The FCA Consumer Duty: Don’t forget your antitrust or GDPR duties!
July 2023Introduction
Under the Financial Services Act 2021, the Financial Services Authority (FCA) has introduced the Consumer Duty, a comprehensive set of higher standards aimed at enhancing consumer protection in the financial services sector.
Effective from July 31, 2023, the Consumer Duty takes effect for new and existing products or services that are open to sale or renewal. The Duty requires firms to prioritise the best interests of their customers and deliver positive outcomes. For closed products or services, the rules come into force on 31 July 2024.
As regulated firms navigate the implementation of the Consumer Duty, it is essential to understand fair value assessments and concurrently manage potential antitrust and privacy risks, associated with the collection and sharing of price and personal data. Compliance must be holistic – a desire to demonstrate alignment with the FCA’s requirements should not come at the expense of noncompliance in other areas.
This article aims to provide insurers, intermediaries and others in the regulated sector with an overview of the Consumer Duty, explore fair value assessments, and outline strategies for mitigating antitrust risks.
Understanding the Consumer Duty
Commencing on 31 July 2023, the Consumer Duty will mandate financial services firms to act in the best interests of their customers and ensure equitable treatment. Many firms have already been undertaking vast amounts of work
A key focus of the Duty is the evaluation of fair value, requiring firms to assess whether the price paid by consumers for a product or service is reasonable relative to the expected benefits.
To aid firms in meeting the price and value requirements, the FCA has shared valuable observations gleaned from its review of 14 fair value assessment frameworks. These insights serve as guidance for all firms subject to the Consumer Duty.
Assessing Fair Value: Key Considerations
During fair value assessments, regulated firms should consider the following factors:
- Nature and Benefits: Evaluate the nature, quality, and benefits customers can reasonably expect to receive from the product or service. This includes assessing the extent and limitations of coverage for insurance products.
- Price Considerations: Take into account the total price customers will pay, encompassing all applicable fees and charges throughout the lifetime of the customer-firm relationship.
- Additional Factors: Consider aspects such as manufacturing or distribution costs, market rates for comparable products or services, the price and benefit of other products in the portfolio, and any accrued costs or benefits for existing or closed products.
It is important to note that firms possess discretion in selecting additional factors for their value assessments. The term “good practice” provides illustrative examples rather than prescriptive guidelines.
Observations and Areas for Improvement
The FCA’s review has identified areas for improvement in fair value assessment frameworks. These areas include:
- Understanding Fair Value: Firms must possess a thorough comprehension of fair value and its application to their products. Frameworks should not rely solely on high-level or unevidenced arguments concerning inherent fairness. Critical analysis and evidence supporting fair value are crucial.
- Assessing Value: Insurers should assess both the benefits and costs to consumers, encompassing non-financial costs. Consider product bundling, ensuring that the price reflects the value provided by bundled products’ convenience.
- Considering Contextual Factors: Broad contextual factors, such as market prices for similar products and consumer characteristics, can influence fair value. Brokers should avoid exploiting customers’ behavioural biases or vulnerabilities. Indeed, the FCA has expanded its guidance to ensure firms act in a way that protects vulnerable customers.
- Assessing Differential Outcomes: Evaluate differential pricing and outcomes for different groups of consumers, including vulnerable groups. Avoid generalizing outcomes and analyse the full distribution of outcomes to identify and rectify instances of unfair value.
- Data and Governance: Establish data-led monitoring and review processes to deliver improved customer outcomes. Identify remediation processes if a product or service fails to provide fair value. Monitor customer outcomes and take appropriate action to ensure positive customer experiences.
Antitrust Risks: Price Information Sharing
The need to assess fair value may lead to a desire to collect data about whether or not charges are competitive. There is an expectation from the FCA that firms will also consider what fair pricing looks like for different categories of customer, including vulnerable customers.
The FCA has suggested that compliance could be assisted by assessing “the market rates and charges for comparable products or services”. In its assessment of the efforts of fourteen regulated firms to comply with the fair value duty, it also recommended some consideration of margins and cost. To amplify the risk further, the FCA has said in the final lead up to 31 July “firms need to share information and work closely with their commercial partners to make sure they are all delivering good customer outcomes. The FCA has found that some firms need to accelerate this work to implement the Duty on time.”
Against this backdrop, we see a risk that insurers, intermediaries and others in the regulated sector may discuss commercially sensitive information (such as prices, margins, future pricing intentions and margins) between themselves. This may come from good intentions given the advice of the FCA. There may also be a sense of security from knowing that charges and consumer outcomes are in line with those of rival firms. Equally there could be a risk where cost information from insurers passes through intermediaries to other insurers.
However, caution is needed. Both UK and EU Competition Law prohibit the sharing of price information or suggestions regarding future prices, as such behaviour may be considered collusion or anti-competitive.
A cautionary tale comes from the £28.59 million fine issued to RBS by the Competition and Markets Authority (CMA) in 2010. That came after its Professional Practices Coverage Team disclosed generic and specific confidential and commercially sensitive future pricing information to counterparts at Barclays. The disclosures occurred through a number of informal contacts, some at social, client or industry events or through telephone conversations.
To ensure compliance, regulated firms should:
- Have an effective competition compliance policy in place, part of which should be an up to date risk assessment considering these issues.
- Avoid sharing specific price information: Refrain from sharing detailed or specific price information with competitors, as this may raise antitrust concerns.
