and needs of those wishing to insure the contents of their home.”

A Demands and Needs statement must be provided in writing to the customer before they

buy the policy. If the customer is sold the insurance policy over the telephone this

information can be provided verbally but must be sent to the customer in writing

immediately afterwards.

This Statement of Demands and Needs is available through ITC Compliance’s different

systems and therefore does not need to be generated by you. However if for any reason

you feel that the Statement of Demands and Needs does not fit the product being sold, you

must notify ITC Compliance immediately so that amendments can be made.

Eligibility and Misrepresentation

Eligibility

As a Network Member, it is your responsibility to ensure that their sales process confirms a

customer’s eligibility to claim under the policy. If there are any known exclusions, checks

should be undertaken to see whether these would mean that the customer would be unable

to claim on a policy should the need arise. For example, if the policy would not cover a car

for racing purposes should the policy be sold to the driver looking to take his car racing at

the weekends?

If during the sales process it is identified that only parts of the insurance cover apply to the

customer, then steps must be taken to ensure that the customer is made aware of this.

The golden rule is that the customer must be provided with sufficient information about

what the insurance policy will and will not do, to be able to make an informed decision

about whether that policy is right for them.

Misrepresentation

The insurer will use the information provided by the customer to assess the risks of

providing the cover and to determine whether or not to accept that risk and what the

premium will be. Since the CIA (Consumer Insurance Act) came into effect in April 2013

customers are under a duty not to misrepresent. It is therefore imperative that the

customer is asked specific questions for underwriting purposes and you should not rely

solely on the customer’s disclosures. If key information is omitted during the sales process

but comes to light during the claims process, the insurer could be entitled to reject the

claim. However Insurers cannot decline claims if they have not asked the correct and

relevant question.


24

Important: At any time during the contractual relationship the consumer is entitled, at their request, to receive the contractual terms and conditions on paper. The consumer is also entitled to change the means of distance

communication used unless this is incompatible with the contract concluded or the nature of the service provided.

Product Disclosure

As part of the sales process (both advised and non-advised) customers must be provided

with sufficient and appropriate information about the product to allow them to make an

informed decision. The information should be modified to reflect the type of customer

purchasing the policy.

The information can be provided in a Policy Summary, which must be provided in writing

and must be provided to the customer at the time of the sale (for a face to face sale) or

immediately afterwards (for a telephone sale).

It is not mandatory to provide a policy summary for all products however where this is

provided, the responsibility for creating a policy summary rests with the insurer, whilst the

responsibility for providing the policy summary to the customer rests with you.

Price Disclosure

Before the customer makes the decision to purchase the policy they must be provided with

details of the full price to be paid for the insurance product to ensure that purchasing the

policy will not cause any financial hardship to the customer. This will need to be broken

down to include:

The cost of the insurance policy, including IPT

The cost of any optional extras (i.e. legal expenses), including IPT

The total cost payable (i.e. the insurance premium plus the cost of optional extras)

Providing Evidence of Cover

Following the conclusion of the sale the customer should be provided with:

Confirmation of the insurance, including a breakdown of the total premium paid

Evidence of the cover provided

Full policy wording containing all the terms and conditions

Details on how to cancel the policy (NB cancellation rights are only applicable for retail

consumers)

Details on how to make a claim

Details on how to complain and the right to refer complaints to the Financial

Ombudsman Service (FOS)

Details of the Financail Services Compensation Scheme (FSCS)

Cancellations

Retail consumers are provided with cancellation rights. Effectively this means that they

have 14-days (30 days for protection policies) in which to change their mind about the

purchase of their insurance policy. If a retail consumer wants to cancel their insurance

policy they do not have to provide any reason for the cancellation.

The cancellation period begins from the day the policy is sold; or if later, from the day that

the retail consumer receives the policy terms and conditions.


25

Where a retail consumer chooses to cancel their policy within the cancellation period they

are entitled to a full refund of the premium paid. The only exceptions to this are where a

claim has already been made and paid under the policy, or if a cancellation/administration

fee is payable.

Renewals

This section is only applicable if you carry out policy renewals on behalf of an Insurer.

The customer must be provided with full renewal terms, including a breakdown of the cover

and price. The renewal terms must include the following information:

Details of the insurance cover provided, including any optional extras selected (NB it

must be clear to the customer what level of cover is provided and which extras selected

are optional).

A full breakdown of the renewal premium (see Section 3.7 Price Disclosure)

Details of the renewal date and whether the policy will renew automatically or if the

customer needs to take some action

Evidence of the cover provided.

A statement of any changes to the terms of the policy and an explanation of those

changes.

A statement advising the customer who they should contact if their circumstances have

changed and they need to make amendments to their policy.

The materials facts disclosure (see Section 3.4)

As a general rule, customers should be provided with renewal documentation at least 21

days before the renewal date. This is to ensure that all customers have sufficient time to

review the documents, make any amendments if necessary or seek alternative providers.

Reporting and Monitoring

ITC Compliance’s bespoke system allows for the monitoring and reporting of both advised

and non-advised sales.

Where appropriate it is your responsibility to report your sales figures to ITC Compliance

through your periodic returns.

All scripted sales processes are approved by ITC Compliance prior to use; any new script

request should follow the Financial Promotions Policy procedure.


26

Remuneration Policy


27

Introduction


rules and Principles for Business they have put in place and Principle 3 is the most relevant

to remuneration. In addition Treating Customers Fairly outcome 1 also applies.

In addition the following rule from the Systems and Controls Rulebook: SYSC 3.1.1R A firm

must take care to establish and maintain such systems and controls as are appropriate to its

business.

Purpose

ITC Compliance is required to manage Network Member’s staff remuneration, including

incentives in such a way that any potential risk of miss-selling is reduced.

As per clause 5.3 within the Terms and Conditions of ITC Compliance Network Membership,

you may not accept any secret profit, income or inducement from any Product Provider,

which provides an incentive to promote or recommend any one product in preference to

other products.

The FCA has published guidance in this area including good and bad practice.

This policy refers to that guidance to aid understanding of the requirements when

considering how staff and management working in an FCA regulated environment should be

remunerated. It also details the risk mitigation actions that both ITC Compliance and you

should take.

Responsibilities ITC Compliance has documented and implemented robust procedures for the effective management of remuneration schemes.

Application

It is acceptable to incentivise staff to sell, but this must never be at the customer’s expense

and the risks will be managed appropriately.

The FCA has highlighted a series of failings, which are detailed below. Management must

consider these when any incentive or remuneration scheme is created or reviewed:

Firms failing to identify how incentive schemes might encourage staff to miss-sell,

suggesting they had not sufficiently thought about the risks.

Firms failing to understand their own incentive schemes because they are so complex,

therefore making it harder to control them.

Firms not having enough information about their incentive schemes to understand and

manage the risks.

Firms relying too much on routine monitoring, rather than taking account of the specific

features of their incentive schemes.

Sales managers with clear conflicts of interest that are not properly managed.

Firms having links to sales quality built into their incentive schemes that were

ineffective.

Firms not doing enough to control the risk of miss selling in face-to-face situations.


28

Your remuneration scheme must be documented and available upon request at audits

undertaken by ITC Compliance.

ITC Compliance use the term ‘mis-selling’ in this document to refer to a failure to deliver the

following fair outcomes for consumers:

customers are treated fairly (TCF 1)

customers understand the key features of the product and whether they are being given

advice or information (TCF 3, 4)

customers are given information that is clear, fair and not misleading (TCF 3)

information that enables them to make an informed decision before purchasing a

product or service (TCF 3)

customers buying on an advised basis are recommended suitable products. (TC4)

As part of your remuneration policy, management must consider the following:

if the incentive schemes increase the risk of mis-selling

review whether the governance and controls are adequate

take action to address any inadequacies – this might involve changing the scheme

where risks cannot be mitigated, take action to change the scheme

consider the impact of performance management for scheme members

A good Incentive Scheme should include the following:

a quality (compliant) element

consideration of client cancellations

a capped (or decreasing) incentive i.e. reducing or capping bonus’ when a sales volume

is approached. This avoids the temptation to rush sales through

deferred bonus payment (maybe subject to quality over a longer period e.g. half year,

yearly)

balanced scorecard, incorporating 4 measures that the sales staff will be assessed

against. One of these measures must be from a customer’s perspective (TCF). An

example of this is shown in Appendix 2.

No scheme must contain significant remuneration boosts for achieving sales targets alone at

given points in time. These are known as ‘cliff edges’ or ‘precipices’.


You must maintain records of all incentive schemes for all employees


You should ensure all staff have documented Key Performance Indicators (KPI’s) which may

be periodically reviewed to ensure there are no incentives to mis-sell as per the FCA

guidance.


29

Recruitment Policy


30

Introduction

The Financial Conduct Authority (FCA) expects businesses to conduct their business within

the rules and Principles for Business they have put in place. There are 11 Principles in total;

however Principles 1 and 3 are most relevant to recruitment:

1. Integrity: A Firm must conduct its business with integrity.

3. Management & Control: A Firm must take reasonable care to organise and control its

affairs responsibly and effectively, with adequate risk management systems.

In addition the following rule applies from the Systems and Controls Rulebook: SYSC 3.1.1R

A firm must take care to establish and maintain such systems and controls as are

appropriate to its business.

In addition, Treating Customers Fairly customer outcome 1 is;

1. Customers can be confident that they are dealing with a firm where the fair

treatment of consumers in central to the corporate culture.

If the recruitment is for an Approved Person then there is an additional requirement that

ITC Compliance satisfies the FCA that a candidate is fit and proper to perform the controlled

function applied for.

Purpose

ITC Compliance perform adequate due diligence when recruiting new staff into a regulated

environment

Recruiting an inappropriate individual could lead to customer detriment and/or negative

action against ITC Compliance which could lead to regulatory fines or penalties.

This policy sets out guidance to aid understanding of the requirements when recruiting in an

FCA regulated environment. It is not intended to cover all Human Resource or Equal

Opportunities obligations.

Responsibilities

ITC Compliance has documented and implemented robust procedures for the effective

recruitment of new staff.


31

Application

ITC Compliance has implemented robust procedures around recruiting new staff.

If the recruitment is for an Approved Person i.e. someone who carries out one of the below

defined FCA controlled functions then additional fitness and Propriety requirements apply.

Significant influence

functions (SIF)

CF 1 Director function

CF 2 Non-executive director function

CF 3 Chief executive function

CF 4 Partner function

CF 5 Directors of an unincorporated association

CF 6 Small friendly society function

CF 8 Apportionment and oversight function (Non-MiFID business

only)

CF 10 Compliance oversight function

CF 10A CASS Oversight Operation Function

CF 11 Money laundering reporting function

CF 12 Actuarial function

CF 12A With-profits actuary function

CF 12B Lloyd's Actuary function

CF 28 System and controls function

CF 29 Significant management function

Customer functions CF 30 Customer function

The requirements around Approved Persons fitness and Propriety are covered in more detail

in the Approved Persons Policy.

Regardless of whether an individual holds a controlled function they still need to be

competent to perform their work in a regulated environment.

It is the responsibility of the CEO and Director to ensure that all staff are competent to fulfil

such roles. Given the risk that poor management can pose to our financial soundness, ITC

Compliance ensure that such Approved Persons are ‘fit and proper’ to carry out their roles.


ITC Compliance maintain our own records in relation to recruitment, this will include:

References obtained on individuals covering the last two years

Work history over the past five years

Form A and FCA correspondence if holding a controlled function (CF)

Details of history where this may have an impact on ITC Compliance or could

potentially lead to consumer detriment

Proof of ID and entitlement to work in the UK

As an ITC Compliance Network Member you should ensure all staff engaged in

regulated activity are able to meet the required standards set out in this policy. This

includes the ability to pass training modules and conduct sales in a competent and

compliant manner. ITC reserve the right to decline an individual’s approval to conduct

regulated activity, should they fall short of the required standard.


32

The CEO and Director within ITC Compliance will have overall responsibility for adherence to

this policy.


ITC Compliance verifies work and personal history appropriately in relation to the function

they are to perform.

Record Keeping

ITC Compliance will retain copies of recruits’ references

These records will be retained in line with ITC Compliance record keeping policy.

This policy will be reviewed periodically and historical records of changes retained for 6

years.


33

Complaint Handling Policy


34

Introduction


rules and Principles for Business they have put in place and Principles 5, 6, 8, 9 and 11 are

most relevant to complaint handling. In addition Treating Customers Fairly Outcomes six is

also relevant.

Purpose

The definition of a complaint is:

“Any expression of dissatisfaction, either oral or written, whether justified or not, from or on

behalf of, a customer or prospective customer, in relation to a regulated activity.”

As a Network Member of ITC Compliance, ITC Compliance expects all complaints, as defined

above, to be passed to them as soon as they have been received. Further details can be

found later in this policy.

Responsibilities

In the event that a customer wishes to complain or express dissatisfaction about an

insurance product sold by you, you must ensure that all staff are familiar with the

complaints process and understand how to handle such a situation.

As per section 10 in the Terms and Conditions of ITC Compliance Network Membership, all

complaints received with regard to General Insurance Products, for sales made or advice

given whilst you are/were a member of the ITC Compliance Network, must be submitted to

ITC Compliance IMMEDIATELY.

Application

In order to deal with complaints, ITC Compliance use and maintain a comprehensive

Complaints Management System.

You must provide ITC Compliance with any information, assistance or clarification as

required to investigate the complaint fully and thoroughly.

All complaints must be registered whether or not the complainant appears to be justified in

his/her actions. You can register the complaint using the Complaint Reporting Form

(Appendix 3) or through ITC Compliance’s website. When registering the complaint through

the ITC Compliance website select the ‘add a complaint’ option from the navigation page

and follow the onscreen instructions. Once you have submitted your complaint you will be

presented with a Complaint ID for your reference. From the complaints submission you will

also be able to access active and archived complaints, simply follow the onscreen

instructions.

In the event of a serious complaint being upheld against you, ITC Compliance reserves the

right to amend or revoke Membership of the Network. Should the customer complaint be

upheld and compensation payable in line with ITC Compliance Terms & Conditions of

Business, this will be your responsibility.

If you receive a complaint with regard to the sale of a General Insurance Products prior to

you becoming an ITC Compliance Network member, it should be dealt with directly by you.


35

Upon receipt of the form ITC Compliance shall:

Date stamp it, and log it on the Complaint Management System.

Assess if the complaint is for you or a third party, e.g. insurer.

If the complaint is not for ITC Compliance, the Complaint Handler will ensure it is passed to

the correct business immediately, by use of the quickest method, e.g. scan to email or fax

to their nominated Complaint Handler.

Once the complaint has been logged and it has been established that the complaint is to be

handled, ITC Compliance shall undertake a thorough review to ascertain if the complaint can

be resolved by close of play of the next working day. If ITC Compliance feels it can be

resolved within this timescale, ITC Compliance shall contact you and provide their findings

so that you can decide if you wish to proceed with the resolution.

If a complaint is resolved by the close of the next working day, there is no requirement for

it to be reported to the FCA.

Investigating the complaint

Once a complaint has been received, ITC Compliance has 8 weeks or 56 days to undertake

a thorough investigation. During the investigation of the complaint ITC Compliance may ask

for further information from the complainant and yourselves. When this request is received,

ITC Compliance must receive a prompt response from you, even if you do not have the

information requested. If this is the case, your prompt response will allow ITC Compliance

to pursue other avenues to obtain the required information.

If after 8 weeks or 56 days, the required information has still not been received from the

complainant or Claims Management Company, which would allow ITC Compliance to resolve

the complaint, an 8 week holding letter is issued to the customer. This will detail the exact

information outstanding and explain the reasons why ITC Compliance is not able to respond

without this information.

If the information ITC Compliance are waiting for has been requested from the customer,

ITC Compliance shall confirm ITC Compliance are closing their complaint, however, upon

receipt of the required information, the complaint will be re-opened and investigated fully.

If the information has been requested from you or another third party, ITC Compliance shall

explain this to the customer and provide them with a timescale for when ITC Compliance

expect to issue a response. ITC Compliance will also provide them with details of how to

contact the Financial Ombudsman Service and the applicable 6 month time limit, if they are

not satisfied with this outcome.

Upon receipt of all of the required information ITC Compliance shall present its findings to

you with a recommendation of how to answer the complaint. Should you disagree with this

recommendation, ITC Compliance will make a decision based on all available evidence,

taking into account regulatory and FOS precedents and our previous experience of any

similar related complaints. This is in our capacity of Principal and being directly responsible

to the FCA. Throughout this process ITC Compliance shall be on hand to offer advice if it is

required.


36

A table of decision definitions is below:

Decision definitions:

Upheld Where ITC Compliance agree with all the issues being raised by

the complainant and may recomend redress/compensation or ex

gratia payment.

