Amending the definition of financial advice: one door opens, the advice gap closes?

This change to the definition of what constitutes ‘regulated advice’ presents a potentially huge opportunity for FCA regulated firms and their retail clients.

What is changing? At a glance

From 3 January 2018:

For FCA regulated firms, the UK definition of advising on investments is going to be narrowed and bought into line with the definition found in the Markets in Financial Instruments Directive (“MiFID”). For these firms, only providing ‘personal recommendations’ will constitute regulated advice.

For unregulated firms, the definition of advising on investments will remain unchanged. This aims to ensure that unregulated firms won’t be able to move in and occupy the space left behind as a result of the change, with the FCA potentially powerless to take action against them.

What could this mean?

This could result in a huge change in the way that regulated firms provide information, content and services to retail clients.

In particular, those firms that previously restricted the content of the information they provided to retail clients (so as to not be accused of providing advice) may now be able to go much further in terms of providing guidance, risk information and opinion, potentially resulting in retail clients being able to make more informed decisions and a closing of the ‘advice gap’.

Let’s go through the changes in a little more detail.

Where has this come from?

In August 2015, the FCA and HM Treasury launched the Financial Advice Market Review. FAMR was setup to look at whether financial advice was working effectively for consumers.

Just to cast your minds back, this review began in the context of changes to pension freedoms and some three years after the initial introduction of the Retail Distribution Review (“RDR”), which fundamentally changed the way regulated financial advisers were remunerated and how they could recommend investment products, in order to combat poor sales practices.

These changes resulted in an overall reduction in the number of retail investors seeking the services of a regulated financial adviser as a result of it becoming less economical to do so.

This created the ‘advice gap’ and the FAMR aimed to look at how this gap could be closed.

What causes the advice gap and why is this a problem?

In addition to issues around adviser fees, the advice gap is exacerbated by two main regulatory issues.

The first thing to be aware of is that the current UK definition of advising on investments found in Article 53 of the RAO is very broad.

I won’t reproduce the full definition here but, in a nutshell, advising an investor (or potential investor) on the merits of buying or selling an investment constitutes advising on investments.

In its perimeter guidance manual and in further guidance issued in January 2015, the FCA states that the inclusion of ‘an element of opinion or judgement’ on the part of the adviser, including an opinion on the pros and cons of whether to buy or sell an investment, results in a line being crossed between ‘information’ and ‘advice’.

Once this line is crossed, the firm in question would be undertaking the regulated activity of advising on investments and therefore require the appropriate permission from the regulator.

We can contrast this definition of regulated advice with that of the Markets in Financial Instruments Directive (“MiFID”).

At a high level, advice only becomes regulated under MiFID where there is a ‘personal recommendation’ – i.e. the recommendation is made or based on the investor’s circumstances and must be presented as suitable for that person. This is much more akin to what a traditional financial adviser does – they take their client’s specific circumstances into account and provide advice tailored to their client’s needs, attitude to risk and time horizon, among other considerations.

It is this focus on the investor’s circumstances, rather than on the general merits of buying and selling an investment, which results in the MiFID definition being much narrower.


The second thing to be aware of is that if an individual or firm produces content or provides a service for retail clients which crosses that line between ‘information’ and ‘investment advice’, then a whole host of detailed, complex and onerous compliance requirements potentially come into force. In particular, obligations for approved persons to hold specific qualifications are particularly burdensome.

Again, these rules were originally designed for the traditional financial adviser market, but the FCA Handbook doesn’t always differentiate between whether a firm is providing a personal recommendation or simply ‘an element of opinion’.

What was the net effect?

For the regulated firms, the existence of these onerous requirements resulted in a whole host of businesses, new and established alike, doing everything they could to stay as far outside the definition of advising on investments as possible, particularly in areas such as crowdfunding and other alternative investments. The costs simply outweighed the benefits, and understandably so.

