Published 1 September 2016
Construction (Design and Management) Regulations 2015
These Regulations came into force on 6 April 2015, replacing the 2007 Regulations and bringing significant changes to the old health and safety regulatory regime. The transitional arrangements came to an end on 6 October 2015 and so now almost all construction projects, including domestic projects, must comply with the Regulations.
A key change was the introduction of the role of Principal Designer for those projects where there will be more than one contractor working at any time. This new role carries with it a new set of duties and obligations. The Principal Designer must “identify and eliminate or control, so far as is reasonably practicable, foreseeable risks to the health or safety of any person”. This is a high standard. Further, the Principal Designer must “ensure all designers comply with their duties” – a potentially onerous duty.
Professionals should be certain that they have the necessary skills, knowledge and experience before accepting this role and must ensure that they fully understand the extent of their duties. They will need to declare to their insurers that they are carrying out the services of Principal Designer and make sure that they have appropriate cover in place. Equally, insurers need to understand the extent of the duties owed by their policyholders.
Consumer Rights Act 2015
This Act came into force on 1 October 2015 and applies to contracts entered into from that date. The Act consolidated much of the existing UK consumer legislation, including the Unfair Terms in Consumer Contracts Regulations 1999, widening the scope in some areas.
The Act introduces a wider definition of ‘consumer’ and new remedies enabling consumers to receive a repeat performance of the service or a price reduction.
The Act also applies to notices issued by a supplier which relate to the rights and obligations of a consumer – this means that insurers need to ensure that proposal and claims forms, for example, comply with the Act.
Digital content is now a separate category to goods and services and is an area where the impact of the Act is expected to increase as insurers provide more services digitally.
Another development in the Act expected to be significant is the introduction of opt-out class actions for breaches of competition law. In March 2016, the first such action was launched by UK-based buyers of mobility scooters. Consumer groups will monitor the action with interest as it sheds light on the likely impact of this new form of enforcement action.
The Financial Conduct Authority (FCA) has confirmed that for the time being it does not intend to issue any detailed guidance on the Act and it has directed firms to review the comprehensive guidance published by the Competition and Markets Authority. The FCA will, however, remain the lead regulator for enforcement of the Act against insurers and brokers.
Enterprise Act 2016
The Enterprise Act 2016 received Royal Assent on 4 May 2016, finally making the Law Commissions’ proposals on damages for late payment a reality. The Act has progressed swiftly, the draft Bill having only been published in September 2015.
The provisions introduce into every contract of insurance an implied term requiring the insurer to pay sums due within a reasonable time. Failure to do so entitles the insured to remedies including damages. The key provisions will be inserted as sections 13A and 16A of the Insurance Act 2015 and will come into effect on 4 May 2017.
The Act expressly recognises the need for a reasonable time to investigate and assess the claim and also includes a nonexhaustive list of matters that may be taken into account in determining what amounts to ‘a reasonable time’. There is also a defence where an insurer has reasonable grounds for disputing the validity or value of the claim. The Act permits contracting out in non-consumer insurance contracts (where the breach is not deliberate or reckless) provided that the transparency requirements set out in the Insurance Act 2015 are satisfied.
Since the Bill’s first publication, a limitation period of one year from the date that insurers pay all sums due has been included and is added as section 5A of the Limitation Act 1980.
Insurers should now be reviewing their policy wordings and procedures and ensuring that targeted training is rolled out to all involved. They should also check their reinsurance arrangements for any exclusion clause or positive statement of cover in relation to a cedant’s liability arising from a late payment to an insured.
The only issue now outstanding from the Law Commissions’ review of insurance contract law is insurable interest and a further short consultation on a draft Insurable Interest Bill was published in April 2016. The purpose of the consultation is not to discuss the actual form of words in the draft Bill but to understand whether the wording meets the policy objectives set out in the March 2015 issue paper. The consultation closed on 20 May and the intention is to publish a final draft Bill and report in the autumn.