Partially

Upheld

Where ITC Compliance agree that some of the issues being

raised were the fault of the Network Member and may recomend

redress/compensation or ex gratia payment.

Rejected Where ITC Compliance do not agree with the complainant, no

payment of redress/compensation or ex gratia will be made.

Once the decision has been made, a final response letter is drafted and sent to you for

review before being issued to the customer via recorded delivery post. This letter will also

provide the customer with details of how to contact the Financial Ombudsman Service and

the applicable 6 month time limit, if they are not satisfied with this outcome.

Redress/Compensation

All redress and compensation payments are the responsibility of the

Network/Former Network Member.

In many cases the amount of redress/compensation will involve an element of judgment as

to what is appropriate; however, care should be taken to ensure that any redress is fair and

consistent across complaints that are of a similar nature. The fundamental objective of

redress is to put the eligible complainant back into the position they would have been

in if the issue had not occurred.

All redress, including compensation, ex gratia and goodwill gestures should be approved and

authorised by ITC Compliance, before being offered.

The Financial Ombudsman Service (FOS)

The FOS is an independent dispute resolution service available to eligible complainants.

Complainants have 6 months from the date of the final response letter to take their

complaint to the Ombudsman if they remain unhappy with the final decision. If the

complainant exercises this right, the Ombudsman will contact ITC Compliance in order to

obtain sufficient information to carry out their own investigation. The FOS will charge a fee

to the company for every complaint that it has to adjudicate upon.

Any correspondence you receive from the FOS must be sent to ITC Compliance, who will

check the Complaint Management System to establish the status of the complaint (new or

existing, open or closed). ITC Compliance is responsible for all FOS correspondence and

assessing whether the FOS involvement can be challenged or negotiating where settlement

can be arranged informally.

The FOS will consider complaints from an eligible complainant, where a final response has

been issued or where the complaint has been outstanding for a period of over 8 weeks. An

eligible complainant can be classed as:


37

A Consumer: an Individual acting in his or her own private capacity. Examples

would be customers with GAP, SMART, Mechanical Breakdown Insurance and Rescue

and Recovery Insurance.

A Micro-Enterprise: a business which employs fewer than 10 people and has a

turnover that does not exceed €2 million.

If a consumer takes a complaint to the FOS before complaining to ITC Compliance, the

FOS will refer the complaint back to ITC Compliance to be fully investigated. If the

complaint is then resolved to the consumer’s satisfaction, they will have no further

involvement in the case.

Financial Ombudsman Process

When the FOS receives a complaint they will notify ITC Compliance in writing. At this point

ITC Compliance shall inform you of their involvement and provide them with the Final

Response and all supporting Documentation. They will conduct an independent review and

respond to ITC Compliance and the customer when a decision has been made. If the FOS

find in favour of the customer and decides that redress is payable, ITC Compliance are able

to appeal this decision.

Details of the FOS’ decision will be sent to you with confirmation of how ITC Compliance is

to proceed. If ITC Compliance are appealing the adjudication ITC Compliance will explain

the decision to the FOS and ask that an Ombudsman to review the case.

The case shall then be passed to an Ombudsman, who will make a final decision on whether

to uphold or reject the complaint. If the complaint is upheld by the Ombudsman, this

outcome is binding on ITC Compliance and yourselves and will be dealt with promptly. The

FOS will generally try to negotiate an agreed settlement with both parties before reaching a

final decision.

Case fees

Under Clause 5.5 and 12.1 in the Terms and Conditions of ITC Compliance Network

Membership, you are responsible for settling your own fees when the invoice is received by

ITC Compliance from the FOS. A case fee becomes “chargeable” when the complaint is

passed on for investigation to the FOS casework teams and is payable when the case is

settled and closed. An invoice for the case fee will usually be sent to ITC Compliance at the

end of the month in which the case is closed.

The current case fee is £550 for general insurance; however this fee will not be chargeable

if ITC Compliance can negotiate a settlement with the complainant prior to investigation by

FOS.


ITC Compliance maintains complaint records to ensure that all complaints are dealt with

within the FOS 8 week timescale.

ITC Compliance will also monitor the causes of a complaint to ensure that any common

causes are identified to mitigate future complaints. One way of achieving this is through

Root Case Analysis (RCA).


38


Management information pertaining to the results of Complaint handling will capture:

The outcome and any redress paid

The root cause of complaints and resultant action

Any FOS referred complaints

Any feedback necessary and given to the AR or Network members


39

Financial Promotions & Marketing Policy


40

Introduction


rules and Principles for Business they have put in place and Principles 6 and 7, as detailed in

the FCA Principles for Business Policy, are most relevant to financial promotions and

marketing material. In addition, TCF outcomes 2, 3 and 5 also apply

To ensure that these principles and TCF outcomes are met, the FCA has set out specific

rules and guidance around financial promotions, within the FCA Handbook, Insurance

Conduct of Business sourcebook chapter 2.2 Communications to clients and financial

promotions.

This policy sets out procedures to allow you to adhere to the handbook.

Purpose

As your Principal, it is ITC Compliance’s responsibility to ensure that financial promotions

and marketing material produced by you are clear, fair and not misleading. ITC

Compliance also ensures that you incorporate all the legal requirements and can evidence

meeting the principles and TCF customer outcomes.

This policy sets out guidance for Network Member’s staff to follow to aid development and

approval of financial promotions and marketing material.

Responsibilities ITC Compliance have documented and implemented robust procedures for the effective management, design, production and use of all Financial Promotions.

All Network Members must have financial promotions approved by ITC Compliance, prior to

use.

It is extremely important, that the Financial Conduct Authority’s logo is not used

on any documentation produced by you as this is subject to copyright.

Application

The Financial Promotions, Marketing and Customer Facing Material that ITC Compliance will

approve include the following:

advertising

standard letters

press releases

forms

internet copy (i.e. text) and websites

mobile phone, radio and television communications, and

new media (including social networking websites, forums, blogs and iPhone applications),

telesales scripts

face to face system generated questions

The above list is not exhaustive

As a Network Member, you are responsible for creating the financial promotion and

submitting them to ITC Compliance for sign off and authorisation for use. However before


41

submitting the financial promotion to ITC Compliance you should complete the Financial

Promotions Checklist (Appendix 1). This should be attached to the Financial Promotion when

it is submitted for sign off.

We will not accept any Financial Promotion that does not have a completed

checklist attached.

You should submit all Financial Promotions to the Compliance Department for review via

[email protected]. Once received you should allow 5 working days for

the Compliance team to review the promotion and provide feedback.

Where feedback is given, this should be acted upon swiftly. It is your responsibility to

ensure that the feedback is acted upon and any amendments are sent back to the

Compliance Officer, handling the promotion, for final sign off.

Once the required amendments have been received or the Compliance Officer is happy that

the promotion satisfies all of the regulatory requirements, final sign off shall be given. This

will be given via email and will be accompanied by a reference number and a validity period.

Please note ITC Compliance only look at adverstiments or promotions in line with FCA

requirements. It is your responsibility to ensure that your advertisment meets with other

relevant advertising codes and legislation.

Under no circumstances can a promotion be used without first obtaining this sign off or

outside of the validity period (normally 1 year from the date the promotion is signed off). If

the validity period expires you must resubmit the promotion for review and sign off.

ITC Compliance will keep sufficient records of all financial promotions submitted. This will

include version control, target audience, medium used (e.g. magazine), validity period and

sign off.

mailto:[email protected]


42

When signing off a financial promotion, ITC Compliance will consider the following: -

The content should include reference to the company (or trading) name and an address

or contact point; this should also include the telephone number at which the company

may be contacted

The content should clearly state the Firms Regulatory Status e.g. as an Appointed

Representative

Where a promotion features benefits and associated exclusions these must be shown in

equal prominence, this also includes the font size used in the promotion.

All statements and comparisons should be accurate, have been checked and can be

supported by evidence.

Marketing ‘language’ should not be exaggerated or over-promised.

Benefits should be factual and not over-stated.

The product being promoted in the advertisement/financial promotion should be suitable

for the target audience.

The language used should be clear and as jargon-free as possible (particularly in relation

to terms, conditions and exclusions). Jargon terms that are included should be explained

or a cross reference provided.

Product restrictions, exclusions or limitations must be in plain English.

If the premium is shown, it should be clear that this includes Insurance Premium Tax.

Where applicable a firms VAT number should be clearly displayed.

The following regulatory statement should be included on the promotion; [Enter firm

name] is an appointed representative of ITC Compliance Limited which is authorised and

regulated by the FCA (their registration number is 313486) and which is permitted to

advise on and arrange general insurance contracts.

Adherence to this policy is vitally important failure to comply could result in you being in

breach of regulations and possible mis-representation of products and/or services. As a

result you may be liable to both ITC Compliance and regulatory focus and possible censure.


ITC Compliance will maintain records of all financial promotions, including:

type of material, e.g. letter, website text

target audience, e.g. end customer, AR, Broker

the business owner/requestor

evidence of TCF consideration – document how this has been considered

date submitted for business sign off and who to

date returned following business sign off and who approved it

approved/not approved and reasons for non approval

version control

all correspondence e.g. emails relating to financial promotion/marketing material;

how long approval is valid for

As a Network Member you should also maintain records of all financial promotions

submitted, especially the validity period assigned to a specific promotion. This should be

kept within your Financial Promotion Register (Appendix 4)


43


ITC Compliance will review financial promotion Management Information to identify and

monitor any relevant trends. This could include, for example, complaints Management

Information resulting from a misleading financial promotion. Appropriate action will be taken

for any trends identified.


44

Business Assurance Policy


45

Introduction


rules and Principles for Business they have put in place and Principles 2, 3, 6 and 9 are

most relevant to business assurance. In addition Treating Customers Fairly Outcomes 1, 2,

3, 4, 5 and 6 also apply.

Purpose

ITC Compliance ensure that all regulated activities are undertaken within the scope of the

FCA rules and regulations by means of site audits, document reviews, website reviews, call

monitoring, mystery shopping, file reviews and reviews of your regular returns.

This policy sets out how ITC Compliance ensures Business Assurance and the procedures

you need to follow to achieve this.

Responsibilities

ITC Compliance has documented and implemented robust procedures for the effective

management of Business Assurance and you are responsible for assisting ITC Compliance in

providing the required information to allow them to fulfil these obligations.

Application Document Reviews

ITC Compliance has robust procedures for the production and approval of compliance

documents. This includes, but is not limited to:

Initial Disclosure Document


Status Disclosure Document

All approval requests should be submitted as per the Financial Promotions Policy.

Documents will be periodically reviewed in the event of changes in FCA regulations. Any

non-compliant or non-approved material should be destroyed.

Failure to comply with this policy could result in being in breach of regulations and possible

miss-representation of products and/or services and therefore liable to regulatory focus and

possible censure.

Website Reviews

In line with clause 9.4 within the Terms & Conditions of ITC Compliance Network

Membership, ITC Compliance shall undertake reviews of your website(s). This is to firstly

ascertain if insurance is sold via the website.

If this is the case, ITC Compliance shall review the entire sales path to ensure that all

insurance policies are being sold compliantly. ITC Compliance follows a checklist that maps

the requirements against the ICOBS rulebook and TCF outcomes to ensure that the website

meets regulatory requirements.


46

All reviews are documented within ITC Compliance’s website review log and any feedback

will be sent to you. Once this feedback has been received you should act upon it accordingly

and in a prompt manner. This is extremely important as your website will be live 24 hours a

day and therefore if there are problems, a customer may be mis-sold a general insurance

policy at any time. This could lead to poor TCF outcomes and complaints.

If, during the review ITC Compliance find any major issues, or if you have not acted on

feedback within a timely manner, ITC Compliance may ask you to take down your website

until such a time that ITC Compliance are satisfied it meets regulatory standards.

All new Network Member applications shall be subject to a website review and if any issues

are found the same process will apply.

Once ITC Compliance is happy with the content of your website ITC Compliance shall

provide you with final sign off. This will be provided in writing to allow a record to be kept.

All websites will be subject to an annual review to allow for any regulatory changes that

may occur.

Call Monitoring

ITC Compliance recognises the importance of ensuring that all sales comply with the

Treating Customers Fairly outcomes and Insurance Conduct of Business Sourcebook

(ICOBS) rules, where applicable. Although it is not a FCA requirement, ITC Compliance also

understands that in order to achieve this, best practice dictates that calls are recorded.

With this in mind ITC Compliance monitor recorded sales calls and have stringent processes

in place to ensure that if any discrepancies are found, these are dealt with efficiently by

both providing feedback to the individual employee and contacting the customer to rectify

any errors.

In order to achieve this, ITC Compliance use a call monitoring check-sheet, an example of

which can be found in Appendix 5. This has specific criteria, which must be met by the

individual Sales Agents and if the criteria is failed it provides details on the specific ICOBS

rule, TCF outcome and non-regulatory requirements it has failed against, thereby making it

easier to evidence when providing feedback to the individual.

In order to comply with this, it is a requirement that where you sell via the telephone, all

sales calls should be uploaded by the 10th of each month via the secure FTP server, Winscp.

This program can be downloaded from the internet and a “how to guide” is available within

the documents section on the ITC Compliance website.

Where available, ITC Compliance shall monitor a sample of the sales calls per month and

provide feedback via email. You should then act promptly following receipt of this feedback

to allow for any errors or issues to be rectified.

The feedback is provided in writing to ensure a record is kept.

As per clause 9.3 of the Terms and Conditions of ITC Compliance Network Membership, all

calls should follow the previously authorised telesales scripts available on the ITC

Compliance website. If you wish to change this in any way, this should be submitted to ITC

Compliance for approval before being used.

ITC Compliance shall review these scripts periodically to ensure they are in line with any

regulatory changes.


47

Mystery Shopping

Depending on the nature of the products sold and the sales channels you use, ITC

Compliance may conduct thematic risk based mystery shopping on you. Questions will

predominately be based on ascertaining product knowledge and the staff members

understanding of the sales process. Feedback will be given to the Network Member once

findings are completed and any remedial action plan will be agreed.

File Reviews

ITC Compliance undertake random file reviews, as a way of ensuring Network Members

remain compliant with ICOBS rules and TCF outcomes.

ITC Compliance will review a sample of all sales made at all audit visits, reviewing the

electronic and paper files attached to a sale. The reviews will be documented on a File

Review Form, with an electronic copy of this form saved on the system.

Once the review has been completed, any required feedback will be given to you in writing,

allowing for any issues, errors or discrepancies to be resolved. Periodic Returns

Where appropriate you are required to submit a return to ITC Compliance. This confirms

policy numbers sold as well as premium and commission. It also includes questions in

relation to remuneration and Approved Persons.

In addition there is the ability to advise of any staff changes, there is also a requirement to

reconfirm adherence to the ITC Compliance terms and conditions of being a Network

Member.

This document is checked by ITC Compliance to ensure that they have been completed

correctly. If any issues are identified following this process, you will be notified in a timely

manner.

Observations

Monitoring & Reporting ITC Compliance monitor that you are compliant with ICOBS rules and the TCF Outcomes as

set out by the FCA through way of Business Assurance.

If, through the process of monitoring calls or reviewing compliance documents or files, an

error is identified, ITC Compliance have robust procedures in place to mitigate any losses

that may occur.

Where appropriate you are required to have staff involved in regulated activity observed

in this process. This would include such activity as sales and claims management. This is

an ITC Network Membership requirement. Any exempt staff must be agreed with ITC

Compliance. Examples of exempt staff would include those in an admin only function with

no client interaction. Examples of observation forms are available on the ITC Compliance

website. These must be kept on file and may be requested for review at any audit


48

All reviews are recorded on ITC Compliance’s system and any feedback required is provided

to you, in writing. This ensures that the process is transparent and if any issues occur on

multiple occasions, it is easier to identify them.

If, through the review of a file, document or sales call, it is clear that an issue identified has

affected a customer, ITC Compliance shall contact you as soon as it becomes apparent. You

should then contact the customer affected at the earliest opportunity to rectify the identified

error.

If the original Sales Agent is unable to resolve the issue, you will need to decide on the best

course of action to bring the issue to a speedy resolution. If you require additional support

and guidance to meet this requirement ITC will provide all guidance required.

Where applicable, Returns are assessed once submitted and any discrepancies will be

clarified with you.

Failure to submit returns can lead to suspension or termination from the Network.

As a Network Member, you will be subject to periodic site based audits, these audits will

include:

File Reviews

Training Review (including Observations)

Financial Promotions and Documentation Review

Periodic return submission

Staff and Management Interview

Action plan for any identified issues or concerns

If you should fail to comply with repeated reasonable requests from ITC Compliance then

your account can be suspended, meaning you will be unable to transact any regulated

insurance business.

