• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

View All

Lessons learned from the ICO's annual report- It is all in the numbers


The ICO released its annual report recently, which includes figures on its enforcement activities during the previous year.  So what do the figures tell us? 

Unsolicited direct marketing has been a focus for the ICO for a number of years and last year the total fines issued for breaches of PECR (the law governing direct electronic marketing) surpassed total fines issued for breaches of data protection law.  The figures show that ICO enforcement resources are being used to try to change unsolicited marketing behaviours.  The ICO issued 23 fines for breaches of direct marketing law totalling £1,923,000 (compared with 16 fines totalling £1,624,500 for breaches of the data protection principles).  The key takeaways from this is to make sure you have records of valid marketing consents, document how you meet the soft opt-in criteria (where soft opt-in is being relied upon), listen to and respond quickly to any complaints and opt-out requests.

A draft ePrivacy Regulation governing direct marketing was published in January 2017 and the proposal is for the new law to apply from 25 May 2018 (the same time as the GDPR).  This timeline is looking increasingly impossible but businesses should be aware that changes to direct marketing law is in the pipeline, which is likely to involve the higher GDPR standards of consent for direct marketing and GDPR-level fines for non-compliance.

Although fines often grab headlines, the ICO has a number of other enforcement powers, which can result in significant costs, reputational damage and operational disruption when deployed against controllers.  Last year, 52 controllers signed undertakings committing their organisation to a particular course of action.  Undertakings are not a statutory regulatory power, but the ICO has been using undertakings alongside or instead of fines to improve compliance. Undertakings are usually signed by a senior person in an organisation and can include a commitment to undertake an audit and/or complete a data protection impact assessment.  There are often quite short deadlines for compliance with undertakings (typically one – three months) and the ICO follows up to check the undertaking has been adhered to.  The ICO has also been increasing its criminal enforcement (criminal cases resulting in prosecutions were up 50% in the last year).  The ICO secured 21 convictions, 6 of which were for not registering with the ICO.  This tells us that even though controllers will no longer need to register/notify with the ICO once the GDPR starts to apply, the ICO is still enforcing the law in this area (perhaps as an easy stick to use against non-compliant controllers).  

Sector focus: HealthTech deal activity in 2017 so far

Despite political and economic uncertainty in both the US and Europe, deal activity in the HealthTech sector remained relatively strong in the first quarter of 2017. According to HealthTech Heartbeat, a quarterly market update prepared by Results International, 51 M&A transactions were recorded in the quarter with a combined disclosed deal value of approximately $11.5 billion. This shows a slight dip when compared with the same period last year, which recorded 67 deals with a combined value of approximately $15 billion.  

Private fundraising activity in Q1 was also healthy. Beauhurst, an investment data platform containing information on UK fast-growth companies, shows 48 fundraisings in the medical technology space with a combined value of £159 million (compared with 26 fundraisings with a combined value of £75.4 million in the same period last year). Activity in Q2 remained buoyant: during this period Beauhurst shows £112.9 million raised by UK fast growth companies across 47 deals.

Key high-profile deals of the year so far include:

  • McKesson’s acquisition of CoverMyMeds for $1.1 billion (Jan 17) – McKesson, a US listed healthcare company, acquired CoverMyMeds, a provider of electronic prior authorisation solutions for prescription medications. The acquisition will increase McKesson’s technology offerings to doctors, pharmaceutical manufacturers and insurers. 
  • EQT Ventures and Octopus Ventures lead $10.5 million venture investment into MyTomorrows (Jan 17) – EQT Ventures and Octopus Ventures, alongside existing backers Balderton Capital and Sofinnova Partners, invested in the Netherlands based start-up which provides patients and doctors with information on, and access to, drugs which are in development or which have been approved by regulators in other countries.
  • Philips acquisition of a minority stake in Onelife Health in a low 7-digit Series A funding round (Feb 17) – Philips, a Dutch technology company listed in Amsterdam and New York, acquired a minority interest in German start-up Onelife Health. The partnership will initially focus on Onelife’s Femisphere App, which helps expectant mothers track key biological markers, behaviours and other variables throughout their pregnancy and identify potential risks or complications. The app automatically detects changes in data to provide feedback and advice. It also supports communication and information sharing between patients and medical professionals.
  • Cambridge Innovation Capital leads $10 million Series B investment into Congenica (Feb 17) – Existing investors Cambridge Innovation Capital and Amadeus Capital Partners invested alongside Parkwalk Advisors. Congenica is a leading provider of clinical genome analysis technology based in Cambridge, UK, which has developed the Sapientia technology platform. Sapientia enables clinicians and researchers to analyse genome-scale DNA data to facilitate clinical decision making and research.
  • Invest Northern Ireland, Innovate UK, Angel CoFund and Techstart NI invest $1.3 million in BrainWaveBank seed round (Mar 17) – BrainWaveBank, based in Northern Ireland, allows individuals to measure and track their cognitive health at home using a wireless headset. The platform uses machine learning and brain-reading technologies to build a record of cognitive health over time, providing insights and advice on how individual lifestyle factors affect performance.
  • Roche’s acquisition of Austrian diabetes platform MySugr for up to $100 million (Jul 17) – Roche, a Swiss listed healthcare company and existing investor, acquired mySugr, a digital diabetes management platform for up to $100 million. While the exact sales price was undisclosed, TechCrunch comment that this could well have been amongst the biggest HealthTech exits in Europe to date. MySugr helps diabetics track blood sugar, mediations and activity levels.


In addition, the main technology giants are becoming increasingly invested in HealthTech. Google’s subsidiary Verily (formerly Google Life Sciences), an entity focussed on life sciences and HealthTech, accepted an $800 million investment from Singaporean investment firm Temasek at the beginning of the year. Apple is reportedly working on turning the iPhone into a central bank for all medical information, increasing the potential for apps to be developed to use the data. Amazon’s Echo, a voice-activated computer that answers to the name Alexa, is continuing to accumulate healthcare skills (including being able to recite instructions on how to resuscitate someone having a heart attack). As the shift to digital continues, it feels as if the disruption of the health care sector by technology is only just beginning. It’s clear that HealthTech is an exciting sector to watch as the year continues.

