Regulatory round-up – February 2020


Consumer and Retail Finance – February 2020
Latest from the FCA, including sector views analysis; important business immigration changes; other sector news. […]
Latest from the FCA, including sector views analysis; important business immigration changes; other sector news.
Financial Conduct Authority (FCA)
On 18 February 2020, the FCA published its annual Sector Views document, analysing the way the financial environment is changing and the impact of those changes on consumers and market effectiveness.
Chapter 1 covers drivers of change – looking at common cross-sector themes with a focus on those that are having the greatest impact on the sectors the FCA regulates. In relation to the labour market and household finances, UK households’ debt to income ratio stood at 126.6% in Q3 2019. Although it has declined over the past decade, it remains high relative to historic UK levels. Some consumers remain vulnerable to economic shocks and their debts may become unaffordable. The FCA says that it is important that firms are aware of consumers likely to become vulnerable and that they treat them appropriately.
Consumer credit lending is increasing at a slower rate than in previous years but total amounts outstanding have continued to grow since 2013. As of November 2019, the overall annual rate of consumer credit growth was 5.7%, lower than the peak of 10.9% in November 2016. The FCA says that some households will find an increase in consumer credit is sustainable as debt servicing ratios are low due to low interest rates. However, other consumers could risk taking on unaffordable debt if some firms lend without sufficiently considering individual circumstances. An economic downturn or slowdown could amplify these concerns, including the risk that consumers in arrears are not treated fairly.
Technology is identified as a key driver of change across financial services, with the potential to increase efficiency and improve access to products, but also to create harm for consumers.
Chapter 2 of the document covers retail banking and payments. In relation to payments, the FCA is concerned that consumers may not know that some products and services have limited protections, especially if firms are not properly safeguarding customers’ funds. Poor value in overdraft and cash saving products are seen as key issues in retail banking.
Chapter 3 covers retail lending. Here are some of the key points, particularly concerning consumer credit:
- Drivers of change include: challenging economic conditions are reducing some households’ resilience and the number of consumers becoming over-indebted is increasing; home ownership continues to decline, particularly for younger generations, with the gap between earnings and house prices continuing to stretch affordability for first time buyers; overall borrowing amounts continue to increase but the rate of growth has slowed; overall growth in individual debt is being driven by non-credit debts (just over a third of the average person’s unsecured debt is consumer credit debt – the growth in debt is being driven by other types of debt, including council tax and utilities).
- Consumer credit firms are facing increasingly challenging trading conditions, particularly in the high-cost markets. This has led to some firms leaving the market and others facing existential difficulties. It has also led to an increasing number of firms lending to consumers with poor credit scores.
- Guarantor lending remains an area of concern, given the number of guarantors who make at least one payment and the rapid growth in the sector since 2016.
- From a consumer perspective, there are signs that a growing number are facing financial difficulties and that household resilience for some is reducing. Younger borrowers, renters and those with low credit scores are most likely to be in financial difficulties. Lending to higher-risk consumers is growing. An increasing number of consumers are seeking advice about their financial liabilities, particularly about smaller and typically non-regulated debts.
The analysis will contribute to the FCA’s Business Plan 2020/21 and the decisions it makes affecting consumers, market integrity and competition.
On 13 February 2020, the FCA issued a credit brokers portfolio strategy letter, setting out what the FCA sees as the key risks from credit brokers and highlighting the areas of focus for supervision. See our recent briefing for details.
The FCA has written to credit card firms, telling them to review their approach to persistent debt customers. See the press release.
The FCA carried out a review of how retail banks provide information about Basic Bank Accounts. It found examples of good practice and areas for improvement, including in relation to treatment of a customer showing potential traits of vulnerability.
The FCA and Bank of England are establishing a forum to further constructive dialogue with the public and private sectors to better understand the use and impact of artificial intelligence (AI) and machine learning, including the potential benefits and constraints to deployment, as well as the risks associated with their application.
In related news, the FCA and the Alan Turing Institute are working on a year-long collaboration on AI transparency. See this blog post for details.
On 12 February 2020, the FCA’s Executive Director of Enforcement and Market Oversight delivered a speech on penalties, remediation, and the FCA’s General Principles: “The Principles are the foundations of good conduct and should be an integral part of the operational process of planning or decision-making at all levels and as a way of overseeing and assessing whether the firm’s conduct remains appropriate. If firms and their senior management approach a business activity from the outset using the Principles as a foundational guide, as part of the organisation of activities and as a way of monitoring execution of activities, I am sure we would see considerably less unintended harm caused by misconduct. In short, what we need is less hindsight and more foresight.”