Examples of reasonable requests would include, but are not limited to;

Staff outstanding training and observations

Outstanding Periodic Returns

Outstanding audit action points

Management Information ITC Compliance review the Management Information collected while carrying out call

monitoring, document and file reviews to identify any issue trends. ITC Compliance act upon

this information to ensure that any recurring issues are mitigated and, if necessary,

processes are changed to achieve this.


49

Training & Competence Policy


50

Introduction


rules and Principles for Business they have put in place and Principles 2, 3, 6 and 11 are

most relevant to training and competence. In addition Treating Customers Fairly outcome 1

and 2 also apply.


rules and guidance around Training & Competency, these can be found in the FCA

Handbook, Senior Management Arrangements, Systems and Controls sourcebook (SYSC)

chapter 3.1.6 System and Controls and FCA Handbook Training & Competence Sourcebook

(TC).

Purpose

ITC Compliance ensure that all staff carrying out regulated activities, e.g. selling an

insurance product, receive adequate training and are competent in the role they perform.

ITC Compliance incorporates all the legal requirements and evidence meeting the principles

and TCF customer outcomes.

This policy sets out how ITC Compliance ensures that all Network Member’s staff are trained

and competent in the role they perform.

Responsibilities

ITC Compliance document and implement training programmes to ensure that all staff

carrying out regulated activities are competent within their role.

Your Approved Person has overall responsibility for ensuring that all relevant staff follow this

programme.

Application

The FCA defines competence as:

Having the skills, knowledge and expertise needed to discharge the responsibilities of an

employee's role. This includes achieving a good standard of ethical behaviour.

As per section 7 of the Terms and Conditions of ITC Compliance Network Membership, ITC

Compliance have implemented an online training tool to ensure that all staff (users)

carrying out regulated activities are competent within their role.

Each user has their own log in that is linked with their accounts within the sales systems.

Therefore if the user has not completed their training, the system will not allow them to

undertake the regulated activity specific to the training i.e. sell regulated products

You must not under any circumstances use a colleague’s log in to undertake a

regulated activity.

Once the user has logged into the training system they will need to open a training course

to complete, this has been specifically allocated by ITC Compliance to ensure that the

correct training is being undertaken.


51

Once the training course has been selected the user must complete their CV. This provides

ITC Compliance with some details of the user such as their employment history and

qualifications and information about their fitness and propriety. The user is then able to

select the optional (product specific) training modules that require completion. ITC

Compliance will pre select these, although the user must tick the modules within their CV to

ensure they appear within the course. The user is then able to start their training.

The first step is to complete an assessment against the core and optional (product specific)

modules. ITC Compliance have designed the online training tool to meet the regulatory

requirements set out by the FCA and as such expect each user to complete the following

core modules;

Treating Customers Fairly

Money Laundering

Data Protection Act

Introduction to the Financial Conduct Authority (FCA)

Risk

Contract & Agency

Insurable Interest

Utmost Good Faith

Proximate Cause

Indemnity

Contribution & Subrogation

The optional (product specific) training modules are determined by the products you sell.

Therefore although these are classed as ‘optional’, it is imperative the user completes these

modules as not doing so, will prevent them from selling.

Once the assessments have been completed, the user is provided with a bespoke

action/development plan with comprehensive study material for any assessments they may

have failed. This ensures the user’s training is specifically targeted at areas of weakness

within their regulatory and product knowledge.

The user is then able to read the study material before completing a second module specific

assessment. If they fail this assessment they are able to review the study material as many

times as they wish to aid them in passing the required assessments.

Once all of the relevant training has been completed, the user is able to sell the insurance

products allocated.

A user’s training will expire after a year and must be retaken annually.

If the user is unsure of anything or requires a reminder of any of the aspects covered by the

training, they may refer back to all of the study material provided under the training course

at any time.

All users have accesse to a copy of their personal training records, held by ITC Compliance,

which can be viewed online at any time.


ITC Compliance will maintain suitable supervision as per the Business Assurance Policy.

ITC Compliance will also provide details to the FCA on the number of employees selling


52

general insurance on an advised basis, via the RMAR (Retail Mediation and Activities

Return).


ITC Compliance will review all Management Information on employee training records to

ensure all of your staff are competent within their individual job roles.


53

Financial Crime Policy


54

Introduction

The Financial Conduct Authority (FCA) expects Firms to conduct their business within the

rules and Principles for Business they have put in place. Principles 2, 3, 5 and 6, as detailed

in the FCA Principles for Business Policy are most relevant to financial crime. In addition

TCF outcome one is also relevant.

There are also additional laws under The UK Bribery Act 2010 (the “Bribery Act”), Proceeds

of Crime Act 2002 (POCA), Terrorism Act 2000 (TACT), and Joint Money Laundering

Steering Group (JMLSG) guidance.

To ensure that these principles and the TCF outcomes are met, the FCA has set out specific

rules and guidance around financial crime within the FCA Handbook, Financial Crime parts 1

& 2.

This policy sets out procedures to allow you to adhere to the handbook and applicable laws.

Purpose

ITC Compliance will assist you in mitigating and identifying any financial crime activity.

However it is the responsibility of your Approved Person to ensure that you meet the

regulatory requirements and to evidence meeting the FCA principles and TCF customer

outcomes.

This policy sets out guidance for you as a Network Member to aid understanding and

identification of potential financial crime risk areas.

Responsibilities

ITC Compliance has documented and implemented procedures for the effective

identification, reporting and mitigation of financial crime.

As a Network Member, it is your responsibility to identify and report any occurrences of

Financial Crime (as explained later within this policy) via the “Contact Us” part of the ITC

Compliance website (www.itccompliance.co.uk). Once received, this will be allocated and

escalated accordingly.

Application

There are three specific areas of concern in relation to financial crime:

Bribery & Corruption

Money Laundering

Fraud

Below is an overview of each area:

Bribery

Bribery is the offering, promising, giving, solicitation or the receipt or agreement to receive

any financial or other advantage, or any other inducement from any person or company,

(wherever they are situated and whether they are a public official or body, or a private

person or company) by an individual employee, agent or other person or body acting on

another’s behalf.


55

For example if your product provider offered you substantial payments, in return for you

selling their products, over those of another product provider’s, this would be construed as

an act of bribery and must be reported to ITC Compliance immediately.

Corruption

Corruption is the abuse of entrusted power for a private gain.

Bribery and corruption may occur internally or externally and may be perpetrated by

employees, clients, suppliers, contractors, service providers, agents or anyone else doing

business. ITC Compliance reject bribery in any form and customers and any other person

with whom ITC Compliance interact can be confident that their reputation Is valued very

highly and that they are dealing with a firm that will not risk damage to its reputation by

getting involved in illegal or unethical business practices.

ITC Compliance will actively cooperate with law enforcement authorities for the

investigation and punishment of any act of bribery.

The Bribery Act – Offences

The UK Bribery Act 2010 (the “Bribery Act”) came into force on the 1st July 2011 and

defines the following offences:

Paying bribes: offering, promising or giving a financial or other advantage to induce

someone to perform their function or activity ‘improperly’ (the ‘active’ bribe offence).

Receiving bribes: requesting, agreeing to receive or accepting a financial or other advantage

for performing your function or activity ‘improperly’ (the ‘passive’ bribery offence).

Failure by a company to prevent bribery by associated persons (the corporate offence)

Under the UK Bribery Act if a person associated with an organisation bribes a person with

the intention of gaining or retaining a business advantage for a commercial organisation,

then the organisation may be guilty of an offence under the Act.

This is particularly important, as ITC Compliance is authorised and regulated by the

Financial Conduct Authority and liable for an unlimited fine. Associated persons include

anyone who performs services for or on behalf of the company e.g. an Appointed

Representative.

The FCA does not enforce the Bribery Act 2010. Its regulatory powers apply in obtaining

evidence of corrupt conduct to take regulatory action against a firm.

In order to ensure compliance with the Bribery Act 2010 it is essential that all Network

Members comply with this financial crime policy and all staff undertake the regulatory

training provided on an annual basis.

ITC Compliance also undertake thorough due diligence on all new and existing Network

Members acting within its permissions.

Non-compliance with the Bribery Act may lead to the following actions being taken against

the firm or the individual involved:

Individuals convicted for paying or receiving bribes face up to ten years’

imprisonment.


56

Companies convicted of failing to prevent bribery by associated persons face

unlimited fines.

Directors and senior officers of companies involved can face criminal and civil

liabilities.

Gifts & Hospitality

Corporate hospitality, promotions and gifts have the potential to create a perception of

bribery and it is essential to draw a distinction between what is legitimate in business

situations and what is bribery; any gift or hospitality that seeks to influence the recipient

into performing their function improperly would be considered a bribe.

To ensure this is not the case, all Gifts & Hospitality must be:

Made openly: if made secretly and undocumented then the purpose will be open to

question

In accordance with stakeholder perception: the transaction would not be viewed

unfavorably by stakeholders if it were to be made known to them

Documented: the expense is properly recorded in your books and records

For further details, please refer to the Gifts & Hospitality policy.

Money Laundering

When a criminal activity generates substantial profits, the individual or group involved must

find a way to control the funds without attracting attention to the underlying activity or the

persons involved. Criminals do this by disguising the sources, changing the form, or moving

the funds to a place where they are less likely to attract attention.

Stages

In the initial, or placement, stage of money laundering, the launderer introduces the illegal

profits into the financial system. This might be done by breaking up large amounts of cash

into less conspicuous smaller sums that are then deposited directly into a bank account, or

by purchasing a series of insurance policies that are then almost immediately cancelled.

After the funds have entered the financial system, the second – or layering – stage takes

place. In this phase, the launderer engages in a series of conversions or movements of the

funds to distance them from their source. This use of widely scattered accounts for

laundering is especially prevalent in those jurisdictions that do not co-operate in anti-money

laundering investigations. In some instances, the launderer might disguise the transfers as

payments for goods or services, thus giving them a legitimate appearance.

Having successfully processed the criminal profits through the first two phases the launderer

then moves them to the third stage – integration – in which the funds re-enter the

legitimate economy. The launderer might choose to invest the funds into real estate, luxury

assets, or business ventures.

As a Network Member, it is extremely important that all staff are aware of the need to

identify Money Laundering. As you are selling insurance products, it is possible to become a

target of Money Laundering and any suspicions should be reported to your Money

Laundering Reporting Officer (MLRO) and ITC Compliance as soon as you become aware.


57

Fraud

Fraud is a type of criminal activity, defined as the abuse of position, or false representation,

or prejudicing someone's rights for personal gain'.

ITC Compliance has implemented the following procedures for all Network Members to

follow:

appropriate measures to minimise the risk of fraud; (see Risk Management and

Breaches & Incidents Policies)

formal procedures to investigate fraud when it is suspected; (see Risk Management

Policy)

appropriate mechanisms for employees to voice their genuine concerns and protect

those who do so; (see Whistleblowing Policy) Procedures When Fraud is suspected

As a Network Member, you are responsible for referring any suspected irregularities to ITC

Compliance. ITC Compliance shall then decide how to proceed and if the irregularity

warrants escalation to the appropriate law enforcement agency. The normal sequence of

events, should an irregularity be suspected, will be as follows:

If employees suspect an irregularity has occurred, or is likely to occur, they should

normally report this to the appropriate Director or person within their organisation e.g.

MLRO (unless the concerns relate to the Director, in which case employees should have

regard to the alternative mechanisms outlined below) who should advise ITC Compliance

using the “Contact Us” part of the ITC Compliance website.

Should preliminary investigations suggest the suspicion is reasonable, further

investigations will be undertaken by ITC Compliance without delay.

Where further investigations indicate an offence may have occurred, ITC Compliance

and the AR should decide how to handle the matter according to Disciplinary Procedures

and whether to involve the relevant authorities.

Where financial impropriety is suspected, the Police must be informed.

ITC Compliance has a zero tolerance to all financial crime.


As previously mentioned ITC Compliance will maintain records for identifying, reporting and

mitigating the potential risk of financial crime. This includes:

keeping training records up to date to ensure that all staff understand how to identify

and report suspicions of financial crime;

recording instances of potential financial crime;

identifying trends and implementing control systems, using the gathered

information, to help mitigate future occurrences of financial crime.

reporting any instances of potential financial crime to the relevant authorities as

soon as is reasonably possible.

As a Network Member, you should keep records of the same to ensure that you are abiding

by this policy.


As a Network Member, you are jointly responsible, with ITC Compliance, to maintain

accurate Management Information of all instances of attempted or actual financial crime.


58


59

Conflicts of Interest Policy


60

Introduction


rules and Principles for Business they have put in place and Principles 1, 5 and 8 are most

relevant to conflicts of interest. In addition, Treating Customers Fairly outcome one is also

relevant.

Purpose

This document outlines how, as a Network Member of ITC Compliance, you should be

identifying and managing Conflicts of Interest in order to address the regulatory obligations

and avoid any detriment to your customers, it includes some examples of particular

Conflicts of Interest and potential solutions.

This policy applies to all staff, managers and senior management.

Responsibilities

Any Conflict of Interests identified by ITC Compliance will be highlighted and documented

within the Conflict of Interest Log. ITC Compliance will maintain this record and report any

identified conflicts to you.

In addition you must disclose any identified Conflicts of Interest to ITC Compliance in order

that any mitigating controls can be agreed. Examples of potential Conflict of Interests are

given within the table on the next page.

Application

Conflict of Interest - a situation in which a member of staff’s business decisions could be

influenced by their personal interests, for example a Salesman that places the majority of a

Firm’s business with a particular Insurer due to a family member working for the Insurer.

Inducement - a benefit offered to a firm, or any person acting on its behalf, with a view to

that firm, or that person, adopting a particular course of action. This can include, but is not

limited to cash, cash equivalents, insurance premium, commission, goods, hospitality or

training programmes.

A Conflict of Interest can include Inducements as defined above. Please refer to the

separate Gifts and Hospitality Policy for specific guidance on this.

The existence of a Conflict of Interest is not necessarily evidence of wrongdoing and the FCA

recognises that it is impossible to avoid all potential Conflicts of Interest, but where such

conflicts cannot be eliminated then they must be properly managed.

Process and Responsibilities

In line with the Terms & Conditions of ITC Compliance Network Membership, as a Network

Member, you are responsible for highlighting and mitigating any potential Conflicts of

Interest. Whenever a conflict is identified it must be immediately escalated, to your

Approved Person, using a “Potential Conflict of Interest” form (Appendix 6). The Approved

Person should log this on your internal Conflict of interest Log, carry out an investigation

and where possible take steps to mitigate it.

Your internal Conflicts of Interest Log should be available upon request at audits

undertaken by ITC Compliance.


61

In the event that the Approved Person requires advice or guidance, ITC Compliance are

available to provide this. If the Approved Person feels that the Conflict requires escalation

as it cannot be dealt with within your firm, the “Potential Conflict of Interest” form should be

submitted to ITC Compliance via email by sending it to [email protected].

Upon receipt of a “Potential Conflict of Interest” form, ITC Compliance will assess and

confirm the requirement to register issues in the local Conflicts of Interest log, and if action

is required allocate it to the most appropriate person within the firm for completion. Examples of Conflicts of Interest

The following examples show some specific conflicts and their solutions, however, all

Conflicts of Interest will need to be considered separately and appropriate management

action taken to avoid any customer detriment and ensure the conflict is managed and

mitigated appropriately.

Issue Potential conflict of Interest Typical procedures to manage the potential

conflict

Preferential

commission rates

from a particular

insurer

Sales staff placing

business with that insurer

without considering the

needs of the customer.

Commission across the panel arranged

so that no one insurer has appreciably

different commission deals for the same

product.

Disclosure document includes the basis

and criteria for selecting insurers for

particular products and for effective

monitoring of placements.

Only use one Insurance Provider per

product type.

Profit share

arrangements

with a particular

insurer

Sales staff placing




When operating under a

Binding Authority, claims

staff may want to limit

loss ratios – by directing

business with a bad loss

history to other markets.


product type.

Profit share arrangements not disclosed

to sales staff.





Volume overrides

arrangements

with a particular

insurer

Sales staff placing




No direction/instructions from senior

management where to place business, if

this is likely to result in customer

detriment.

Volume override arrangements not

disclosed to sales staff.







62

Sales staff

remuneration

based on sales

targets

Incentive payments or

competitions made to

sales staff to complete

insurance sales without

considering the needs of

the customer.

Robust management controls in place to

ensure that customers have been

treated fairly including;

Rewards that take into account quality

as well as quantity such as the

incidence of upheld complaints,

adherence to procedures and findings

from internal monitoring.

Appraisal and development

arrangements including TCF and quality

considerations.

Delegated claims

handling

Acting for insurer when

the customer reasonably

believes that intermediary

is acting for them.

Disclosure documents include details.