Flood Reinsurance Regulations 2015
The launch of Flood Re on 4 April 2016 represents a milestone for the insurance industry. Rarely can the broader social utility of insurance – and reinsurance – be demonstrated with such clarity. The 27 insurers participating in the scheme at the time of writing are protected by reinsurance. In turn, this is possible due to the retrocession to participants in the traditional reinsurance market who have subscribed to a multi-year retrocession providing L2.1 billion in annual protection. The parties instrumental in bringing this about are to be congratulated on their sustained efforts to secure this outcome. Flood Re’s press releases claim that 350,000 households will benefit from affordable insurance being available, in many cases for the first time in years.
The new arrangements are a creature of statute, with the Water Act 2014 being the primary legislation behind the scheme. Section 64 of the Act states that the purpose of the scheme is to “promote the availability and affordability of flood insurance for household premises” and to manage the “transition to risk-reflective pricing” over the period of operation of the scheme. The Act made provision for a levy on “relevant insurers”, namely companies and Lloyd’s syndicates that write home insurance.
The nuts and bolts of the scheme came later, and are contained in the Flood Reinsurance (Scheme Funding and Administration) Regulations 2015 and the Flood Reinsurance (Scheme and Scheme Administrator Designation) Regulations 2015. Helpfully, an Explanatory Note appended to the Regulations clarifies the new arrangements. The Regulations include an elegant definition of a flood: “…water, from any source external to a building which enters a building … and does so with a volume, weight or force which is substantial and abnormal.”
Steps have been taken to avert data protection issues. It remains to be seen what wrinkles will emerge in implementation and expansion of the scheme.
General Data Protection Regulation
After a long and arduous journey through the legislative process, the text of the General Data Protection Regulation (GDPR) has been published in the Official Journal of the European Union and the new law will come into effect on 25 May 2018.
There are a number of key differences between the current UK data protection regime and the GDPR, including:
- the potential for fines of up to 4% of annual worldwide turnover or €20 million, whichever is higher;
- the applicability to data processors, not just data controllers;
- new rights for data subjects, including the right to data portability and to object to profiling;
- mandatory data breach notification;
- extra-territorial scope to regulate those companies located outside Europe who target goods or services at European citizens;
- new concepts of accountability, privacy by design and privacy by default; and
- mandatory requirements for some organisations to appoint a data protection officer.
The starting gun has been fired and the race is on for businesses to ensure that they are compliant by May 2018. Brexit is not a reason for inaction on the part of UK businesses. The earliest date for Brexit currently appears to be towards the end of 2018, roughly six months after the GDPR comes into effect. In any case, whatever form Brexit takes, we expect that UK law will continue to incorporate the terms of the GDPR, or something very similar, so as to enable the UK to continue to receive personal data from Europe. Those organisations processing personal data on European citizens will also need to comply.
Housing and Planning Act 2016
This Act contains radical new planning legislation, as part of a continued drive by the government to boost housing delivery and remove barriers within the planning system. The Act also deals with streamlining of the compulsory purchase regime and improvements to regulation of the private rental sector. It received Royal Assent on 12 May 2016.
The Act faced significant resistance in the Lords over ‘Starter Homes’ – the new form of affordable housing for eligible first time buyers to be sold at a 20% discount to market value. Much of the debate in the House of Lords echoed local authorities’ concerns that Starter Homes would be to the detriment of resolving other local housing needs – principally rented affordable housing. The government nevertheless rejected amendments giving significant local authority discretion over the provision of Starter Homes in their area.
A new form of automatic planning consent will also be introduced – ‘planning permission in principle’ (PPIP). PPIP will establish the location, use and quantity of development on residential-led sites, providing developers with greater certainty. Full planning permission is then subject to approval of technical details.
Regulations will be made by the Secretary of State to set out the detailed provisions around Starter Homes and PPIP.
Insurance Act 2015
The 2015 Act came into effect on 12 August 2016. Under the Act, the duty of disclosure remains for nonconsumer policyholders but is reframed as a broader “duty to make a fair presentation of the risk”. The duty is satisfied either if all material circumstances are disclosed or if sufficient information is provided to put a prudent underwriter on notice that they need to make further enquiries. Remedies are proportionate.
The Act abolishes ‘basis of the contract’ clauses for commercial insurance and parties cannot contract out of this. An insurer’s liability is also merely suspended, rather than discharged, in the event of a breach of warranty.
