This site uses cookies.

Claims Management Companies, Consent to Marketing & FCA Regulation - Paul Bennett, Aaron & Partners LLP

23/03/18. In early 2019, the Financial Conduct Authority will take over from the Claims Management Regulator in terms of the supervision of Claims Management Companies (CMC’s) authorised under the Compensation Act 2006 in relation to the common areas of personal injury, financial products and services, employment, criminal injuries compensation, industrial injuries and housing disrepair claims.

For existing CMC’s used to the Claims Management Regulator’s (CMR) soft regulation approach, it is likely to prove a shock when the Financial Conduct Authority (FCA) take over regulation. In September 2017, Paul Bennett authored A Practical Guide to Compliance for Personal Injury Firms working with Claims Management Companies through Law Brief Publishing, and this article sets out why the guidance contained in that book becomes essential in light of the General Data Protection Regulations (GDPR) regime which comes into force on 25 May 2018 and will be hugely relevant to Claims Management Companies wanting to apply for registration under the FCA, given that they will not automatically be passported from the CMR.

Is it just the FCA? You wish!

The FCA will be part of a wider body of regulators overseeing elements of the claims management fields. The FCA will take over those areas currently undertaken by the CMR, but they will work in conjunction with linked regulators, and specifically the Information Commissioners Office (ICO) and the Solicitors Regulation Authority (SRA).

The Financial Guidance and Claims Bill currently progressing through Parliament did originally include a ban on cold calling. This was a useless PR stunt to include in a Parliamentary Bill given that in terms of the CMR’s own guidance, the ICO’s own guidance and SRA’s own guidance all already prohibited this. The fact is that cold calling was still being regularly alleged. An amendment to the Bill was therefore made and has been explained by the Minister responsible, Mr John Glenn MP, as revising matters as follows:

“The Government’s clause on cold calling in relation to Claims Management Services will ensure that any call, whether that be a call from an organisation, an individual, or a lead generator, made for the purposes of direct marketing in relation to Claims Management Services is an unlawful call. This is unless the receiver has explicitly consented to that call being made to them. The clause applies to anyone calling to market Claims Management Services, not just those firms providing Claims Management Services regulated by the FCA.”[Emphasis added by underlining]

The Government’s approach is to focus not just on those who are authorised under the claims management regime, but anybody seeking to operate outside of the regime being simultaneously at risk of breaching the Bill when it is enacted and becomes an Act. The recalibration from a strict ban on cold calling to a ban which requires explicit consent to that call being made is an intelligent one in that it addresses the fundamental issue which comes up time and time again during investigations by the ICO and the CMR, whereby the organisation making the direct marketing calls claims that they have consent, and in relation to SRA investigations, the law firm claims that their CMCs hold consent and can produce the their interpretation of the same. The Government’s proposals place the emphasis on each organisation, whether that be the law firm engaging the CMC, the CMC itself, and/or the CMC’s data supplier, to be able to demonstrate that they had explicit consent for the Claims Management marketing of services to that individual. It creates a strict liability criteria which both the FCA and the SRA will be able to address through their authorisation and withdrawal of authorisation processes. It also gives the ICO the opportunity to bring a criminal prosecution. It is far more powerful than the current unsatisfactory regime in place under the CMR or a ban on cold calling when the definition of cold calling depends on whether or not the calling organisation held suitable consent.

What is Consent?

The General Data Protection Regulation (GDPR) regime does not directly impact on direct marketing, which remains governed for the time being, and even after GDPR comes into force, by the Privacy & Electronic Communication Regulations (EU Regulations 2003) (PECR) which will continue alongside the GDPR regime when it comes into force on 25 May. However, the Government’s approach suggests that the lessons of the ICO regarding the issue of consent are being transposed into the Bill separately passing through the House of Commons in relation to financial guidance and claims and transferring claims management regulation into the hands of the FCA.

Under GDPR Article 4 (11) consent is defined as follows:

“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

The emphasis now is on a freely given, specific and informed indication of consent which is unambiguous. In relation to claims management activities, that is likely to be a request to receive claims management direct marketing and which has not been obtained by any ambiguous nature, such as a survey or partial consent given which is deeply buried in, for example, a website terms and conditions when consenting to something else.

This higher level of consent is reflected in the Government’s thinking in Mr Glenn’s letter which reads as follows:

“To be valid, consent must be knowingly and freely given, clear and specific. Organisations should keep clear records of what an individual has consented to, and when, and how this consent was obtained, so that they can demonstrate compliance in the event of a compliant. There is no fixed time afterwards which consent automatically expires, but consent does not remain valid forever.”

The emphasis on consent for claims management activities is similar, but not identical, to the GDPR guidance. The emphasis, however, will be on the maintaining of individual records, and my view is CMCs and law firms who want to carry on using direct marketing after the CMR regime ceases will need to, over the coming months, be demonstrating that they can already achieve this standard on each and every case passing between them.

In practical terms, a CMC looking to apply for registration with the FCA should be ensuring that they have a valid and specific consent now, as when they apply for registration with the FCA ahead of the CMRs discontinuance, they will need to be in a position to demonstrate they are already committed to operating in a lawful manner.

How should CMC’s and law firms prepare for the FCA?

My book, A Practical Guide to Compliance for Personal Injury Firms Working with Claims Management Companies, contains an overview of the current regime, but also is designed to ensure that firms working through the series of Checklists therein are starting to prepare for the new regime. It contains a number of practical checklists which CMCs should be using already in order to evidence their compliance with the current regime, and if they are compliant with the current regime, the enhanced consent when also recorded and retained should be sufficient to enable them to secure FCA regulation.

It is worth emphasising that there will be no passporting across, and each and every existing CMC, including the huge players within the market, will need to secure authorisation, and this is intended by the Government to be disruptive to CMCs and to make sure that CMCs are always able to demonstrate, through evidence, their compliance with the legal regime.

Any CMC or law firm working with CMCs moving forward should be taking external advice to assess what they have and to prepare for the new regime. Please contact me if you want to discuss bespoke advice for you and your business.

As a starting point, I would encourage you to buy the existing book , and to make sure that you have got access to the Checklists within that, prior to any consultation with any advisor, be it me, or indeed, anybody else who has expertise in the sector, although I accept that is a limited pool of people.

Paul Bennett
Aaron & Partners LLP
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Direct Dial: 01743 453685
https://www.aaronandpartners.com

Image ©iStockphoto.com/