Claims handling procedures to include

“Treating Customers Fairly” principles.

Hospitality and

Gifts

(Inducements)

Significant hospitality and

gifts could influence the

fair treatment of

customers.

Policy and procedures for the

registration and approval of

hospitality and gifts.

Relationships or

financial

interests with

insurers or other

third parties with

whom ITC

Compliance deal

Business placed with a

particular insurer or other

contracts entered into

without consideration of

the customer’s best

interest.


product type.

A register maintained of all such

arrangements.



particular products.

Conflicts

between

customers when

acting for both

Acting for competing

customers could affect

ability to treat both fairly.

Disclose conflict and obtain agreement

to proceed for both parties.

Set up Chinese Walls – segregation of

duties information barriers so that each

customer is treated fairly and as if the

other was not present.

Staff members

or member of

their immediate

family has an

interest in an

outside entity

Where the interest is

substantial enough for it

to be perceived to affect

their judgement with

respect to transactions

between the Network

Member/ITC Compliance

and that entity i.e. a

material interest exists.

Staff members with a material interest

in any service provider, insurer or

product provider must declare this

interest to HR.

If the Network Member cannot manage

a conflict adequately, it will disclose this

to the client, before undertaking any

business for that client.

Undertaking a

tender exercise

to select supplier

or product

provider

Appointment of supplier or

product provider without

considering the impact on

customers.

Before undertaking any tender exercise

the proposed tender process needs to

be signed off by a Project

Sponsor/appropriate Senior

Management in advance of issuing to

the invited tender participants.

Proposals/recommendations resulting

from any tender process are signed off

in advance of any final ratification and

communication to tender participants.

Close personal

relationships

Where the relationship

potentially results in some

form of influence, either

Staff members should disclose any

personal relationships that may result in

any form of influence on another staff


63

positive or negative, on

another employee or

business process.

member.

Line management to ensure that roles,

responsibilities and team structures are

reviewed to minimise or avoid any

potential conflicts arising from staff

relationships.

If you are at all unsure as to whether a situation is a potential conflict of interest you should

complete the Conflict of Interest Self Assessment form (Appendix 7)


As a Network Member, you and all your staff are responsible for identifying possible

Conflicts of Interest,recording these on the “Potential Conflict of Interest” form and

escalating these to your Approved Person.

Where the Approved Person feels that the conflict cannot be mitigated by your firm, it

should be escalated to ITC Compliance who will record this on the Conflicts of Interest Log.

Any failure to treat customers fairly as a result of a Conflict of Interest should be recorded

as an Incident, as required in the Regulatory Breaches & Incidents Policy.


Where Conflicts are escalated to ITC Compliance, this information will be reviewed to

identify and monitor any relevant trends or insufficient controls. If anything is highlighted

appropriate action will be taken.


64

Gifts & Hospitality Policy


65

Introduction



relevant to gifts and hospitality. In addition, Treating Customers Fairly outcomes one is also

relevant.

Purpose

Inappropriate gifts, hospitality and entertainment can be used to generate a position of

obligation and prepare the way for a dishonest act, which compromises integrity and your

ability to treat customers fairly.

This policy sets specific rules that define what Gifts and Hospitality are considered

appropriate and acceptable to both offer and receive and defines how the behaviour of staff

should be monitored.

It also sets out procedures to ensure that Gifts and Hospitality are managed to avoid the

risk of conflict with your duties towards your customers and provides advice on how to

ensure compliance with regulatory and legislative requirements.

This policy applies to your staff, Management and Directors.

Responsibilities

As a Network Member, you must document and implement robust procedures for the

effective management of giving and receiving gifts, inducements and hospitality.

Application Definitions

Inducement – an inducement is a benefit offered to a firm, or any person acting on its

behalf, with a view to that firm, or that person, adopting a particular course of action. This

can include, but is not limited to, cash, cash equivalents, goods, hospitality or training

programmes.

Gift – Gifts can be money, goods, services or loans given, without the expectation of

consideration or value in return. Gifts therefore should have no role in the business

process. Commission or fees would not be regarded as gifts.

Hospitality - Social events hosted by the company for clients or suppliers in order to obtain

or maintain their patronage or goodwill and build relationships. Hospitality includes

entertaining, meals, receptions and attendance at sporting events.

Tickets for events where no host is present are classified as a cash equivalent gift.

Bribery – The giving and receiving of money, a gift or other advantage as an inducement to

do something that is dishonest, illegal or a breach of trust in the course of business.


66

Gifts and Hospitality offered and received

In order for gifts or hospitality to be acceptable they must be made:

openly

without placing the recipient under any obligation – for example a clear act of

appreciation for good service

without any expectations

appropriate to the relationship and local business practice

not of a frequency which could be interpreted as excessive or inappropriate

legal and appropriate in accordance with the laws and cultures of the relevant country

Gifts and hospitality must be:

of an appropriate value, whether individually or in the aggregate over a period of 12

months

recorded and reported to management

Gifts and Hospitality must NOT be given or received when nearing the completion of

material contract negotiations – i.e. where the gift or event could influence the end result of

negotiations.

Individuals are strictly forbidden to offer or accept a gift of cash (or a cash equivalent

such as un-hosted concert or sports tickets) under any circumstances as this could be

construed as an act of bribery. This includes the payment of credit card charges, fees, soft

loans (i.e. loans with below market or no interest payments) or shares.

Hospitality and Entertainment

All events must be hosted in the company’s name and be justifiable for the business in the

legitimate interest. All Hospitality must be authorised in advance using the Gifts &

Hospitality Approval Form (Appendix 8) and recorded on the Gifts and Hospitality

Received.

Hospitality offered to spouses, partners and immediate relatives accompanying third parties

to events is appropriate only in exceptional circumstance and in each case, approval must

be sought from appropriate line management.

Gifts and Hospitality registers

Gifts and Hospitality must be logged on the Gifts and Hospitality Register (Appendix 9).

This log must be available for review both on request and at any audit conducted on you by

ITC Compliance.

Gifts and Hospitality received

When a gift or hospitality event is offered to employees (other than low value branded

items) it must be authorised by management and recorded in the Gifts and Hospitality

Register (Appendix 9) with the appropriate authorisation.

Managers are required to show reasonable validation of the values they place against items

(for example a link to a relevant theatre website). It is not permitted for any member of

staff to sign off an item for their own benefit.


67

Gifts and Hospitality made to Third Parties

Prior to making an offer of hospitality or presentation of a gift externally, authorisation must

be obtained. The relevant manager must then record the item on the Gifts and Hospitality

Register (Appendix 9).


The Gifts and Hospitality registers are owned by and the responsibility of you as a Network

Member. The Approved Person is also responsible for monitoring the Gifts and Hospitality

registers, conducting spot validations and auditing the registers.


Management Information should be compiled at least annually to assess the information

contained on the registers and identify any conflicts or potential conflicts that arise. This is

the responsibility of the Approved Person.


68

Risk Management Policy


69

Introduction


rules and Principles for Business they have put in place and Principle 3 is most relevant to

Risk Management.

Purpose

ITC Compliance have internal procedures for the mitigation of risk. These risks are not

constrained to regulatory aspects only and will include other internal or external factors.

E.g. a new computer system may be a risk to business continuity.

This policy sets out guidance for Network Members to aid understanding of the

requirements to comply with the risk mitigation rules and policy.

Responsibilities

Senior Management are responsible for defining your risk appetite and ensuring that your

Risk Register is completed and reviewed periodically.

Your Risk Register must be available on request for review during audits undertaken by ITC

Compliance.

Application

Regardless of whether risk is a defined function the principles of managing the inherent and

residual risk will apply to you and your risk appetite should be reviewed regularly at

minuted meetings.

Your risk appetite will be defined as one of the following:

Averse Avoidance of risk and uncertainty is a key organisation objective.

Cautious; Preference for safe options that have a low degree of risk and may only have

limited potential for reward.

Balanced; Consideration of all options resulting in a ‘mid-line’ approach and a mediocre

potential for reward

Open; Willing to consider all potential options and choose the one most likely to result in

successful delivery, while also providing an acceptable level of reward and value for money.

Hungry; Eager to be innovative and to choose options offering potentially higher business

rewards, despite greater inherent risk.

However, importantly this does not mean that where the appetite is hungry or open that

any regulatory rules can be breached.

Any additional product requests and new applications should be reviewed in line with your

risk appetite.


70

The appropriate level will depend on the nature of the work undertaken and the objectives

pursued. For example, where public safety is critical (e.g. operating a coach tour) appetite

will tend to be low, while for an innovative project (e.g. early development on an innovative

car) it may be very high, with the acceptance of short term failure that could pave the way

to longer term success.

As a Network Member, your senior management are responsible for compliance with your

risk strategy. This includes oversight of:

a) Risk register

b) Business Continuity Plan (BCP)

Risk Register

As a Network Member it is your responsibility to keep a risk register specific to your

business, following the guidelines set out in Appendices 10, 11 and 12. An example of a Risk

Register can be found in Appendix 13.


71

Business Continuity Plan Policy (BCP)


72

Introduction



risk and business continuity.

Purpose

You should implement internal procedures for the mitigation of risk. These risks are not

constrained to regulatory aspects only and will include other internal or external factors.

E.g. a new computer system may be a risk to business continuity.

This policy sets out guidance to aid your understanding in compiling a Business Continuity

Plan, including Call Cascade List (Appendix 15). An example Business Continuity Plan can be

found in Appendix 14.

Responsibilities You should have a Business Continuity Plan for managing business interuption risk.

It is the responsibility of Senior Management to ensure that this is kept up to date and

Application

The Approved Person within your firm should have oversight of the Business Continuity Plan

(BCP).

Business Continuity Plan

A major risk to you is business interruption or disaster recovery. Therefore you should have

a Business Continuity (recovery) Plan. This plan should give consideration to the regulatory

aspects of your business.

ITC Compliance has compiled a couple of scenarios in order to test your Business Continuity

Plan (Appendix 16). These test scenarios will help you understand how your business will

cope with the impact of each situation as the events unfold and where weaknesses appear

steps should be taken to mitigate these weaknesses. The Business Continuity Plan should be

available, upon request, during audits undertaken by ITC Compliance.


73

Approved Persons Policy


74

Introduction

An Approved Person is an individual who has been approved by the FCA to perform one or

more controlled functions..

A controlled function is a role or responsibility that has particular regulatory significance. For

the purpose of the Network, this means being responsible for implementing the rules and

processess outlined in this manual and the FCA principles.

Under the Financial Services and Markets Act 2000, the FCA may approve an individual only

where it is satisfied that a candidate is fit and proper to perform the controlled function(s)

applied for. When considering a candidate’s fitness and propriety, the FCA considers:

i. honesty, integrity and reputation;

ii. competence and capability;

iii. financial soundness.

Approval must be obtained before a person can perform a controlled function.

ITC Compliance must satisfy the FCA that a candidate is fit and proper to perform the

controlled function applied for.

If your business is a Primary Intermediary (insurance is your main business), then all

Directors and/or individuals undertaking a controlled function must be an Approved Persons,

however if you act as a Secondary Intermediary (insurance being a secondary business

activity) you will only require one Approved Person. All Appointed Representative Network

Members will need at least one Approved Person.

Purpose

This policy sets out the requirements for any Approved Person working within an FCA

regulated environment.

Responsibilities

ITC Compliance will perform adequate due diligence when presenting any Approved Person

to the FCA for approval, paying particular regard to the points above.

This will include;

asking for proof of the applicant’s identification

asking for proof of the applicant’s address

obtaining a director’s report from a credit referencing agency

obtaining a consumer report from a credit referencing agency

reviewing the answers given on section 5 of the Form A

reviewing the employment history provided on the Form A

ITC Compliance have documented and implemented robust procedures for the appointing of

any Approved Person.

Application

An Approved Person is someone who carries out one, or more, of the below defined FCA

controlled functions and must therefore satisfy the FCA fitness and proprietary

requirements.


75

Significant influence

functions (SIF)

CF 1 Director function

CF 2 Non-executive director function

CF 3 Chief executive function

CF 4 Partner function

CF 5 Directors of an unincorporated association

CF 6 Small friendly society function

CF 8 Apportionment and oversight function (Non-MiFID business

only)

CF10 Compliance oversight function CF 10A CASS Oversight

Operation Function

CF 11 Money laundering reporting function

CF 12 Actuarial function

CF 12A With-profits actuary function

CF 12B Lloyd's Actuary function

CF 28 System and controls function

CF 29 Significant management function

Customer functions

CF 30 Customer function

Within a Limited Company, the Approved Person should be a Director and they would carry

out the CF 1 function. Within a Limited Liability Partnership (LLP), the Approved Person

should be a Partner and they would carry out the CF 4 function. However within a Sole

Trader, there is no requirement to appoint an Approved Person.

Being an Approved Person brings with it a number of important responsibilities, including a

duty to be aware of and comply with FCA regulatory requirements and expectations and,

understand how they apply to the day to day exercise of controlled functions.

Specifically, Approved Persons must:

meet and comply, on an ongoing basis, with the FCA’s Fit and Proper (FIT) test for

Approved Persons;

comply with the Statements of Principle and the Code of Practice for Approved Persons

set out in the FCA’s Statements of Principle and Code of Practice for Approved Persons

handbook (APER). The Statements of Principle describe the conduct that the FCA

requires and expects of the individuals it approves;

report to ITC Compliance and to the FCA any matter that may impact on their ongoing

fitness and propriety via Form D (Appendix 17) - Notification of changes in Personal

Details or Application Information.

This is also a requirement within section 6 of the Terms and Conditions of ITC Compliance

Network Membership as non compliance with these regulatory requirements may result in

the FCA taking enforcement action against ITC Compliance and any Approved Persons.

Fit and Proper Test

The Fit and Proper test is not an exam; merely a benchmark of an individual’s standing. It is

broken down into:

Honesty, Integrity and Reputation

Competence and Capability

Financial Soundness


76

Honesty, Integrity and Reputation

The considerations ITC Compliance will make prior to submission to the FCA for their

scrutiny will include:

whether the person has been convicted of any criminal offence, any spent convictions;

particular consideration will be given to offences of dishonesty, fraud, financial crime or

an offence under legislation relating to financial services, whether or not in the United

Kingdom

whether the person has been the subject of any adverse finding or any settlement in

civil proceedings, particularly in connection with financial business, misconduct or fraud

whether the person has been the subject of, or interviewed in the course of, any

existing or previous investigation or disciplinary proceedings, by the appropriate

regulator

whether the person is or has been the subject of any proceedings of a disciplinary or

criminal nature, or has been notified of any potential proceedings

whether the person has contravened any of the requirements and standards of the

regulatory system

whether the person has been the subject of any justified complaint relating to regulated

activities

whether the person has been involved with a company, partnership or other

organisation that has been refused registration, authorisation, membership or a licence

to carry out a trade, business or profession, or has had that registration revoked

whether, as a result of the removal of the relevant licence, registration or other

authority, the person has been refused the right to carry on a trade, business or

profession requiring a licence or registration

whether the person has been a director, partner, or concerned in the management, of a

business that has gone into insolvency, liquidation or administration while the person

has been connected with that organisation or within one year of that connection

whether the person, or any business with which the person has been involved, has been

investigated, disciplined, censured or suspended or criticised by a regulatory or

professional body, a court or Tribunal, whether publicly or privately

whether the person has been dismissed, or asked to resign and resigned, from

employment or from a position of trust, fiduciary appointment or similar;

whether the person has ever been disqualified from acting as a director or disqualified

from acting in any managerial capacity

whether, the person has been candid and truthful in all his dealings with any regulatory

body and whether the person demonstrates a readiness and willingness to comply with

the requirements and standards


77

Competence and Capability

In determining a person's competence and capability, the FCA and ITC Compliance will

consider the following:

whether the person satisfies the relevant FCA training and competence requirements in

relation to the controlled function the person performs or is intended to perform;

whether the person has demonstrated by experience and training that the person is

suitable if approved,

whether the person has adequate time to perform the controlled function and meet the

responsibilities associated with that function.

Financial Soundness

In determining a person's financial soundness, the FCA and ITC Compliance will consider:

whether the person has been the subject of any judgment debt or award, in the United

Kingdom or elsewhere, that remains outstanding or was not satisfied within a reasonable

period;

whether, in the United Kingdom or elsewhere, the person has made any arrangements

with their creditors, filed for bankruptcy or been adjudged bankrupt, had assets

sequestrated, or been involved in proceedings relating to any of these.

ITC Compliance will not normally require the candidate to supply a statement of assets or

liabilities. The fact that a person may be of limited financial means will not, in itself, affect

their suitability to perform a controlled function.

