7 - Core Regulatory Principles & Rules – UK Financial-Services Vocabulary

110 vocabulary flashcards summarising key terms, bodies, documents and processes from the lecture on UK financial-services regulation, authorisation, SM&CR, AML, data protection, complaints and compensation schemes.

Authorised Professional Firm (APF)

A solicitors’, accountants’ or similar practice that holds direct FCA authorisation to carry on regulated activities in addition to its core professional work.

Capital Adequacy Rules

FCA/PRA requirements that a firm holds sufficient capital to cover the risks it runs and continue to meet Threshold Conditions.

Certified Function

A role that can have a significant impact on customers or the firm and must be assessed as ‘fit and proper’ annually by the firm, not pre-approved by the FCA.

Compliance Officer (SMF16)

The senior manager responsible for a firm’s compliance function and for reporting to the governing body.

Conduct Rules (COCON)

High-level behavioural standards that apply directly to most staff in an SM&CR firm, with additional rules for Senior Managers.

Customer Due Diligence (CDD)

Process of identifying and verifying customers (and beneficial owners) and understanding the purpose and nature of the business relationship.

Data Protection Principles

Seven UK GDPR principles governing lawful, fair and secure processing of personal data.

Designated Professional Body (DPB)

A professional body (e.g., Law Society, ICAEW) named by Treasury that can regulate incidental investment business of its members.

Exempt Professional Firm (EPF)

A member of a DPB that relies on the DPB regime and is exempt from direct FCA authorisation for incidental regulated activities.

Financial Services Compensation Scheme (FSCS)

The UK’s statutory ‘last-resort’ compensation fund for customers of authorised firms in default.

Grandfathering (authorisation)

Automatic carry-over of firms’ pre-FSMA permissions into the new regime; does not apply to newly regulated activities such as mortgage lending.

Money Laundering Reporting Officer (MLRO – SMF17)

The senior manager who receives internal suspicious activity reports and decides whether to file them with the NCA.

Prescribed Responsibilities

Specific matters (e.g., SM&CR, COCON training) that must be allocated to named Senior Managers.

Recognised Professional Body (RPB)

A body recognised under previous legislation whose authorised firms were automatically re-authorised under FSMA.

Record-Keeping (regulatory)

Mandatory retention of specified documents (e.g., five years for life policies, indefinitely for pension transfers) to evidence compliance.

Regulated Activities Order (RAO)

Statutory instrument that defines what constitutes ‘regulated activities’ and ‘specified investments’ under FSMA.

Reporting Requirements (FCA)

Regular electronic returns (via RegData) covering capital, complaints, CASS, shareholdings, etc., enabling supervisory monitoring.

Scope of Permission Notice

Formal document issued on authorisation setting out the activities a firm may carry on and any limitations.

Senior Managers & Certification Regime (SM&CR)

Post-2016 framework that increases individual accountability through the Senior Managers Regime, Certification Regime and Conduct Rules.

Senior Management Functions (SMFs)

Key roles (e.g., SMF1 Chief Executive, SMF3 Executive Director) that require FCA/PRA pre-approval.

Statement of Responsibilities (SoR)

A concise, self-contained document setting out each Senior Manager’s individual and prescribed responsibilities; must be kept up to date.

Statutory Time-Limit Test (FOS)

Rule that complaints must reach FOS within 6 months of a final response, 6 years of the event, or 3 years of awareness.

Suspicious Activity Reporting (SAR – AML)

Process whereby a firm reports knowledge or suspicion of money laundering/terrorist financing to the NCA via the MLRO.

General Prohibition (s.19 FSMA)

Offence to carry on a regulated activity in the UK unless authorised or exempt; breach can lead to up to 2 years’ imprisonment.

Part 4A Permission

Formal authorisation granted by FCA/PRA allowing a firm to undertake specific regulated activities.

Threshold Conditions

Minimum standards (e.g., location, resources, suitability) a firm must meet—and continue to meet—for authorisation.

Upper Tribunal (Tax & Chancery)

Independent body to which firms can appeal if refused authorisation or subject to certain FCA/PRA decisions.