By way of practical examples, this has traditionally included a reluctance to:

  •  Provide risk scores or put products into ‘risk buckets’, as this constitutes an opinion
  •  Classify products based on their time horizon and other investment objectives (e.g. income vs capital gain information)
  • Filter investment opportunities based on either of the above

As the FCA confirmed in its finalised guidance in 2015, to do any of the above would constitute regulated advice, though not necessarily a personal recommendation.

In practice, this resulted in retail clients being faced with a stark choice. They either paid for the privilege of using a traditional financial adviser, which may be expensive and/or inappropriate for their circumstances, or be left having to make their own investment decisions on an ‘execution-only’ basis.

There was obviously a clear gap in between the two.

The fix

HM Treasury is proposing to change the scope of Article 53 of the RAO so that, for regulated firms, the definition of advising on investments matches the equivalent definition under MiFID.

This means that firms that are already regulated by the FCA, but do not provide personal recommendations, will be able to provide enhanced guidance and risk information to retail clients (potentially as detailed above) without needing to be authorised specifically to advise on investments for retail clients.

The FCA and HM Treasury hope that this will result in regulated firms moving in and close the advice gap.

It is worth remembering that all regulated firms have a requirement to ensure that anything they communicate is ‘fair, clear and not misleading’ with risks appropriately identified and presented in a balanced way, and this will continue to apply to firms that may decide to provide opinion and guidance. This should help, to some extent, mitigate against the danger of firms ‘cherry picking’ information.

When these changes come into effect, I would expect the FCA to focus a lot of monitoring activity in this area, to ensure that retail clients are still being given accurate information by regulated firms.

For unregulated firms, the definition of advising on investments will remain unchanged and providing ‘an element of opinion’ will continue to constitute regulated advice.

This twin track approach is designed to limit the maneuverability of fraudsters to move in and fill the advice gap, as to do so without being regulated by the FCA for another activity would be breaking the law (at this stage it isn’t clear whether there will be any specific regulated activities that a firm will be required to have authorisation to carry out, though one would assume this will involve authorisation for arranging deals in investments as a minimum).


There’s no question that January 2018 is going to be an exceptionally busy time for regulated firms, with an unprecedented amount of regulatory change happening all at once.

However, on the face of it at least, this piece of regulatory change seems an utterly sensible one and it will be fascinating to see how regulated firms adapt their products and services to reflect these new-found freedoms to provide enhanced guidance and opinion.

Joe is the co-founder of Enterprise Incubator & Consultancy LLP, a firm providing compliance support to regulated financial services firms in the UK and EEA.

GDPR: Fact or Fiction?

Through helping a number of firms get up to speed, we’ve noticed there are a few common misconceptions around GDPR and thought we would address them in a brief post.

“I can rely on ‘legitimate interests’ to carry on sending e-mail marketing” = Fiction 

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) sets out the rules on electronic marketing.

Under PECR, you must rely on a Data Subject’s consent before sending them e-mail marketing material.

Therefore, organisations can only rely on ‘consent’ as a legal basis for processing a subject’s data for electronic marketing purposes, and not via arguing a ‘legitimate interest’.

However, there are instances where organisations may be able to rely on the ‘soft opt-in’ to continue electronic marketing. This is where:

  • that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient (i.e. the data hasn’t been purchased from a third party);
  • the direct marketing is in respect of similar products and services only; and
  • you gave them a simple way to opt out both when you first collected their details, and in every message you sent subsequently.

“I need to have a controller-processor contract in place, even if I don’t send data outside the EU” = Fact

The GDPR makes written contracts between controllers and processors a general requirement (Article 28(3)). Unlike the Data Protection Act 1998, where written contracts were only required when data was passed to a party outside the EEA (or third country with equivalent standards), GDPR requires organisations within the EEA to also have these agreements in place.

There should also be an agreement in place between two processors, if required.

“GDPR Documentation does not apply to me because I have less than 250 employees” =Fiction 

If you have less than 250 employees, you are not required to document all of your processing activities. However, it is worth noting that this exemption is limited, and you will be required to document activities that:

  •  Are not occasional (i.e. that occur regularly);
  • Could result in a risk to rights and freedoms of individuals; or
  • Involve the processing of special categories of data (e.g. medical information, gender, ethnicity and sexuality), criminal conviction and offence data.