FCA Application

All Approved Persons applications are submitted on the FCA’s Online Notifications and

Applications system

The onus is on ITC Compliance to provide sufficient information on the Application Form

(Form A) to satisfy the FCA that the candidate is fit and proper.

ITC Compliance may therefore need to provide to the FCA details of:

the due diligence undertaken;

references obtained, including regulatory references, and

details of the rationale the firm has used to conclude that the candidate is fit and

proper to perform the role for which approval is sought.


Once the Approved Person has submitted the requested information, ITC Compliance shall

keep records, which will include:


78

References obtained on individuals

Work history

Form A and FCA correspondence

Any Approved Person Declaration(s)

Copy CV’s

Any correspondence pertaining to any clarification of further detail required

Proof of residency

Proof of identification


ITC Compliance verifies Approved Person’s employment and personal history appropriately

in relation to the FCA’s fit and proper requirements.

ITC Compliance also verifies this information through the collection of regular information

from you.

It is your responsibility to ensure that the details of your Approved Person(s) are accurate

and any changes are reported to ITC Compliance as soon as is reasonably possible.


79

Regulatory Breaches & Incidents Policy


80

Introduction


rules and Principles for Business they have put in place and Principle 11 is the most relevant

in relation to regulatory breaches.

Purpose

ITC Compliance are required to disclose to the FCA appropriately anything relating to the

firm (and its Network Members) of which the FCA would reasonably expect notice as defined

in the Financial Services and Markets Act 2000.

Failure to comply with this rule could mean negative action against ITC Compliance, which

could lead to regulatory fines or penalties. It could also result in negative publicity about

ITC Compliance and its Network Members.

This policy sets out guidance to aid understanding of the requirements when a regulatory

breach has occurred.

Responsibilities

As a Network Member, you are responsible for reporting any identified breaches immediately to ITC Compliance.

Application

Whilst ITC Compliance has implemented robust procedures to help mitigate the risk of a

regulatory breach, the risk can never be completely eliminated.

The FCA expect to be informed about any regulatory breach, usually as soon as possible, if

it is to be able to carry out its supervision function effectively and react in good time to

developments that may require a regulatory response.

This policy applies to your staff, managers and senior management.

Definitions

The Act – Financial Services and Markets Act 2000.

Notifiable Event – A serious incident (detailed below) that contravenes the Regulator’s

Statements of Principles and/or the Handbook of rules and potentially brings a financial or

reputational risk to ITC Compliance and/or the individual concerned.

Notifiable Events are;

Matters having a serious regulatory impact


81

failing to satisfy one or more of the threshold conditions, such as appropriate

resource to carry out the regulated activity undertaken and the suitability of the

Approved Person;

any matter which has a significant impact on ITC Compliance or Network Member’s

reputation. For example widespread mis-selling of Insurance Policies that leads to

unwanted media coverage and publication on the FCA’s website;

any matter which could affect the ability to continue to provide adequate services to

your customers and/or result in serious customer detriment. For example a gap in

Professional Indemnity Insurance cover, during which a significant claim is made

against ITC Compliance, leading to the winding up of the business;

Breaches of rules and other requirements in or under the Act

In assessing if a breach is significant ITC Compliance will consider potential financial losses

to customers, frequency of the breach, systems and controls implications and if there are

any delays in identifying or rectifying the breach.

Civil, criminal or disciplinary proceedings against ITC Compliance or Network Members

civil proceeding are brought against ITC Compliance and the amount of any claim is

significant in relation to financial resources or reputation;

disciplinary measures or sanctions are imposed by any statutory or regulatory

authority, subject to an investigation into ITC Compliance’s affairs;

You are prosecuted for or convicted of any offence involving fraud, dishonesty, or

any penalties are imposed on you for tax evasion.

Fraud, errors and other irregularities (considered significant by senior management)

an employee may have committed fraud against a customer;

a person (whether employed or not) is acting with intent to or has committed

fraud against ITC Compliance or a Network Member;

ITC Compliance or a Network Member identifies accounting irregularities;

ITC Compliance or a Network Member suspects that an employee involved in

regulated activities may be guilty of serious misconduct concerning their

honesty or integrity.

In assessing if an incident is significant ITC Compliance will consider the size, or potential

size, of any monetary loss, reputational risk and whether the incident(s) reflect a weakness

in its controls.

Insolvency, bankruptcy and winding up

calling of a meeting to consider the winding up;

an application to dissolve or strike ITC Compliance off the Companies Register;

presentation of a winding up order;

entering into any arrangement with one or more creditors;

appointment of a bankruptcy administrator or receiver;

application, under section 252 of the Insolvency Act 1986, for an interim order

against.


82

Other; Communication with the Regulator in accordance with Principle 11

This includes;

any significant systems and control failure; and

actions taken which result in a material change in ITC Compliance’s capital

adequacy or solvency.

Process

If a breach or incident is identified it must be immediately escalated to ITC Compliance and

an Incident Report form (Appendix 18) must be completed. This can be submitted to ITC

Compliance either by email, to [email protected], or via the “Contact Us” part of

ITC Compliance’s website.

Once received, ITC Compliance shall assess the notification and make a decision as to

whether it should be escalated to the FCA as a reportable event.

Following agreement and content approval of the notification, ITC Compliance is responsible

for making the necessary communication with the FCA.

Further details of what constitutes a regulatory breach and the type of breach are detailed

in Appendix 19.

Inaccurate, false or misleading information

ITC Compliance shall take all reasonable steps to ensure the information on any Notifiable

Event provided to the Regulator is factually accurate, or in the case of estimates and/or

judgements, fairly and properly based on information obtained after appropriate enquiries

have been made and includes anything the Regulator would reasonably be expected to be

told about.


You should initially advise ITC Compliance and, PI Insurers (if applicable) of all incidents

and breaches by submitting a fully completed incident form with investigation as soon as

practical after the breach has been identified.

ITC Compliance will provide a copy of the Notifiable Event communication sent to the

Regulator and keep them informed of all subsequent developments, until such time as the

situation is concluded.


ITC Compliance will retain records of all incidents and breaches in a register or log. Senior

Management will review all open incidents on a periodic basis to ensure correct

management and timely closure.



83

Whistleblowing Policy


84

Introduction



Whistleblowing:

In addition The Public Interest Disclosure Act 1998 (hereinafter referred to as 'the

Whistleblowers Act') protects employees against detrimental treatment or dismissal as a

result of any disclosure of normally confidential information in the interests of the public.

This document refers to the FCA regulatory obligations only under SYSC 18.

Purpose

ITC Compliance have appropriate internal procedures which will encourage workers with

concerns to blow the whistle about matters which are relevant to the functions of the FCA.

This policy sets out guidance for Network Members to aid understanding of the

requirements to comply with the Whistleblowing rules and policy.

Responsibilities

ITC Compliance, as your Principal, will ensure there is a Whistleblowing procedure to comply

with The Whistleblowers Act' and in particular the FCA requirements.

Application

It is the FCA’s policy to encourage whistleblowers to use the whistleblowing procedures in

their own workplace, but they may contact the FCA's Whistleblowing Desk in the following

circumstances:

if there aren’t any procedures in their own workplace;

if a whistleblower is uncomfortable or not confident about using the procedures; or

the procedures have been followed but the whistleblower is concerned by the nature

of the response, or lack of response, by their firm.

Under The Whistleblowers Act, any clause or term in an agreement between an Employee

and a Network Member is void if it precludes the worker from making a protected disclosure

(that is, "blow the whistle").

In accordance with section 1 of The Whistleblowers Act:

A qualifying disclosure is a disclosure, made in good faith, of information which, in the

reasonable belief of the worker tends to show that one or more of the following has been, is

being, or is likely to be, committed:

a) a criminal offence

b) a failure to comply with any legal obligation

c) a miscarriage of justice

d) the putting of the health and safety of an individual in danger

e) damage to the environment

f) deliberate concealment relating to any of the above


85

It is immaterial whether the relevant failure occurred, occurs or would occur in the United

Kingdom or elsewhere, and whether the law applying to it is that of the United Kingdom or

of any other country or territory.

Internal procedures

You should adopt appropriate internal procedures, which will encourage workers with

concerns to blow the whistle internally about matters, which are relevant to the functions of

the FCA.

Appropriate internal procedures will include:

telling workers that the firm takes failures seriously and explaining how wrongdoing

affects the organisation;

telling workers what conduct is regarded as failure;

telling workers who raise concerns that their confidentiality will be respected, if they

wish this;

making it clear that concerned workers will be supported and protected from reprisals;

nominating a senior officer as an alternative route to line management and telling

workers how they can contact that individual in confidence;

making it clear that false and malicious allegations will be penalised by the firm;

telling workers how they can properly blow the whistle outside the firm if necessary;

providing access to an external body such as an independent charity for advice; and

encouraging managers to be open to concerns.

You should advise your employees (through the firm's internal procedures) that they can

blow the whistle to ITC Compliance, as the principal prescribed in respect of financial

services and market matters under The Whistleblowers Act.

ITC Compliance will give priority to live concerns or matters of recent history.

Should an individual have concern about ITC Compliance they may approach the FCA

directly on 020 7066 9200 during office hours or leave a message on voicemail.

Or you can write to the FCA at:

Intelligence Department (Ref PIDA)

The Financial Conduct Authority

25 The North Colonnade

Canary Wharf

London E14 5HS


ITC Compliance will maintain records of compliance with the FCA and The Whistleblowers

Act’s Whistleblowing rules.

The internal procedure will include records on Whistleblowing reports and the relevant

actions taken in order to evidence fitness and propriety to the FCA.


The Directors of ITC Compliance will review any whistleblowing reports in order to identify

any trends and any remedial required action. The content of a whistleblowing report may

trigger the requirement to report an event to the FCA.


86

Record Keeping Policy


87

Introduction



relevant to record keeping. In additions Treating Customers Fairly outcomes 1 and 6 also

apply.


rules and guidance around record keeping, these can be found in the FCA Handbook, Senior

Management Arrangements, Systems and Controls 9.1 and Conduct Of Business Sourcebook

9.5. The Data Protection Act 1998 as amended also sets out rules in relation to how a

business can keep records.

Purpose

As a Network Member of ITC Compliance, you should ensure that records are kept in line

with the Data Protection Act and FCA rules and any records disposed of are done so

securely.

The purpose of this policy is to provide guidelines for you, as a Network Member, regarding

your responsibilities for record keeping indicate appropriate retention periods under broad

categories and emphasise the importance of disposing of records in a secure manner.

Responsibilities

You are required by law and the FCA to adhere to the rules set out in the Data Protection

Act and the FCA Handbook and to have stringent process’ in place to ensure this.

Application Definitions

Record The International Organisation for Standardisation (ISO) defines a

record as information that has been created, received and maintained

as evidence and information by an organisation or person in the

pursuance of legal obligations or in the transaction of business.

Essential

Records

Essential records contain information that the business cannot operate

without; the information is either irreplaceable or difficult to replace

and will typically contain some confidential information.

Confidential

Records

Confidential records contain privileged or non-public information

pertaining to the company’s business, which may relate to internal

matters e.g. strategic and operational plans, staff remuneration, etc. as

well as dealings with customers and third parties, such as insurers,

agents, regulators, etc.

Examples of items that are deemed to be records include;

• documents (including written and typed documents and annotated copies);

• paper based files (i.e. sales/client and non insurance transaction files);

• computer files (including word processed documents, databases and presentations);

• emails;

• diaries;

• faxes;

• brochures and reports;

• intranet and internet web pages;


88

• forms and applications;

• audio and video tapes, including CCTV;

• photographs.

Your management team is responsible for ensuring records are properly retained and

disposed of in accordance with your legal obligations. If paper and computer based records

are used, care is taken in the design of record keeping arrangements and the protection of

records.

Retention of records

Information should be retained within structured record keeping systems, which may

include documents as well as information in electronic format.

Records must be retained in an appropriate manner and should be easily retrievable,

therefore;

documents contained in both paper and electronic files are stored in a logical manner

that allows ease of access and retrieval of records. Sales/client, agency and non

insurance transaction files are segregated by transaction stages or events; e.g.

quotations, responses to queries, application form, etc;

call recordings are clear and capable of being transcribed;

amendments or corrections following a transaction or event are clearly shown as such

and the original information remains visible;

it is not be possible for details of transactions or events in paper files i.e. sales/client,

agency and non insurance transaction files (including referencing records) to be

manipulated or altered without a record of the change being captured so as to avoid the

potential for fraud;

it is possible for records in other languages to be reproduced in English;

any records of consent obtained from or instructions given by employees, customers,

suppliers or any other third parties regarding the use of personal, sensitive or

confidential data are retained securely.

The degree of security required around accessibility and storage should reflect the

sensitivity and confidential nature of any information recorded.

Retention Periods

The schedule below details minimum retention periods for a range of categories, which have

statutory requirements for record keeping/retention periods.

Some records will be retained by ITC Compliance and some by you.

Record category Retention period

Company information Incorporation documents – Permanently

Statutory returns – Permanently

Register of Member – Permanently

Pension schemes records - Permanently

Banking records – 6 years

Charities and Political Donations -12 years

Corporate Governance Permanently

Property documents Deeds of Title – until sold or transferred

Leases – 12 years from termination

Agreements with architects and builders -

6 years after completion


89

Human Resources Job application and interview records – 6

months after notifying unsuccessful

candidate

Personnel and training records – 6 years

after employment ceases

Payroll records (including maternity, sick

pay) 6 years

Health and Safety records – all notifiable

accidents, dangerous occurrences,

reportable diseases – 6 years after

employment ceases.

Tax documents 6 years

Contracts Contracts under seal - 12 years after expiry

of contractual obligations

Other contracts (i.e. insurer contracts,

delegated authority agreements) - 6 years

after expiry of contractual obligations

Trust deeds - Permanently

Insurance business Public liability, Product liability and

Employer’s liability policies - Permanently

Other policies – 2 years following policy

lapse or until claims under the policy are

barred (whichever is the longer).

Cancelled or lapsed policies – 2 years from

cancellation or policy lapse date

Complaints – 3 years from the date the

complaint was received (DISP 1.9.1)

Intellectual Property Records Certificates of Registration of trade/service

marks – 6 years after cessation of

registration

Intellectual property agreements and

licenses – 12 years after expiring

Property Documents under seal – 12 years after

expiring

Other contract - Current year plus 6 years

Trust Deeds - Permanently

Supplier agreements Contracts for products with suppliers – 10

years after the contract was terminated or

product no longer used, whichever is the

latter

Paper & Electronic Records

ITC Compliance, Network Members and the respective management teams should ensure

paper and electronic records (especially those that contain confidential information; e.g.

personal details of customers or the company’s business plans etc.) held on office premises

are kept secure and;


90

access is restricted to staff members authorised to use such information;

paper records are placed in lockable cupboards or if necessary, in fire resistant cabinets;

and

if essential for the running of the business, such records are retrievable in a reasonable

timeframe in accordance with the Business Continuity Plan.

Disposal of Records

All information of a confidential or sensitive nature held on paper or in electronic format

should be securely destroyed when no longer required.

This is a requirement under the Data Protection Act and an expectation of the FCA. The

disposal of records, in any format, should be conducted with utmost care and diligence and

the confidentiality rights of employees, clients or customers and third parties should be

considered.

Safe and Secure Disposal of Records

When disposing of records (in whatever media – paper or electronic) either on or off-site,

after the expiry of the retention period, it is important to use a secure method which does

not allow future use or reconstruction of information by unauthorised individuals.

When outsourcing destruction to a third party a destruction certificate should be obtained

and subsequently retained in a secure place to evidence that you followed a proper process

to carry out the destruction.

Disposal of Paper Records

Paper records containing confidential and/or personal information should be cross-cut

shredded and disposed of through reputable waste collection companies. Under no

circumstances is confidential and/or personal information disposed of with other rubbish or

general papers.

Electronic Records

Special care should be taken with electronic records, which can be reconstructed from

deleted information if the data has not been erased thoroughly. The deletion of electronic

records ultimately means the complete destruction of the electronic record and should be

organised in conjunction with your IT Department.

Simply erasing or reformatting computer disks or personal computers with hard drives,

which once contained personal information, is not enough.


You are responsible for ensuring adequate processes are in place for checking that records

are maintained adequately, are accurate, not excessive, archived when appropriate and not

held for longer than is necessary.


ITC Compliance and Network Members should maintain robust processes on record keeping,

reviewing them periodically to ensure that compliance is maintained.


91

Appendix 1: Financial Promotions Checklist

This document is available on the ITC Compliance Website, within the Documents Section

Sent By:

Email Address:

Area Rule Detail Guidance Tick Box Comments:

Does the document make reference to the company

name, an address or email address and a telephone

number?

ICOBS

4.1.2

Is it clear who the customer will be dealing with if

they act upon the promotion?

Is your Regulatory Status clearly stated on the

document?

