REG Reviews

REG Reviews – January 2023

3rd January 2023

Welcome To The January Edition of REG Reviews

Last month, the FCA revealed the next steps for FSCS , reports suggest there will be increases in cyber budgets and the the first UK space launch is granted its licenses.

Read these articles and many more, along with our usual updates from REG and the Regtech sector.

Industry News​

REGULATORY

FCA Set Out Next Stage Of Compensation Framework Improvement

Feedback received from the FCA’s call for input on the framework for protection provided through the Financial Services Compensation Scheme (FSCS) was published by the FCA, after concerns were raised about rising costs.

The goal of the FSCS is to provide compensation when claims against certain authorised financial firms cannot meet them, in order to protect consumers.

Following concerns about the rising costs of compensation liabilities falling to the FSCS, which could create barriers to the marketing for new or existing firms, the review was launched into order to prevent this affecting the availability of certain financial services.

Ensuring appropriate levels of customer protection through the compensation service was the main goal of the review, allowing industry costs to be distributed in a fair and sustainable way.

The FCA focused on the importance of reducing cases of mis sold product by failed firms by improving firms’ conduct. The feedback also highlighted the financial resilience of firms, as this may impact the high redress liabilities and their underlying causes.

For the next step of the review, the FCA is planning to look at current compensation limits and assess whether different types of claims have appropriate levels of compensation limits.

The watchdog is also set to address whether class thresholds are at an appropriate level by reviewing funding class thresholds.

Consumer and firm research will also be carried out by the FCA and the FSCS, with the aim of improving the understanding of impact of FSCS protection on consumer decision making, confidence and behaviour, and on firm behaviour and incentives.

Executive Director of Consumer and Competition at the FCA, Sheldon Mills, stated; “We welcome the constructive engagement and feedback which will inform the next phase of this work.”

“We want to make sure the cost to industry for providing vital protection to consumers through the FSCS is distributed in a fair and sustainable way – that the polluter pays. We’re continuing our assertive action to prevent harm from happening in the first place, which should help reduce the levy over time.”

The regulator also is aiming to address the underlying causes of high redress liabilities and tackle problem firms as part of its consumer investments strategy.

The action includes:

  • Being tough at the gateway to prevent firms that could cause harm from entering the market, with one in five firms rejected for authorisation,
  • Placing twice as many restrictions on firms to prevent them from promoting or selling certain products and services,
  • Using emergency powers to prevent financial advice firms, who advised members of the British Steel Pension Scheme, from disposing of assets to avoid paying compensation.

CYBER

Cyber Security Budgets to Increase Over the Next Two Years

Global intelligence and cyber security consultancy S-RM released their latest Cyber Security Insights Report, which revealed that Cyber security budgets are set to increase by only 11% on average over the next 24-36 months.

The report also found that over a quarter of organisations’ IT budget is allocated to cyber security spending. Compared to the 2021 data, there has been on average a 5% year-on-year increase in cyber security budgets.

CEO of S-RM, Heyrick Bond-Gunning, stated; “We’ve seen a lot of market disruption over the past year, but one thing that hasn’t changed is the importance of investing in cyber security to not only protect your business, but also to foster future growth.”

“However, our findings show that, after inflation is taken into account, budgets are set to barely increase in the coming years, and that is a point of worry as cyber threats increase, insurance coverage shrinks and compliance considerations continue to evolve. Decision makers need to be proactive in defending against cyberattacks, or they could find themselves racing to mitigate damage and cost in the future.”

The data revealed that 40% of respondents listed maintaining security against evolving threats as one of the key reasons for budget increases. Other key reasons included responding to changes in regulations and compliance (38%) and increased focus on cyber security at board level (38%).

The report went on assess the budgets of different company sizes, it suggested that smaller companies are more likely to spend 40-60% of their IT budget on cyber security, whereas companies with an annual revenue between $500M and $1bn only are less likely to allocate that percentage. Additionally, only 10% of companies with annual revenues of $1-5bn were found to allocate this proportion to cyber security.

Jamie Smith, Board Director and Head of Cyber Security at S-RM stated; “Cyber security is an issue that exists beyond just board level, and resources must be allocated throughout a business to best defend against malicious intent from threat actors.”

“Cyber security departments cannot achieve the results they need to if budgets don’t afford them the necessary resources. The fact that smaller, agile businesses are dedicating more resource to this area should be a clear sign for larger companies not to let investment get tied up in bureaucracy.”

TECHNOLOGY

Amazon Workers Strike for First Time in UK

Employees at the Amazon warehouse in Coventry have voted to walkout in the new year following the GMB unions announcement of a pay increase of 50p an hour.

With the 63% turnout, 98% of the union members voted in favour of a strike; increasing the number of British workers striking this winter.

Amanda Gearing, GMB Senior Organiser, stated; “The fact that they are being forced to go on strike to win a decent rate of pay from one of the world’s most valuable companies should be a badge of shame for Amazon.”