- Focus on general market trends: Instead of sharing specific prices, discuss general market trends or broad industry observations without disclosing sensitive information.
- Promote transparency within legal boundaries: Foster transparency by providing customers with clear pricing information and explanations while adhering to legal constraints.
- Avoid acting as a conduit passing price information from one insurer to another. This can lead to a situation known as a “hub and spoke” cartel and such arrangements have previously been sanctioned.
- Educate employees on antitrust laws: Train employees on antitrust regulations and emphasise the importance of avoiding discussions or exchanges of sensitive pricing information.
There is certainly nothing wrong with collecting price information from publicly available sources. It is good practice, however, to maintain an audit trail of how data was collected in order to address any subsequent allegation of anti-competitive information sharing.
Recently released guidance on information sharing from the UK CMA may assist firms in understanding when information sharing can be legitimate but in general there are concerns when firms give away disaggregated price information or future pricing intentions. Insurers are no strangers to some of these issues as they already need to share some statistical data about customers in order to combat fraud and price appropriately.
It is important to remember that the FCA is a concurrent regulator (with the CMA) under the Competition Act 1998 and could therefore issue financial penalties for failing to comply with the prohibition on the direct or indirect sharing of price data between competitors. Fines for infringing the CA 98 can be as much as 10% of group, worldwide turnover.
GDPR compliance: be careful with personal data
In seeking to comply with the Consumer Duty, firms must also ensure compliance with data protection rules. In order to comply, it appears to us that firms must consider the outcome for different subsets of the customer base. This raises a plethora of legal issues and we can only set out a snapshot of some of these below.
For example, in the fourteen case studies undertaken, firms considered consumers’ behavioural biases, such as instant gratification or overweighting potential losses, how those may affect the way consumers buy and use products and services and how poor value may result. FG22/5 sets out that firms must not exploit customers’ behavioural biases, lack of knowledge or characteristics of vulnerability.
It appears to us that this will place an onus on firms to collect and process personal data. This will certainly be truer of products sold to individuals rather than corporate customers although firms may need sometimes to use information about the decision makers at business clients. The UK General Data Protection Regulation governs how customer data is collected, stored and processed.
The following are some of the data protection concerns that need to be taken into account:
- How will data be collected about the characteristics of consumers? Who will process this data? Are you collecting proportionate amounts of personal data in order to satisfy the fair value assessment?
- Are you transparent about how you will process the data? Are consumers sufficiently on notice about the collection and processing (perhaps being set out in the company privacy notice or other public facing data policy documents)
- What is the lawful basis for the processing? If for example it is legitimate interests, has the firm carried out a legitimate interest assessment where the interests of legal compliance are balanced against the interests of the individual? The fact that you are pursuing legal compliance may give a good basis but will not justify all and any processing carried out to that end.
- Have you thought about pseudonymising personal data? This would entail de-linking the customer characteristics from the actual identity of customers and would lessen the risk of harm to data subjects.
- Will artificial intelligence systems be used to process the data? If so, the Information Commissioner’s Office (ICO) will generally regard the use of such systems as high risk and the firm must document the benefits from using such systems against the risk? Have you considered the ICO’s guidance on AI systems and the emerging regulation of AI in UK and the EU?
- Are you satisfied data will be held securely? Will it be encrypted? Will data be held on UK servers? Will you outsource any part of the assessment to an external firm? If so, do you have a data processing agreement in place?
- Will any of the fair value assessment be outsourced beyond the UK? If so, have you considered whether oversea data transfers will be lawful?
Penalties for failure to comply with the UK GDPR can be very high. The Information Commissioners Office (ICO) can impose financial penalties of up to the higher of £17.5 million or 4% of the total annual worldwide turnover for serious infringements. Since 2014, the FCA and ICO have had a Memorandum of Understanding in place, laying down a framework for formal relationship between the two regulators.
Conclusion
The assessment of fair value is a crucial aspect of the insurance industry and plays a significant role in ensuring equitable treatment of customers. The Consumer Duty requirements set by the FCA underscore the importance of fair value assessments and aim to safeguard consumers from unfair practices.
Insurers and intermediaries must possess a comprehensive understanding of fair value and its implications for their products and services. By developing robust fair value assessment frameworks, establishing clear roles and responsibilities, considering contextual factors, and continuously improving their processes, insurance brokers can meet regulatory requirements and provide fair value to their customers. This creates work but presents an opportunity. By prioritising fair value, insurance brokers can strengthen their relationships with customers and contribute to a fair and transparent insurance market.
Part of the duty requires firms to ask the question “what is fair value?” which may in turn lead them to survey the market for information about the pricing of comparable products. It is preferable to obtain this information from publicly available sources in order to demonstrate compliance with antitrust laws. The collection and use of personal data will be integral to demonstrating fair value. Firms must ensure they address the expectations of the ICO and the requirements of UK GDPR.
Just as oranges are not the only fruit, the Consumer Duty is not the only legal duty to be discharged by regulated firms. Seeking to comply with one area of the law, the Consumer Duty, will not provide a defence for infringements of other areas of the law, such as the Competition Act 1998 and the UK GDPR. Your approach to legal compliance must be holistic. That is especially so given the FCA’s continued monitoring of implementation of the Duty, its competition enforcement powers and its close cooperation with the ICO and CMA.
If we can assist with any aspect of these issues, please do not hesitate to contact us.
Download PDF