ICOBS

GEN 4

Example: [Enter firm name] is an appointed

representative of ITC Compliance Limited which is

authorised and regulated by the FCA (their

registration number is 313486) and which is

permitted to advise on and arrange general

insurance contracts

If the promotion features exclusions, have these been

referred to in equal prominence to the benefits?TCF 5

Are there any applicable limits or restrictions. These

should be referred to in plain English.

Are all statements and comparisons factual and

correct?

TCF 2

ICOBS

6.2

Would you be able to provide evidence of the facts

behind the statements within the promotion?

Is the promotion suitable for the target audience? TCF 2

Is the language used, product advertised etc

suitable for the people being targetted by the

promotion. E.g. Travel Insurance being advertised

within a Travel Agent.

Who is the target audience?:

Where will the Document be used? TCF 2Will it be published in a magazine, online, on a flyer,

used internally etc

Is the language used clear, fair and not misleading?

TCF 3

TCF 5

ICOBS

2.2.3

Is the content jargon free, or have any jargon

phrases been explained and cross referenced?

If the premium is shown does is it clear that it includes

Insurance Premium Tax?TCF 3 This can be an asterisk that states including IPT

Where applicable is it clear that prices are inclusive of

VAT and is your VAT number clearly shown?TCF 3 This can be placed in the footed of the document

Where applicable is it clear that statements are

subject to Terms and Conditions?TCF 5

For example within a SMART insurance product

dents and chips will be covered up to a certain size.

Therefore the promotion would state; "Repairs to

Dents and Chips covered (subject to Terms and

Conditions)

Signed: Date:

FP Submission Checklist V0.1

Promotion Description:

By completing the below, I confirm that all required elements have been completed.

I understand that ITC Compliance have a 5 day SLA, from the date of submission, to review this document and return with any amendments that may be required.

Please send this form, along with the document to be authorised to [email protected]


92

Appendix 2:

Example Balanced

Scorecard

Innovation &

Learning Perspective

Goals & Measures *

Financial

Perspective Goals & Measures*

Internal Business

Perspective

Goals & Measures *

Customer Perspective (TCF)

Goals & Measures*


93

Appendix 3: Complaint Reporting Form


94

Appendix 4: Example Financial Promotions Register



95

Appendix 5: Example Call Monitoring Check-Sheet

Last Spreadsheet Update: 28/05/2014

Call Monitor Name

Monitored Date

File Name

Date of Sale

Call Upload Date

Call Duration

Customer Title

Customer Forename

Customer Surname

Company ID

Company Name

Sales Agent Name

Sales Agent User ID

Was the sales agent trained at the point of sale?

Type of Sale Advised

General Requirements / Abbreviated Distance Marketing Information Additional Notes Received Maximum Penalties Failure Rules

Did the sales agent provide their name and details of their link with the firm? No

The sales agent failed to provide the customer with adequate information

about themselves and their link with the firm, please ensure the customer is

given the sales agent's name and link with the firm in all future calls. 0 / 2 ICOBS 3.1.6

Did the sales agent inform the customer that calls are monitored for training

and monitoring purposes? No

The sales agent failed to let the customer know that calls are recorded, it is

important for the customer to know this as they are allowed to terminate the

call if they do not want to be recorded. 0 / 2 TCF Outcome 3

Was the customer informed that Travel Insurance is regulated by the

Financial Conduct Authority? No

The sales agent failed to inform the customer that General Insurance is

regulated by the FCA, please ensure this is done in all future calls. 0 / 2 ICOBS 4.1.2 (2)

Did the customer consent to the abbreviated script being read?

(If no, was the full disclosure read?) No

Please refer to the notes section at the bottom of the page for details of why

this question was answered 'No'. 0 / 2 ICOBS 3.1.14

Was the customer informed of the firm's regulatory status? No

The sales agent failed to tell the customer about the firm's regulatory status,

please ensure this is done in all future calls. 0 / 2 ICOBS 4.1.2 (2)

Did the sales agent offer the customer details of how to verify the firm's

regulatory status? No

The sales agent failed to offer the customer details on how to verify their

regulatory status, please ensure this is done in all future calls. 0 / 2 ICOBS 4.1.2 (2)

If they requested these details, was the customer correctly informed of how

to verify the regulatory status of the firm? No

The sales agent failed to give the customer all of the correct information on

how to verify the firm's regulatory status. Please make sure the customer is

correctly informed in all future calls. 0 / 2 ICOBS 4.1.2 (2)

Scope of Service Additional Notes

Did the sales agent make the customer aware that they are able to provide

advice and recommend products based on the customer's needs? No

The sales agent failed to tell the customer that they would be receiving

advice and recommendations. 0 / 3 ICOBS 4.1.6

Were the sales agent's recommendations suitable for the customer's

demands and needs? No

The sales agent's recommendations did not suit the customer's demands and

needs; it is imperative that only suitable products are recommended to the

customer. 0 / 3 16.26% ICOBS 5.3.1

Marks


96

Features, Benefits and Exclusions Additional Notes

Did the sales agent provide the customer with an adequate amount of

features and benefits? No

The sales agent failed to provide the customer with a sufficient amount of

features and benefits, please make sure this is not done in future calls. 0 / 3 16.26% ICOBS 6.1.5

Was the customer provided with an adequate amount of exclusions? No

The customer was not provided with an adequate amount of exclusions,

please make sure this is not done in future calls. 0 / 3 16.26% ICOBS 6.1.5

Was the customer told that the maximum total claim limit would be the

amount the customer paid for their vehicle and that a £1,000 cover limit

applies to each individual claim? No

The customer was not informed of the total and individual cover limits;

please make sure these are mentioned in future calls. 0 / 3 16.26% ICOBS 6.1.5

Price Disclosure and Other Charges Additional Notes

Did the sales agent provide the customer with details of any other charges that

may be payable other than premium monies, or the lack thereof? No

The sales agent failed to mention any additional charges that may be

payable or the lack thereof, please ensure this is done in all future calls. 0 / 2 ICOBS 3 Annex 3 (3)

If the policy was bought by a consumer in connection with other goods or

services did the firm disclose the premium separately from any other prices? No

Please ensure that the price of insurance is provided seperately to other

goods for all future sales 0 / 3 ICOBS 6.1.13

When the customer was presented with the price of the insurance were they

informed that IPT was included? No

The sales agent failed to tell the customer that the price was inclusive of IPT,

please ensure this is done in all future calls. 0 / 3 ICOBS 3 Annex 3 (3)

Was the customer offered both the monthly and annual payment options? No

The sales agent failed to offer the customer the monthly and annual payment

options, please make sure these are both offered in future calls. 0 / 3 TCF Outcome 2

Eligibility Questions Additional Notes

Were the following questions asked:

Is the vehicle to be used within the restrictions placed on it by the policies

available (e.g. no racing, rallying, commercial uses, etc)? No

The sales agent either failed to ask this question correctly or did not obtain

an adequate response from the customer; please ensure these questions are

asked and answered adequately in all future calls. 0 / 3 16.26% ICOBS 5.1.4 (4)

Is the vehicle eligible for cover (make, age, mileage, etc)? No




Is the customer likely to keep the vehicle long enough to benefit from any

policies sold? No




Does the customer satisfy policy residency requirements (e.g. resident of the

UK, Channel Island, Isle of Man or EU if applicable)? No




Does the customer hold any insurance policy, which may already provide

suitable cover? (If yes please note below e.g. rescue recovery, which may be

covered within a warranty policy, replacement new vehicle which may be

covered in year one/two of a comprehensive motor insurance policy). No





97

If your vehicle were to develop a mechanical defect would you prefer a third

party to pay for the repair, including parts and labour? (Subject to a

maximum specified claim limit, terms and conditions) No




Based on the answers they provided throughout the call was the customer

eligible for the policy they purchased? No

The customer was not eligible for the policy they purchased; it is imperative

that in future calls the sales agent ensures the customer is only offered

products of which they are eligible to claim on. 0 / 3 26.26% ICOBS 5.1.1 (1)

Pre-Contract Information Additional Notes

Did the sales agent read one of the following (based on the payment option

selected):

Premium Credit

You will receive in the post two sets of documents; one will be from us, which

will be your policy documents, the other will be confirmation of your direct

debit arrangement with a company called Premium Credit. Premium credit

will provide you with two copies of the agreement, in which they will ask you

to sign one and return it to them.

We do recommend that you do this but if you do not sign and return it to

them, the policy and direct debit will still be in place. Once you have

received your policy documents, you have 14 days in which to cancel the

policy unless you make a claim, however if you do cancel the policy after 14

days it will leave an outstanding balance that will need to be settled. The

payments will show on your statement as payment to World of Warranty Ltd. No

The sales agent failed to read these declarations to the customer; please

make sure they are read in all future calls. 0 / 3 16.26% ICOBS 6.2.5

Credit Card/Debit Card

You will receive your policy documents in the post in the next 3-5 Working

days. Once you have received your policy documents, you have 14 days in

which to cancel the policy unless you make a claim. We will also send you a

copy of our FCA Initial Disclosure Document together with a copy of the

questions we have gone through today. It is very important that when you

receive this documentation that you check it to ensure that you are eligible

for any policy you decide to purchase and that you are happy with the levels

of cover. You will receive your documents in the post in the next 3 to 5

working days. No

The sales agent failed to read this declaration to the customer; please make

sure it is read in all future calls. 0 / 3 16.26% ICOBS 6.2.5

Consent Additional Notes

Did the customer give their explicit consent for the policy to be set up? No

The sales agent failed to gain the customer's explicit consent to set up the

policy, this is extremely important and must be done in all future calls. 0 / 3 26.26% ICOBS 3.1.10

0 / 70 Total

.Results Failure Rules Results

Questions Answered 26 Number of ICOBS Failures 24

Positive Answers 0 Number of TCF Failures 2

Negative Answers 26 Number of PI Failures 0

Percentage Achieved 0% Number of Non-regulated Failures 0

Additional Penalty:

The Call Monitoring Check-Sheet will also include remedial actions that ITC Compliance require you to undertake. These will be noted

within the document, underneath the check list. The remedial actions will depend on the specific areas failed within the call.


98

Appendix 6: Potential Conflict of Interest Form


Date Conflict of Interest

Discovered

Identified by

Details of the Conflict

Action required (ITC

Compliance use)

Logged on Conflicts of

Interest register by;

Date


99

Appendix 7: Conflict of Interest Self Assessment

Form


How to use this Conflict of Interest Self Assessment Form:

You should review the form and read each issue and if any of the issues are identified as

occurring within your firm, you should put a tick in the tick box. The form will then help identify

potential conflicts of interest affecting your firm and state the procedures you must adopt to

help manage and mitigate the conflict.

Issue Potential conflict

of Interest

Tick

Box

Typical procedures to manage the

potential conflict

Preferential

commission

rates from a

particular

insurer

Are sales staff

placing business

with that insurer

without considering

the needs of the

customer?

Commission across the panel arranged

so that no one insurer has appreciably

different commission deals for the

same product.





Profit share

arrangements

with a

particular

insurer

Are sales staff

placing business

with that insurer

without considering

the needs of the

customer?

Profit share arrangements not






Volume

overrides

arrangements

with a

particular

insurer

Are sales staff

placing business

with that insurer

without considering

the needs of the

customer?

No direction/instructions from senior

management where to place business,

if this is likely to result in customer

detriment.

Volume override arrangements not







100

Sales staff

remuneration

based on sales

targets

Are incentive

payments or

competitions made

to sales staff to

complete insurance

sales without

considering the

needs of the

customer?

Robust management controls in place

to ensure that customers have been

treated fairly including;

rewards that take into account quality

as well as quantity such as the

incidence of upheld complaints,

adherence to procedures and findings

from internal monitoring.

Appraisal and development

arrangements including TCF and

quality considerations.

Delegated

claims

handling

Are you acting for

the insurer when

the customer

reasonably believes

that you are acting

for them?

Disclosure documents include details.

Claims handling procedures to include

“Treating Customers Fairly” principles.

Hospitality

and Gifts

(Inducements)

Have significant

hospitality and gifts

influenced the fair

treatment of

customers?

Policy and procedures for the

registration and approval of hospitality

and gifts.

Relationships

or financial

interests with

insurers or

other third

parties with

whom we deal

Has business been

placed with a

particular insurer or

have other

contracts entered

into without

consideration of the

customer’s best

interest?

A register maintained of all such

arrangements.



particular products.

Conflicts

between

customers

when acting

for both

Are you acting for

competing

customers,

affecting your

ability to treat both

fairly?

Disclose conflict and obtain agreement

to proceed for both parties.

Set up Chinese Walls – segregation of

duties information barriers so that

each customer is treated fairly and as

if the other was not present.

Staff members

or member of

their

immediate

family has an

interest in an

outside entity

Is the interest

substantial enough

for it to be

perceived to affect

their judgement

with respect to

transactions

between the

Network

Member/ITC and

that entity i.e. a

material interest

exists?

Staff members with a material interest

in any service provider, insurer or

product provider must declare this

interest to HR.

If the AR Network member cannot

manage a conflict adequately, it will

disclose this to the client, before

undertaking any business for that

client.

Undertaking a

tender

exercise to

select supplier

or product

Has the supplier or

product provider

been appointed

without considering

the impact on

Before undertaking any tender

exercise the proposed tender process

needs to be signed off by a Project

Sponsor/appropriate Senior

Management in advance of issuing to


101

provider customers? the invited tender participants.

Proposals/recommendations resulting

from any tender process are signed off

in advance of any final ratification and

communication to tender participants.

Close personal

relationships

Will the relationship

potentially result in

some form of

influence, either

positive or

negative, on

another employee

or business

process?

Staff members should disclose any

personal relationships that may result

in any form of influence on another

staff member.

Line management to ensure that roles,

responsibilities and team structures

are reviewed to minimise or avoid any

potential conflicts arising from staff

relationships.


102

Appendix 8: Gifts & Hospitality Approval Form


Gifts & Hospitality Approval Form

Gift/Hospitality

Description:

Received by

Name & Dept:

Given by

Name &

Company:

Reason for

Gift/Hospitality: Date:

Value - please

provide

breakdown and

any supporting

evidence e.g.

website link

Name Date Signed

Name &

Signature of

applicant:

Approval

Name & Position Date Signed

I confirm I am

satisfied that

this meets the

Gifts &

Hospitality

Policy and

there are no

identified

Conflicts of

Interest

103

Appendix 9: Example Gifts and Hospitality Register

This register is available to download from the ITC Compliance Website, within the Documents section.

104

Appendix 10: Impact Score Scale

All of the columns will be considered when making a judgement. Where different columns give different ratings for the same risk, a

balanced judgement will be made of the overall impact. The impact will be considered without taking into account any controls or

mitigation set up. It will also be noted that the impact score is different to the impact score used in the Risk Appetite.

Factors influencing Impact Score

Rating Customer

Service (TCF

Risk)

Reputational

Risk

Regulatory

Risk

Legal Risk People Risk Criminal Risk Approx. Direct

Loss (e.g. ex

gratia, fine,

compensation)

Based on

percentage of

income

1 Insignificant Customers not

impacted or

aware of the

problem

Very high

reputation

Regulator

recognises

high

compliance

standards

No threat of

legal action

No effect High standard

publically

recognised

Under 1% of

income

2 Minor Some customers

aware but the

impact is

negligible.

or

affects less than

25 customers

Routine

sniping in the

media.

Routine

criticism from

trade bodies,

e.g. SAIF

Adverse

verbal and

written

comments

from the

regulator but

no regulatory

fine

Threat of

legal action

but unlikely

to succeed

Potential for

minor injury

or key man

or team to

leave.

Unsuccessful

fraud.

System breach

unsuccessful

1% of income

3 Moderate Customers

aware and

results in

temporary loss

of service

or

affects more

than 25 but less

than 50

customers

Critical article

in media

Regulatory

action with

the potential

of a small fine

Threat of

legal action

with probable

settlement

out of court

Injury

requiring

hospital

treatment for

more than

one member

of staff or

minor scale

down sizing

Physical or

System

penetration

attained but

not successful

10% of income

4 Major Significant A negative Regulatory Legal action Significant Police 25% of income

105

number of

customers

aware of the

problems and

encounter some

inconvenience

or

affects more

than 50 but less

than 100

customers

story in

industry

action with a

potential fine

between

£1,000 and

£50,000 or

enforcement

investigation

brought

against the

Network

Member with

limited

opportunity

for

settlement

injuries or

significant

downsizing or

key man or

key team

have left

investigation

launched.

Systems may

be

compromised

5 Catastrophic Most customers

suffer a major

inconvenience

or

affects more

than 100

customers

or

loss of cover

where the

Network

Member are

liable

Negative

story in media

/ regulatory

website

resulting in

loss of public

confidence

Regulatory

action with a

significant

threat of a

fine of more

than £50,000

or

enforcement

action.

