Welcome to the new look Para-Sols website; refreshed brand, sexy new Resources area and an overall new feel.

Why the change?

Well we thought it was time to celebrate our growth and the fact that Para-Sols isn’t just my baby any more, it’s many others too. It’s grown up, become independent of me, taken on its own life force. And I’m incredibly proud of it. And of the team who have built it to what it is, and will continue nurturing the business, our brilliant clients, and the amazing culture we’ve created.

It has been just over 8 years since I started Para-Sols; 8 years which have gone by in the blink of an eye. We’ve seen many changes, and celebrated many highs during that time (you can see these on the Story tab) and recently the pace of change has accelerated.

The Grad Scheme, the new offices and the new sister company Apricity (that is on its way) have all combined to take Para-Sols into the next phase of its life. It has its own training framework, in-house pub, leadership programme and 3 office dogs. Which means it’s not a little start up any more. It’s a proper bona fide company. With an incredibly exciting future.

So we’re hoping our brand refresh reflects this and sets us up for the next phase of growth. I’m unbelievably proud of the team. Unbelievably proud of how far the company has come. And extremely grateful to our clients for letting us be part of their journey.

There are many, many things on the horizon (because I’m a fidgety so-and-so and can’t sit still / give my team peace for 5 minutes) which I’m looking forward to sharing with you all.

Enjoy the new site, feel free to give us feedback.. I’m off to raise a little toast to it in The Tunstall Arms.

Cheers!
Cathi

Firstly, anyone else sing the Flo Rida GDFR song when they read GDPR? Nope? Just me then. Anyway. Let’s have a look at this, and what it is all about…

Firstly the good news, it’s not as complex as MiFid II (hurrah) which you can read about here. The bad news? Both GDPR and MiFid II are EU directives, and are likely to only be the start of many such pieces of legislation, as clarity and transparency across all markets is aimed for. Brexit will have no impact on this. So there may be more to come.

For now; General Data Protection Regulation. Let’s start with our facts:

  • Will come into force on 25th May 2018
  • Builds on current data protection laws, with a focus on the modern digital world. Current data protection laws were formulated in 1995 – around the time dinosaurs roamed the earth I believe.
  • It is not just a financial adviser thing; it is being enforced across all businesses.
  • There are eye watering fines potentially applicable for those who flout the laws. However, these will be rare and the ICO has stated it prefers “the carrot to the stick”.

The data protection around client data is split into:

  • how it is acquired
  • how it is shared
  • how it is stored

In the modern digital world, with more and more means of communication available, simply locking away documents in a fire proof filing cabinet is no longer sufficient. Luckily, things like document management software from FilecenterDMS.com exists, which makes storing documents much easier and safer. If you’re constantly struggling to find documents in your office, it might be worth looking into it. If you already take your data protection requirements seriously, there shouldn’t be a huge change in what you are already doing.

So, what are the issues for you?

Firstly you need to be mindful of the above; how you obtain information, how you store it and how you share it (with clients, providers and any other third parties). If you were to be subjected to a cyber attack, what processes do you have in place to:

  1. know it even happened (they can be sneaky little beggars) and
  2. inform the appropriate people (probably clients; definitely the ICO and the FCA, whom you must inform within 72 hours).

If you’re wondering who would bother to cyber attack your business, you should consider that nearly 7 in 10 large businesses identified a breach or attack in the last year, with the average cost incurred being £20,000! Small business can struggle harder to recover from attacks, with one in five taking a day or more to recover from their most disruptive breach. These attacks do happen, a lot, and they do cost firms, a lot!

So complying with GDPR just makes good sense for you as a business owner. Your business should always run a third party risk management program, to cover your business as well as yourself.

What can I do to protect my firm and clients?

Firstly identify all sources of Personal Identifying Information (PII), how it comes into your firm, where it is then stored and what happens afterwards. With that journey mapped out, you can look at how that data can be protected at each step of the way (using passwords, encryption, locked cabinets, whatever it may be).