The Fourth Money Laundering Directive, Scottish Partnerships and People with Significant Control

  • UK Implementation of the Fourth Money Laundering Directive

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the “Regulation”) came in to force on 26 June 2017, replacing the 2007 regulations. The Regulation requires “relevant persons” (i.e. firms to which the Regulation applies (e.g. credit institutions, financial institutions, legal professionals, estate agents, high value dealers, etc.)) to ensure that measures they take in meeting customer due diligence and ongoing monitoring obligations are based on an overall assessment of the money laundering/terrorist financing risks that such relevant person faces. This includes taking account of guidelines published by the European supervisory authorities, UK supervisory authorities and the UK Government’s national risk assessment.

The main changes to the existing anti-money laundering processes are as follows:

  • relevant persons are required to carry out risk assessments and maintain adequate procedures to mitigate money-laundering risks;
  • the focus on risk-based procedures means that the mandatory customer due diligence process will now vary between different customer types:
    • - simplified due diligence may be warranted in low-risk cases which take into account types of customers, geographic areas, and particular products, services, transactions or delivery channels;
    • - a relevant person is obliged to run enhanced due diligence in certain situations, such as, amongst others, the establishment of a business relationship or transaction with a person in a high-risk third country or if a relevant person has determined that a customer or potential customer is a “politically exposed person”;
  • relevant persons are required to identify any beneficial owner who is not their customer and take adequate measures, on a risk-sensitive basis, to verify their identity. That includes measures to understand the ownership and control structure of a company, trust or similar arrangement; and
  • trustees which are UK resident or, if not UK resident, are liable to pay UK tax will be required to maintain a register of beneficial owners in relation to the trusts which they administer and report to HMRC on the same.

Scottish Partnerships and People with Significant Control

On 26 June 2017, The Scottish Partnerships (Register of People with Significant Control) Regulations 2017 came into force. This ensures that a general partnership constituted under the law of Scotland that is a qualifying partnership under regulation 3 of the Partnership (Acccounts) Regulations 2008 (i.e. a limited partnership with solely corporate partners) (an “SQP”) will be required to deliver people with significant control (“PSC”) information to Companies House.

This means that all SQPs will be required to investigate their ownership and control structure. From 24 July 2017, all SQPs will need to file an annual confirmation statement at Companies House that sets out, amongst other things, its PSCs.

The new legislation may affect SQP’s desirability as investment vehicles, especially in private equity and property investment fund structures as the traditional advantages of SQPs – such as separate legal personality and tax transparency – will need to be weighed against the public disclosure of those individuals who hold a controlling interest, directly or indirectly, in the SQP.

An SQP can have more than one PSC. A PSC is a person who:

  1. directly or indirectly holds the right to more than 25% of the surplus assets on winding up of the SQP;
  2. directly or indirectly holds more than 25% of the voting rights in the SQP;
  3. directly or indirectly holds the right to appoint or remove the majority of those entitled to take part in the management of the SQP;
  4. otherwise has the right to exercise, or actually exercises, significant influence or control over the SQP;
  5. has the right to exercise, or actually exercises, significant influence or control over the activities of a trust and the trustees of the trust hold, directly or indirectly, any of the rights set out in a) to d) above; and/or
  6. has the right to exercise, or actually exercises, significant influence or control over the activities of a firm and the members of the firm hold, directly or indirectly, any of the rights set out in a) to d) above.

Share options: limits on the exercise of discretion

In the case of Watson & Ors v Watchfinder.co.uk Ltd, the High Court considered a provision in an option agreement which purported to give the board complete discretion over whether an option could be exercised.

Case background

The claimants were three individuals who owned a business development consultancy engaged by Watchfinder to provide various services. They were paid a monthly retainer for their services and separately entered into an option agreement to purchase a particular percentage of Watchfinder’s shares at a given price. The option agreement provided that ‘the option may only be exercised with the consent of a majority of the board of directors [of Watchfinder]’.

The claimants tried to exercise the option but the board of directors refused consent. The claimants brought a claim for specific performance of the option agreement, arguing that Watchfinder could not exercise its discretion over the grant of consent in a way that was arbitrary, capricious or irrational.

The Court’s decision

The High Court concluded that the clause could not be interpreted as giving Watchfinder an unconditional right of veto of exercise of the options as this would render the option worthless as the grant of shares would be entirely within the gift of Watchfinder and the position would be no different from when any person sought to buy shares in Watchfinder. It therefore found it was a discretionary power which was subject to implied limits. The judge held that there was a duty on the board to follow a proper process, including taking into account the material points and not taking into account irrelevant considerations and to not reach an outcome which was outside what any reasonable decision-maker could decide.

In this case, there had not been any proper exercise of the discretion; there had been no real discussion at the board meeting and the board had reached an arbitrary decision, the Court therefore held that it should proceed as if consent had been given and the claimants were accordingly granted specific performance of the option agreement.

Practical implications

  • Don’t rely on an absolute veto right in an option agreement - if a company wishes an option to only be exercisable in certain circumstances, it should introduce conditions into an option agreement.
  • When exercising discretion - ensure that a proper process is adopted. The board should act reasonably and give proper weighting to the material facts.
  • Produce a document trail – keep accurate board minutes when the board is exercising discretion under share plan rules.

Limitation periods for breach of fiduciary duties

It is common understanding that claims arising out of obligations pursuant to contracts and most statutes are subject to section 8 of the Limitation Act 1980 (LA 1980) and such claims cannot not be brought after expiration of six years from the date on which the right of action accrued, unless they fell within certain exemptions set out in specific statutes.

In the case of directors’ duties, the limitation periods will depend upon whether the duties that have been breached are equitable or tortious duties, whether there was an allegation of fraud and the remedies sought.  This short note discusses the recent case of First Subsea Ltd v Balltec Ltd and others [2017] EWCA Civ 186 and its effect on the availability of the limitation period defence to directors who fraudulently breach their fiduciary duty.

Trustee relationship

A director of the company owes a fiduciary duty towards the company. Companies Act 2006 codifies certain of those duties. This fiduciary relationship gives rise to a relationship of trust and confidence.  In the case of Paragon Finance plc v DB Thakerar & Co [1999] 1 All ER 400, the court made a clear distinction between two categories of constructive trustees:

  • “class 1 trustees” including real trustees who receive trust property by a transaction where both parties intended to create a trust; and
  • “class 2 trustees” where the defendant is implicated in fraud and is therefore liable to account as a constructive trustee by virtue of fraud.