Legal action

brought

against the

Network

Member for

significant

violation and

likely to

succeed

Major effect

on staff lives

or wide scale

downsizing or

key man or

key team

have left

taking

significant

business with

them

Major

successful

fraud against

the Network

Member.

Systems

totally

compromised

more than

25% of income

106

Appendix 11: Likelihood Score Scale

This is the likelihood of the identified risk taking place.

Factors influencing Likelihood Score

Rating Likelihood of occurrence

Example of percentage Example of frequency

1 Rare Not expected to occur for years Less than 1% chance of

occurring

Negligible, may occur only in

exceptional circumstances

2 Unlikely Once every 2 years 1% to 10% chance of occurring Unlikely to occur at some time

3 Often Once every annually 11% to 51% chance of occurring Should occur at some time

4 Likely Likely to occur monthly 51 to 80% chance of occurring Probably occur at some time

5 Expected Expected to occur weekly More than 80% chance of

occurring

Will occur

107

Appendix 12: Exposure / Control Score Scale

Factors influencing exposure / control score

Rating Control

Definition

Procedures /

Tests

Control

Effectiveness

Business

Change

Control Design Contingency External

Mitigation

1 Minor Well designed

and

documented

controls that

have been

thoroughly

tested

Procedures

have been

reviewed and

tested in the

last 12

months

Testing

thoroughly for

all problems

Limited change

to update

existing

processes

Detailed roles

and

responsibilities.

Automated

controls

Plans mean

that work can

continue with

no interruption

Risk fully

transferred to

third party

with no

residual

exposure

2 Limited Controls are

well designed,

but a few

limited

exceptions are

evident

Procedures

covering all

areas and

some parts of

the

procedures

were reviewed

in the last 12

months

Management

support but

use by staff

varies

Some changes

to the business

due in the next

6 months

Clear roles and

responsibilities

for most

functions

Mostly

automated

controls

Full recovery

within 24

hours

Risk largely

transferred to

third party

3 Medium Number of

exceptions

have occurred

indicating

limited design

or insufficient

management

supervision

Procedures

covering most

key areas

Some testing

No adherence New project

about to be

implemented

Most jobs

defined

Automated and

manual controls

Full recovery

within 5 days

Risk partly

transferred to

third party

4 Significant Primary control

failures are

occurring and

secondary

controls are

not detecting

failures

Little testing

Some key

areas not

covered in

procedures

No

Management

or staff

Support

Fundamental

business

change which

will lead to

significant

changes to

working

Most controls

are manual and

detective not

preventive

Plan not

tested or little

detail

Minimal risk

transfer

108

practices

5 Major Controls are

very weak or

no controls

Few or no

procedures

Staff not

aware of

control and no

support

Rapid change

and

uncertainty

No control

levels

No plan in

place

No risk

transfer

109

The risk is calculated by the following calculation:

1. Scoring risks for potential impact and likelihood, to derive the inherent level of risk (impact score x likelihood score =

inherent score). The inherent score excludes any mitigation or internal controls i.e. gross risk

2. Scoring risks for the exposure / control (identifying and assessing the level of mitigation controls currently in place)

3. Producing an overall risk assessment of either an A, B, C or D risk using the table below.

The example register on the following page gives a clearer example of how the scoring is derived.

EXPOSURE / CONTROL SCORE

Absolu

te

Ris

k

Score

Im

pact

X

Lik

elihood

1 2 3 4 5

>10 C B B A A

8 - 10 C C B B A

5 - 7 C C C B B

3 - 4 D C C C B

0 - 2 D D C C C

110

Date of last review by Risk

Register Owner: xx June 20xx

Risk Register Owner:

Risk Appetite:e.g.

Balanced

Risk Description Impact Comments Likelihood

Comments

Control Comments

Im

pact

Lik

elih

oo

d

Exp

osu

re

Ab

so

lute

Sco

re

Overa

ll

Prim

ary

Ris

k T

yp

eAction / Current Status / KRIs

1 1

Commercial Objectives

Not hitting targets

Not meeting budget

Loss of key/platinum accounts

Cash flow, redundancy Is happening

currently

Close monitoring of targets

and budget

Management meets monthly

to update progress, with

compliance attendance.

Monthly business review .

5 5 4 25 A

Stra

tegic

KRI Measures:

Staff Reduction

Costs reduction

Training emphasis

Insurance manager input

New product reviews

3 2

Achieving regulatory obligations Client contact

Loss of Reputation

Regulatory visit

expected August

xxxx

Extra resource allocated in

preparation

4 3 1 12 C

Regula

tory

Plan in place for with Directors oversight

Pre

vio

us R

an

kin

g

Cu

rren

t Ran

kin

g

Appendix 13: Example Risk Register

This register is available to download from the ITC Compliance Website, within the Documents section.

111

Appendix 14: Example Business Continuity Plan

An editable version of this document will be available to download from the ITC Compliance

Website, within the documents section.

Business Continuity Plan

A major risk to Firm A is business continuity or disaster recovery. A Business Continuity

(Recovery) Plan has been created as detailed below in order to manage the associated risks.

Introduction Business Continuity Overview

It is Firm A’s policy that the Company’s Business Continuity Plan is complete, effective and up-

to-date. This plan will provide valuable information in the event of a disaster/incident and will

provide the basis for ensuring that any recovery operation can be achieved as smoothly and as

efficiently as possible.

Senior Members of Firm A staff will form an Emergency Management Team (EMT), which will

provide management level support to facilitate a speedy and effective disaster recovery.

The Emergency Management Team will initiate contact with all staff by way of the call cascade

list. The EMT members are responsible for ensuring they have access to the list outside of the

normal working environment. The Finance Dept, as part of the HR function, are responsible for

maintaining the accuracy of the list and providing copies to the EMT members.

The CEO and/or a Director will decide whether to activate the Company’s plan based on

information received from the Emergency Management Team.

The Emergency Management Team are defined within the companies Organisation Chart. Policy

There are three main areas of business recovery that need to be considered for the Company.

These include:-

access to building denied

loss of network server

telephone systems unavailable

This plan is to be used by the Company in the event of a disaster rendering building, telephone

or computing facilities unusable for a significant period of time.

Overall Business Impact:

Some disruptions would be inevitable but the amount depends on the nature and extent of the

disaster.

Depending on the nature of the disaster, staff may be required to perform duties relating to

other business functions. This is permitted under their contracts of employment.

112

Precautionary Measures Storage of Critical Information

Paper-Based

A copy of this plan and Firm A’s policies will be retained at our secondary location.

Workgroup Server Based

All business critical data is currently backed up.

Off site servers are backed up fortnightly. These store Firm A’s main critical functions of

website and admin system.

Data on laptops and mobile phones

Data stored on mobile equipment will be adequately and securely protected through passwords

or other security methods.

Requirements For Firm A Requirements

In the event of a major disaster rendering the host building unusable for an extended period of

time, Firm A requires access to a temporary work area and would require the resources

detailed below.

Staff

The Emergency Management Team will decide on the number of staff required in relation to:

the disaster faced

the anticipated timescale to return to full functionality at the appropriate premises Facilities

Based on the above, consideration will need to be given to:

desks

chairs

computers (including printers and peripherals)

telephones

stationary

email and broadband access

photocopier

postal facilities

fax machine

113

Telephones can only be diverted to one specific phone number

Team Structure

The structure of the Emergency Management Team is contained within the Organisation

Structure Chart.

Nominee replacements for EMT members are detailed below:

Name Replacement

Mr X Mr B

Ms Y Ms C

Mr Z Mr D

Ms A Mr E

Responsibilities Emergency Management Team:

to decide to invoke the recovery procedures and to what extent they are to be

followed.

to act as single point of contact for staff during the recovery effort.

to liaise with any external stakeholders, including emergency services, with

regards to recovery requirements and recovery updates.

maintain overall management of the recovery teams and the recovery effort.

to ensure that all their teams' functions have been accounted for and either

recovered or suspended.

to co-ordinate the efforts of their team members and to keep them informed of

progress.

to ensure that contact is made with all team members working off site, on holiday

or absent through sickness.

Response - During Normal Working Hours Initiate Evacuation Procedures If Appropriate

evacuate all personnel in an orderly manner and assemble outside, including

clients attending meetings.

fire marshals to ensure that all departmental staff are out of the building.

if possible, request staff to remove important documentation from their work area.

Notify Staff Members

Each Emergency Team Member will notify all team members of the situation and issue a

contact number for them. A complete copy of all the team members' home phone numbers or

mobile numbers will be retained by each EMT member. This is the call cascade list.

114

Situation Assessment

It may be some time before the full extent of the disaster is known. During this time the

Emergency Management Team will assemble to initially appraise the situation and begin to

consider whether to invoke the recovery procedures.

Out of Normal Working Hours Initial Contact

The initial contact out of normal working hours will be the Emergency Management Team who

will be apprised of the situation.

Form Emergency Team

The Emergency Management Team member contacted, depending upon the information

received, will decide whether to gather the Emergency Management Team. It will be discussed

with at least one other Emergency Management Team member, before a decision is made.

If access to the normal place of work is impractical, the Emergency Management Team will

convene at the secondary location, to use as an Emergency Command Centre:

Emergency Process

As each emergency scenario can be different, the below is intended as a guide to EMT to

ensure all relevant points are considered.

This section details the actions that may be required following invocation of this BCP. Actions Required on Day One of the Recovery

1) Compile a list of any missing persons and known casualties. Ensure that the list

includes both members of staff and visitors.

2) Contact the Emergency Services to pass on any list of missing persons and receive

information on casualties.

3) Contact the IT representative on the EMT to advise them of the situation and to

request assistance for IT and other infrastructure issues, and to invoke recovery

space at the secondary location and home working.

4) Contact the families and next-of-kin of affected staff.

5) Verify:

a) Emergency security at the Primary Location if the site has sustained structural

damage. If necessary, work with the landlord to ensure that the site is made safe

and secure. Consider additional security personnel if required.

b) When entry to the site will be allowed, if access has been denied.

6) Confirm that access to recovery space at the secondary location is available and

that those allocated as home workers are notified.

7) Assemble the EMT at the Emergency Command Centre (ECC), the secondary

location.

115

8) Establish and staff a Co-ordination Point near to the Primary Location site. Notify

the Emergency Services of the Co-ordination Point location.

9) Direct business visitors to the Co-ordination Point, if appropriate.

10) Complete an interim business impact assessment.

11) Consider:

a) Impact on the ability to provide services normally undertaken at these offices.

b) Impact on the ability to undertake other activities such as IT development etc.

c) Loss of assets.

d) Direct costs.

12) Which losses will be sustained if the BCP is not invoked?

13) Decide whether to continue BCP invocation. If the BCP is not to be invoked then

resolve any problems and implement stand-down procedure. Otherwise, continue

with the planned response.

14) Contact all members of staff and provide immediate instructions. Consider the

following:

a) Provide the minimum information to initiate the response and explain the current

situation.

b) Verify specific Emergency Response tasks.

c) Identify any business-critical activities that should receive priority.

d) Confirm staff members’ immediate contact details.

e) Give notice of the staff briefing time and place.

15) Instruct those staff that are immediately required to work from home

16) Provide emergency cash to staff involved in the recovery.

17) Instruct staff that are not required to remain at home and in contact.

18) Clearly state the need for secrecy pending a formal press release.

19) Inform third party contacts of the disruption affecting Firm A’s operations and the

recovery action being taken. Consider the following points:

a) Wherever possible, send standard broadcast fax; otherwise, explain circumstances

verbally using the latest approved statement.

b) Ask contacts not to call back and explain that they will be notified of events that

affect them.

20) Contact relevant banks if electronic payments are pending, informing them of the

disruption affecting Firm A and the recovery action being taken. Discuss any

appropriate actions and advise of interim working arrangements.

21) Verify with IT, voice line redirection, message content and call routing / handling

to EMT mobiles

22) Redirect postal mail

116

23) Record details of damage to the building using a still or video camera. These

pictures will be required for insurance purposes and damage must be recorded

before the salvage and clean-up operations begin.

24) Verify that the landlord has been advised

25) Compile list and obtain readily available consumables (retaining receipts) that may

be required including:

a) Stationary

b) Desks

c) Chairs

d) Computers (including printers and peripherals)

e) Telephones

f) Email and broadband access

g) Photocopier

h) Postal facilities

i) Fax machine

26) Consider ability to notify Third Parties via website or other media if remotely

accessible

27) Consider notifying relevant suppliers detailed in supplier contact list for both the

Primary Location and the secondary location.

Actions Required by Day Two of the Recovery

1) Review key priorities in current recovery site workload.

2) Arrange trauma counselling for affected staff if this is felt to be appropriate.

3) Conduct a briefing for all members of staff, both at the recovery site and

elsewhere, covering the following:

a) Internal press release, résumé of events and status.

b) PR issues.

c) Damage and impact assessment.

d) Salvage status.

e) Recovery strategy.

f) Operating recovery targets.

g) Roles and responsibilities.

h) Department reporting and problem escalation guidelines.

i) Voice, internet and fax communications availability and usage.

j) Progress reporting.

4) Assess the need for extra staff or shift work to address any backlogs and any

urgent tasks at the recovery site

5) Resume accounts ledger activities at the recovery site

6) Help-desk activities should resume

7) Staff should begin to re-create lost or corrupted system data and paper-based

work-in-progress.

117

8) Establish when access to the Primary Location will be allowed. If so, try to

determine:

a) What can be salvaged and its condition.

b) What has been irretrievably lost or destroyed.

c) What is intact, but inaccessible?

d) Infrastructure damage and access availability.

e) Expected rebuild time frames.

f) Location for reconstruction activities.

9) Liaise with key Network Members to ensure that they are kept aware of the

incident.

10) Arrange a meeting to establish insurance and reconstruction responsibilities

Actions Required by Day Five of the Recovery

1) Monitor staff morale and confidence in employment continuity

2) Staff at the recovery site should continue re-creation of lost or corrupted system

data and paper-based work-in-progress

3) Compile and submit insurance claims. Co-ordinate activities of loss adjusters /

assessors.

4) If necessary, begin reconstruction of damaged or destroyed documents.

Longer-Term Actions

1) In conjunction with staff, begin to develop a long-term business recovery plan.

2) Decide if a refit of the site is viable. If the damaged site will not become habitable

within one month, meet with property agents to identify a suitable alternative site.

Otherwise, authorise reconstruction and refit of the site in conjunction with

landlord/insurers.

3) If necessary, search for local office space for short-term rental.

4) Review progress on the long-term site in conjunction with infrastructure staff, in

particular:

a) Construction and / or refurbishment.

b) Design of floor layout(s).

c) Plans for occupancy of the site.

d) Procedures for security, cleaning, post and other services.

e) Time frame for business transfer to the site.

f) Emergency procedures.

g) Procurement, installation, commissioning and testing of replacement computer

systems.

5) Prepare a staff briefing note on the new site. Include:

a) The level of equipment and facilities available.

b) Site layout plans.

118

c) Directions to the site.

d) The date of transfer of operations.

e) The expected length of stay.

f) Special arrangements regarding transport of staff.

g) Altered working arrangements for staff.

h) Recompense for disruption of work patterns.

i) Liaise with IT over systems as well as voice and data transfer to the new site.

6) Review timescales for occupation of the new site.

7) Resume normal operations from the new site.

Final Actions

1) Retrieve and review copies of Incident Logs and meeting notes. Identify:

a) Exceptional performance.

b) Sources of delay or inefficiency.

c) Errors or inappropriate responses.

d) Actual timescales for activity completion.

2) Hold a post-incident review meeting and quantify the cost of the incident in terms

of:

a) Lost information.

b) Additional resource requirements.

c) Missed opportunity.

d) Inability to provide services and products internally and to customers.

e) Fines, charges, compensation and penalties.

f) Loss of staff and assets.

g) Additional cost of working.

3) Update the BCP, if necessary

4) Update internal operating and emergency procedures

Throughout the Recovery

1) Maintain the Incident Log

2) Maintain notes of meeting decisions

3) Maintain contact with all members of staff

4) Respond to requests for information

5) Inform them of changes in strategy

6) Inform them of notable occurrences that may affect priorities.

7) At regular intervals:

a) Review recovery progress against target timescales.

b) Assess recovery progress section

8) Prepare updates for all members of staff. Include the following:

119

a) Incident status and recovery progress.

b) Objectives and deadlines.

c) Individual objectives, roles and responsibilities.

d) Specific instructions.

e) Handling personal problems caused by, or contributed to by the incident.

f) Security issues.

g) Current statements for handling incoming calls.

9) Liaise with senior management regarding all expenditure decisions.

