The distance marketing of nancial services A UK overview

Received (in revised form): 25th October, 2006

William Yonge
is a solicitor and a partner of McDermott Will & Emery UK LLP, a rm of solicitors in the City of London. He specialises in all aspects of nancial services, investment funds and securities law. In particular, he has advised fund managers, corporate nanciers, private equity rms, corporations and LLPs, on issues of nancial services regulation and the application of the EU nancial services directives. After being called to the Bar in 1989, he was employed as an in-house lawyer at IMRO and the Securities and Investment Board (now the Financial Services Authority). He became dually qualied as a solicitor in 1999, is a member of the Securities Institute and has written numerous articles on nancial services regulation and fund establishment issues. He was a principal contributor to the Financial Services volume of The Encyclopaedia of Forms and Precedents (2002), published by Butterworths.

Rohan Massey
is a solicitor and an associate at McDermott Will & Emery UK LLP. He has a commercial practice specialising in intellectual property and technology law. He has advised a number of international nancial institutions and investment funds on compliance with data protection and e-commerce-related issues. His practice also involves advising clients on privacy and data protection issues and the regulation of direct marketing and advertising.

Abstract This paper begins with an analysis of how the Distance Marketing of Consumer Financial Services Directive has been implemented in the UK under English law and its key provisions. The paper then progresses into the elds of the E-Commerce Regulations, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and data protection issues. Overall, the paper provides an overview of the legislative framework that must be complied with in order, successfully and legally, to market nancial services to consumers at a distance. Journal of Financial Services Marketing (2007) 11, 370380. doi:10.1057/palgrave.fsm.4760053 Keywords Distance marketing, data protection, e-commerce, nancial services, pre-contract information, rights of withdrawal

INTRODUCTION Developments in technology and business practice over the last decade have enabled nancial services providers to become more efcient and cost-effective in the methods used for targeting and contracting with consumers. One area of the industry that has seen exponential growth is that of distance marketing and contracting, where the consumer and the sales agent never meet and
Correspondence: William Yonge, Financial Services and Funds Group, McDermott Will & Emery UK LLP, 7 Bishopsgate, London EC2N 3AR, UK. Tel: + (0)207 577 6900; DDI: + (0)207 575 0348; Fax: + (0)207 577 6950; e-mail: wyonge@europe.mwe.com

the contracting process takes place on the internet, by email, fax, telephone, mail order or other distance means of communication. The legal basis on which contracts can be entered into has become increasingly regulated. As the European Union looks to harmonise levels of consumer protection in all areas, the nancial services sector has seen a particular increase in regulation. There are now a number of pieces of legislation in force in the UK that implement the European requirements. It is necessary for any party providing nancial services to consumers using distance contracts to be aware of the current legal framework and to understand how various pieces of legislation interrelate to dene the obligations placed on

370

Journal of Financial Services Marketing

Vol. 11, 4 370380 2007 Palgrave Macmillan Ltd 1363-0539 $30.00 www.palgrave-journals.com/fsm

Distance marketing of financial services

the service provider and identify the rights of the consumer. The UK is taking its lead from Europe on the regulation of nancial services. Of particular interest to those providing nancial services to consumers at a distance are the following: the Distance Marketing of Consumer Financial Services Directive (DMD),1 The Data Protection Directive2 and the E-Commerce Directive.3 These pieces of legislation are not binding until they have been adopted into national law. The European legislation was implemented in the UK in late 2004. Suppliers need to be aware of both the formalities with which they must comply and consumers rights. This paper aims to provide an overview of the legislative framework that must be complied with in the UK in order, successfully and legally, to market nancial services at a distance, identifying the steps necessary for compliance. DMD The main aim of the DMD is to harmonise and reduce divergence in national approaches to the way in which nancial services are marketed to consumers at a distance, thus furthering the establishment of the European Single Market. The DMD aims to regulate the distance marketing of nancial services, as the area of consumer nancial services was specically excluded from the provisions of the Distance Selling Directive.4 The DMD sets out common minimum standards for the information that must be given to consumers of nancial services where the supplier makes exclusive use of one or more means of distance communication (for example, telephone, internet, fax or mail) to provide the sales or service. It is of note that the DMD only covers business-to-consumer contracting and not business-to-business contracting. The DMD applies to any service of a banking, credit insurance, personal pension, investment or payment nature. Prior to the