Directors, by virtue of owing fiduciary duties, are classified as class 1 trustees.

Section 21 of LA 1980

According to section 21(3) of LA 1980, subject to other provisions of section 21, an action by a beneficiary to recover trust property or in respect of any breach of trust shall not be brought after the expiration of six years from the date on which the right of action accrued.  But, section 21(1) of LA 1980 sets out certain exemptions on the application of section 21(3) of LA 1980.

Section 21(1)(b) of the LA 1980 provides that no period of limitation shall apply to an action by a beneficiary under a trust being an action to recover from the trustee trust property or the proceeds of trust property in the possession of the trustee, or previously received by the trustee and converted to his use. Accordingly, a director who misappropriated company’s property or disposed of company’s property in breach of his fiduciary duties would not be able to rely on the limitation period defence.

Further, section 21(1)(a) provides that no period of limitation shall apply to an action by a beneficiary under a trust being an action to in respect of any fraud or fraudulent breach of trust to which the trustee was a party or privy.  Class 2 trustees would be caught by section 21(1)(a).  However, it was unclear as to whether section 21(1)(a) was engaged in the case of a class 1 trustee who commits fraud that does not involve misappropriation of property.  Did section 21(1)(a) only apply to class 2 trustees?

First Subsea

Recently, in March 2017, in the case of First Subsea the Court of Appeal unanimously held that section 21(1)(a) was engaged in cases where a class 1 trustee committed fraud and the breach did not involve misappropriation of property.

The case involved a director, Mr Emmett, of First Subsea who had breached his fiduciary duties to the company. Mr Emmett set up a rival company, Balltec Limited, to bid for a contract in competition with First Subsea. This was clearly in breach of Mr Emmett’s fiduciary duties owed to First Subsea. There was no misappropriation of property. Therefore, section 21(1)(b) of LA 1980 was not engaged. As this was not a case of constructive trust (i.e. not a class 2 trustee), the defendant argued that section 21(1)(a) was not engaged. However, Patten LJ reasoned as follows: “A director cannot be a class 1 fiduciary for the purposes of LA 1980 section 21(3) but not for the purposes of section 21(1) and for the same reason I do not see how it is possible to treat a director differently as between section 21(1)(a) and section 21(1)(b)”. It was therefore held that, as the director was involved in fraudulent breach of his fiduciary duties, section 21(1)(a) was engaged and that he could not rely on the limitation period defence.

In conclusion, there is now clear case law setting out that directors of a company who fraudulently breach their fiduciary duty will be unable to rely on the limitation period defence even though no misappropriation of company’s property is involved.

Sutton V Rydon: Literal V commercial common sense

The recent judgment in the case of Sutton Housing Partnership Limited v Rydon Maintenance Limited [2017] EWCA Civ 359 showed that there will be times when commercial common sense should override the literal meaning when it comes to contract interpretation.


In May 2013 Sutton Housing Partnership (“Sutton”), who manage the housing stock of the London Borough of Sutton, entered into a contract with Rydon Maintenance Limited (“Rydon”), a contractor which specialises in the maintenance and repair of housing, where Rydon would maintain and repair Sutton’s Housing stock (“the Contract”). The Contract permitted Sutton to give notice of termination to Rydon should certain minimum acceptable performance levels (“MAPs”) not be met. Incentives for Rydon were also provided in the Contract where Rydon would be entitled to further payments from Sutton should the MAPs be exceeded.

On 12 November 2014, Sutton served notice to Rydon asserting that they had failed to achieve the contractual MAPs and consequently terminated the Contract in December 2014. Rydon argued that this termination was invalid as the MAPs were merely examples as opposed to being contractually binding.

During the subsequent adjudication, the adjudicator decided that the MAPs were in fact purely illustrative and awarded damages in favour of Rydon for wrongful termination. Sutton appealed this decision and the case went to the Court of Appeal. 


The Court of Appeal overturned the judgement and held that the MAPs were contractually binding. Applying Arnold v Britton [2015] UKSC 36, the judge, Mr Justice Jackson, stated that by having termination provisions for Sutton’s benefit and by having incentivisation clauses in favour of Rydon, then the parties must have intended for the Contract to specify MAPs or otherwise these clauses would be inoperable. His reasoning was that commercial common sense needed to prevail as any reasonable person acting for either side would have also intended for the MAPs to be specified in the Contract. He also rejected Rydon’s argument that even if the MAPs were binding, then this should only be for the years stated in the example (2014-2015) as it would be “absurd” in allowing Sutton to terminate and Rydon to claim bonuses in just the first year but not thereafter. Jackson LJ stated that this view was “the only rational interpretation of the curious contractual provisions into which the parties have entered”.


Although this case did not set a precedent for a new law, Jackson LJ’s reasoning in his judgment is well worth reading as he suggests that where a contract is unclear, common sense will prevail in interpreting it.

This case showed that in interpreting contracts, there needs to be a balance between taking a literal approach and applying simple commercial sense. Taken literally, the Contract would have contained no MAPs but the whole of Jackson LJ’s reasoning was based on the premise that there needs to be some degree of common sense that needs to be applied in order to prevent any absurd results.  

Therefore, we need to ensure two main factors are considered when dealing with potentially unclear contracts:

  • whether either parties’ interpretation of the contract produce absurd results; and
  • whether either of these interpretations would deprive a party of a valuable benefit that they would not have reasonably wanted to give up.

Ultimately, his reasoning reinforces Arnold v Britton where Lord Neuberger emphasised certain factors that should be considered when interpreting a contract. These included:

  • the natural and ordinary meaning of the clauses (the worse the drafting, the more readily the courts can depart from their natural meaning);
  • any other provisions of the contract that would provide more clarity to the meaning of the unclear clause;
  • the overall purpose of the clause and the contract;
  • the facts and circumstances which existed at the time that the contract was made and which were known or reasonably available to both parties; and
  • applying simple “commercial sense”.

There is a lot of guidance at present derived from a range of case law on how to interpret unclear contracts and Jackson LJ himself said “lawyers are now lucky enough to live in a world overflowing with appellate guidance on how to construe contracts.” but this case is a good reminder that sometimes we can just apply a bit of common sense.