“By Way of Business” Test

Assessment of whether an activity is carried on as part of business, helping decide if authorisation is required.

Exclusion (RAO)

Provision that converts an otherwise regulated activity into an unregulated one, removing the need for authorisation.

Appointed Representative (AR)

An unauthorised firm that conducts limited regulated activities under a contract with—and for which responsibility is accepted by—a principal firm.

Principal Firm

Authorised firm that takes regulatory responsibility for its appointed representatives’ activities.

Tied Agent

EU term equivalent to an appointed representative of a MiFID investment firm.

Limited Scope Firm (SM&CR)

Small, low-risk solo-regulated firm subject to a lighter version of SM&CR.

Core Firm (SM&CR)

Default category for solo-regulated firms that do not meet Limited Scope or Enhanced criteria; subject to baseline SM&CR requirements.

Enhanced Firm (SM&CR)

Large, complex or high-risk firm subject to extra SMFs, prescribed responsibilities, responsibility maps and handover rules.

Overall Responsibility Requirement

Enhanced-firm obligation ensuring a Senior Manager has overall responsibility for every business area.

Responsibilities Map

Document (for Enhanced firms) showing how responsibilities, reporting lines and governance fit together across the organisation.

Duty of Responsibility

Rule allowing FCA to sanction a Senior Manager who did not take reasonable steps to prevent a breach in their area.

Certification Regime

Requirement for firms to certify annually that employees in specified roles (e.g., advisers) are fit and proper.

Directory Persons

Individuals in SMF or Certified roles whose details are published in the public FCA Directory.

Fit and Proper Test

Assessment of honesty, integrity, competence and financial soundness applied to SMFs and Certified staff.

Conduct Rule – Tier 1

Five basic rules (e.g., act with integrity, due care) applying to nearly all staff.

Conduct Rule – Tier 2

Additional four rules applying only to Senior Managers, focusing on delegation, information, and regulatory cooperation.

Significant Influence Function

Pre-SM&CR Approved Persons role involving influence over a firm’s affairs; replaced by SMFs in SM&CR firms.

Customer-Dealing Function (CF30)

Approved Persons role for giving investment advice/dealing; replaced by certification in SM&CR firms.

Persistency Statistics

FCA data on the proportion of insurance/pension policies remaining in force, used as a quality-of-advice indicator.

RegData System

FCA online platform through which firms submit regulatory returns and notifications.

Training & Competence (T&C) Rules

COBS/TC requirements ensuring staff are competent, supervised and appropriately qualified.

Structured CPD

Planned learning with clear outcomes (e.g., seminars, webinars) counting toward the 35-hour annual CPD requirement.

Unstructured CPD

Informal learning (e.g., reading industry articles) that supports professional development but is less formalised.

Appropriate Examination

A qualification listed in TC Appendix 4 that meets threshold standards for advising or supervising specific activities.

Placement (AML stage)

First money-laundering phase where illicit cash is introduced into the financial system.

Layering (AML stage)

Complex series of transactions used to obscure the origin of criminal funds.

Integration (AML stage)

Final laundering phase where cleaned funds appear as legitimate assets or business income.

Proceeds of Crime Act 2002 (POCA)

Primary UK statute creating money-laundering offences and disclosure obligations.

Joint Money Laundering Steering Group (JMLSG)

Industry body that issues FCA-endorsed guidance on complying with Money Laundering Regulations.

Money Laundering Regulations 2017

UK regulations requiring a risk-based approach, CDD, record-keeping and MLRO appointment; amended by 5MLD in 2020.

Politically Exposed Person (PEP)

High-profile individual requiring enhanced due-diligence measures due to corruption risk.

Simplified Due Diligence (SDD)

Reduced CDD allowed where the business relationship presents a low money-laundering risk.

Enhanced Due Diligence (EDD)

Additional identity checks required for higher-risk situations, such as non-face-to-face clients or PEPs.

Ongoing Monitoring (AML)

Continuous review of transactions and client information to ensure it remains consistent with risk profile.

Electronic Identity Verification (EIDV)

Use of reliable electronic databases to confirm a customer’s identity and flag inconsistencies.

