This webpage will be used by the Authority to publish updates and guidance in relation to its response to the COVID-19.
This update covers 4 key areas:
1. Staff of the Authority working from home
2. Home working and increased risk of cybercrime
3. AML/CFT FAQs about Covid 19
4. Framework for appropriate regulatory forbearance is being developed
1. Staff of the Authority working successfully from home
The transition of Authority staff to home working has been successful and the team are fully operational. As previously notified, we are grateful for your support in sending requests and post electronically in the first instance. This is helping to ensure we can fulfil our role without undue delays.
2. Home working and increased risk of Cybercrime
We are aware that regulated entities may be facing increased attention from cybercriminals. The National Cyber security Centre has issued some useful guidance on this and is good source of reference for cyber security matters more generally.
3. AML/CFT Frequently Asked Questions about Covid 19
The Authority has been receiving queries regarding COVID-19 and how this affects meeting customers / certification of documents. The AML/CFT team have prepared some frequently asked questions to help regulated entities and DNFPBs understand how the requirements may operate at this time.
We have not needed to introduce any new requirements around CDD, instead we have taken some key points from the AML/CFT Handbook, particularly around electronic verification of documents in one place which we hope will be helpful.
It is intended that the document will be updated over time to address any new questions which may have generic application.
4. Framework for appropriate regulatory forbearance is being developed
The Authority is conscious that firms will be experiencing operational issues as they transition to an environment in which many of their staff are working from home.
- We have already recognised that there may be difficulties in finalising audits in the normal timeframes and confirmed that we will not be treating such delays as breaches. Regulated entities have also raised some other audit related matters with us, and we will be providing further guidance as part of our regulatory forbearance work (see below).
- The Authority is currently considering other regulatory requirements and the areas where it will be appropriate to consider regulatory forbearance at this difficult time. Once this review is concluded we will issue guidance for regulated entities to help them in complying with the requirements and understanding where deadlines and requirements have been adjusted
- We expect regulated entities to continue to notify the Authority where they are experiencing difficulties in complying with the requirements. It should be noted that the Authority will not consider new individual rule modifications at this time.
The Financial Services Authority (“Authority”) is closely monitoring the coronavirus (Covid-19) situation and how it is impacting the financial system.
We have identified some sensible precautions consumers can take to help protect their finances. We recommend you read our advice below and be aware of any possible impact on your finances.
As you would expect, we are in contact with regulated firms and we expect them to be looking at their business continuity plans.
General information for consumers is available in the consumer area of the Authority's website.
Be Scam Aware
There is already some evidence that scams are on the increase during the current coronavirus outbreak and we advised you to be extra vigilant at this time.
Watch out for scams related to coronavirus (Covid-19) and for an increase in traditional scams. These scams take many forms and could be about insurance policies, pension transfers, or high-return investment opportunities, including investments in cryptoassets.
Scammers are sophisticated, opportunistic and will try many things and they will target the vulnerable. Beware of investments that appear to be too good be true. If you decide to invest in something offering a high return or in a cryptoasset, you should be prepared to lose all your money.
To help protect yourself:
- Reject offers that come out of the blue.
- Beware of adverts on social media channels and paid for/sponsored adverts online.
- Check who you are dealing with; are they regulated and reputable?
- Do not click links or open emails from senders you don't already know.
- Avoid being rushed or pressured into making a decision.
- If you are contacted unexpectedly by someone saying they are from your product provider, call back on a number already known to you for that provider.
- If you are contacted by someone purporting to be from the fraud team at your bank, again be very cautious and check they are who they say they are.
- Do not give out personal details (bank details, address, existing insurance/ pensions/ investment details).
If you suspect a scam:
- Contact the police straight away to report the scam.
- If you have made a payment contact your bank or credit card company.
- If you have provided personal details, change your passwords and tell the providers of your affected accounts.
- Monitor your finances for any suspicious activity.
Treating customers fairly
We are engaged with firms to understand the potential impacts on consumers of coronavirus and how they are addressing their customers’ needs. Firms are expected to treat customers fairly.
We are aware some consumers, both individuals and businesses, may be put under additional financial pressure, so if you are experiencing payment difficulties, we recommend you contact your credit provider or mortgage lender as soon as possible and explain your situation.
Access to cash
As part of their plans in the Isle of Man banks are taking additional measures to ensure that there is no disruption to cash supplies and that ATMs remain fully operational. Some banks are also increasing withdrawal limits to enable customers to withdraw higher daily amounts from ATMs.
At this time it is important that you continue to make sure you have adequate insurance and that renewals are dealt with in good time. For individuals this includes mandatory insurances, such as car insurance, and other significant insurances such as house insurance and life insurance. For businesses this includes premises insurance, public liability insurance and other standard insurances.
You should be aware that insurance cover differs from policy to policy. If you are unsure whether your policy covers you for the outbreak, you should contact your provider directly. Insurance providers should be able to clearly highlight any exclusions that may exist.
Consumers specifically concerned about their travel insurance can take a number of steps in advance to find out if they are covered:
- Check your travel insurance wording carefully before you travel.
- Read the latest travel advice from the Foreign and Commonwealth Office (link is external) before you leave.
- Take some extra time to make sure the policy you intend to buy covers all your needs.
- Contact your insurer directly before you travel if you are in doubt.
Checking whether someone is regulated and other queries
If you are looking want to check that a firm is regulated by the Authority please check our public register.
If you want to check that a firm is authorised in the United Kingdom please check the UK Financial Services Register (link is external).
For all other queries including impacts of the coronavirus, please contact your product provider, their details can be found on your documentation. Please be aware that they might be busier than normal and it might therefore take longer than normal to get through to them at this time.
As you will be aware the situation on the Island continues to change on a daily basis. We understand that regulated entities are prioritising the wellbeing of their staff, their ongoing communication and wellbeing of customers and managing the minimisation of the impact on their financial soundness. However, it is essential that regulated entities continue to comply with their legal and regulatory obligations.
This update sets out some general matters that we ask regulated entities to consider at this time.
The Authority’s Office
From Monday 23 March, the majority of Authority staff will be working remotely, with only a skeleton staff in the office for logistical purposes.
The office will not be open to external visitors and staff will not attend face-to-face meetings with 3rd parties.
Contacting the Authority
We encourage regulated entities to communicate with us by email wherever possible. If a subsequent phone call is required this can then be arranged.
Whilst we have made arrangements to have phones answered we would encourage regulated entities to communicate with us by email wherever possible. We will then make appropriate arrangements for phone calls / conference calls.
Returns and notifications by PDF
The Authority expects that, to the extent possible, returns and notifications will continue to be submitted. The Authority’s staff will continue to process such matters as normal.
To facilitate working arrangements we ask that:
- documents are submitted electronically in encrypted PDF form with a password sent by separate cover.
- where documents would normally require wet signatures the Authority will accept PDFs and, on receipt, will advise if the original document should also be submitted for the file.
- Receipt of a PDF will be treated as the date of receipt for legislative purposes.
Impact on Customers
As per our regulatory requirements, regulated entities are expected to have in place robust BCP arrangements which are regularly tested. This should ensure that the impact of the current situation on your consumers is minimised.
We welcome the taking of initiatives going beyond usual business practices to support customers.
We still expect regulated entities to deal with complaints promptly. However, where the pandemic prevents this, please contact us.
Audited Financial Statements
We are aware that there may be some issues in relation to completion of audits. If this is the case, please liaise with the relevant supervisory team as to what financial information should be submitted pending the audited accounts. In these circumstances the Authority will not treat late submission of the final audited accounts as a breach and will not issue an administrative civil penalty (where that would normally apply). All other required information should continue to be submitted via PDF at the appropriate time.
We have received queries about the ability of regulated entities’ staff to complete their mandatory CPD requirements due to cancellation of courses. The Authority will be guided by the stance taken by professional bodies and is understanding of the difficulties that lack of face-to-face CPD opportunities pose. However, where staff are working remotely it may be that use can be taken of the many online training courses available.
Signatures on official business documents
The Authority has received enquiries about what steps regulated entities should take concerning wet signatures on their business documents.
The Authority expects regulated entities to consider whether a wet signature is required for legal efficacy or whether an electronic signature is acceptable legally and by the counterparty, and consider arrangements for witnessing such signatures where relevant.
The Electronic Transactions Act 2000 (ETA2000) will also be relevant in this regard.
Section 1 of the ETA2000 provides that a transaction will not be invalid merely because it takes place wholly or partly by means of one or more electronic communications.
The requirement for a written signature of a person is taken to have been met under the ETA2000 in relation to an electronic communication if:
- a method is used to identify him and indicate his approval of that which is communicated;
- having regard to all the relevant circumstances at the time, the method is as reliable as is appropriate for the purpose of the information communicated, and;
- the receiver consents to that method.
The AML/CFT Handbook also allows client due diligence (CDD) documentation to be obtained electronically. The AML/CFT Handbook provides that where CDD is obtained electronically, the authenticity of the electronic document must be verified by appropriate measures.
If moving from wet signatures to electronic signatures, regulated entities should undertake and document a business and technological risk assessment.
We encourage you to continue to review your current arrangements in light of the evolving situation and to manage the risks to your employees, customers, and your business and the impact on the industry.
For some time, the Authority has been working on its operational readiness in relation to the COVID-19 pandemic. Following the Chief Minister’s announcement of emergency measures on 16 March 2020, we are moving to the next stage of our business continuity plan. Effective Wednesday 18 March the majority of our staff will be working from home on a rotating basis. This approach will allow us to further test our connectivity and working from home processes. For our stakeholders, this move should be seamless as staff will continue to be accessible by traditional means - phones and emails.
One change however will be our protocols on face to face meetings, as we will be switching to meetings via teleconference and/or video-conference. These changes may result in some initial disruption but are considered necessary in the current circumstances.
Further, we would also ask our regulated entities to send correspondence to the Authority in a secure electronic form as opposed to, or in addition to, hard copies delivered to the Authority’s offices. We believe this is a sensible readiness step to take. Where regulated entities do not have a secure e-mail connection with the Authority we would remind regulated entities that correspondence should be appropriately encrypted and that passwords are then separately communicated.
The FSA remains open for business with these modified work practices. We will be reviewing our operating approach on a daily basis and will update our website to reflect any adjustments, in accordance with further developments.
In relation to regulated entities, all such firms are required to have robust business continuity plans which are proportionate to the nature and scale of their operations. We are aware that many firms have been reviewing and, in some cases activating, elements of their business continuity plans. The Authority is currently engaging with various firms across the different regulated sectors and may widen this engagement, as necessary. Firms are reminded that they should proactively make the Authority aware of any material issues in respect of their ability to operate in compliance with their business continuity arrangements.