Extension of the SMCR to FCA FSMA-authorised regulated firms

The FCA has today published its long awaited consultation paper (CP17/25) on the extension of the Senior Managers and Certification Regime (SMCR) to FCA FSMA-authorised firms. A separate consultation paper (CP17/26) covers the proposed extension of the regime to insurers who are currently caught by the Senior Insurance Managers Regime (SIMR).  The regime is designed to bring about increased accountability within financial services firms, good practice and a general change in culture away from excessive risk taking.

The key points in CP17/25 – the general extension of the regime - are as follows:

Who is caught?

The new regime is intended to apply to all FSMA-authorised firms regulated by the FCA, including incoming branches of non-UK firms, which means that almost all financial services firms will be caught by the regime. It does not apply to Approved Persons at Appointed Representatives, for whom a separate Consultation Paper will apply in due course.

When does it come into effect?

It is not yet clear when the new regime will come into effect. The regulators will publish final rules in 2018 once they have reviewed the responses to the consultation paper, and an implementation date will apply thereafter.

What does the regime entail?

The regulators recognise that it is not appropriate to apply the new regime in exactly the same way as it applied to banks. Whilst they are keen to ensure consistent principles across financial services firms, the new regime needs to be proportionate and flexible enough to accommodate different business models and governance structures. They also want the regime to be as simple as practicable for firms to understand and implement.

In summary, the new regime proposes:

  • A standard set of requirements for all FCA solo-regulated firms – to be known as the core regime
  • An extra set of requirements for bigger firms (fewer than 1% of all solo regulated firms) known as the enhanced regime
  • A reduced set of requirements for a group of firms known as Limited Scope firms (this includes firms  that currently have a limited application of the Approved Persons Regime, such as sole traders)

A flow chart at page 14 of the CP will assist firms in working out  which regime will apply to them.  

The Core Regime

  • The Senior Managers regime will apply to all firms which will mean:
    • certain senior management functions will need to be designated as Senior Managers with specific prescribed responsibilities, and will require prior approval of the FCA before starting their roles
    • Senior Managers will need clearly articulated statements of responsibility
    • Senior Managers to comply with Conduct Rules including additional ones just for Senior Managers
  • A Certification regime will apply to staff in all firms:
    • whose roles can cause “significant harm” to either firms or their customers, whereby firms rather than the FCA are responsible of assessing fitness and propriety
    • these staff will no longer be approved by the regulator but will need to be certified by their firms each year as being “Fit and Proper”
  • Conduct rules will apply to staff in all firms (other than purely ancillary staff) including NEDs
  • The current regulatory reference requirements will apply to all FCA firms

The Enhanced Regime

Firms in this regime will need to comply in addition with the following requirements:

  • Responsibilities Maps
  • More Senior Manager functions will need to be ascribed
  • Handover procedures when Senior Managers leave employment

The key points in CP17/26 – the general extension of the regime to insurers - are as follows:

As with the general extension, the regulators recognise that insurers differ in size and scale and a one size fits all approach is equally inappropriate for them. Whilst the FCA and PRA are keen to ensure consistent principles across financial services firms, the new regime needs to recognise these differences. 

In summary, the new regime proposes:

  • Full application of SMCR to Solvency II firms and large NDFS (Non-Directive Firms)
  • A streamlined regime for small NDFS, small run-off firms and ISPVs (Insurance Special Purpose Vehicles)
  • All insurers will  need to apply: 
    • - the Certification Regime to staff in roles which could cause significant harm to the firm or customers
    • - Conduct Rules
    • - The Senior Managers regime, except that not all features will apply to small NDFs and ISPVs
  • Modified rules will apply to incoming branches of non-UK firms
  • The current regulatory reference requirements will apply to all insurers

The Regulators will consult separately later this year on how firms should transition into the new regime and on any changes that will be required to forms and Handbooks.

Consultation paper – responses sought

The FCA is seeking responses to its proposals by 3 November.

What should firms be doing now?

Whilst the FCA will no doubt take firms’ comments into account, it is likely, given their stated aim of raising standards and increasing accountability, and the intended time frame, that the current proposals may not change very much between now and the implementation date. That said, firms with comments on the proposals should respond to the consultation paper by the deadline. Our experience from round 1 of SMCR implementation is that consultation responses can make a difference – with a number of changes having been made by the regulators before final rules in the original regime were published.

Separately, firms should start thinking about how best to prepare for the new regime.

Get in touch:

If you have any queries regarding the consultation paper, or your firm’s obligations under the new regime, please contact Marian Bloodworth or Sophie van Wingerden.

The GB Gambling Commission's position on eSports, virtual currencies and social casino gaming

On 15 March 2017 the Great British Gambling Commission (‘the Commission’) published its position paper on virtual currencies, eSports and social casino gaming. This follows its August 2016 discussion paper which looked to promote debate on a number of issues which have emerged from the development of interactive entertainment products particularly where there is a blurring of the boundaries between these activities and gambling. The position paper clarifies a number of key areas and confirms the Commission’s focus and approach. Some areas however remain opaque - the fast-moving nature of the technology which underpins these products means this will always remain an evolving area. It is however very clear that the Commission expects all those involved in, and benefitting commercially from, these products to regulate themselves, applying best practice from comparable sectors, as Susan Biddle and Chris Boylan explain.


eSports, or competitive video gaming, has been around for several decades. In 1980 game publisher Atari hosted the ‘Space Invaders Tournament’ which attracted 10,000 attendees in the United States, and mainstream popularity followed in the 1990s. Faster internet speeds allowed more complex strategic games, which featured in televised eSports tournaments in Asia Pacific in the 2000s. The global eSports industry was estimated to be worth $463 million in 2016 and has been predicted to be worth more than $1 billion by 2019[1]. The paper considers eSports from the perspective both of betting and gaming.

Betting on eSports

Currently eSports represents a very small percentage of the British gambling market[2], but the Commission notes that the increased range and volume of betting markets offered on eSports indicate the industry is confident of its potential for future growth. Refreshingly, the Commission has concluded that existing regulations (such as the current LCCPs and CAP and BCAP Codes) are sufficient to address the issues raised by eSports, and is not proposing to add bespoke codes or practices. However the Commission does consider that eSports may raise some additional concerns, notably in relation to integrity of the underlying eSports events, and underage gambling. It is good to see the Commission’s evidence-based approach - it points out that, perhaps contrary to preconceived ideas, 73% of eSports ‘enthusiasts’ are at least 20 years old[3].

