For further information about Regulation click here

Regulation in all its forms was highlighted as a key issue in our client survey.  Here we set out the developments you need to be aware of.

Regulation predictions

Big name IT providers may be the next hit for an ICO enforcement action

The GDPR introduces direct obligations on data processors (the party who processes personal data only on the instructions of the data controller). Although fewer and fewer companies’ operations fall under processor activity, due to the narrow definition applied by the Information Commissioner’s Office (ICO) in the UK and more and more sophisticated uses of data by service providers, the new liability which attaches directly to data processors means that in certain circumstances they can be sued directly by data subjects and fined directly by the ICO for data breaches. With many IT providers having much deeper pockets than their clients, we consider it possible that we will see a big name IT provider at the forefront of an enforcement action very soon.

GDPR: further action for incorrect use of data  

The Information Commissioner’s Office (ICO) has already issued its first enforcement notice under the GDPR concerning a company’s incorrect use of data (Aggregate IQ, a data analytics company closely linked with Cambridge Analytica).  This was not a monetary penalty, but we predict that monetary penalties for non-security GDPR breaches will follow.  In 2019, we have already seen the ICO’s notice of intent to levy significant fines on Marriott Hotels and British Airways for their security breaches.  Our prediction is that the ICO and other regulators across Europe will wish to flex their powers and impose monetary penalties for a full range of GDPR breaches, not just those associated with security.

New NZ privacy framework will just be the start of legislative reform

New Zealand organisations will finally follow the rest of the OECD and brace themselves for notifying and managing data breach losses with its Privacy Commissioner regulator when the long-awaited legislative overhaul to the country’s privacy framework commences on 1 March 2020.  It contains a comprehensive suite of reforms, including modest fines, but more importantly mandatory reporting. Cyber and statutory liability insurance claims notifications and costs will escalate to meet those obligations. Even before the new regime is rolled out, the NZ Government has alluded to the fact that the “right to data portability” and the “right to be forgotten” represent data privacy best practice and could be introduced in an update to the privacy regime in the coming years.


Climate change matters more to directors and officers

Public pressure and shareholder activism highlights the need for early recognition at board level that all firms are vulnerable to risks associated with climate change, whether or not they are operating in an environmental sector.  Management boards are now expected to understand, analyse and manage the financial risks from climate change and integrate this issue into decision-making. Individuals may be held to account if they are unable to demonstrate that risks have been appropriately assessed, mitigated and disclosed. The Prudential Regulation Authority has extended the Senior Managers and Certification Regime (implemented on 9 December 2019) to incorporate climate change reporting obligations and, in the worst cases,  a finding of a regulatory breach might be severe, including criminal prosecution, fines and penalties, and disqualification as a director.  Corporate pressures around climate change have been expected by boards and their insurers for a few years – it’s now a day-to-day reality and scrutiny of investors, auditors and regulators is likely only to increase.

Innovative technology will introduce new ways of working and new enterprise risk

Digital asset and blockchain technologies are two examples where financial institutions (FI) have pushed forward the innovative use of products which involve third party vendors who are not themselves the subject of the same regulatory scrutiny as their FI clients. Without product development by FI underwriters, unexpected gaps in cover will appear where losses occur, whether through disruptive IT system attacks or technology outages, which involve such innovative products in a relatively unregulated environment.  Underwriters will need to consider the extent to which the increased enterprise risk should be accepted under FI products.    

Senior managers must continue their efforts to improve greater diversity in the boardroom

Since the Financial Reporting Council’s 2018 Code introduced the requirement that all FTSE companies report on the gender balance of those in senior management, there has been a strengthened effort to embrace boardroom diversity in the UK. Despite initial fears that companies would adopt a tokenistic or tick-box approach, early evaluation suggests that companies are incorporating diversity inclusion into their strategic planning, recognising that diversity can drive innovation, growth and give a competitive edge.  However, while diversity targets are now being met by many companies, there is still significant room for improvement, with gender pay gap reporting providing further scrutiny. Senior managers need to retain their focus on this issue through continuing monitoring and succession planning.