The FCA published an updated webpage on Directory Persons. Firms must submit their data using the FCA’s Connect system as part of the Senior Managers and Certification Regime. The submission deadline for banks, building societies, credit unions and insurance companies is 9 March 2020. The deadline for all other solo-regulated firms is 9 December 2020.
The FCA has decided to recognise the Lending Standards Board’s Standards of Lending Practice for business customers for unregulated activities. See the feedback statement.
The FCA has also confirmed that it will take into account guidance from the industry body for commercial radio on ensuring financial promotions for motor brands on radio are clear, fair and not misleading, when it exercises its regulatory functions.
The FCA updated the tables of collected metrics from current account providers on speed of service and major incidents.
In relation to payments, the Strong Customer Authentication online banking adjustment period comes to an end on 14 March 2020. The FCA’s updated webpage sets out the measures firms are required to take.
And finally, the FCA, Information Commissioner’s Office and Financial Services Compensation Scheme issued a joint warning to insolvency practitioners and FCA-authorised firms to be responsible when dealing with personal data.
Other sector news
An impact assessment for the government’s ‘Breathing Space’ scheme was published on 6 February 2020. See the commentary with a link through to the document. The scheme will be introduced in early 2021.
The founder of MoneySavingExpert.com is funding a new study which will look to find solutions to help free 170,000 mortgage prisoners.
The Joint Money Laundering Steering Group is consulting until 3 April 2020 on proposed amendments to its Guidance, taking account of the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 which came into force on 10 January 2020.
On 24 February 2020, HM Treasury published an updated advisory notice on money laundering and terrorist financing controls in overseas jurisdictions, following recent publication by the Financial Action Task Force (FATF) of two statements identifying jurisdictions with strategic deficiencies in their anti-money laundering/counter-terrorist financing regimes.
On 19 February 2020, the House of Commons Library published a briefing paper on cryptocurrencies – what they are, how they work, the benefits and challenges they offer, and how regulators have reacted to them. Among the benefits and challenges, the paper highlights that the decentralised nature of most cryptocurrencies has made them attractive to organised crime and tax evasion, but the public ledger can enable audit and tracing of criminal transactions; and cryptocurrencies can present major risks to consumers – there is little or no guarantee for protecting investment and there is a wide range of scams that take advantage of the mystique of the cryptocurrency. It says that cryptocurrency exchanges must register with the FCA and follow anti-money laundering regulations, but the FCA can offer little further consumer protection.
In related news, the FATF has issued global, binding standards to prevent the misuse of virtual assets for money laundering and terrorist financing. See this webpage for details.
On 19 February 2020, the independent Access to Cash Review issued a press release calling on the new Chancellor to introduce legislation at the Budget “to protect cash access for as long as people need it, enabling the UK to move forward to a digital future without leaving millions behind”.
On 24 February 2020, the Lending Standards Board published a summary report of the Access to Banking Standard, which aims to help minimise the impact of bank branch closures on customers and local communities.
Pay.UK is consulting until 31 March 2020 on the next generation standard for UK retail payments.
On 14 February 2020, the Payment Systems Regulator gave a revised specific direction to members of the UK’s six largest banking groups to fully implement Confirmation of Payee by 31 March 2020.
A note on important business immigration changes
On 19 February 2020, the government issued a policy statement on the much-talked-about UK points-based immigration system. This reaffirmed the commitment to ending free movement for EU nationals and the introduction of a new points-based immigration system that will apply from 1 January 2021 to both EU nationals arriving in the UK from this date, and citizens from the rest of the world.
Notably, all employers wishing to employ such individuals following the end of the Brexit transition period on 31 December 2020 will need to obtain a sponsor licence from the Home Office, and only roles that meet certain skill levels and minimum salary thresholds will be capable of being sponsored. This is a significant departure from the current regime, under which EU nationals can be employed without the need for sponsorship into any role, regardless of the skill level and applicable salary.
The government is encouraging organisations who do not currently have a sponsor licence but who may need to recruit from the EU or beyond from January 2021 to apply for one. Sponsorship can be a time-consuming, bureaucratic and expensive process, but is something that many more employers will need to get to grips with going forwards due to its proposed extension to EU nationals.
Additionally, EU nationals already in the UK as at 31 December 2020 need to take active steps to register under the EU Settlement Scheme to secure their long-term entitlement to continue living and working in the UK. There will also be significant changes to the current sponsorship rules, which employers who already operate a sponsor licence will need to be aware of. Finally, UK businesses that rely heavily on low-skilled, low-paid EU labour will need to plan for alternatives once the new points-based system is in place.
We have an experienced business immigration team here at Walker Morris, who can advise on the forthcoming changes and assist with sponsor licence applications. We are also holding a business immigration seminar on 12 March 2020, in which we will explain the new rules and give employers a practical guide on how to prepare. Please click here for further details.