DMD, a range of differing regulatory regimes covering these areas had already evolved. Accordingly, implementation of the DMD was achieved by the amendment of existing regulatory regimes and the introduction of new legislation: the UK Financial Services Authority (FSA) was made responsible for the production of rules implementing the DMD for all companies and activities governed by the Financial Services and Markets Act 2000 (including rst charge mortgages and general insurance) the DTI was made responsible for implementing the DMD for consumer credit, second charge mortgages and related activities mainly under the Consumer Credit Act and HM Treasury prepared the Financial Services (Distance Marketing) Regulations 2004 (the Distance Marketing Regulations), which came into force on 31st October, 2004, to cover nancial services governed by the DMD but not regulated by either the FSA or the DTI, known as gap nancial services. The key features of the common minimum standards required by the DMD are: the information that must be given to consumers prior to them entering into a distance contract for nancial services; the rights of withdrawal from the contract; the protection regarding the misuse of credit cards; the prohibition on inertia selling and the restrictions on unsolicited communications. It is worth noting that there are no authorisation, licensing, conduct of business or training and competence requirements associated with the regime under the DMD. Information requirements Consumers have a right to pre-contract information identifying the supplier, the product and services they are contracting for

2007 Palgrave Macmillan Ltd 1363-0539 $30.00 Vol. 11, 4 370380

Journal of Financial Services Marketing

371

Yonge and Massey

when contracting at a distance. In the UK the pre-contract information that must be provided includes:5 details of the supplier, including the suppliers main business and geographical address, details of any professional the consumer deals with instead of the supplier and whether the supplier is subject to an authorisation scheme, with details of the relevant supervisory authority details of the nancial service, including a description of the main characteristics of the service and the total price to be paid, including all fees and taxes details of the distance contract, including information on the right of withdrawal if applicable, any rights the parties have to terminate the contract early and practical instructions on how to exercise the right, including details of penalties. Where relevant, notice must be given indicating that the nancial service is related to instruments involving special risks or whose price depends on uctuations in the nancial markets outside the suppliers control, and an indication that historical performances are no indicators for future performances whether or not there is an out-of-court complaint and redress mechanism for the consumer, and the method of access to it, and any compensation arrangements, other than those covered by the Deposit Guarantee and Investor Compensation Directives. The information must be given in good time prior to the consumer being bound by the contract, and be provided in a clear and comprehensible manner appropriate to the means of distance communication used.6 There is an exception to this list in the case of telephone contracts where, if the consumer explicitly consents, only certain key information may be given before the consumer is bound, such as the identity of

the supplier, a description of the main characteristics of the nancial service, the total price for the service and rights of withdrawal.7 Suppliers are required to communicate to consumers all the contractual terms and conditions, a copy of which can be requested by the consumer at any time during the contractual relationship,8 along with the necessary information required on paper, or in another durable medium which is available and accessible to the consumer.9 Although the legislation provides a denition of durable medium,10 there is still a grey area regarding whether documents sent by email or accessible via the internet will constitute a durable medium, for example, where a consumer does not save their emails or the contents of a web page to a hard disk. Rights of withdrawal The Distance Marketing Regulations give consumers a right to withdraw from most types of distance contracts for nancial services without penalty and without needing to provide a reason by sending notice of the cancellation to the supplier during a coolingoff period.11 The cooling off period, which is 30 days for life insurance and personal pensions contracts, and 14 days for most other nancial products,12 begins when the distance contract is concluded, or when the consumer has received the contractual terms and conditions in a durable medium, whichever is later.13 The right of withdrawal is expressly excluded from certain types of nancial services contracts.14 These exceptions include distance contracts for nancial services whose price depends on uctuations in the nancial market outside the suppliers control, such as the purchase of units in a unit trust, transferable securities and unit-linked life policies.15 Another exception is travel and baggage insurance policies of less than one months duration.16 The right to cancel will,