The Act also contains a provision that non-compliance with a warranty or other term (such as a condition precedent) designed to reduce loss of a particular kind or at a particular time or place will not debar a claim if the policyholder can show that the non-compliance could not have increased the risk of the loss in the circumstances in which it occurred.
A fraudulent claim will now result in forfeiting the whole claim, with insurers being able to terminate the policy with effect from the date of the fraudulent act, but previous valid claims are unaffected.
The provisions of the Act have the status of default rules for non-consumer insurance but contracting out is prohibited for consumer insurance. Any contracting out must comply with the transparency requirements set out in the Act.
Insurance Distribution Directive
The Insurance Distribution Directive (IDD) came into force on 22 February 2016 and EU member states are required to transpose it into national law by 23 February 2018. The IDD will replace the 2002 Insurance Mediation Directive (IMD) and, unlike its predecessor, the IDD will apply to insurers as well as intermediaries. The Financial Conduct Authority issued a statement following the referendum saying that firms must continue with implementation plans for EU legislation that is still to come into effect.
As with the IMD, the IDD is a minimum harmonising directive so member states are able to ‘gold-plate’ the directive by adding extra requirements. Indeed, the UK included higher standards when transposing the IMD which is expected to lessen the regulatory impact of the IDD for firms in the UK compared to some of their continental colleagues.
Key changes include new information disclosure provisions, which will require the use of a standard insurance product information document, the mandatory disclosure by both insurers and intermediaries of remuneration information, and a simplified passporting regime for intermediaries in the European Economic Area (however, see our comments in ‘Brexit: the big grey swan’ above on the implications of Brexit for passporting). Further guidelines are being developed by the European Insurance and Occupational Pensions Authority with a view to ensuring greater consistency in areas such as product oversight and governance.
The IDD also introduces stricter sales standards for insurancebased investment products, as well as a requirement for employees engaged in insurance distribution to undertake at least 15 hours of continuing professional training and development per year.
The insurance market should monitor developments closely over the coming months as new technical standards and guidelines are scheduled to be published which will refine the scope, and cost of implementation, of the IDD.
Investigatory Powers Bill
This controversial Bill, nicknamed the Snoopers’ Charter because it enhances the surveillance powers of the security services, passed its second reading on 15 March 2016 and is expected to receive Royal Assent by the end of the year.
By consolidating the existing piecemeal rules governing communications data, the Bill provides a new legal framework for intelligence gathering through the interception of communications, equipment interference (that is, hacking) and the acquisition and retention of communications data. An Investigatory Powers Commissioner will be appointed to oversee compliance with measures which include:
- requiring communications service providers (CSPs) to retain the internet search activities of UK internet users for 12 months;
- permitting law enforcement officers to obtain, without warrant, internet connection records;
- permitting law enforcement officers to hack devices to acquire information;
- requiring CSPs to assist intelligence officers with the targeted interception of data, communications and equipment interference in relation to an investigation;
- requiring CSPs in the UK to remove encryption;
- a new criminal offence of “knowingly or recklessly obtaining communications data from a telecommunications operator or postal operator without lawful authority” which is punishable by fine or up to two years in prison.
Internet service providers and telecoms operators are likely to be affected substantially and they/their insurers will need to ensure new internal procedures are in place to comply with these measures.
Markets in Financial Instruments Directive II and Packaged Retail and Insurance-based Investment Products Regulation
The entry into application of the revised Markets in Financial Instruments Directive (MiFID II) has been extended by a year, to 3 January 2018. The European Commission was informed that neither local regulators nor market participants would have the necessary technical infrastructure in place to meet the original deadline. The extension will not, however, have an impact on the timeline for adoption of the ‘level II’ implementing measures.
The Markets in Financial Instruments Directive (MiFID I), implemented in 2007, established the current regulatory framework for investment services and activities. In response to the financial crisis and to strengthen investor protection and financial market transparency, MiFID I was reviewed and revised. MiFID II comprises a new Directive and Regulation.
Although MiFID II, like its predecessor, does not apply to insurers, the Financial Conduct Authority (FCA) is considering whether its conduct of business rules implementing MiFID II should apply to insurance-based investments and personal pensions (on the basis that these products are often substitutable for MiFID investment products). The Financial Services Authority took this approach at the time of MiFID I.