“Amazon can afford to do better. It’s not too late to avoid strike action; get round the table with GMB to improve the pay and conditions of workers.”

Other walkouts occurring this winter includes railway staff walking out again, alongside nurses and bus and highway workers.

A spokesperson for the tech giant argued that employees were offered “competitive pay.”

“We appreciate the great work our teams do throughout the year, and we’re proud to offer competitive pay which starts at a minimum of between £10.50 and £11.45 per hour, depending on location,” they continued.

“This represents a 29% increase in the minimum hourly wage paid to Amazon employees since 2018.”

“Employees are also offered comprehensive benefits that are worth thousands more-including private medical insurance, life assurance, subsidised meals and an employee discount, to name a few.”

“On top of this, we’re pleased to have announced that full-time, part-time and seasonal frontline employees will receive an additional one-time special payment of up to £500 as an extra thank you.”

Although Amazon is worth $880bn (£723.1bn), making it one of the most valuable companies in the world, it has also revealed plans to lay off 10,000 employees after forecasting weaker growth.

REGULATORY

FCA Collapse in Staff Morale Needs Addressing

Unite is urging that the FCA needs a five-point staff reform as its treatment of staff means it cannot regulate effectively.

The union criticised the FCA, suggesting “firms are not getting value for their fees, and consumers are being failed,” due to extremely low levels of staff morale.

Unite has demanded:

  • Union recognition
  • Improved pay
  • Better performance and grading
  • Transparency and accountability
  • Raised benefits and conditions

They stated; “The Covid crisis showed that the FCA relies on the knowledge, experience, and motivation of its staff to step up in challenging times. However, staff have experienced severe pay cuts, poorer work conditions, and unfair performance reviews.”

“The FCA has seen a turnover of nearly a fifth of all staff in the last year alone and a quarter in the last two years, with many leaving daily. Unite has seen morale collapse and 60% of FCA staff now say they no longer have trust or confidence in leadership.”

“As a result, staff are leaving, FCA performance is declining across the board, firms are not getting value for their fees, and consumers are being failed.”

“The FCA no longer has the people, experience and institutional knowledge needed to regulate in difficult financial times.”

This follows of strikes and challenges from the FCA staff across the last year, the first in May and a second in June.

Unite argued that the FCA has failed to address concerns around pay, terms and conditions and lack of trade union recognition.

CYBER

Fraudulent Funds Transfer Found to be Main Cause of Cyber Loss​

Corvus Insurance has published new data in the Corvus Risk Insights Index, which covers industry trends and analysis of data from numerous sources including the company’s proprietary IT security scanning technology and detailed claims reporting.

The index revealed that 36% of the company’s cyber claims came from Fraudulent Funds Transfer (FFT) in the third quarter, a record high. FFT has also comprised of more than 25% of claims in the past six quarters.

FFT can be defined as employees or vendors into transferring funds to the wrong accounts after experiencing social engineering tactics by threat actors.

Corvus revealed that the increasing amount of FFT attacks may indicate a continued vulnerability to business email compromise (BEC).

Furthermore, the data highlighted that in 2022, FFT and ransomware were the top causes of loss and accounted for more than half the claims.

Jason Rebholz, Chief Information Security Officer at Corvus Insurance, stated; “Global cybercrime is growing more complex by the day, presenting security leaders with new challenges.”

“With the power of security insights and dynamic claims data feeding Corvus’s technologies, we can help our policyholders improve their cybersecurity posture by informing them of emerging threats and best practices.”

He added: “While ransomware continues to be a dominant risk, we are seeing tactics change, including the rise of other forms of extortion as well as funds transfer fraud. The findings from our report serve as a reminder to all security leaders that cybersecurity is fluid and attackers will shift their methods, even revisiting old tactics, so long as they continue to reap financial benefits.”

The average claim at FFT is $90,000, which is less than for ransomware, which has an average of $256,000. Unlike ransomware attacks FFT breaches do not usually gain access to costly data restoration or require system recovery, business interruption or breach response efforts.

Rebholz went on to comment “The rise in FFT incidents is linked to BEC, with FFT making up more than half of all BEC-related claims.”

“BEC can result in an email account takeover, whereby threat actors trick employees into giving up their account credentials and gain access to employees’ inboxes — which is particularly effective for FFT.”

TECHNOLOGY

Virgin Orbit Granted Licenses to be UK’s First Space Launch

Space launches are being planned for Spaceport Cornwall at Cornwall Airport Newquay after Sir Richard Branson’s Virgin Orbit was awarded licenses by the space regulator; the Civil Aviation Authority (CAA).

Virgin Orbit was awarded the licenses within 15 months of evidencing its plans to the CAA. 

The mission, named ‘Start Me Up’, as a tribute to the Rolling Stones, entails the modified Virgin Atlantic Boeing 747 to release the Virgin Orbit’s LauncherOne rocket, 35,000ft over the Atlantic Ocean to the south of Ireland.