No matter how careful you are, you are still at risk (if the NHS can be hacked, so can you!) so the key is that you know when it has happened. This may sound obvious but recent government research shows it takes a UK firm, on average, 400 days to know they’ve had a breach. 400 days! There typically aren’t any flashing lights going off when it happens. Nor do the hackers email to let you know it has occurred (though that would be pretty helpful of them).

So whether it is building in some sort of alert, or having a regular manual check for data breaches, or having daily spyware programmes running; you need to have some way of knowing if a breach has happened.

Less junk in your trunk

Currently a client would opt in to receive communication from you. All good. However, under GDPR they then need to select again that they are happy to receive it, after a confirmation email has been sent to them. A double opt in if you will. If you use something like MailChimp or CampaignMonitor, these will no doubt be updated to do this for you (but check with them first). If you do it manually, it means twice as many emails. Basically not unsubscribing isn’t the same as subscribing, and implied consent will be removed. Great for those of us who are bombarded with junk from every Tom, Dick and Harry who has ever glanced at our email address. But could be tricky if you’re the Tom, Dick or Harry.

Anything else?

Data subjects (clients for the most part) will now have the right to obtain confirmation from you of what personal data is held on them, how it is being processed, where and for what purpose. Having clear processes in place will make any such requests simple and easy to deal with.

Another important one is the right to be forgotten; a client can ask to be removed from all databases, which would include server back ups and cloud facilities. These could occur when contacting old clients who have not been serviced regularly or when taking over client banks. Again, a watertight process to ensure people can be removed, if they request it, is vital.

Ultimately, the potential downside (huge fines for you, security breaches for your clients) are massive. But, the requirements to avoid this are not necessarily onerous. And given how much change has occurred in the last 22 years, I think it’s fair to say this review is pretty overdue.

What is it? Does it affect me? What can I do?

It seems to me that MiFid II and the information around it are unnecessarily complicated. While updating myself on the legislation and impact, I’ve read many articles and thought pieces, taken part in webinars and looked at surveys on the subject and it feels like they’re trying to make it unfathomable?

“The top 4 things to do ahead of MiFid II”, “have you addressed these 5 areas of MiFid?”; “8 things firms should be aware of in relation to MiFid II”… and none of the items on any of those lists appear on other lists! It just seems endless and there is very little consistency around the information out there.

The problem appears to me to be because the MiFid II rules are so wide reaching, with rules for providers, rules for ‘exempt’ advisers (not so exempt then), rules for investment managers, for advisers who manage client money, and rules that apply to all of the above.

I’ve tried to cut through some of the noise and see if there are any areas that could potentially trip advisers up, and, if so, what can be done to get ahead of them. First some facts:

  • MiFid II rules come into effect from 3rd January 2018
  • The entire point of MiFid II is investor protection. Yes some rules are onerous, but they all have this one theme in common.
  • If you wanted to vary your permissions with the FCA in light of the new MiFid II categorisations you needed to have done so by 3rd July 2017.
  • The impact on you and your firm will vary greatly, depending on whether you are considered ‘article 3 exempt’.

What the chuff is article 3 exempt?

Ask yourself these questions:

  1. Do you hold client money or assets?
  2. Do you execute deals for your clients or provide discretionary management services?
  3. Do you deal with any ‘non mainstream’ products, or any that are unregulated or unauthorised?

If you answered no to all of these, you are likely to be considered an “exempt investment” firm, under article 3.

This does not mean that MiFid II does not impact on you. But it does mean the impact may be less. However, the FCA must apply rules that are “at least analogous” to the relevant MiFid II rules, meaning that, as an FCA authorised firm, much of it will be applied to you anyway.

One thing to bear in mind, as noted above, the aim of MiFid II is investor protection, so following the rules, even if you are “exempt” will only be a good thing for your clients, and can only be considered good practice.

What do I need to be aware of?