However it acknowledges that a large number of children do both watch and participate in eSports, but considers that the existing regulatory mechanism can provide appropriate protection.

In relation to integrity, concerns have been expressed that the close relationships between players and their followers may increase the risk of misuse of inside information, and that the absence of recognised governing bodies, governance regimes and technical standards may mean bettors have no guarantee that eSports are being played on a level playing field. The Commission encourages all stakeholders in the eSports industry to recognise integrity risks in eSports and to be proactive in mitigating these risks using lessons learned from best practice in other sports. It usefully sets out a list of the issues which it would expect to be included in an appropriate governance regime. The Commission makes clear that this is the responsibility of all those involved, including those organising the events, promoters and those offering the opportunity to bet on the events.

It has stopped short of setting technical standards or requiring certification for the equipment on which the underlying games depend. However, even if mandatory standards and certification are a step too far at this stage, a voluntary regime might offer compliant businesses a reputational advantage - and a competitive one if current expectations are mandated by the Commission in the future.

Playing eSports for a prize

The paper also considers when playing eSports for a prize could be playing a game of chance for a prize, and so be gaming requiring an operating licence. ‘Sports’ are not games of chance but (in the absence of any designation from the Secretary of Sport to the contrary) the Commission’s current view is that eSports do not fall within this general exemption. Playing eSports will therefore be gaming unless the underlying game is a game of skill (or any chance element is so insignificant as not to matter). In responding to the discussion paper, the video game industry argued that the underlying games used for eSports were inherently skill games, where skilled players have considerable control over the outcome and are consistently more likely to win than less skilled opponents. The Commission currently accepts that most professional eSports events fall into this category at present, and so do not require an operating licence.

However there is a wide range of games and genres within the umbrella term of eSports and many of these do include some (notional) elements determined at random. The Commission stresses that it will be important for both games developers and organisers of eSports events to assess the relative elements of skill and chance in, and the mechanics and presentation of, any game before it is used in relation to a prize of money or money’s worth, and to be able to support a decision that a game does not fall on the gambling side of the line.

The authors of this article hope that, as these products and technologies evolve and the Commission considers particular examples, it will update its guidance so that, over time, clearer guidance can be given on the factors which will contribute to the analysis of eSports as games of skill or chance.


In its discussion paper, the Commission suggested that commercial entities which provide facilities enabling eSports players to play against one another in match-ups and to bet on themselves to win, might be offering (pool or fixed odds) betting or acting as a betting intermediary.

The Commission recognises that the distinction between arrangements for players to pay to participate in competitive tournaments, and betting/arrangements to facilitate players making/accepting bets on themselves, is not straightforward. It proposes to focus on arrangements relating to the outcome of video games where there is a risk of harmful behaviours such as chasing losses and/or long periods of incentivised play, or where there is unfairness or fraud, and has helpfully provided a (non-exhaustive) list of factors which it will consider in assessing these arrangements. In broad terms, bilateral arrangements where the prizes/winnings are determined by participants or by the outcome are more likely to be gambling than multiparty arrangements where participants contract with the organiser rather than with each other and prizes are determined by the organiser and do not vary with the number of participants or the outcome. If the participants’ and the organiser’s only interest is in the wager, this will be more likely to be gambling than if the promoter is also interested in other aspects such as sponsorship, media rights, ticket sales or merchandise. The Commission will also take into account how an opportunity is presented and whether it uses gambling imagery or is linked to mainstream gambling, and will in particular investigate cases raised via consumer complaints.

Gambling with in-game items (‘skins’)

The Commission is paying close attention to the growing popularity of ‘in-game items,’ which can be won, traded with other players or bought from game publishers. Typically these are in-game currencies, points, additional or enhanced equipment or aesthetic upgrades to a player’s game play. Concern has arisen where these items are used for remote gambling, if they are not provided in a ‘closed loop’ but can be ‘cashed out’ for money or money’s worth. The Commission is very clear that where these items can be converted into cash, or traded for other items of value, they are ‘money or money’s worth’ and providing facilities to gamble with such items therefore requires an operating licence.

Again, the Commission has sensibly adopted an evidence-based approach. From this, it concludes that the restrictions on converting these items into money or items of value, which are included in the terms of their use and in the networks by which the games are accessed, are circumvented far more often than the ‘occasionally’ which the video game industry admits.

The Commission justifiably highlights its recent successful prosecution in the FutGalaxy[4] case as an example of this type of activity, the risk it poses to children, and the Commission’s approach to those offering such facilities. FutGalaxy.com was a social gaming website which offered players the chance to bet on real-life football matches or to play a jackpot lottery style game using a virtual currency called FUT coins. These coins could be earnt by playing the Fifa football video game in Ultimate Team mode. Fifa terms prohibited the buying and selling of FUT coins, but in reality (and despite the Fifa game publisher banning thousands of accounts for trading in the coins) the Court found that they could be readily converted into cash on black market websites. FUTGalaxy imposed no age restriction on its players, and in the Judge’s view the defendants knew children used the site or at least turned a blind eye to this. The Commission has been clear that the product’s popularity amongst children increased its concern about FUTGalaxy, and the Judge similarly emphasised that the fact that children were gambling on the FutGalaxy website was an aggravating factor. The case demonstrates the Commission’s willingness to take action against those who use tradeable virtual items as a de facto currency, particularly where children are involved.

Acquisition of in-game items

The paper also considers whether the very acquisition of in-game items may itself constitute gambling. Where players buy ‘keys’ from the games publisher to unlock ‘crates’ containing an unknown number and value of in-game items, this can be analysed as payment of a stake (the price of the key) for the chance to win a prize (the in-game items) determined by chance - so if those in-game items can be readily converted into money or money’s worth, this is likely to be regarded as gambling requiring a licence.