The likelihood of a company not processing some sort of personal data regularly is almost impossible. Therefore, most small and medium-sized organisations will still be required to document data processing, but this will be limited to certain types of processing activities.

“My firm might not need a data protection officer anymore” = Fact

You are required to appoint a DPO if:

  • you are a public authority (except for courts acting in their judicial capacity);
  • your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
  • your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

Even if you do not require a DPO, it won’t hurt to have one to ensure that the organisation is complying with GDPR. If you then conclude that you do not require a DPO, the ICO advises that you record this to help demonstrate compliance with the accountability principle.

If you need any help getting over the line before the 25th of May, please get in touch.

T: 020 7843 0470 E:

Implementing SMCR: Not just another reglulatory change

On 9 December 2019, the Financial Conduct Authority will be rolling out the Senior Managers and Certification Regime (SM&CR) to all firms authorised under the Financial Services and Markets Act.

We look at what it is designed to achieve and how to implement it in your business.

SM&CR is replacing the Approved Persons Regime and its aim is to drive transparency and individual accountability. It requires all firms to clearly lay out senior managers’ responsibilities, as well as certifying certain individuals, who are not senior managers, as being fit and proper – a distinctive change from the current approved person process.

SM&CR was first rolled out to banks in 2016, and it was later extended to insurers. Three years on, some banks have reported that they have seen the quality of their discussions about accountability and decision making improve significantly, as well as being a useful process for reinforcing culture and reminding staff how they should conduct themselves.

Implementing SM&CR

Implementing SM&CR in your business is a journey that requires thought and planning. Here are a few things to keep in mind when applying the new rules:

1. What type of firm are you? Firms need to determine whether they are a limited, core or enhanced firm to apply the regime correctly, as not all Senior Manager Functions (“SMFs”) will apply to limited and core firms.  

2. Producing statements of responsibilities (SoRs): SoRs should detail senior managers’ roles and responsibilities. They are not job profiles and they should focus on what the senior manager is accountable for, as well as stating what they are not responsible for.

3. Responsibilities map: enhanced firms are required to produce a responsibilities map, which is a document describing the firm’s management and governance arrangements. This map should be consistent with the statements of responsibilities mentioned above. While core firms do not have to produce a responsibilities map, it is a useful exercise, particularly for medium to large sized firms.

4. The transition process: For core firms, most approved persons currently active under the Approved Persons Regime will automatically be converted to a corresponding SMF under the new regime, with the exception of the non-executive director (CF2) role, where consideration needs to be given to whether the individual in question is performing the new SMF 9 Chairperson role.

For enhanced firms, this process is far more complicated, as there are significantly more SMFs applicable to a firm of this type, and careful consideration needs to be given to which SMF applies for a particular individual, taking into account their statement of responsibilities and the overall responsibilities map.  

As a result, there is no automatic mapping exercise and firms will need to complete specific forms, informing the FCA of who is applying for what role, as well as providing a responsibilities map and statement of responsibilities.

5. Certification: any individual that has a “significant impact on customers, the firm and/or market integrity” must be certified as fit and proper by the firm. This is a broad definition and reaches far wider than the existing CF28, 29 and 30 definitions.

These controlled functions, as well as other key functions like CF10a (CASS oversight) will cease to exist. Instead, regulated firms themselves must assess whether these individuals are suitable to do their jobs. This is perhaps the biggest change to the existing regime, and regulated firms will need to be able to demonstrate that they can appropriately evidence that they have considered their employee’s fitness and propriety for the roles their Certification Staff perform.  

Certification must be carried out at least once a year.  

6. Everyone else? All other employees, with the exception of those performing purely ‘ancillary roles, will need to agree to abide by the FCA’s “First Tier Individual Conduct Roles”. This may well be the first time that a number of staff will have to formally attest that they will comply with FCA conduct principles.