372

Journal of Financial Services Marketing

Vol. 11, 4 370380

2007 Palgrave Macmillan Ltd 1363-0539 $30.00

Distance marketing of financial services

however, apply where the consumer has not received the contractual terms and conditions in a durable medium, unless, at the consumers request, the contract was concluded using a means of distance communication which made it impossible to provide the extended list of required information at the time.17 Also, where an excluded type of nancial services contract is concluded by an appointed representative of the supplier, who is not an authorised person for the purposes of the FSA Rules and is not bound by the rules of a designated professional body, it is the responsibility of the appointed representative to comply with the information requirements in the Regulations.18 If they fail to do so, the consumer has the right to cancel the contract. Consumer credit agreements Distance contracts for consumer credit are also governed by the Distance Marketing Regulations. The Regulations widen the protection given to consumers who enter consumer credit agreements by providing that all such contracts are subject to a cancellation period of at least 14 days from the date that the contract was concluded.19 There are some exceptions to this concerning secured loans.20 Previously, the Consumer Credit Act 1974 only provided for a 5-day period of cancellation after the time the borrower received a copy of the executed agreement. The Regulations also protect consumers against the misuse of credit cards, charge cards, debit cards and store cards. Where fraudulent use is made of a payment card to enter into a nancial services contract covered by the Regulations, the card-holder is entitled to request cancellation of the payment and the refund of any sums fraudulently paid.21 In such instances the burden of proof falls on the card issuer, not the consumer, to show that the payment was in fact authorised.22

Inertia selling The Distance Marketing Regulations prevent consumers from being exposed to unsolicited offers of nancial services. It is a criminal offence to supply nancial services to a consumer where there has been no prior request for the supply by the consumer and which includes a request for immediate or deferred payment.23 The penalty is a ne not exceeding 2,500.24 Failure by a consumer to respond to such communications does not create any obligation under a contract to pay or otherwise.25 A person who threatens to bring legal proceedings, or who invokes a collection procedure or places a consumers name on a list of defaulters, or threatens to do so, with a view to obtaining payment for what he knows to be unsolicited nancial services, is also guilty of a criminal offence. The ne in this instance may be up to 5,000.26 Unsolicited communications The provisions of DMD regarding unsolicited distance communication broadly mirror those of the Distance Selling Directive.27 The Distance Selling Directive, however, merely requires that distance communications may only be used where there is no clear objection from the consumer, whereas the DMD species, in addition, that the consent of the consumer must be obtained and there should be no cost to the consumer. The Privacy and Electronic Communications (EC Directive) Regulations 2003, which came into force on 11th December, 2003, implement the relevant provisions of both the DMD and the Distance Selling Directive.28 Appointed representatives and designated professional bodies under FSMA Appointed Representatives under the Financial Services and Markets Act 2000

2007 Palgrave Macmillan Ltd 1363-0539 $30.00 Vol. 11, 4 370380

Journal of Financial Services Marketing

373

Yonge and Massey

(FSMA)29 are indirectly regulated by the FSA through their principals.30 Appointed Representatives are subject to the rules in the FSA Handbook (amended by the Distance Marketing Regulations) with regard to the prior information requirements and the provisions relating to unsolicited supplies of the DMD. Contracts between the consumer and the Appointed Representatives principal are also subject to the Handbook.31 The FSA does not have the authority to bind consumers, but it can ensure those entities regulated by it uphold the rights of consumers, especially in relation to their rights to cancel contracts with Authorised Persons. This control does not extend to contracts with non-Authorised Persons.32 To cover this gap, the Distance Marketing Regulations confer rights of withdrawal on consumers who contract at a distance with Appointed Representatives. Appointed Representatives are therefore subject to the FSAs rule book in respect of the prior information requirements, but the Distance Marketing Regulations in respect of rights of withdrawal. The FSA does not regulate nancial services falling within the scope of the DMD that are carried on by members of Designated Professional Bodies (DPBs),33 provided these are incidental to their main profession and comply with relevant rules of the professional body concerned. Members of DPBs are subject to any rules of their professional body that implement the DMDs provisions regarding prior information requirements and unsolicited supplies of nancial services. If the body does not have such rules, then the provisions of the Distance Marketing Regulations will apply.34 As with Appointed Representatives, DPBs are subject to the provisions of the Distance Marketing Regulations which confer cancellation rights on consumers. Marketing by intermediaries The mere fact that an intermediary is involved and therefore the consumer does