The Commission’s approach

The Commission recognises that the position on gambling with in-game items is complicated by the fact that the video game, the cash-out facility and the gambling may be provided by different entities, and that it has seen nothing to suggest games publishers, developers or network operators are intentionally providing or advertising unlicensed gambling or entering agreements with those who are. However, it stresses in this paper that the video games industry must not be - or be perceived to be - passive about the exploitation of their player community by predatory third parties who offer gambling using tradable in-game items. Even if games publishers receive no direct benefit from these illegal gambling activities, the Commission considers they are likely to benefit indirectly, for example as the ultimate source of in-game items bought to replace those lost in unsuccessful gambling. The Commission notes that during 2016 a number of large video game developers took action to disrupt the illegal supply of gambling facilities using their in-game items and, separately from this paper, the Commission has been clear that it regards those who take such action as part of the solution rather than part of the problem.

The Commission sensibly recognises that there can be practical difficulties in identifying the offending operators, or where their assets are outside the Commission’s reach, and that a zero tolerance approach to small-scale secondary markets may be impractical or disproportionate to the licensing objectives. Its priorities for enforcement activity will be the protection of British consumers, particularly children, and relevant factors will include the proximity of the gaming and facilities for exchanging the in-game items for monetary value, any overt relationships between those providing the gaming and the exchange facility, and the ease with which the items can be exchanged. Whilst the providers of the unlicensed gambling websites remain primarily responsible for that gambling, the Commission is clearly putting games publishers and network operators on notice that they may share responsibility if they do not properly oversee their closed loop systems, and do not actively disrupt others who wish to offer either a means to exchange in-game items or gambling facilities using such tradable in-game items.

Social casino gaming

The Commission’s focus continues to be on social games which look and feel like traditional gambling, with the primary concerns being problem gambling style risks (excessive play or expenditure, and pre-occupation), transition to real money gambling, and consumer protection.

Again, the Commission has adopted an evidence-based approach, referring for example to independent research[5] into the risks of social casino gamers migrating to real money gambling which indicates that it is the small minority who make in-game purchases who are most likely to transition. The Commission suggests that future research might usefully be focussed on this sub-group.

It reports that the evidence it has gathered does not indicate any significant shift in the patterns of play or demographics since its 2014/15 review, and its view therefore remains that there is currently no need for additional regulation. However, it is clear this depends on the industry ‘maintaining a proactive and credible socially responsible approach’ which should include testing, evaluation and sharing of best practice consumer protection, in the light of regularly updated, independent, peer-reviewed research which should be made widely available.

With gambling operators increasingly entering the social casino market, this area will no doubt remain under review.

Winning items, loyalty schemes and ‘IRL[6]’ rewards

The Commission considers that the opportunity to win additional items such as chips, spins or tokens will make a social casino game gambling only if those items can be converted into money or money’s worth. The Commission’s present view is that a social casino game will not be gambling just because such items could alternatively be acquired by purchase; it will be interesting to see whether other regulators who are currently considering this question take the same view.

The Commission also considered loyalty schemes which reward players with points for such things as frequency of visits, referring friends, time or money spent, or adverts watched. Those points may be exchanged for in-game benefits or, increasingly, for real world rewards such as travel and entertainment. Where points are derived from actions relating to the outcome of the game and can be exchanged for goods or services with a monetary value, the Commission considers that provision or promotion of the underlying game would require an operating licence. For example, points awarded for referring a friend are unlikely to trigger a licence requirement, but points based on time spent playing would do so (because players can play longer if they win more chips).


The paper includes some useful guidance on the Commission’s focus areas and the criteria it will apply in relation to these developing products. It is heartening to see the emphasis on an evidence-based approach. The Commission continues to stress the need for the industry to be proactive in self-regulation, and it is very clear that - inevitably, given the rapid development of new technology and products - these sectors and the Commission’s approach will remain under review.

This article first appeared in Online Gamling Lawyer.


[1] Martin D Owens, ‘What’s in a Name? ESports, Betting, and Gaming Law’ (2016) 20 Gaming Law Review and Economics 567, p 568.

[2] The Commission reports that its gambling participation surveys indicate that only 8.5% of the adult British population have bet on eSports.

[3] 2016 Global eSports market report - Newzoo eSports.

[4] On 6 February 2017, following a prosecution brought by the Gambling Commission, Dylan Rigby, 34, of Colchester, Essex, and Craig Douglas, 33, of Ilford, Essex, entered guilty pleas to offences under the Gambling Act 2005. Rigby was ordered to pay £174,000 in fines and costs, whilst Douglas was ordered to pay £91,000.

[5] Do Social Casino Gamers Migrate to Online Gambling? An Assessment of Migration Risk and Potential Predictors - Kim, Wohl, Salmon, Gupta & Derevensky.

[6] IRL stands for ‘in real life.’


Wearables in the workplace

A recent report by Bersin by Deloitte has highlighted the trend of the “overwhelmed employee” – staff overwhelmed by the volume and always-on nature of messages and work-related activities. This is particularly prevalent in the Financial Services and Professional Services sectors. 

Workplace productivity is not increasing despite a vast increase in the technology available in the modern workplace. Despite everything that my iPhone can do for me, I’m not any better or quicker at my job. Staff have too much information available to them and are flooded by it, meaning it leads to indecision and they can’t get their work done.  

First this has led to a real concern for the wellbeing of staff, as the “always-on” culture blurs the boundaries between work and home life. But in addition, this has led to a real drive for productivity with employers increasingly focussing on employee engagement, wellbeing, monitoring the efficient deployment / use of resources (including staff) and monitoring the operation of processes and policies to ensure effective recruitment and retention. In particular, a big trend we are seeing in the USA is the use by employers of wearable technology to track employees’ wellbeing and productivity.

In the USA, the biggest driver for the use of wearables in the workplace is employers using fitness trackers as part of their (voluntary) corporate wellness programs, in order to obtain preferential terms on health insurance. It is said that by 2020 the use of wearables in the workplace could cut healthcare insurance costs by 40% in the US if employees wear a fitness tracker – a huge saving for employers.

Whilst there is less of an imperative for this in the UK because of the National Health Service, many Financial Services and Professional Services firms do provide employees with private medical insurance so this trend may well be adopted in the UK.

In addition to the voluntary corporate wellness programs, employers in the US are increasingly turning to wearables to track and measure productivity and this is where wearables become much more controversial, as you move away from their voluntary use in wellbeing programs. Some sectors, particularly those with large numbers of field staff, are well ahead of the game but increasingly Financial and Professional Services firms are adopting these technologies too.