10) Maintain regular contact with the Primary Location and with key third parties.

11) Ensure the prompt submission of any insurance claims.

12) Check salvage status - availability of paper-based records and extent of

information lost.

13) Assess the well-being of staff and identify need for professional support.

14) Consider either buying a shredder or calling on a shredding company to dispose of

confidential waste.

Contact Directory

Emergency Services Contact List

Service Contact

Police 999

Local Contact 101

Fire 999

Ambulance 999

Hospitals

1 Hospital Road, AB1 2CD

0123 456 7890

1 Hospital Close, CD1 3EF

0987 654 3210

120

Appendix 15: Example Telephone Cascade List

An editable version of this document can be downloaded from the ITC Compliance Website,

within the documents section.

This should be completed to ensure that all staff receive notification in the event of the

Business Continuity Plan is invoked.

121

Appendix 16: Business Continuity Plan Test

Scenarios Scenario 1 – Pandemic Flu A flu pandemic has hit the UK and is being reported on national and local news, with high

levels of sickness in large cities.

Week 1 – Staff absence is higher than usual and many staff members are complaining of

feeling unwell throughout the work day.

Week 2 – Staff absence has now moved to around 20% and 2 large firms have advised that

they have stopped operating for the foreseeable future due to the pandemic.

Week 3 – The local council has closed all schools in the area due to staff shortages and to stop

the spread of the illness.

50% of staff members with children have advised they will be staying at home to care for

either sick children or due to the school closure as they have no other child care options.

Week 4 – Staff absence is now approaching 40% due to the pandemic. 2 absent staff

members are seriously ill and in hospital. Local news outlets have caught wind of this and have

asked for comment on the situation.

Week 6 – The pandemic has started to ease and staff absence has now reduced to 10%.

However key members of staff still remain off work due to illness.

Week 8 – The pandemic is now close to being over and staff absence levels have returned to

normal for the time of year.

Scenario 2 – Office Fire A disgruntled ex-employee has thrown a brick through the staff room window and has started

a fire in the early hours of the morning. The fire spreads to the IT department and continues to

damage the ground floor of the office until the fire brigade arrives just before 7am.

Day 1 7am – The fire brigade has stopped the fire spreading any further and is close to

putting the fire out. Employees start arriving to work by this time.

Day 1 9am – The fire brigade has extinguished the fire and declared the office unsafe for at

least the next 72 hours while they investigate the arson and inspect the safety of the building.

The car park is now full of employees, employees from nearby offices have also come over to

see what is happening and local news has just arrived and is looking for comment on the

situation.

Day 2 – The fire brigade has completed their investigation and inspection of the office. The

good news is the perpetrator has been apprehended by local police. The bad news is they have

advised that the building cannot be used until the staff and IT room have been repaired which

could take up to 7 working days. It is unclear the extent of the damage to the IT room and

ecommerce hardware.

Day 7 – The office has been repaired and the fire brigade has declared it safe. Some

employees are cautious about returning to the office due to the events.

122

Appendix 17: Form D

Application number (for FCA/PRA use only)

The FCA and PRA have produced notes which will assist both the applicant and the approved person in answering the questions in this form. Please read these notes, which are available on the FCA and PRA’s website at: http://media.fshandbook.info/Forms/notes/imap_formd_notes.doc www.bankofengland.co.uk/PRA Both the applicant and the approved person will be treated by the FCA and PRA as having taken these notes into consideration when completing their answers to the questions in this form.

Form D Notification of changes in personal information or application details FCA Handbook Reference: SUP 10A Annex 7R

PRA Handbook Reference: SUP 10B Annex 7R

1 April 2013

Name of individual (to be completed by applicant)

Name of firm (as entered in 2.01)

Financial Conduct Authority Prudential Regulation Authority

http://media.fshandbook.info/Forms/notes/imap_formd_notes.doc

http://www.bankofengland.co.uk/PRA

123

25 The North Colonnade Canary Wharf

London E14 5HS United Kingdom Telephone +44 (0) 845 606 9966 Facsimile +44 (0) 207 066 0017 E-mail [email protected] Website http://www.fca.org.uk

Contact Details

Contact for this notification

Title

First Name

Surname

Job Title

Business address

Post code

Phone number (including STD code)

Email address

Mobile No

Fax No.

20 Moorgate London

EC2R 6DA United Kingdom Telephone +44 (0) 203 461 7000 Email [email protected]


http://www.fca.org.uk/


124

Details to be changed Section 1

1.01

Approved person Individual Reference Number (IRN)

DETAILS TO BE CHANGED

1.02 Title (e.g. Mr, Mrs, Ms, etc)

1.03 Surname

1.04 ALL forenames

1.05 Date of birth / /

1.06

1.07

1.08

National Insurance number

Nationality

Passport number

1.09 Other changes in application details and matters relating to fitness and propriety

1.10 Effective date of change / /

1.11 Reason for change

I have supplied further information

related to this page in Section 3 YES NO

125

Arrangements and Controlled Functions Section 1

Do you want to notify us of a change of arrangement between the approved person and the firm?

Does the change in arrangement relate to an appointed representative?

Current appointed representative details?

AR FRN Firm Name

Do you want to add an appointed representative?

Do you want to remove an appointed representative?

As a result of this removal you will need to consider whether to submit a withdrawal of a CF and/or an Appointed Representative termination Please select the appointed representative to remove

AR FRN Firm Name Remove

Effective Date

126

Firm identification detailsn Section 2

2.01 Name of firm

2.02 Firm Reference Number (FRN)

2.03 Other firms for whom the individual performs controlled functions

FRN Name of firm Controlled function

a

b

c

d

e

I have supplied further information

related to this page in Section 3 YES NO

ITC Compliance Ltd Network Member Policies & Procedures Manual v0.9

127

Fitness and Propriety

Do you want to notify us of a change to the approved person’s fitness and propriety?

1. Has the approved person ever been convicted of any offence (whether spent or not and whether or not in the United

Kingdom):, (i) involving fraud, theft, false accounting, offences against the administration of public justice (such as perjury, perverting the course of justice and intimidation of witnesses or jurors), serious tax offences and/or other dishonesty; or (ii) relating to companies, building societies, industrial and provident societies, credit unions, friendly societies, insurance, banking or other financial services, insolvency, consumer credit or consumer protection, money laundering, market manipulations and/or insider dealing?

Enter full details in this section

2. Is the approved person the subject of any current criminal proceedings?


3. Has the approved person ever been given a caution in relation to any criminal offence?


4. Has the approved person any convictions for any offences other than those listed above, whether or not in the

United Kingdom (excluding traffic offences unless these traffic offences resulted in a ban from driving or involved driving without insurance)?


5. Has the approved person ever had a County Court Judgement (CCJ) or other judgement debt, whether satisfied or

not and whether discharged or not, in the United Kingdom or elsewhere?


6. Has the approved person had more than two CCJs or judgement debts?


128


7. Has the approved person had more than £1,000 in total of CCJs or judgement debts?


8. Is the approved person aware of: a). any proceedings that have begun, or anybody’s intention to begin proceedings, against the approved person for a CCJ or other judgement debt?


b). more than one set of proceedings, or anybody’s intention to begin more than one set of proceedings, that may lead to a CCJ or other judgement debt?


c). anybody’s intention to claim more than £1,000 of CCJs or judgement debts in total from the approved person?


9. Does the approved person have any current judgement debts (including CCJs) made under a court order still

outstanding, whether in full or in part?


10. Has the approved person ever failed to satisfy any such judgement debts within one year of the order being made?


129


11. Is the approved person or has the approved person ever been the subject of any bankruptcy proceedings, or

proceedings for the sequestration of the approved person’s estate?


12. Has the approved person ever entered into, or is in the process of entering into, an agreement in favour of the

approved person's creditors, for example a deed of arrangement or an individual voluntary arrangement (or in Scotland a trust deed)?


13. Does the approved person have any outstanding financial obligations arising from regulated activities, which the

approved person has carried out in the past, in the United Kingdom or overseas? (In the case of advisers, this will include any outstanding liabilities arising from commissions paid for the sale of packaged products that have lapsed).


14. Has the approved person ever been found guilty of carrying on any unauthorised regulated activities or been

investigated for possible carrying on of unauthorised regulated activities?


15. Is the approved person, or has the approved person, ever been the subject of an investigation into allegations of

misconduct or malpractice in connection with any business activity?


16. Has the approved person ever, either in the United Kingdom or elsewhere:


130

a). been refused entry to, or been dismissed, suspended or asked to resign from, any profession, vocation, office or employment, or from any fiduciary office or position of trust, whether or not remunerated?


b). been refused, restricted in or had suspended, the right to carry on any trade, business, or profession for which specific licence, authorisation, registration, membership or other permission is required?


c). been disqualified from acting as a director of a company or from acting in a management capacity or conducting the affairs of any company, partnership or unincorporated association?


d). been the subject of a disqualification direction under section 59 of the Financial Services Act 1986; a prohibition order under section 56 of the Financial Services and Markets Act 2000; or received a warning notice that such a direction or order be made?


17. In relation to activities regulated by the FCA and/or PRA or any other regulatory body, has:


131

i. the approved person, or ii. any company, partnership or unincorporated association of which the approved person is or has been a controller, director, senior manager, partner or company secretary, during the approved person’s association with that entity and for a period of three years after the approved person ceased to be association with it, ever: a). been refused, had revoked, restricted or terminated, any licence, authorisation, registration, notification, membership, or other permission granted by any such body?


b). been criticised, censured, disciplined, suspended, expelled, fined, or been the subject of any other disciplinary action by any such body?


c). resigned while under investigation by, or been required to resign from any such body?


d). decided, after making an application for any licence, authorisation, registration, notification, membership, other permission granted by any such body, not to proceed with it?


e). been the subject of any civil action which has resulted in a finding against the approved person or it by a court?


18. Has any company, partnership, or unincorporated association of which the approved person is or has been a

controller, director, senior manager, partner, or company secretary, in the United Kingdom or elsewhere, at any time during the approved person’s involvement or within one year of such an involvement:


132

a) been put into liquidation, wound up, ceased trading, had a receiver or administrator appointed or entered into any voluntary arrangement with its creditors?


b) been adjudged by a court liable for any fraud, misfeasance, wrongful trading or other misconduct?


c) been investigated or been involved in an investigation by an inspector appointed under companies or any other legislation, or required to produce documents to the Secretary of State, or any other authority, under any such legislation?


d) been convicted of any criminal offence, censured, disciplined or publicly criticised by any inquiry, by the Takeover Panel or any governmental or statutory authority or any other regulatory body (other than as already indicated under 17(b) above)?


19. Is the approved person aware of any business interests, employment obligations, or any other situations which may

conflict with the performance of the controlled functions for which approval is now sought?


Enter Date of change:


133

Supplementary information Section 3

3.01

3.02

Is there any other information the approved person or the firm considers to be relevant to the application? †

Please provide full details †

Please indicate clearly which question the supplementary information relates to.

Question Information

3.03 How many additional sheets are being submitted?

I have supplied further information related to this page in Section 3

YES NO


134

Supporting Documents

Indicate the required supporting documents to accompany this form.

Documents Mode (by email, fax, post)


135

Declarations and signatures Section 4

DECLARATION OF APPROVED PERSON The firm must ask the individual to make the declaration only where the firm becomes aware of information that would reasonably be material to the assessment of the approved person's continuing fitness and propriety. Knowingly or recklessly giving the FCA and/or PRA information which is false or misleading in a material particular may be a criminal offence (section 398 of the Financial Services and Markets Act 2000). It should not be assumed that information is known to the FCA and/or PRA merely because it is in the public domain or has previously been disclosed to the FCA and/or PRA or another regulatory body. If there is any doubt about the relevance of information, it should be included. Data Protection

For the purposes of complying with the Data Protection Act, the personal information in this form will be used by the FCA and/or PRA to discharge its statutory functions under the Financial Services and Markets Act 2000 and other relevant legislation. It will not be disclosed for any other purposes without the permission of the applicant. I confirm that the information in this Form is accurate and complete to the best of my knowledge and belief and that I have read the notes to this Form.

The FCA and/or PRA may seek to verify the information given in this Form including answers pertaining to fitness and propriety. I authorise the FCA and/or PRA to make such enquiries and seek such further information as it thinks appropriate in the course of verifying the information given in this Form. I also understand that the results of these checks may be disclosed to my employer.

4.01 Full name of approved person i.e. Title, forenames, SURNAME

4.02 Signature

Date / /

DECLARATION OF FIRM Knowingly or recklessly giving the FCA and/or PRA information which is false or misleading in a material particular may be a criminal offence (sections 398 and 400 of the Financial Services and Markets Act 2000). SUP 15.6.1R and SUP 15.6.4R require an authorised person to take reasonable steps to ensure the accuracy and completeness of information given to the FCA and/or PRA and to notify the FCA and/or PRA immediately if materially inaccurate information has been provided. APER 4.4.7E provides that, where an approved person is responsible for reporting matters to the FCA and/or PRA, failure to inform the FCA and/or PRA of materially significant information of which he is aware is a breach of Statement of Principle 4. Contravention of these requirements may lead to disciplinary sanctions or other enforcement action by the FCA and/or PRA. It should not be assumed that information is known to the FCA and/or PRA merely because it is in the public domain or has previously been disclosed to the FCA and/or PRA or another regulatory body. If there is any doubt about the relevance of information, it should be included. I confirm that the information in this Form is accurate and complete to the best of my knowledge and belief and that I have read the notes to this Form.

4.03 Name of the firm

4.04 Name of person signing on behalf of the firm

4.05 Position

4.06 Signature

Date / /

These questions should only be completed if submission of this form is online. It should not be

completed if the form is being submitted in one of the other ways set out in SUP 15.7


136

Appendix 18: Incident Report Form



137

Appendix 19: Regulatory Breaches

PRIMARY SECONDARY TERTIARY BREACH OF:

PEOPLE Acting outside scope of

authority

Not acting within

delegated/binding authority

Not seeking correct sign

off/authorisation

ICOBS

ICOBS

Advice and Information

Poor communication

Incorrect information given

Advice given outside scope of

authorisation

ICOBS

ICOBS

ICOBS

Breach of Insurer

Agreement/TOBA/Client

Money

Acting outside Insurer

Agreement

No risk transfer in place

TOBA incorrect/not in place

TOBA not uploaded to the

system Breach of CASS rules

(client money)

ICOBS

CASS

ICOBS

Failure to follow Group

Procedures

CASS

Compliance Process not

followed

Complaint not dealt with within

timeframes

Financial Promotion not signed

off correctly

ITC Compliance bsite incorrect

DISP

ICOBS

ICOBS

Cover not

incepted/added/incorrect

Cover unclear

Cover/sums not actioned

New Business not incepted

Renewal not invited

ICOBS

ICOBS

ICOBS

ICOBS

Data Protection/Security

Building/doors not secured

Documents sent to incorrect

client/address

Documents lost or mislaid

DPA validation not sufficient

Data disclosed to third party

Credit card details stated on

recorded call

Cheque details held incorrectly

Lost laptop/phone

Data Security

Data Security

Data Security

Data Security

Data Security

Data Security

Data Security

Data Security

Delays Claim delays

Settlement cheque delay

Renewal sent late

ICOBS

ICOBS

ICOBS

Documentation

Incorrect/Missing/Late

Documents not attached

Additional documentation not

requested

Policy incorrect or not applied

Endorsement incorrect or not

applied

Documentation sent late

Excess incorrect or not applied

Dates incorrect

ICOBS

Failure to follow Procedures

ICOBS

ICOBS

ICOBS

ICOBS

ICOBS

Finance Failure to transfer bordereau

Finance agreement not

renewed


Failure to follow

Procedures


138

Financial Crime Employee fraud

Theft of property/data

Financial Crime

Financial Crime

Internal Process not

followed

Cancellation processed

incorrectly

ICOBS

Rating/charging

incorrect

Bank details incorrect

Policy rated on incorrect basis

Debit raised incorrectly

Cover not charged for





Mis-selling Policy mis-sold ICOBS

Surveys Not requested

Not carried out

Not added to file




PROCESS Internal Process or

Procedure

Process or procedure

incorrect/unclear

SYSC

Compliance Process or

Procedure

Process or procedure

incorrect/unclear

SYSC

SYSTEMS PCI DSS Failure to pause and resume Data Security

Systems error/failure Computer systems

Telephony systems

Rating matrix

Reports incorrect

Commercial

Commercial

Commercial

Commercial

EXTERNAL Third party provider Update not notified Commercial

Post/Courier Loss/missing item/delay Commercial

Utilities error/failure Phone network fault

Power Failure

Gas leak

Failure of external supplier

Commercial

Commercial

Commercial

Commercial

Weather – Act of God Preventing the business from

serving clients

Commercial