Data Protection – February 2020
Focus on artificial intelligence and emerging technologies; other recent developments. Focus on artificial intelligence (AI) […]
Focus on artificial intelligence and emerging technologies; other recent developments.
Focus on artificial intelligence (AI) and emerging technologies
The past month has seen a flurry of activity in the fast-moving world of AI and emerging technologies such as blockchain, and the continuing discussions around the legal and ethical implications associated with them and their use.
During 2019, the Information Commissioner’s Office (ICO) started to develop its first auditing framework for AI (see the initial call for participation), which will “inform future guidance for organisations to support the continuous and innovative use of AI within the law”. A series of blog posts were published on a range of technology and innovation topics, including: the techniques organisations can use to comply with data minimisation requirements when adopting AI systems; key considerations for organisations undertaking data protection impact assessments for AI systems; and the steps that organisations can take to manage the risk of discriminatory outcomes in machine learning systems.
The ICO is now formally consulting until 1 April 2020 on draft AI auditing framework guidance for organisations. The guidance contains advice on how to understand data protection law in relation to AI and recommendations for organisational and technical measures to mitigate the risks AI poses to individuals. The guidance is aimed at technology specialists developing AI systems and risk specialists whose organisations use AI systems, including data protection officers, general counsel and risk managers. It aims to inform organisations about what the ICO thinks constitutes best practice for data protection-compliant AI. The ICO stresses that it is essential for the guidance to be both conceptually sound and applicable to real life situations, because it will shape ICO regulation in this space. Feedback from those developing and implementing AI systems is therefore considered essential.
On 19 February 2020, the European Commission presented a European data strategy and a separate white paper on AI, which “show that Europe can set global standards on technological development while putting people first”. See this comprehensive Q&A factsheet for a summary of the key points. The white paper sets out options to maximise the benefits and address the challenges of AI. The Commission presents options on creating a legal framework that addresses the risks for fundamental rights and safety. It says that a legal framework should be principles-based and focus on high-risk AI systems in order to avoid any unnecessary burden for companies to innovate. It was widely reported in January 2020 that the Commission was considering a five-year ban on the use of facial recognition technology in public areas, but this is not referred to in the white paper. The proposals in the white paper are being consulted on until 19 May 2020.
In its response, the European Consumer Organisation called for legally binding EU rules to establish AI rights for consumers, obligations on companies to be transparent and accountable about their use of AI, and powers for public authorities to ensure AI applications do not expose consumers to harm. In relation to data, the Organisation’s Director General commented: “Too much data is currently concentrated in the hands of a few industry players who use it exclusively for their benefit. Consumers would be better off if, for instance, companies like car manufacturers would give access to vehicle data to allow innovative mobility services to thrive. It is good that the EU wants to legislate how data can be used better but when it comes to personal data, it must always be the consumer to decide whether their data is collected and how it is shared. The objective to help companies compete with big tech should not happen at the cost of consumers’ privacy and autonomy.”
In a recently-published opinion on blockchain technology and the EU single market, the European Economic and Social Committee says that protecting privacy is key. It calls on the European Commission to examine the General Data Protection Regulation (GDPR) and propose revisions and further guidance on the relationship between GDPR and blockchain, saying that blockchain technology was mostly unknown when GDPR was prepared and therefore the potential tensions between the two need to be reviewed.
European developments are still relevant despite Brexit, not least because this is a discussion which arguably transcends national boundaries, but also because of what it means for data protection-compliant AI. While it is not yet known to what extent UK law will diverge from EU law in the future, it would seem unlikely that data protection rights will be weakened.
Back in the UK, the Committee on Standards in Public Life published a report on AI and its impact on public standards. The report contains a list of recommendations for government, regulators and public bodies using AI to deliver frontline services. The Committee’s message to government is that the UK’s regulatory and governance framework for AI in the public sector remains a work in progress and deficiencies are notable. It says that the work of the Office for AI, the Alan Turing Institute, the Centre for Data Ethics and Innovation and the ICO are all commendable, but on the issues of transparency and data bias in particular, there is an urgent need for practical guidance and enforceable regulation.
The Centre for Data Ethics and Innovation recently published its final report and recommendations on data-driven online targeting.
A bill to prohibit the use of automated facial recognition technology in public places and to provide for a review of its use was introduced in the House of Lords on 4 February 2020.
Walker Morris will continue to monitor and report on developments.
Other recent developments
On 12 February 2020, the Department for Digital, Culture, Media and Sport and the Home Office issued a joint initial consultation response to the Online Harms White Paper. See the press release and the ICO’s statement.
The government issued a call for evidence on online advertising. Written submissions are requested by 23 March 2020.