From 31 December 2016, firms advising on or selling packaged retail and insurance-based investment products (PRIIPs) must provide a key information document (KID) to retail investors. A KID is a simple document giving key facts to investors in a clear and understandable manner. Given the delay to MiFID II, questions have been raised as to whether the PRIIPs Regulation should also be delayed.
MiFID II is due to come into effect in January 2018 and the earliest date for Brexit currently appears to be towards the end of 2018. As mentioned earlier, the FCA issued a statement following the referendum saying that firms must continue with implementation plans for EU legislation that is still to come into effect.
Modern Slavery Act 2015
It is a sad fact that slavery still exists across the world, even in the UK. Home Office statistics indicate that there were 10,000–13,000 potential victims of modern slavery in the UK in 2013.
The Modern Slavery Act 2015, which came into force on 29 October 2015, is aimed at tackling the global problem of slavery and human trafficking. Large businesses are considered to be in a unique position to influence global supply chains to prevent such abuse taking place. With that in mind, the Act requires large commercial organisations to prepare and publish a ‘slavery and human trafficking’ statement for each financial year, setting out the steps (if any) they have taken to ensure that slavery and human trafficking is not taking place in their business and supply chain.
The requirement will apply to insurance companies and many of their insureds. The construction sector in particular will be affected. The complex nature of construction industry supply chains, which can involve a number of sub-contractors, consultants and large teams of workers in the UK and abroad, means that incidents of modern slavery and illegal working may be taking place unwittingly.
It is not the non-compliance with the Act per se that will cause the problems. Further, an organisation can meet its obligations by publishing a statement that it is taking no steps. In both these situations, it is the risk of adverse publicity and reputational damage that will motivate organisations to comply with not only the strict requirements but the spirit of the Act.
Modern Transport Bill
Assisted in part by the fact that it has never ratified the Vienna Convention requiring a driver to be in control of a vehicle at all times, the UK is already viewed as an attractive proposition for vehicle manufacturers looking to begin testing autonomous vehicle technologies in real life conditions.
With the value of the autonomous vehicle industry set to increase at a rapid rate throughout the remainder of the decade and beyond, it is perhaps not surprising that the UK government is keen to steal a march on other European countries. The announcement of a Modern Transport Bill during the State Opening of Parliament is a clear message that the UK government has no intention of losing its position as the leading force in Europe for the development of autonomous and electric vehicle technologies.
The Department for Transport’s Centre for Connected and Autonomous Vehicles has recently released a consultation paper seeking industry-wide stakeholder responses to proposed regulatory changes to enable the development of both ‘advanced driver assistance systems’ and ‘automated vehicle technologies’ in a safe and proportionate manner. The responses to the consultation will help inform the drafting of the Bill, to include the changes needed to the insurance provisions within domestic road traffic legislation to make driverless cars a reality on the UK’s roads.
The initial transition from traditional to highly autonomous vehicles, where the driver is expected to take back control in certain scenarios, presents a challenge from an insurance perspective. The government’s proposal to cover autonomous vehicles under ‘ordinary’ insurance policies will require motor insurers to innovate and create new products that combine the necessary elements of both liability and products cover to cater for both human and system errors.
It is conceivable that the government could use the Bill to make the necessary changes to the domestic road traffic legislation to address its inconsistency with the European Motor Insurance Directive (MID), as highlighted by the Slovenian case of Vnuk v Triglav. Following the UK vote to leave the EU, and in particular the resignation of Lord Hill as European Commissioner with responsibility for financial services, it now seems unclear whether there is any appetite at a European level to amend EU law in the light of Vnuk.
Negligence and Damages Bill
Sponsored by Andy McDonald MP, this Private Members’ Bill was first read in the House of Commons on 13 October 2015.
The Bill sought to extend the range of potential claimants for damages as secondary victims of nervous shock, bringing the extended family, friends and colleagues of injured persons within the class of persons for whom there is a presumption of close ties of love and affection which must be disproven by defendants. It also sought to enable claimants whose life expectancy has been reduced by the breach of duty for which a claim is presented, to pursue claims for lost years. The third strand of the Bill sought to extend the class of claimants entitled to seek bereavement damages, following a fatal accident, to include the deceased’s wider family.