National Crime Agency (NCA)

UK agency that receives Suspicious Activity Reports and tackles serious organised crime, including money laundering.

Financial Action Task Force (FATF)

Global inter-governmental body that sets international standards to combat money laundering and terrorist financing.

Suspicious Activity Report (SAR)

Formal report submitted to the NCA when money-laundering suspicion arises.

Financial Sanctions List

HM Treasury’s register of sanctioned individuals and entities with whom UK firms must not conduct business.

Assets Recovery Agency (ARA)

Body (functions now within NCA) empowered to confiscate criminal assets under POCA civil-recovery provisions.

UK GDPR

UK version of the General Data Protection Regulation, governing personal-data processing after Brexit.

Data Protection Act 2018

UK statute that supplements UK GDPR and provides specific national derogations.

Personal Data

Any information relating to an identified or identifiable living individual.

Special Category Data

Sensitive personal data such as health, biometrics or political opinions, subject to extra safeguards.

Lawfulness, Fairness & Transparency Principle

Data must be processed lawfully, fairly and in an open manner, often via a clear privacy notice.

Purpose Limitation Principle

Data collected for specified purposes must not be further processed incompatibly with those purposes.

Data Minimisation Principle

Only the personal data needed for the stated purpose should be processed.

Accuracy Principle

Personal data must be accurate and, where necessary, kept up to date.

Storage Limitation Principle

Data should be kept no longer than necessary for the purposes for which it is processed.

Integrity & Confidentiality Principle

Organisations must secure data against unauthorised or unlawful processing and accidental loss.

Accountability Principle

Controllers are responsible for, and must be able to demonstrate, compliance with all data-protection principles.

Lawful Basis – Consent

Freely given, specific, informed and unambiguous agreement by the data subject to the processing.

Lawful Basis – Contract

Processing necessary to perform a contract with the individual or take steps at their request.

Lawful Basis – Legal Obligation

Processing required to comply with a statutory duty (excluding contractual duties).

Lawful Basis – Vital Interests

Processing necessary to protect someone’s life; used rarely in financial services.

Lawful Basis – Public Task

Processing necessary to perform a task in the public interest or official authority.

Lawful Basis – Legitimate Interests

Processing necessary for the controller’s or a third party’s legitimate interests unless overridden by the individual’s rights.

Subject Access Request (Data)

Individual’s right to obtain a copy of their personal data from a controller within one month.

Right to Erasure

Data subject’s qualified right to have personal data deleted (‘right to be forgotten’).

Right to Data Portability

Ability to receive and transfer personal data in a structured, machine-readable format.

Right to Object

Right to stop processing in certain circumstances, with an absolute right regarding direct marketing.

Automated Decision-Making Right

Right not to be subject to purely automated decisions that significantly affect them without human review.

Data Protection Impact Assessment (DPIA)

Risk assessment required where processing is likely to result in high risk to individuals’ rights and freedoms.

Information Commissioner’s Office (ICO)

UK data protection regulator with power to fine up to £17.5 m or 4 % of global turnover.

Privacy Notice

Document explaining how an organisation collects, uses, and protects personal data, fulfilling transparency duties.

Financial Ombudsman Service (FOS)

Independent body that resolves disputes between financial firms and eligible complainants free of charge.

Eligible Complainant

Consumer, micro-enterprise, small business, charity (<£6.5 m income), trust (<£5 m assets) or guarantor that can use FOS.

Summary Resolution Communication

Brief letter/email confirming a complaint resolved within 3 business days and explaining FOS rights.

Final Response (Complaints)

Firm’s written decision on a complaint, including right to refer to FOS within 6 months.

Complaint Time Limits (FOS)

Referral must be within 6 months of final response, 6 years of event, or 3 years of knowledge.

Case Fee (FOS)

Per-case charge levied on the firm complained about; general levy funds remaining FOS costs.

Protected Deposit

Money held at a UK branch of an authorised firm covered by FSCS up to £85,000 per person.

Temporary High Balance Protection

FSCS cover up to £1 m for 6 months for certain exceptional events (e.g., house sale proceeds).