not have direct contact with the supplier of a nancial service does not make the sale a distance contract.35 If the contract is, however, formed between the intermediary and the consumer exclusively by means of distance communication, then the contract will fall within the scope of the Distance Marketing Regulations. Some of the services which intermediaries provide, for example arranging deals in investments,36 will themselves fall within the scope of the DMD as being part of a regulated activity37 under FSMA. HM Treasury has also stated that the giving of investment advice falls within the denition of nancial service under the Distance Marketing Regulations.38 Therefore, intermediaries giving investment advice will come within the scope of the Distance Marketing Regulations. The Distance Marketing Regulations make clear that where an intermediary is used to market a nancial service, the intermediary is deemed to be the entity that must supply the information requirements to the consumer.39 The intermediary, therefore, and not the supplier or product provider, commits an offence if it fails to comply with its obligations under the Regulations.40 Burden of proof Any contract term which requires a consumer to prove that the supplier has not complied with any of its obligations under the DMD shall be automatically unfair41 within the meaning of Directive 93/13/EEC on unfair terms in consumer contracts.42 Although there is a right for Member States to place the burden of proof on the supplier in all cases,43 in the UK this right has not been implemented as the legislative framework itself is deemed signicantly to increase consumer protection in respect of the distance marketing of nancial services.44 It should be noted that the Distance Marketing Regulations provide that, in

374

Journal of Financial Services Marketing

Vol. 11, 4 370380

2007 Palgrave Macmillan Ltd 1363-0539 $30.00

Distance marketing of financial services

certain circumstances relating to payment card transactions, it is for the card issuer to prove that use of a card was in fact authorised by the consumer where the consumer has disputed the transaction.45 E-commerce regulations Where distance contracts covered by the Distance Marketing Regulations in the UK are carried out using electronic systems only such as the internet or email, then suppliers need to be aware of the additional requirements of the Electronic Commerce (EC Directive) Regulations 2002 (the E-Commerce Regulations)46 which implement the majority of the provisions of the Electronic Commerce Directive (2000/31/EC) (the E-Commerce Directive).47 With effect from 21st August, 2002, HM Treasury and the FSA introduced secondary legislation and new rules respectively to implement the E-Commerce Directive for the nancial services industry. The legislation implements the legal requirements regarding suppliers and consumers as well as granting the FSA necessary powers to enforce the ECommerce Directive in the nancial services sector.48 The practical effect of the E-Commerce Directive for nancial services rms is dealt with in the amendments to the FSA Handbook. In short, certain disclosure and other requirements are imposed on all providers of what the FSA calls electronic commerce activities (ECAs), that is information society services delivering a nancial service.49 Certain basic information has to be provided on rms websites, and commercial communications, whether solicited or otherwise, and promotional offers must be clearly identied as such. The E-Commerce Regulations apply to the provision of information society services. These are summarised as covering any service normally provided for remuneration, at a distance, by means of electronic

equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service.50 The E-Commerce Regulations therefore cover online advertising whether over the internet, interactive television or mobile telephone, online sales, video-on-demand, the transmission or storage of electronic content, and the provision of access to communications networks. The requirement for an information society service to be normally provided for remuneration does not restrict its scope to services giving rise to buying and selling online. The test, it would seem, is whether the service represents an economic activity and, apart from advertising, can include the provision of information, search, access and retrieval of data.51 The use of email in itself is not an information society service and communications between recipients of a service and a service provider via interactive digital television also fall outside the denition.52 As the E-Commerce Regulations apply to services provided at a distance, services provided where the customer is physically present fall outside their scope.53 The legal scope of the E-Commerce Regulations themselves is determined by the coordinated eld.54 This essentially means requirements with which the service provider has to comply in order to provide information society services, such as qualications or authorisation, requirements regarding behaviour, requirements regarding the quality or content of the service and requirements affecting liability.55 It does not cover requirements applying to goods as such, to the delivery of goods or to services not provided by electronic means. Other areas specically excluded from the scope of the Regulations include tax, matters dealt with under data protection legislation, betting, gaming or lotteries and cartel law.56