A US Perspective: Directors’ & officers’ liability related to privacy violations will increase

The past couple of years have seen directors and officers in the Unites States subject to alleged liability in connection with 1) the failure to provide properly for and oversee an information security program or 2) failure to give customers prompt and accurate information in disclosing a breach. With laws in Europe setting the basis for a corporate penalty, the upcoming enactment of the California Consumer Privacy Act in January 2020 may lead to disputes about directors’ and officers’ compliance obligations and those exceptions in response to deletion requests from Californian residents.  


Modernisation of Lloyd’s and London Market will gather pace

The publication by Lloyd’s of Blueprint One – following the unveiling of the Future at Lloyd’s prospectus in May 2019 – underlines the determination of the London insurance market to modernise and to cut the costs of doing business in London. The Blueprint sets out six improved ways of working, underpinned by a heightened focus on digital, data and technology to deliver greater benefits to customers. Phase 1 will be delivered during 2020 and will include early quick wins, including the launch of an electronic risk exchange which could, over time, process as much as 40% of Lloyd’s risks. In addition, Lloyd’s will pilot a solution that automatically triages claims to speed up settlement and introduce simplified onboarding for Lloyd’s coverholders. With electronic placement of business already gathering pace, structure and methodologies of the market will continue to change with brokers in particular having to review their business models.

The Prudential Regulation Authority’s regulatory focus on climate change will gain greater prominence in 2020

Recognising the importance of managing the financial risks from climate change, the Prudential Regulation Authority (PRA) has consulted banks and insurers on climate-related challenges and its detailed expectations on effective governance and risk management will follow. It has established the Climate Financial Risk Forum to develop analytical tools and techniques to inform strategy and regulatory approach.  Recent natural catastrophes have highlighted the need for firms to review whether their modelling accurately represents the changing nature, frequency and severity of climate perils and exposure trends.  The PRA will shortly undertake sample reviews to stress test the adequacy of firms’ exposure management, their risk mitigation strategies and to ensure firms are meeting their climate responsibilities.

An Australian Perspective: Regulators will continue to take on digital platforms over privacy concerns and class actions will follow

At the end of October 2019, the Australian Competition and Consumer Commission (ACCC) announced it is suing Google over misleading consumers about its collection and use of personal location data. This action was widely expected following the publication of the ACCC’s Digital Platforms Inquiry Final Report earlier in the year. This is the ACCC’s first case against a major digital platform. The Australian consumer watchdog’s action reflects similar approaches taken by regulators in other countries, including Germany and the United States. There’s no doubt government regulators worldwide will continue to champion consumers and uphold local privacy laws, with further investigations and antitrust reviews into companies like Apple, Amazon and Facebook already announced. As night follows day, class actions will leverage the regulators’ efforts.


Free and easy to use portal will reduce the need for representation in low value personal injury cases

Backed by a user friendly portal, the simplified damages regime set out in the Civil Liability Act 2018, together with the limited costs environment created by an increase in the small claims track limit, will encourage considerably more claimants to act in person in low value personal injury claims. Some claimants will still seek services from or be farmed to solicitors and claims management companies, although the level of damages available may deter many from giving up a proportion to such firms. The rise of so-called professional McKenzie Friends may also be seen as providing services of limited quality, although the Claims Management Regulator is expected to crack down on such activity, which falls within their regulatory authority.

Objects in the rear view mirror may be closer than they appear

Insurers must be alive to changing behaviours brought about by the implementation of the whiplash reforms. In addition to new entrants, expect old players in the market, who have previously posed a threat, to reinvent themselves with new ways of making money under the new regime. There is already evidence of third parties providing solicitors with IT platforms designed to make running low value soft tissue injury claims viable under the reforms. It is likely that this will be a growth area – and that it will not provide obvious benefits to consumers at either end of the claims chain.

