Webtrends Tracking Code
 
UK Home >  Legal Info For... >  Financial services >  Selling financial services online - legally

Selling financial services online – legally

As well as rules set down by the Financial Services Authority, financial services companies who sell online must comply with e-commerce legislation and should always consider important contract law and commercial issues.

The E-commerce Regulations and Distance Marketing of Financial Services Regulations will apply when contracts are formed with consumers, and these are discussed in separate OUT-LAW guides. This guide concentrates on the non-legislative side, dealing with the contractual and commercial issues which must also be considered when selling financial services products online.

Financial services and e-commerce

While the financial services industry has traditionally been an early adopter of new technology to streamline processes and manage customers, it has by and large relied on tried and tested methods to achieve initial sales. With the notable exception of parts of the insurance sector it is fair to say that very few financial services products are available for purchase in a straight-through online process, with no offline element.

There are obvious barriers to online processing, which help to explain why the financial services industry has been reluctant at times to move into online selling. The investment needed to ensure that systems are technically efficient and legally compliant with regulatory standards, and the legal complexity and relative uncertainty of completing 'sophisticated' contracts online, both act as significant deterrents.

However from a contractual perspective even the most sophisticated financial services products can be validly sold online. There are increasing drivers of change which may force the financial services industry to re-evaluate the cost balance between adopting online systems and the perceived barriers to doing so.

The time to move to online selling

A straight-through online sales process – that is, a transaction which can be carried out online in one go, where the consumer does not have to go through any additional steps outside of the online process – is an obvious way of reducing overheads.

Perhaps the greatest driver of change is the need to maximise the effective use of consumer data. Principal profits on financial services products generally accrue from selling multiple products to the same consumer. The benefits online selling gives for ownership of data and the ability to exploit it effectively should never be overlooked.

There are obvious benefits in a move to online selling of financial services. But legally and contractually the process must be valid, and three separate issues will be important in the decision making process:

  • Digital signatures;
  • Data protection; and
  • Risk allocation.

Digital signatures

There are increasingly few contractual situations which require a signature for them to be legally valid. We conclude contracts every day without any need for a signature – every time we buy something from a shop, for instance.

However, while signatures are not legally required to conclude most contracts, they are designed to increase security in the contractual process. To different degrees they help to:

  • Identify an individual and link that individual to the agreement;
  • Indicate an intention to be bound by the agreement; and
  • Indicate the individual's trustworthiness.

Complex financial services products, like life insurance, have to date largely relied on traditional 'wet' (i.e. ink on paper) signatures to show these three elements. But it is important to remember that, as a method of security, wet signatures themselves are inherently flawed and susceptible to fraud.

Digital signatures have their basis in law under the Electronic Signatures Regulations, which implemented the Electronic Signatures Directive of the EU .

Digital signatures come in a variety of forms, and the choice of which form to use will be judged against the level of security required in terms of the three elements above, and the relevant risk associated with the product. At the simplest level, a digital signature could be a user clicking the 'buy' button on an e-commerce website. The English Law Commission have confirmed that this constitutes a valid signature.

At a more secure level, digital signatures can take the form of electronic certificates – with encryption systems to ensure that the recipient knows that only the sender could have 'signed' the document.

In terms of selling financial services products online the method adopted will depend on the level of security which the vendor needs. In most cases, where identity can be validly established through other methods (for example, a credit search – which also helps comply with Money Laundering obligations), then the main purpose of the signature is to indicate intention to be bound by contract. In these cases a simple 'click' signature may be sufficient.

Medical consent is a common, if not universal, requirement for certain financial services products, most notably life insurance policies. Unfortunately, at present it is the main impediment to completing the sale in a fully straight-through process. Where a product specifically requires medical consent, the BMA requires that consent 'in writing'.

The phrase 'in writing' has been determined by the English Law Commission and DTI to include digital signatures. However, the BMA considers that a 'wet' signature is required. This position is being reviewed, but at present the most obvious solution is to instruct the consumer to print and sign a consent form at the end of the process. The extent to which this will postpone the actual sale is discussed in terms of balancing risk for the provider.

Data protection

The vast majority of information collected by financial services companies during online applications will be personal data as set out in the Data Protection Act. In some cases, and almost certainly in life insurance applications, the information will include 'sensitive personal data' – relating amongst other things to the physical or mental health of the individual.

Whenever personal data is collected the individual applicant must be told, at the time of collection, certain key information, including how their data will be used. Where sensitive personal data is collected the applicant's consent may need to be obtained. Consent may also be necessary where the data is to be processed in non-EEA countries. The data should then be processed in accordance with the Act, and particularly in accordance with the eight data protection principles. Overriding these is the obligation to process data fairly and lawfully.

In terms of a straight-through process, this means that the consumer must be given a full notice on how their data will be used, and in some cases will require the consumer to specifically consent (checking the box to say that they agree) to the use of their data for certain purposes. For more information see our guide to Data Protection.

It is also vital, where more than one party is involved in the transaction (e.g. where an IFA is selling a provider's product, or a 'brand' is selling a product put together by a joint venture of providers) that the agreements between these parties deal with issues of data management, and controls who 'owns' the customer, and their data.

Risk allocation

Decisions on risk-weighting are commonplace within the financial services industry, and online sales will involve a number of issues in risk allocation. Each different product, or class of products, will raise its own individual problems.

Taking as an example the online sale of a life insurance products, there are likely to be two specific risk issues which arise: first, the underwriting decision of whether to accept risk on the basis of information provided; and second, the acceptance of the risk at the point of sale where cover is given with immediate effect, but some element of the process is outstanding.

The first issue is as much technical as it is legal – and at the heart of any online sales system there will lie software designed to analyse the information received from the applicant and determine whether or not an underwriting decision can be made on the basis of it, and if so to take that decision and issue calculated figures.

By the nature of the product, and the range of applicants, it is unlikely that every life insurance sale will be completed entirely online. The level of risk which can be accepted by the underwriting software will be relatively low, and accordingly some applications will need to be referred for individual underwriting consideration. The level of acceptable risk at which this referral is made will need to be calculated by each provider.

The second risk allocation issue will be where, on the basis of the information provided, the life insurance application is accepted automatically online, and the purchaser wishes cover to start automatically. While full completion of the sale may await some final element, for instance the receipt of a medical consent form with a 'wet' signature, a decision will have to be taken as to whether the provider is prepared to accept the risk of covering the individual until this is received. Again, it may be commercially important to conclude the sale if at all possible, and some element of risk-weighting may be inevitable.

Contact: John Salmon on 0141 248 4858 / john.salmon@pinsentmasons.com

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.