2007 Palgrave Macmillan Ltd 1363-0539 $30.00 Vol. 11, 4 370380

Journal of Financial Services Marketing

375

Yonge and Massey

Country of origin UK legal requirements falling within the coordinated eld apply to any information society services provided by a person from an establishment in the UK regardless of where in the EEA the recipients of those services are based, subject to certain derogations.57 Conversely, unless the derogations apply, English law will not apply to information society services provided by a service provider established elsewhere in the EEA where its application would restrict the freedom to provide that service into the UK.58 There is no guidance as to what does and does not constitute such a restriction except to say that it would not include any requirement maintaining the level of protection for public health and consumer interests established by Community acts.59 There are a number of derogations from the country of origin approach that effectively disapply UK legal requirements in certain circumstances. Importantly, the derogations include the freedom to choose the law applicable to a contract and contractual obligations concerning consumer contracts as well as copyright and related rights.60 In addition, the Regulations permit UK enforcement authorities to take proportionate measures against given services on a case-by-case basis in limited circumstances, for example where it is necessary to protect public policy or consumers.61 In this situation, the enforcement authority is required, before taking any action, to have asked the Member State in which the service provider is established to take appropriate measures, although this requirement can be bypassed where it appears that the matter is one of urgency.62 The Regulations require service providers to make certain information available to recipients (and any relevant enforcement authority) provided in a form and manner that is easily, directly and permanently

accessible. The Regulations do not prescribe how the requirement to make information easily, directly and permanently accessible should be met. The DTIs Guide for Business, however, states that the UK Government recognises that technological constraints (eg the 160-character limit on mobile text messages) mean that the information may not readily be accessible by the same means by which the service provider transacts with the end user. The Guide suggests that these criteria would be capable of being met if the information is accessible by other means, for example inclusion on a website. Businesses are advised to retain evidence of the information that recipients had available at the time of the transaction and whenever a change is made.63 The requirements can be broken down into three categories: general information requirements; commercial communications; and electronic contracting. General information requirements include providing end users with full contact details; details of any relevant trade organisations to which the service provider belongs; details of an relevant authorisation scheme including details of any relevant supervisory authority; professional details where relevant; VAT number if applicable; and clear indications of prices, if relevant, including delivery and tax.64 The second category of information relates to commercial communications. These are basically electronic communications designed to promote (directly or indirectly) the service providers goods, services or image, for example, advertising emails. These communications must be clearly identiable for what they are and must clearly identify the person on whose behalf they are sent. Any promotional offers (including any discount, premium, gift, promotional competition or game) and any conditions to be met for such an offer must be easily accessible, clear and unambiguous.65 The E-Commerce Regulations are silent on the question of what is clearly

376

Journal of Financial Services Marketing

Vol. 11, 4 370380

2007 Palgrave Macmillan Ltd 1363-0539 $30.00

Distance marketing of financial services

identiable although the DTIs Guide for Business suggests that this requirement would be satised by the information being provided through a header, before the communication is opened, or in the body of the communication itself.66 The Regulations similarly do not prescribe how to meet the requirement that information about promotions must be easily accessible and presented clearly and unambiguously. The Guide states that the government envisages that this should be capable of being met if the information is accessible by means other than the one which the service provider transacts with the end user.67 For unsolicited commercial communications, recipients must be able to identify such communications as soon as they are received, that is, that they are unsolicited.68 The Compliance Guide suggests that this requirement will be satised by placing the words unsolicited advertisement or unsolicited commercial communication in the email subject line.69 This would, of course, permit spam ltering software to block such communications. These requirements relate specically to email and are not considered to extend to mobile text messages.70 For electronic contracting, unless agreed otherwise in non-consumer transactions, where a contract is to be concluded by electronic means the service provider must, prior to an order being placed by the customer, provide in a clear, comprehensible and unambiguous manner the following information: the different technical steps to follow to conclude the contract whether or not the concluded contract will be led by the service provider and whether it will be accessible the technical means for identifying and correcting input errors prior to the placing of the order and the languages offered for the conclusion of the contract.71