Scottish future loss claims set to overtake England and Wales in value 

Following the reports and recommendations of the Government Actuary, the jurisdictions of Scotland and England and Wales now have significantly different discount rates to be applied in the calculation of future losses, namely -0.75% in the former and -0.25% in the latter. This will result in the most severe injury claims being higher in value for the same injuries in Scotland compared to England and Wales. The opportunity for jurisdiction shopping that some have predicted remains very limited, as the rules as to applicable law remain clear. It is also worth noting that at the time of writing, the discount rate in Northern Ireland remains at the previous level of +2.5%: expect a change when the Northern Ireland Assembly is reinstated.


Accountants: FRC investigations will increasingly move into the boardroom

The Financial Reporting Council (FRC) already regulates finance directors in their role as qualified accountants, but the boards of troubled corporates will not escape the FRC’s censure in 2020 and we may see the FRC testing the limits of  its investigatory powers to compel evidence from plcs themselves. This matters where corporates and directors are embroiled in high-profile corporate collapses with millions or even billions at stake and the real threat of jail time. Where public criticism leads, civil claims follow. 2020 will also see judgment in the FRC v Sports Direct appeal, a decision that casts doubt on the privilege in documents handed to an auditor.

Accountants: 2020 is the year that the ICAEW follows the FRC's lead

The Financial Reporting Council (FRC) is staffing up to pursue more enforcement investigations. In 2020, the Institute of Chartered Accountants in England and Wales, the regulator for the audit of smaller and non-listed corporates, will not be immune from the mood music coming from the FRC.  However, it faces a difficult balancing act – to demonstrate it is not deaf to public calls for changes in audit standards, while aware that heaping further pressure on the profession may be counter-productive as graduates choose different, less regulated, career paths and smaller entities do not require, or want to pay for, a step change in audit approach.

Financial Advisers: The threat of claims from defined benefit transfers will continue to hang over financial advisers

Since the pension freedoms were introduced in 2015 there have been 390,000 defined benefit transfers with a total value £60bn.  The Financial Conduct Authority considers the level of transfers to be too high and is in the process of consulting on banning contingent charging and making other changes to its rules to make such transfers more difficult to recommend in future.  It is also closely scrutinising past transfers, withdrawing permissions, imposing past business reviews and taking enforcement action against a number of advice firms.  The risk of claims is high and financial advisers are finding it increasingly difficult to obtain professional indemnity insurance as a result.  There is also ongoing uncertainty as to the duties of pension providers, especially Self Invested Personal Pension providers, in this context with a number of court decisions pending.

Solicitors: Solicitors’ conduct under scrutiny

The #MeToo campaign has increased the Solicitors Regulation Authority’s (SRA) focus on tackling misconduct and harassment.  Regulatory obligations of integrity and maintaining public trust in the profession are the hook on which such matters can lead to disciplinary investigation.  The well-publicised sexual misconduct case of SRA v Ryan Beckwith resulted in a £35,000 fine and adverse costs of £200,000 despite the absence of a criminal conviction or a finding on the issue of consent. Some commentators have questioned whether the SRA’s approach is proportionate . With a further 25 cases of alleged sexual harassment and misconduct to be heard, the profession faces a difficult 12 months and firms should ensure they have robust procedures in place to deal with such behaviour.


Uncertainty over higher value disputes may spell more property insurance payouts

Insurers may see an increase in the number of payments under property policies following the increase in the Financial Ombudsman Service’s (FOS) jurisdiction and award limit. For acts and omissions which took place after 1 April 2019, the maximum award has more than doubled, to £350,000 (subject to annual adjustment).  Eligibility now also extends beyond micro-enterprises with fewer than ten employees and a turnover or annual balance sheet less than €2 million (£1.72m) to SMEs with a turnover of under £6.5 million and either an annual balance sheet of under £5 million or fewer than 50 employees. A more cautious approach on policy coverage issues may be required given that the FOS ought to consider the law but is not bound to follow it.  Rather, an ombudsman must consider what in their personal opinion is fair and reasonable in all the circumstances. 

Back to top
Legalign Global Logo