There are many parts of MiFid II that you need to be aware of, but that you can do nothing about. Helpful huh?! In particular, this is being aware of the MiFid II rules that affect the providers. You can’t change what they do, but you can understand what they should be doing, and speaking to them to ensure they are ready for the incoming rules.

A good webinar on this is the one 7IM did recently which you can watch here. This looks at MiFid II from the provider point of view, the extra steps they will be taking, and also touches on the adviser requirements.

Things that you should be aware of that you can actually do something about are:

  • Transaction reporting – For the most part, the providers you work with will deal with this. However, in order for them to do this, they need identifying data on each of your clients. For personal clients, this is just their National Insurance number, which they probably already have. For others, e.g. ex pats, trusts, corporates and charities, they need an LEI.[1]
  • You as a firm may also need an LEI; they can take 3 months to obtain and cost £115 + VAT to set up and £80 + VAT annual maintenance. This is pending clarification from the FCA, and will likely only be the case if you use a DFM. If so, check their position with them and, if necessary, get your application for an LEI in. For information on VAT payments head over to informational resources overviewing vat information for payments.
  • Client reporting – reports back to the client are now to be issued quarterly, instead of 6 monthly from providers. This is to increase transparency and ensure clients are updated with their portfolio.
  • A more controversial aspect to client reporting is the need for “managed portfolios” (understood to be DFMs, not adviser managed portfolios) to contact a client if there is a loss of 10% or more, in between the quarter reports.
  • Wonderfully another document, EMT (European MiFid Template) is to be provided from 2019, in additional to KIIDs, factsheets etc. This will have a mandated format to follow to document costs and charges, in yet another attempt to make them clear for clients. It will be interesting to see how this one pans out. I suspect having 3 or 4 or 5 different documents to clearly show charges is, um, not that clear.
  • Risk profiling – MiFid II states that advisers need to ensure the risk profiling tool they use is ‘fit for purpose’ and that limitations must be identified and actively mitigated. This is something you can, and should, be doing now. Rory Percival recently released a report that can assist with this.
  • Inducements – I’d like to say that everyone knows the rules on this by now and that there shouldn’t be anything new with it. However, a recent kerfuffle over a certain platform offering certain benefits if a certain amount of business was placed with them would suggest otherwise. The MiFid rules aim to ensure conflicts of interest are managed properly. Any ‘hospitality’, or event MUST show a clear benefit to the client. This is usually through some sort of education piece. Use your judgement on these and whether your provider, and therefore you, are at risk of breaching the rules.
  • Telephone recording – you probably already saw that there was a backtrack on the original rules. You do not have to record every call. But you do need to keep thorough written notes of calls and meetings and anything that may result in business being transacted.
  • Complaints – your existing complaints procedure now needs to be supersized. Existing rules will apply but be extended to professional clients (not just retail) as well as potential clients. There is a clear requirement under MiFid II to establish a complaints management policy. Your compliance provider should be able to help with this.

So there we go. That’s a summary of some of the main points. As with most things in legislation (and finance), the intention is noble, the delivery could maybe be improved. It should be pretty manageable for adviser firms and, um, good luck to the fund managers and DFMs!

Feel free to download our MiFid checklist (in our Resources section) to help you get through all that pesky red tape here

[1] Legal Entity Identification code. If they don’t already have them, they can be obtained from Unavista. There is a cost to obtaining LEIs, both upfront and maintaining annually. Providers will ask for LEI’s on new applications for any client that comes under this classification, and will not set a plan up without them.

A summary of the considerations discussed in our defined benefit video series.

A video talking through some compliance considerations when reviewing defined benefit pensions. (video 3 of 3)

A video talking through some technical considerations when reviewing defined benefit pensions. (video 2 of 3)

A video talking through some practical considerations when reviewing defined benefit pensions. (video 1 of 3)

Read about the growth of outsourcing across all sectors, including the benefits and myths of doing so.

A template to gather everything you need on an occupational case.