These requirements do not apply where, for example, the initial contact is made via a website but, for reasons relating to the complexity of the contract, it is actually concluded ofine.72 Again, as to the requirement that the information is given in a clear, comprehensible and unambiguous manner, the DTI suggests that this is capable of being met if the information is accessible by means other than the one by which the service provider transacts with the end user.73 When entering into consumer contracts placed on or through technological means, the service provider must: acknowledge receipt of the order without undue delay and by electronic means and make available appropriate, effective and accessible technical means allowing him to identify and correct input errors prior to the placing of the order.74 Receipt of the order should be acknowledged by the same electronic means as that by which the order was placed. This requirement may be satised by a conrmation that appears at the end of the ordering process, for example on a screen, but is not necessarily sent.75 There is no denitive guidance on the point at which an offer is made and by whom. On this basis, service providers would be rash to assume that an electronic acknowledgement of a customers order did not amount to acceptance of an offer. Importantly, the Directive does not apply the same rules as are applied to contracts concluded exclusively by email.76 In this respect, there is therefore no requirement in the Regulations for acknowledgement without undue delay. It is therefore even less clear when acceptance occurs. Cookies and spam The Privacy and Electronic Communications (EC Directive) Regulations 200377 came into

2007 Palgrave Macmillan Ltd 1363-0539 $30.00 Vol. 11, 4 370380

Journal of Financial Services Marketing

377

Yonge and Massey

force on 11th December, 2003 and implemented the Communications Data Privacy Directive.78 The Regulations apply to the sending of direct marketing messages by electronic means such as by telephone, fax, email, text and picture message and by use of an automated calling system.79 Spyware, web bugs, hidden identiers and other similar devices known collectively as cookies are be prohibited unless (or permissible provided that) clear and comprehensive information as to their purpose is provided and the opportunity to reject them or opt-out is offered.80 The emphasis is therefore on website owners to describe unambiguously the use to which cookies will be put in relation to the tracking and collection of information on users, including users who are merely browsing. The use of cookies is not prohibited where subscribers and users are, to some extent, given the choice as to which of their online activities are monitored using cookies.81 Service providers do not have to offer the opportunity to refuse a cookie where the device is to be used for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network or where the cookie is essential for the provision of a requested online service normally provided for remuneration.82 For unsolicited commercial communications or spam, an opt-in system has been adopted whereby the sending of unsolicited marketing and other messages by e-mail, SMS, fax or telephone will be subject to the prior consent of the intended recipient.83 There is, however, a derogation from the general opt-in principle allowing unsolicited messages of this kind to be sent to recipients with whom the sender already has commercial contact.84 At all times recipients have the right to opt-out simply by asking the company to stop sending them unrequested messages, the jargon being to unsubscribe.85

Data protection The Data Protection Act 1998 which implements the Data Protection Directive86 in the UK places data controllers under a continuing obligation to abide by eight data protection principles which together operate to protect the integrity and privacy of personal data (including rights relating to fairness in processing, relevance, accuracy, proper purpose, subject access rights and security).87 For international rms, the Eighth Principle is particularly problematic. This prohibits the transfer of personal data to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.88 There are limited exceptions to this prohibition for example where the data subject has given consent, the transfer is necessary to enter or perform a contract between data subject and data controller, or is on terms of a kind approved by the Information Commissioner.89 To date, the European Commission has been formally able to approve only Switzerland, Canada, Argentina, Guernsey, the Isle of Man as countries outside the EEA which ensure adequate levels of protection. This has given rise to a variety of practical difculties, particularly in relation to data transfer from the UK to the USA. Following protracted negotiations, the EU and the USA have agreed a voluntary set of privacy principles, known as the Safe Harbor Principles, to enable the transfer of personal data from the EU to the USA in certain circumstances, including the transfer of Air Passenger Name Records to the US Bureau of Customs and Border Protection.90