The rocket will then take multiple small satellites into orbit with a variety of civil and defence applications, following the plane’s return to the spaceport.

This mission will mark Europe’s first satellites being launched into space.

Dan Hart, Virgin Orbit Chief Executive stated; “Receiving Virgin Orbit’s range and launch licences takes us one step closer to the first satellite launch take-off from UK soil.”

“This is a major milestone for the CAA and represents the successful completion of an enormous effort, which has included the construction of new regulations, new processes and new teams.”

In addition to Spaceport Cornwall, there are seven spaces being developed in Britain. The SaxaVord Spaceport on Unst in Shetland is set to be the location for the first vertical space launch, which is expected to take place in 2023. Last month, the CAA launched a public consultation on the environmental effects of the spaceport.

The other spaceports are located across Scotland and Wales, including: the A’ Mhoine peninsula in Sutherland; Prestwick in South Ayrshire; Campbeltown in Argyll and Bute; and North Uist in the Outer Hebrides and one has been planned at Llanbedr, Gwynedd, in North Wales.

Transport Secretary, Mark Harper, exclaimed; “Today we are one step closer to opening the UK’s galactic gateway, with Virgin Orbit receiving an historic first licence to allow the UK’s first ever spaceflight launch.”

“The planned launch reinforces our position as a leading space nation as we look to the future of spaceflight, which can spur growth and innovation across the sector, as well as creating thousands of jobs and apprenticeships.”

Commercial space launches are estimated to contribute £3.8 billion to the UK economy over the next decade, as suggested by the Government.

REGULATORY

Broker Diversity Push Campaign Backed by Trade Bodies

Trade body leaders from Biba MGAA and Liiba have showed support for the Gender Leadership Gap campaign, that was launched by Insurance Age. The Broker Diversity Push campaign aims to create a benchmark and tackle the existing gap in leadership diversity.

This follows a freedom of information request to the FCA which revealed that women make up only 15.6% of people in six key senior management roles that the FCA approved.

Furthermore, within broking only 8% of CEO roles and 5.4% of chair roles are held by women.

On top of the plan to create a benchmark, the campaign aimed to work together with trade bodies to find a better solution, starting by urging trade bodies to get involved and set timelines.

Biba MGAA and Liiba welcomed the intentions of the Gender Leadership Gap campaign and discussed their dynamics within membership bases and their other diversity and inclusion plans.

Steve White, Biba CEO confirmed; “Our review of Environmental, Social and Governance during 2022 has led us to set down more formally what Biba stands for and guidance that we aim to share in 2023 will contain more help on how firms might improve diversity.”

Moreover, Mike Keating, CEO of MGAA commented; “The MGAA, with the support of our board and our Next Gen Group is now focused on working hand in hand with the membership to identify the best way to support them with their own DEI policies and practices.”

 “A key aspect of this is the sharing of best practice and provision of training, and the MGAA will continue to host targeted market briefings supported by specific training modules for members.”

“We are also presently reviewing the voluntary data we collect from members around DEI as part of ongoing investment in our digital capabilities.”

Liiba CEO, Chris Croft, said; “The Liiba board has made work to support increased diversity in our market a key priority over the last few years. We have developed a comprehensive programme of initiatives – in partnership with the charities STEM Insights; upReach; and Prince’s Trust – to support our members in their endeavours.”

“Liiba supports all efforts to ensure the make-up of our market develops progressively. We pledge to continue our efforts to support our membership in their endeavours.”

CYBER

New Cyber Risk Guide Published by Biba and CFC

Biba and CFC have collaborated to publish a guide on preventing cyber risk to help brokers and small businesses.

The guide covers the threat landscape that targets small businesses and aims to help brokers and SMEs learn how to protect themselves from criminal breaches through cyber insurance.

The guide also contains information and case studies on the application of cyber cover to prevent attacks as this is sometimes misunderstood. It also includes a glossary to help SMEs understand industry jargon.

Biba’s goal to improve brokers and customers’ understanding of the importance of cyber insurance was highlighted by Biba’s technical services manager, Shaune Worrall.

He stated “Biba’s 2022 Manifesto highlighted cyber as one of the most significant and financially disruptive threats to UK businesses and we committed to work on this guidance with CFC. The guide is a helpful tool for insurance brokers to help businesses who might not have had the confidence or seen the need to engage with cyber insurance so far.”

At beginning of this year when the manifesto was released, Biba’s Executive Director, Graeme Trudgill, suggested that they aimed to support, guide practice and provide new publications on cyber to help brokers keep on top of changing risks.

Furthermore, Lindsay Nelson, Head of Cyber Development at CFC, cautioned that cyber was often recognised as the biggest risk facing businesses, and better understanding can help businesses get suitable cyber insurance.

She added; “The threat landscape has changed drastically, and businesses are being targeted because they’re vulnerable, rather than valuable. Cyber insurance has never been more relevant for small businesses in the UK.”