Were the Bill to have passed into legislation, it would not only have increased the cost to insurers and their insureds of many serious accidents, but also the cost of many low value claims with secondary victim claims being added to the main action.
The Bill was to receive its second reading in the House of Commons on 13 May 2016 but was not progressed or the subject of parliamentary debate. It will not make further progress towards legislation, although further Private Members’ Bills in this area may be presented in the future.
Network and Information Security Directive
This Directive, commonly known as the Cybersecurity Directive, once finalised will require relevant businesses to adopt appropriate security measures to protect their networks and data against cyber security incidents. These businesses will also be required to report serious cyber incidents they experience to regulators.
The Directive will apply to operators of essential services such as energy, transport, banking and health as well as IT service companies and public administrators. All entities within its scope will need to ensure that they are able to resist cyber attacks. The purpose of the Directive is to ensure a common high level of network and information systems security across the EU.
The Directive will require companies to report cyber security breaches although it is not yet clear who will be responsible for enforcement.
The Directive is currently subject to tripartite negotiations between the European Commission, European Parliament and European Council but, at the time of writing, it is expected that the Directive will come into force in August 2016. EU member states will then have 21 months to implement the Directive into national law (the earliest date for Brexit currently appears to be towards the end of 2018).
Private Motor Insurance Market Investigation Order 2015
In September 2014 the Competition and Markets Authority (CMA) issued its final report on anti-competitive behaviours in the private motor insurance market. While the CMA was unable to identify a way of tackling the credit hire industry without a detrimental effect on competition, its report made two distinct recommendations which were subsequently drafted into the Private Motor Insurance Market Investigation Order 2015 to bring the recommendations into force:
- a ban on widely defined ‘Most Favoured Nation’ (MFN) clauses; and
- better information for consumers on the costs and benefits of no claims bonus (NCB) protection.
With more than 90% of private motor policies sold via price comparison websites (PCWs), the CMA found that widely defined MFN clauses that prevent insurers from offering consumers the same deal via other online sales platforms serve to restrict competition and innovation, and reduce the number of new entrants into the market. This ultimately leads to higher commissions and increased premiums for consumers.
The ban, which came into force on 19 April 2015, does not extend to narrowly defined MFN clauses, which restrict insurers offering the same deal direct via their own website. Pursuant to the 2015 Order, from 15 July 2015 larger PCWs (L300k+ private motor insurance sales per annum) must provide quarterly and annual compliance statements to the CMA. Since 1 August 2016, the duty to provide an annual compliance statement is extended to all private motor insurers, with subsequent annual statements to be filed by 1 February each year. The compliance statement includes a provision that the insurer has not carried out ‘equivalent behaviour’ which replicates the anti-competitive effects of MFN clauses.
The obligation to provide information about NCB protection is extended to both insurers and insurance intermediaries alike (to include PCWs). From 1 August 2016, whenever an insurer or insurance intermediary makes an offer or invitation, whether verbal or in writing, to sell NCB protection alongside private motor insurance, it must ensure that both the NCB Protection Statement and NCB Protection Information are provided clearly and prominently.
Failure to do so could result in a claim for loss/damage by the consumer. The CMA is itself also at liberty to enforce the Order via civil proceedings including by way of injunction. While we will have to wait and see what effect the new disclosure rules regarding NCBs will have on consumer behaviour, it represents another step in bringing forward regulatory focus to the point of sale.
Product Safety and Market Surveillance Package
Since 2001, product safety across Europe has been governed by Directive 2001/95/EC or the General Product Safety Directive (GPSD). For over five years, reform of the GPSD has been in the pipeline at EU level. The proposed Product Safety and Market Surveillance Package aims to unify product safety across the EU, bringing together previously separate rules about consumer and non-consumer products.
Core obligations to make and distribute only products that are safe remain unchanged. However, expect clearer regulation of business-to-business sales with express obligations placed on anufacturers and distributors.