Conclusion Developments in telecommunications, the advent of the internet and rapid advances in technology, have meant that the nancial

378

Journal of Financial Services Marketing

Vol. 11, 4 370380

2007 Palgrave Macmillan Ltd 1363-0539 $30.00

Distance marketing of financial services

services regulators have had to take swift measures to regulate a market that, a decade ago, was little more than a concept. Today, increasingly, nancial services companies rely on the distance marketing of nancial services to drive their businesses and this sector has become a key area of the industry. As with any consumer market, and especially with a nancial one, this sector will, however, only be able to continue to ourish when consumers have condence in it. This paper has explored the patchwork of legislation and regulations that have been implemented in the nancial services industry in order to support consumer condence and sustain the growth of the market. Although, when viewed as a whole, these rules may appear to be extensive and complex, the individual components are not in themselves unduly onerous or intricate. The challenge for businesses is to ensure that, in implementing their procedures and policies, all applicable legislation is considered, and where necessary, legal advice sought, in order to comply with all the relevant interlacing rules and regulations that govern the distance selling of nancial services. NOTES
1 Directive 2002/65/EC concerning the distance marketing of consumer nancial services, OJ L 271, 9.10.2002, p. 16. Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.95, p. 31. Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ L 178, 17.7.2000, p. 1. Directive 97/7/EC on the protection of consumers in respect of distance contracts, OJ L 144, 4.6.1997, p. 19. Distance Marketing Regulations 2004, Schedule 1. Distance Marketing Regulations 2004, Reg 7(1). Distance Marketing Regulations 2004, Reg 7(4), Schedule 2. Distance Marketing Regulations 2004, Reg 8(2). Distance Marketing Regulations 2004, Reg 8(1). any instrument which enables a consumer to store information addressed personally to him in a way accessible for future reference for a period of time adequate for the purposes of the information and which

11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

39 40 41 42 43 44

4 5 6 7 8 9 10

45 46 47

48

49

allows the unchanged reproduction of the information stored, Distance Marketing Regulations 2004, Reg 8. Distance Marketing Regulations 2004, Reg 9. Distance Marketing Regulations 2004, Reg 10(2), 10(5). Distance Marketing Regulations 2004, Reg 10(3). Distance Marketing Regulations 2004, Reg 11, DMD Article 6(3). Distance Marketing Regulations 2004, Reg 11(1)(a). Distance Marketing Regulations 2004, Reg 11(1)(c). Distance Marketing Regulations 2004, Reg 11(2). Distance Marketing Regulations 2004, Reg 6(3). Distance Marketing Regulations 2004, Reg 10(2). Distance Marketing Regulations 2004, Reg 11(1)(c). Distance Marketing Regulations 2004, Reg 14(1). Distance Marketing Regulations 2004, Reg 14(2). Distance Marketing Regulations 2004, Reg 15. Level 4 on the standard scale, Distance Marketing Regulations 2004, Reg 15(2). Distance Marketing Regulations 2004, Reg 15(1). Distance Marketing Regulations 2004, Reg 15(3) (ne not exceeding level 5 on the standard scale). Directive 2002/65/EC Article 10, and Directive 97/7/EC Article 10. SI 2003/2426. FSMA 2000, s39(2). FSMA 2000, s19. Distance Marketing Regulations 2004, Regs 4(2), 4(3), 6(3). s39 FSMA 2000. As dened in section 326(2) FSMA 2000. Distance Marketing Regulations 2004, Reg 4(4). Distance Marketing Regulations 2004, Reg 2. Distance Marketing Regulations 2004, Regs 2, 4(2). FSMA 2000, s22. HM Treasury: Implementation of Distance Marketing of Consumer Financial Services Directive-Summary of Consultation Feedback and Government Response, August 2004, p. 13. Distance Marketing Regulations 2004, Regs 6(3), 6(4). Distance Marketing Regulations 2004, Regs 6(2). Distance Marketing of Consumer Financial Services Directive, Article 15(2). Implemented in the UK by the Unfair Terms in Consumer Contracts Regulations 1999. Distance Marketing of Consumer Financial Services Directive, Article 15(1). HM Treasury: Implementation of Distance Marketing of Consumer Financial Services Directive-Summary of Consultation Feedback and Government Response, August 2004, p. 22. Distance Marketing Regulations 2004, Reg 14(2). SI 2002/2013. Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ L 178, 17.7.2000, p. 1. Articles 3, 5, 6, 7(1), 10 to 14, 18(2) and 20 implemented by the E-Commerce Regulations. Electronic Commerce Directive (Financial Services and Markets) Regulations 2002, SI 2002/1775 and amending legislation SI 2002/2015 and SI 2004/3378. FSA Policy Statement Implementing the Electronic Commerce Directive: Feedback on CP129, para 2.7.

