Release Date: 21st January 2020
To access the original FCA document, click here.
Summary
The First-tier Tribunal has upheld a fine of £91,000 imposed on Hall and Hanley Limited (H&H) by the Claims Management Regulator (CMR) for data breaches and unauthorised copying of client signatures. The Financial Conduct Authority (FCA), which has since taken over the functions of the CMR, conducted the Tribunal hearing.
H&H, a claims management company (CMC) specialising in claims for mis-sold payment protection insurance (PPI), was initially fined by the CMR under the previous regulatory regime due to significant breaches. H&H appealed against this fine, but the Tribunal upheld the CMR’s decision.
Mark Steward, Executive Director of Enforcement and Market Oversight at the FCA, stated, “The failure by Hall and Hanley to take previous advice and warnings from the former claims management regulator and the firm’s repeated use of consumer data and customer signatures without their consent are clear examples of a firm falling short of the standards we expect.” He emphasised that this decision serves as an important reminder to the industry that firms must conduct business with integrity and due care, skill, and diligence.
On 5 March 2019, the CMR found that H&H had breached rules by failing to ensure that any referrals, leads, or data purchased from third parties had been obtained lawfully. Specifically, marketing text messages concerning PPI claims were sent to consumers without their consent. Additionally, a review of 16 client files revealed that in 8 cases, client signatures on claim documentation were copied without authorisation. This unauthorised copying was submitted to financial firms and was considered a serious violation. H&H was found negligent in failing to detect and prevent this conduct by one of its employees.
The Tribunal supported the CMR’s findings entirely, concluding that H&H’s data breaches were serious and resulted from ignoring previous compliance advice and warnings. It determined that H&H failed to act competently and negligently handled customer data. Furthermore, the Tribunal found H&H negligent for not providing proper training and supervision to its employees, justifying the financial penalty due to the severity of the underlying issues.
Key Takeaways:
- Compliance with Laws: Ensure all referrals, leads, or data purchased are obtained lawfully.
- Consumer Consent: Obtain explicit consent before sending marketing messages.
- Training and Supervision: Provide adequate training and supervision to employees to prevent unauthorised actions.
- Responsiveness to Warnings: Act on previous compliance advice and warnings to avoid repeated violations.
- Integrity and Diligence: Conduct all business activities with integrity, due care, skill, and diligence.
In conclusion, the FCA’s decision to uphold the fine against Hall and Hanley Limited underscores the importance of compliance with regulatory standards, proper handling of consumer data, and the need for firms to operate with integrity and diligence. Firms must take proactive measures to ensure they meet these expectations to avoid similar penalties.
Back to the Dear CEO letter archives.