In April 2019, the FCA (Financial Conduct Authority) became the new regulator of Claims Management businesses (CMCs). At the same time, the Financial Ombudsman Service became responsible for resolving customer disputes about CMSs. In June 2018, the FCA issued a consultation paper (CP 18/15) which proposed a new Claims Management: Conduct of Business Sourcebook [CMCOB] and to apply relevant parts of the existing FCA Handbook.
This is a complex area of law as it involves matters that touch upon SRA regulation (in respect of ABS and Referral Fee rules), FCA principles, Data Protection and GDPR matters (in particular consent) and also the previous Claims Management Conduct of Authorised Persons rules 2018.
The government are clearly determined to take steps to regulate a sector that has been portrayed by the press as being out of control following the failure of the old Regulator the CMRU to deal with concerns. The new CMCOB will bring in a number of new powers that will no doubt be tested by investigations and precedent tribunal decisions.
The existing rules for CMCs were the Claims Management Regulation Conduct of Authorised Persons Rules 2018, which were superseded by the CMCOB on 17th December 2018 by FCA 2018/56 Claims Management Instrument.
CMCOB 2.1 deals with General Principles, which are traditional rules which include:
- Not making or pursuing fraudulent claims
- Taking reasonable steps to investigate the potential claim
- Not taking payment from customers without strict adherence to the rules.
New obligations have now been imposed on CMCs following the consultation period, which includes CMCOB 2.2 Generating obtaining and passing on leads and recording the source of sales, referrals, leads or data.
For a number of years, the CMRU tried to argue that CMCs had obligations imposed by the due diligence rules to ensure that their data providers were harvesting information in a reputable manner, but the extent of these obligations was often a matter for expert evidence as there was no clear definition of what was required. The CMRU often tried to read across guidance issued by other regulators.
By CMCOB 2.2.3, strict obligations are now imposed, which are clear and onerous. Firms must satisfy themselves that a lead generator has appropriate systems and processes in place to ensure compliance with data protection legislation including procedures around customers’ consent (including acquisition, storage and sharing) of that data and whether there is consent to use it in the firm’s intended marketing.
Firms are reminded that the definition of Consent under the GDPR is now closely controlled and that Consent must be:
- freely given
and can, of course, be revoked or change from time to time.
Firms must also now record the source of sales referrals leads or data, something that was always ‘good practice’ but often difficult to define in practice. Furthermore, by CMCOB 2.3, telephone calls and electronic communications between the firm and a customer made for the purposes of or in connection of a regulated claims management activity carried on by the firm must be recorded and retained, for a minimum of 12 months. Records should also be kept of advice given to customers and all correspondence.
CMCOB 3.2 deals with financial promotions and communications which must be clear and not misleading, known as the ‘fair clear and not misleading’ rule. A number of guiding principles are set out to ensure that the customers clearly understand the services that are being sold. In many cases, the CMRU alleged that CMCs were pretending to be departments of banks or other lending institutions, now it is mandated that the firm has to make it clear that the firm is a claims management company.
New restrictions on ‘no win no fee’ offers, advertising in certain buildings such as medical facilities, the definition of pre-contract information, the offering of objective information in a ‘durable medium’ are also introduced.
A new Fee Cap for payment protection insurance is contained in CMCOB 5.1, which is 20% of the amount recovered. This is a major step towards ‘clipping the wings’ of successful companies who often charge 30% or more when a recovery is made. Firms must also now keep customers informed as to the progress being made on their case, and revised fee estimates offered, dealing with the general complaint made by the CMRU that the firms often did nothing after referring the case to the PPI offender who then did all of the necessary work.
The new rules also introduce measures to flush out the ‘fly by night’ operators who have hitherto occupied much of this space, including CMCOB 7 building in a threshold condition which includes a requirement to have appropriate financial resources, general and specific financial prudency requirements [see CMCOB 7.3], PII indemnity insurance.
The new regime has set out to impose new rules that the CMRU argued was ‘best practice’ but became highly contentious and often resulted in the large fines that were imposed on CMCs being appealed, sometimes with great success. The CMRU always claimed that they were highly successful – see for example the 2017- 18 annual report where Mr Kevin Rousell described a year of positive regulatory action including bearing down on non-compliant direct marketing and joint work with the ICO. He did, however, acknowledge that it ‘had been a very tough gig but also an immensely rewarding one’ and felt that he had left a strong legacy for the FCA to pick up on and build. It is expected that the FCA, being vastly more experienced, will take a more measured approach to regulation and enforcement, perhaps less inclined to ‘shoot first and ask questions later’ in an attempt to grab headlines with stories of multi-million-pound fines.
Many CMCs could not believe that the PPI bonanza would last as long as it did, and were long ago making provision to retire or reshape their businesses. The market has no doubt settled down since the end of PPI, and it is anticipated that the FCA may find their task is easier than that faced by the unfortunate CMRU, as those who remain in the market start to take a more pragmatic approach to compliance.
Jeremy Barnett is a barrister who has represented a number of CMCs and other firms in respect of these issues. He is currently advising an ABS in respect of issues of CMC regulation, Data Protection/GDPR and SRA compliance.
For any advice and assistance for issues like these please do call the clerks below on 01132455866 or email [email protected]