Practical examples in the workplace

Staff at LinkedIn used respiration wearable Spire, a clip-on device, to help them reduce stress and improve productivity by providing them with a record of their respiratory patterns through the working day, accompanied by alerts and guidance on how to control emotions and stress through breathing exercises. In one study, 75% of the LinkedIn employees said that the device improved their productivity.

Humanyze undertakes voice-based analysis of staff via their ID/lapel badge. It monitors how an employee says something in order to measure interactions and emotions, for example in a customer service environment. It can help employers to track which groups of employees are regularly communicating with each other, the tone of voice, volume and movement to identify the engagement level in a conversation and to adjust work structures or environments accordingly. Bank of America used Humanyze to address productivity and turnover of call centre staff and identified that a lack of social engagement amongst team mates was driving a high turnover.

A London hedge fund used wearables to track traders, to find out whether poor sleep patterns and alcohol intake correlated with risk-taking behaviour. This helped the hedge fund to assess and manage risk within its organisation and to comply with its regulatory duties.

Essentia Analytics produces software for wearables to help professional investors optimise their decision-making through health improvements. They focus on how sleep and stress levels impact trading behaviour and demonstrate whether the individual makes better investment decisions after exercise or after a good night’s sleep.

It seems that the sectors which are most interested in this technology are those sectors which have trouble recruiting and retaining the best staff and companies with a high reliance on graduate trainees – which includes financial and professional services.

Legal considerations for employers

Employers who are considering adopting some of these new technologies have a number of key issues to work through.

Data Protection

In particular, employers need to give careful thought to their compliance with the Data Protection regime. In some cases, depending on: how the data is collated; what access the employer has to the data; and how far the employer goes in drilling down into the data, it may be possible to say that the data is anonymised, that no personal data is identifiable and therefore the Data Protection regime will not “bite”.

But care should be taken in this regard as a particular employee or small group of employees may nonetheless be personally identifiable from the data if the employer drills down into the data. For example, if the data shows that a sales team’s levels of happiness have dropped in the last week and four new members of staff joined that team this week.

In the event that an individual is personally identifiable from the data, then the employer will need the employee’s consent to the processing of the data (particularly if it involves sensitive personal data such as health data) and should explain clearly to the employee what personal data is being collected, used and disclosed and the purpose for which and how it will be collected, used and disclosed. In addition, the employer must ensure that the data is held securely and that appropriate training is given to staff who have access to the data. The data should not be used for purposes other than those for which it has been collected and should put appropriate safety measures in place to ensure that this doesn’t happen.

In particular, where employers are using location tracking wearables or devices which record voice data, they should ensure that such devices are disabled or surrendered outside working time, to avoid the unnecessary collection of irrelevant data. For example, such trackers might tell an employer which employees attended a trade union meeting or what was said at the meeting, all of which is sensitive personal data.

It is therefore important to have a clear policy which sets out the job-related reason for the collection of the data and the limits of the use that the employer will make of the data.

Employers avoid some of these issues by hiring third party providers to collect and maintain the data, meaning that the employer only receives the data once it has been amalgamated and anonymised. However, the employer will still have a duty to ensure that the third party is in compliance with its Data Protection obligations.

Breach of trust and confidence/discrimination

Even if employers are able to adopt these technologies, care should be taken over how the data is used. A cautionary tale comes from Google’s people analytics team who devised a formula for making promotion decisions which was shown to be 90% accurate in predicting the future success of the promotion. However, Google does not use the model. It found that when you use predictive models for promotion decisions (for example to decide not to train someone as the model indicates that they would not make a good promotion), basing the decision on an algorhythm rather than on what employees are actually doing, this is a recipe for constructive unfair dismissal and/or discrimination claims. Data should be used to provide insight but it cannot replace human experience and shouldn’t be blindly accepted without challenge.

A failure to do this will lead to the data becoming key in employee litigation, particularly if the data is being used to drive productivity and to justify pay rises, promotions or the termination of employment. Employers should sense-check whether low productivity could be disability-related. In particular, collection of and access to this data may lead to an employee being able to show that the employer ought reasonably to have known that they were suffering from a disability, thereby rendering the employer liable for any resultant discrimination.

Practical considerations

Another key concern for employers deploying wearables is that they challenge the boundary between employees’ work and personal lives in a way that many employees will find unnecessarily intrusive. In particular, wearables which measure how an employee feels on a particular day are likely to be especially controversial. That said, in PWC’s 2015 survey of 2,000 UK working adults, 40% of the 2,000 people interviewed said that they would wear a workplace wearable, rising to 56% if they knew it would be used to improve their wellbeing at work. Flexible working hours, free health screening and health and fitness incentives were the benefits people were most willing to share their personal data for. But 38% of the respondents didn’t trust their employer to use the data in a way which would benefit the employee.  Explaining clearly to the employees how the data will be used is vital to obtaining their “buy-in”.

Furthermore, as the PWC survey has shown, employers should be prepared for generational differences between employees in their reactions to the use of wearables in the workplace. Millennials and Generation Y are increasingly used to sharing their personal data. Many already use wearables in their daily lives, such as the FitBit and some are used to sharing the data from such devices by competing with their friends and family (or others) to see who has completed the greatest numbers of steps each day, for example. The key to acceptance by the wider workforce is to provide reassurance regarding the aggregation of data and the positive ways in which the data will be used, as well as providing assurances about data security.

For these reasons, to date most employers have used the optional route rather than requiring employees to use wearables in the workplace. The risk is that mandatory use would undermine employee morale, having a negative impact on productivity. The key is to be transparent with employees about the use and then let the employees decide whether that proposed use is reasonable or not.

Ironically, there are also indications that the use of wearables in the workplace can make employees more anxious, as they might feel guilty about taking a lunch break or feel that they are being constantly monitored and observed by their employer.

A US defence contractor undertakes retina scanning to provide access for employees to its secure facility. But this raised questions of whether, if the scans showed signs of diabetes, the employee should be notified. Is there a duty on employers to warn the employee in this scenario, or would this be an invasion of privacy. In my view, employers re likely to be under a duty to warn employees.