One headline reform is around improved traceability. The package will see new express obligations on economic operators within the supply chain to keep records of who they source goods from and who they sell them to, and to retain those records for up to ten years. Labelling to show more clearly the origin of products is also a key part of the reforms.
The real uncertainty is about timing – with the reforms apparently the subject of ongoing discussion at EU level, no firm date yet seems likely for when these reforms will come into force (and of course Brexit has added further uncertainty for UK companies).
Riot Compensation Act 2016
This Act received Royal Assent in March 2016 and will come into force on a date appointed by the Secretary of State by regulation. Repealing the Riot (Damages) Act 1886 (which was the subject of the Supreme Court riot litigation – see Cases section below), the new legislation is designed to provide a modern and affordable compensation scheme which upholds the ethos of the historical legislation by continuing to support individuals and businesses affected by riots while limiting the burden to the taxpayer.
There is a new L1 million cap on recovery and a specific exclusion for consequential loss (although there is a provision allowing for alternative accommodation costs). There is also limited cover for motor vehicle damage. In a departure from the Kinghan Report recommendations, however, the 2016 Act does not narrow the pool of claimants and so allows businesses of all sizes a right to compensation.
Although Parliament is yet to publish any regulations dealing with the management and calculation of claims under the 2016 Act, the impact that the new provisions may have on businesses and insurers is likely to be significant. Insurers will need to consider whether to amend their policies in the light of the new approach.
Senior Insurance Managers Regime The Senior Insurance Managers Regime (SIMR) is now in force, replacing the approved persons regime for certain senior individuals within insurance companies. From 1 January 2016, Solvency II firms and groups have been required to have governance maps in place, setting out clearly the key functions at the firm and the relevant individuals responsible for these functions, along with their lines of accountability and responsibility both within that firm and to any wider group.
On 7 March 2016, the SIMR came fully into effect with the new set of Senior Insurance Management Functions (SIMFs) and conduct standards. Of note is the new Group Entity SIMF (an individual employed in a parent or other group entity, who is able to exercise significant influence over the regulated firm’s affairs) who will require approval. The requirement to have a Scope of Responsibilities in place for all SIMFs comes into force on 7 September 2016 and the Prudential Regulation Authority will request this as part of the supervisory approach.
The senior managers regime is expected to be extended to all authorised firms (including insurance brokers) in 2018, and will also apply to claims management companies when they become subject to Financial Conduct Authority authorisation.
Small Business, Enterprise and Employment Act 2015
This Act, implemented in stages since receiving Royal Assent in March 2015, has increased transparency in the ownership and control of companies and introduced measures to make directors accountable for their actions.
Under the Act, companies are prohibited from appointing corporate directors (save for very limited exceptions) and all existing corporate directors will cease to be directors automatically in October 2016.
From 6 April 2016, most UK incorporated companies and limited liability partnerships have been required to keep a register of people with significant control (PSC) over the company available for public inspection. The PSC information is filed at Companies House with a confirmation statement, which replaces the annual return. Noncompliance with the PSC register requirements is a criminal offence and may result in a fine or a prison sentence of up to two years.
PSC are persons who (a) hold, directly or indirectly, 25% of a company’s shares or voting rights, (b) hold the right to appoint or remove a majority of the board, or (c) have the right to exercise significant influence or control over the company.
Third Parties (Rights against Insurers) Act 2010
The 2010 Act came into force on 1 August 2016, having finally been updated earlier in the year by the Third Parties (Rights against Insurers) Regulations 2016 to reflect changes in insolvency law.
Replacing the Third Parties (Rights against Insurers) Act 1930, the 2010 Act removes the need for multiple sets of proceedings by allowing a third party to issue proceedings directly against a liability insurer where the insured is or becomes insolvent, and to resolve all issues (including the insured’s liability) within those proceedings. By removing the need for the third party to sue the insured, the 2010 Act eliminates the hurdle of restoring a corporate insured to the register of companies where it has been struck off. The 2010 Act also improves a third party’s access to information about the insurance policy, allowing them at an early stage to obtain information about the rights transferred in order to enable an informed decision to be taken about whether or not to commence or continue litigation. The Act also widens the category of people who can be asked for the information and places time limits on their response.