The European Systemic Risk Board (ESRB) published a report on cyber incidents. It summarises the latest estimates of the costs of cyber incidents, and shows that a cyber incident could evolve into a systemic cyber crisis that threatens financial stability. The ESRB has therefore identified cyber risk as one of the sources of systemic risk to the financial system which could have serious negative consequences for the real economy. See the press release.
On 18 February 2020, the European Data Protection Board (EDPB) published its contribution to the evaluation of GDPR, ahead of the European Commission’s evaluation and review of GDPR by 25 May 2020. The EDPB considers that GDPR’s application since implementation on 25 May 2018 has been successful and that it would be premature to revise the legislation at this point in time. Notable comments include:
- The EDPB is calling on EU legislators, in particular the Commission, to intensify efforts towards the adoption of an ePrivacy Regulation to complete the EU framework for data protection and confidentiality of communications.
- The EDPB emphasises that GDPR is a technologically neutral framework designed to be comprehensive and to foster innovation by being able to adapt to different situations without being complemented by sector-specific legislation – GDPR is fully applicable to emerging technologies and the EDPB will continue to elaborate on the impact of such technologies on the protection of personal data.
- There is a pressing need for the Commission to bring the existing set of standard contractual clauses in line with GDPR and to draft additional clauses that cover new transfer scenarios, in particular the adoption of a set of processor-to-processor clauses.

Health and Safety – February 2020
New Medicines and Medical Devices Bill presented to Parliament; HSE news and sentencing round-up. Health […]
New Medicines and Medical Devices Bill presented to Parliament; HSE news and sentencing round-up.
Health and Safety Executive (HSE) – news and sentencing round-up
The HSE is reminding employers that they must protect their workers’ health by controlling the risks from welding fume. The HSE is carrying out a programme of inspections following a safety alert issued in February 2019 after new evidence showed exposure to mild steel welding fume can cause cancer.
Saint-Gobain Construction Products UK Limited was fined £400,000 after an employee suffered life-changing injuries when a rock handling belt failed. The HSE investigation found no risk assessment or safe system of work in place for clearing rock safely from tail-end drums. The HSE inspector said: “This injury could easily have been prevented, had the risk been identified. Employers should make sure they properly assess and apply effective control measures to minimise the risk from dangerous parts of machinery”.
A waste management company was fined £140,000 after an agency worker was struck by a moving excavator and suffered lower leg amputation. The HSE investigation found no evidence of any system by which new agency hired staff were shown the site’s safety rules, meaning that the injured worker was unaware that he was to stand in the safe refuge areas while vehicles were moving around the site.
A car retailer was fined £120,000 after it failed to ensure adequate control measures were in place to minimise exposure to paints containing isocyanates, exposing an employee (who was a car bodywork sprayer) to the risk of asthma.
New Medicines and Medical Devices Bill introduced
A new Medicines and Medical Devices Bill 2019-21, sponsored by the Secretary of State for Health and Social Care, was introduced to the House of Commons on 13 February 2020.
As the explanatory notes set out, one of the things that the Bill does is introduce targeted delegated powers to enable the existing regulatory frameworks in the fields of human medicines, veterinary medicines and medical devices to be updated following the UK’s departure from the EU. After the end of the Brexit transition period, the current mechanism for updating these regulatory schemes will no longer be available and it would be necessary to enact primary legislation even in relation to minor updates. The Bill seeks to address this issue.
Medical devices are regulated in the UK by the Medical Devices Regulations 2002 (the Regulations). There are two new EU laws in this area, the EU Regulation on Medical Devices (MDR) and the EU Regulation on In Vitro Medical Devices (IVDR). The MDR covers all general medical devices, including active implantable devices. It will apply across the EU and in the UK from 26 May 2020. The IVDR will not fully apply until 26 May 2022, outside the Brexit transition period. The notes explain that the UK will therefore need to make its own decisions about the future regulation of in vitro medical devices.
The Bill seeks to consolidate the enforcement regime for medical devices, which is currently spread across a number of different pieces of legislation, creating uncertainty. The proposed new regime means that the powers to issue enforcement notices are contained solely in the Bill, and a bespoke criminal offence is created to clarify which contraventions of the Regulations could result in prosecutions. The explanatory notes stress that this does not criminalise new behaviour but for the most part reflects the existing position in a more transparent and focussed manner. The existing maximum penalties are retained.
There are also new powers to impose civil sanctions for breaches of the Regulations, as an alternative to criminal prosecution. The Secretary of State would have the power to impose monetary penalties and accept enforcement undertakings.
Finally, there are new powers for the Secretary of State to share information held about medical devices in limited circumstances, including in order to warn the public about safety concerns relating to a device.
The general principles and themes of the Bill will be debated at the next reading, on 2 March 2020.