2007 Palgrave Macmillan Ltd 1363-0539 $30.00 Vol. 11, 4 370380

Journal of Financial Services Marketing

379

Yonge and Massey

50 51

52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78

E-Commerce Directive, recital 17. A Guide for Business to the Electronic Commerce (EC Directive) Regulations 2002, DTI, 31st July, 2002, para 2.16, p. 9. DTI Guide for Business para 2.15, p. 9. DTI Guide for Business para 2.17, p. 9. E-Commerce Regulations, Reg 4. E-Commerce Regulations, Reg 2. E-Commerce Regulations, Reg 3. E-Commerce Regulations, Regs 4(1) and 5. E-Commerce Regulations, Reg 4(3). E-Commerce Regulations, Reg 4(5). E-Commerce Regulations, Reg 4(4) and Schedule. E-Commerce Regulations, Regs 5(1) to 5(4). E-Commerce Regulations, Regs 5(4), 5(6) and 5(7). DTI Guide for Business para 5.3, p. 18. E-Commerce Regulations, Reg 6. E-Commerce Regulations, Reg 7. DTI Guide for Business para 5.8, p. 1. DTI Guide for Business para 5.9, p. 19. E-Commerce Regulations, Reg 8. Compliance Guide page 11, DTI Guide for Business para 5.11, p. 20. DTI Complying with the E-Commerce Regulations 2002, p. 12. E-Commerce Regulations, Reg 9. DTI Guide for Business para 5.19, p. 21. DTI Guide for Business para 5.20, p. 21. E-Commerce Regulations, Reg 11(1). DTI Guide for Business para 5.28, p. 22. E-Commerce Regulations, Reg 11(3). SI 2003/2426. Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, OJ L 201, 31.07.02, p. 37.

79 80 81 82 83 84 85 86

87 88 89 90

Privacy and Electronic Communications Regulations 2002, Reg 2. Privacy and Electronic Communications Regulations 2002, Reg 6(1). Privacy and Electronic Communications Regulations 2002, Reg 6(2). Privacy and Electronic Communications Regulations 2002, Reg 6(4). Privacy and Electronic Communications Regulations 2002, Reg 22(2). Privacy and Electronic Communications Regulations 2002, Reg 22(3)(a) & (b). Privacy and Electronic Communications Regulations 2002, Reg 22(3)(c). Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.95, p. 31. Data Protection Act 1998, Schedule 1. Data Protection Act 1998, Schedule 1, para 8. Data Protection Act 1998, s4(3), Schedule 4. Commission Decision 2000/520/EC, OJ L 215, 25.8.2000, p. 7. Note, however, that following the recent decision of the European Court of Justice (ECJ) in the joint-cases of European Parliament v Council of the European Union and European Parliament v Commission of the European Communities (C-317/04 and C-318/04), it appears that the agreement in respect of the transfer of passenger data is to be annulled. On 30th May, 2006, the ECJ held that neither the Commission nor the Council had sufcient jurisdiction to conclude the agreement. This ruling does not, however, permanently rule out the possibility of passenger name record transfers to the US. Instead, the decision leaves the door open for either an agreement between the EU and US under inter-governmental European justice decision-making, or bi-lateral agreements between the US and each EU member state.

380

Journal of Financial Services Marketing

Vol. 11, 4 370380

2007 Palgrave Macmillan Ltd 1363-0539 $30.00