Finally, the gadgets are easy to “game”. Companies including BP have given staff FitBits to try to nudge staff into healthier lifestyles. Rewards are offered by BP if the employees meet their targets. But the FitBit registers “steps” when jolted, so there are stories of employees watching TV whilst waiving their arm or giving it to their children to waive around, to increase the number of “steps”.

The future?

One can envisage a world in which employees develop “biometric CVs” which capture their productivity data and performance under certain conditions and which can be used when applying for jobs. So if a job requires high performance under particularly stressful conditions, the employee will be able to demonstrate with the data that they have performed well under similar conditions in the past.

FS News and Regulatory Update

To help you keep abreast of recent developments, the Kemp Little FS team have set out below some of the key new and forthcoming regulatory changes relevant to financial services firms.  Please get in touch if you would like to discuss the implications of any of these for your business.

1. New Money Laundering Directive in force from 26 June 2017

The Fourth Money Laundering Directive ( “4MLD”) was published in 2015 and all EU member states had until 26 June 2017 to introduce implementing legislation. Notwithstanding this advance notice, HM Treasury only published the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR2017”) on 22 June 2017, with an implementation date of 26 June 2017.

The MLR2017 introduce a number of new provisions including:

  • Requirements on certain businesses to produce a written assessment of money laundering risk;
  • Requiring firms to establish processes to determine when enhanced/standard/simplified due diligence will be undertaken;
  • New procedures around beneficial ownership;
  • Extending the definition of politically exposed persons (“PEPs”) to include domestic PEPs. Previously PEPs only included individuals entrusted with a ‘prominent public function’ outside the UK; and
  • New criminal sanctions (there are new criminal offences of prejudicing an investigation into a breach of MLR2017, and making false or misleading statements in purported compliance with a requirement imposed under MLR2017.

MLR 2017 will therefore impose greater compliance burdens on regulated entities and their employees. All firms need to thoroughly review their existing systems and controls to ensure that they are compliant, and will need to ensure that all staff are fully trained on the new rules and the importance of ensuring compliance.

For more detailed or specific advice on how best to ensure that your business is compliant with the new regulations, please contact  Chris Boylan.

2. Senior Managers and Certification Regime

The Regulators have recently published a number of papers in relation to the SMCR regime including:

Guidance on the "duty of responsibility" under the SMCR – in force from 3 May 2017

The duty of responsibility imposes a requirement on senior managers to take reasonable steps to avoid regulatory breaches in their business areas.  The FCA’s guidance on the duty of responsibility, as set out in FCA PS17/9, and which will apply from 3 May 2017,  is similar, though not identical, to the guidance on the senior manager conduct rules.  The guidance gives a reasonably concise summary of how the FCA expects senior managers to run their businesses, including dealing with possible breaches in a timely way, overseeing delegated responsibilities properly, and assessing and monitoring their area's governance, operational and risk management arrangements.

A point to highlight is that the FCA will consider whether a senior manager took reasonable steps to ensure an orderly transition when they were replaced in the performance of their function by someone else. The FCA previously applied the obligation to the firm or line manager rather than the mover/leaver themselves, and senior managers may find it difficult to comply if they are leaving their employer in a less than amicable context. However, this risk can be mitigated provided senior managers maintain a detailed governance and management framework as routine good practice, as this can form the basis of any handover document.

The PRA also issued a policy statement on 12 May 2017 dealing with optimisations to the SMCR and SIMR (PS12/17), with revised guidance regarding its expectations on the duty of responsibility.

Extension of Conduct Rules to Non-Executive Directors in Banking and Insurance sectors – in force from 3 July 2017

As set out in FCA PS17/8, with effect from 3 July, the FCA Conduct Rules will apply to standard non-executive directors (NEDs) in banks, building societies, credit unions, and dual regulated firms. This rule chance addresses the lacuna that was created when the regime was first introduced in 2016, and which meant that unlike Senior Managers, Certified Staff and other Conduct Rules staff, Standard NEDS were not obliged to comply with the Conduct Rules. The FCA recognises that it would not be appropriate to hold NEDS to all of the more onerous Senior Manager Conduct Rules, and so standard NEDS are now subject to the five individual Conduct Rules and Senior Manager Conduct Rule 4, which requires individuals to disclose appropriately “any information of which the FCA or PRA would reasonably expect notice”.

Firms therefore need to ensure that their NEDs receive appropriate training on their obligations under the Conduct Rules, and that any breaches of the Conduct Rules by NEDs, resulting in any form of disciplinary action, are captured in the annual report of Conduct Rules breaches, which needs to be made by the end of October 2017.

New rules on whistleblowing in UK branches of foreign banks – in force from 7 September 2017

As set out in FCA PS17/7 of 3 May, from September this year, UK branches of overseas banks will be required to inform their staff about the PRA and FCA whistleblowing services and how to access them.  They will also be required to inform staff that they are legally entitled to approach regulators directly whether or not they have raised a concern internally.

In addition, where a UK branch has a group company in the UK subject to the broader FCA/PRA whistleblowing obligations, the staff of the UK branch must be given access to their whistleblowing channels and told about this.

Affected firms will therefore need to ensure that they review and amend any internal policies, and that they make clear to staff the options available to them for raising concerns.

3. PSD II – in force in January 2018

The second Payment Services Directive (PSDII) is due to be implemented into UK law on 13 January 2018, through the Payment Services Regulations 2017. PSD2 brings into scope two types of activity that are currently not regulated. From January, entities that provide account information services and/or payment initiation services will need to be registered or authorised with the FCA. If an entity provides online services that collect information on their customer’s payment account, such as transaction data, then that entity may be an Account Information Services Provider (“AISP”). Similarly, entities that allow a customer to initiate payments from their bank accounts through them may be Payment Initiation Service Providers (“PISPs”).

The timing here could be tricky, however, and businesses that may fall within the category of AISP or PISP would do well to consider their options sooner rather than later. The FCA has said it will not have applications for AISPs and PISPs available until October 2017, leaving just three short months for such entities to obtain the necessary authorisations – and if they do not manage to do this in time, they will need to cease operating those aspects of their services until they can become authorised. This is further complicated by the absence of definitive finalised guidance on what these applications will need to contain. Businesses that find themselves in this situation should start thinking now about the best way to navigate the situation. We are of course very happy to help – please get in touch if you are considering how best to comply.

  • Page 4 of 25