7. The role of HR: unlike most other regulatory changes, which are heavily compliance focused, we urge firms to give serious consideration to the HR related considerations that these changes bring about.

It is clear that the FCA is attempting to drive cultural change across the industry by establishing accountability down to the individual level. The banks that appear to have benefitted from SM&CR have done so by taking the opportunity to review and redefine their organisational cultures. As a minimum, firms will need to put time into designing or evolving their systems and processes such as; recruitment and competence assessment, regulatory referencing, capability review and management, performance management, continuing professional development and whistleblowing. 

We believe that changes of this nature require firm wide engagement and a comprehensive training approach to make sure that they embed and enhance ways of working and trust rather than building bureaucracy and organisational silos. 

Firms are being asked to implement a suite of processes that they may feel are overkill; however seen in a different way this is an opportunity to reflect on the way that these firms operate, to reset or reinforce how they work, and to enhance business efficiency and performance.

At EIC, we’ve teamed up with OrchardHR to help provide clients with a complete picture of why the changes have come about, what the firm needs to do to implement SM&CR and how to go about doing it. 

Over the next few weeks, we will be hosting dedicated SM&CR events to help you understand these key themes in greater detail.

If you would be interested in attending, or if you need any support with implementing SM&CR, please get in touch.                                                          

MiFID II – An Overview

MiFID II – An Overview



Over the coming weeks, #TeamEIC are going to be putting together a series short videos introducing some of the key aspects of MiFID II.

No more than 10 minutes long per topic and available on YouTube to watch at your convenience, we will explain what you need to do to be compliant.

More details to follow soon!

PSD2: 5 key steps to regulatory success

Struggling to understand the new FCA authorisation process? We’ve got you covered.


One of the most exciting developments (yes, we get excited by new regulation…) over the last few years is the number of new, innovative firms entering the marketplace in anticipation of the introduction of PSD2 and the Open Banking rules.

Now in force, we’re lucky enough at #TeamEIC to be working with a number of these firms at the moment.

Research has shown that these changes could provide a £1bn boost to the UK economy[1]. With such encouraging statistics, along with a requirement for existing firms in the space to ‘renew’ their current permissions, the FCA applications have started rolling in.

Here is our take on the top five things you should consider when putting your FCA application together:

1.      Think through, and map out, your data security safeguards

Careful consideration should be given to your policies and procedures for any FCA application. However, where PSD2 is concerned, having effective data security measures in place is absolutely essential to successfully completing the application process.

As well as policies and procedures, applicant firms must also provide a comprehensive data security risk assessment, business continuity plan and explain how they will deal with failures to key systems.

2.     Know what services you want to provide

It is important for applicant firms to lay out their business model clearly, in order to correctly identify the payment services you intend to provide.

As has been well documented, PSD2 introduces new payment services to the existing regime and businesses in this space, young and old, should consider what these services are and what impact they may have.

3.      Authorised Payment Institution (API), Small Payment Institution (SPI) or Registered Account Information Service Provider. Which is appropriate?

All 3 categories have different application processes and if the wrong one is selected, this could result in an avoidable loss of both time and money.

Not only is the process different, the conditions that need to be met differ. For example, going down the SPI route isn’t necessarily as costly and there are no fixed capital requirements, but isn’t available to everyone. As an example, you can only offer Payment Initiation Services (a new regulated service introduced by PSD2) as an API.

You will also need to consider whether you are providing e-money services alongside payment services, and the impact on your authorisation from both a process and capital point of view if you are.

4.      Don’t be late for re-authorisation and re-registration

Firms that were already providing payment or e-money services prior to the introduction of PSD2 must supply the FCA with additional information on how they will comply with the new rules and must ensure that they submit their applications before 13 April 2018.

If firms miss the boat then come 13 July 2018, they cannot continue carrying out payment services.

5.     Professional Indemnity Insurance (PII) and getting the maths right

Firms are required to calculate their PII cover in line with the criteria and EBA guidelines. For the purposes of the FCA application, the firm must provide realistic forecast figures to calculate the appropriate amount of PII cover.


T: 020 7843 0470 E: