Regulation in the time of Coronavirus by Nicola Hoskins
Mon 8th Jun 2020
At the moment, the phrase ‘business as usual’ means anything but: business unusual, we might say. For some, it means a substantial part of the operation is running remotely; others are subject to extensive furloughs and others still will be seeing a downturn in demand or cashflow from which there may be no easy recovery. This is likely to be the case even as the restrictions begin to ease: social distancing and changes in consumer behaviour may result in remote working and smaller operations for some considerable time to come. Whatever the position, businesses will still be subject to regulatory oversight which may present more challenges than usual. This article will take a brief look at some of the key points, along with some practical considerations arising.
The first point is that regulation should not, and does not, exist in a vacuum. All regimes are broadly underpinned by the statutory aims of protecting consumers, and making markets work well for those consumers. They are always expressed in the context of social, political and economic contexts, and seek to reach defined outcomes whilst creating a balance.
The recent ICO statement perhaps makes this point best. It acknowledges that full compliance might be harder at this time, but ultimately protection of data and privacy must prevail: “We see the organisations facing staff and capacity shortages. We see the public bodies facing severe front-line pressures. And we see the many businesses facing acute financial pressures. Against this backdrop, it is right that we must adjust our regulatory approach.” In practice this might mean that, for example, taking longer than a calendar month to respond to a data subject access request might not be an issue risking enforcement action, although it should still be recorded as a breach: nothing in the ICO’s approach alters the statutory scheme and timeframe. It should also not be assumed that current difficulties offer a “get out of jail free” card, and usual compliance routines should remain in place. Another example of how business unusual impacts privacy matters arises with working from home, particularly risks in terms of loss/inadvertent sharing of data; in these circumstances the ICO is unlikely to take a more lenient approach. For firms used to remote working, this should not present any issues, but for those new to it, procedures will have to have been put in place quickly to address the attendant risks along with robust communication.
The SRA has similarly acknowledged the prevailing conditions in its enforcement approach, and concentrates on the financial crime aspect – a topic that occupies a permanent slot on the regulator’s annual risk outlook. Solicitors are warned to be vigilant to the ‘red flag’ risks including those of unusual clients and unusual instructions, and to consider which practical steps to take to establish client identity when face to face meetings are not viable. Certainly, ‘Zoom’ has entered the language as a new verb, but whether, for example, certifying identification over this platform is sufficient is by no means clear. In any event, it is submitted it is unlikely that the SRA would take a less than robust view of inappropriate use of the client account, whatever the background circumstances. As ever, documenting rationale and retaining evidence will be key.
In terms of the FCA: it has issued a number of sector-specific guidance changes, including a recent publication relating to motor finance and high cost credit. In common with other existing credit agreements, there is a requirement to provide payment holidays of up to three months where financial flow has become an issue as a result of the pandemic. This is all straightforward enough, but in terms of motor finance there are added considerations such as where the balloon payment is due within that period. The guidance states that the finance provider should seek to reach an agreement with the consumer that is fair, bearing in mind the ever-present substrata that is Principle 6, and points out that, for example, an alteration of the guaranteed future value of the vehicle as part of any forbearance package would be unlikely to comply. It is worth bearing in mind too the unfair relationship provisions in consumer credit lending which could effectively be re-engaged by any such modifying agreements. As an aside, some of the loans offered through the government-backed business interruption scheme may similarly be CCA regulated. Such loans feature prescriptive requirements with consequences for non-compliance which include unenforceability, and so on the lenders’ side, speed and pressure to provide the loans should not be sacrificed for strict compliance: one day this will all end, and the claims farmers will be on the lookout for opportunity once more.
Nicola will be ready to accept instructions soon and will be joining Broadway House Chambers Regulatory Team.
← Back to News & Resources