Money

The Financial Obstacles Facing SMEs - Some Hope From the FCA?

SMEs form the economic backbone of almost every economy in the world.

In the UK, a company is defined as being an SME if it meets two out of three criteria: it has a turnover of less than £25m, it has fewer than 250 employees, it has gross assets of less than £12.5m.

The Department for Business Innovation and Skills has estimated that 99.3% of UK private sector businesses were SMEs, with their £1.6 trillion annual turnover accounting for 47% of private sector turnover.

Despite their self-evident value to the UK economy, SMEs face huge financial challenges, and successive Governments have failed to adequately address these.

The major challenges are:

  1. Cash Flow, in other words delayed payment for services and/or goods supplied in good faith under contract; and
  2. An SME’s relationship with its Bank; and
  3. Recourse to a legal remedy.

Looking at these in turn:

  1. Delayed, or even no payment, is a fact of life for many SMEs and can restrict growth, or even cause voluntary or involuntary liquidation.
  2. Most SMEs have an uneasy relationship with their Bank, the playing field is uneven, to put it mildly. This makes it hard for them to e.g. “carry on” whilst being forced to wait for payment. In some cases, the Bank might “move the goalposts” (Remember the RBS “GRG” scandal which horrified the House of Commons Treasury Select Committee to such an extent that it forced the publication of the Financial Conduct Authority’s investigation)? https://www.parliament.uk/business/committees/committees-a-z/commons-select/treasury-committee/news-parliament-2017/rbs-global-restructuring-group-s166-report-17-19/ The Committee’s Chair, Mrs Morgan commented: “We have today published the terms of reference for our inquiry into SME finance. We’ll examine what must change to prevent what occurred at GRG from ever happening again, and how to restore confidence among SMEs in banks as a source of finance.”
  3. Until recently, there were few practical remedies available to SMEs: Arbitration (which has not proved either quick or successful), or Court Proceedings (which can be expensive, risky and suck valuable management time out of the business).

So, has anything changed to help the SMEs? Well, a little.

The FCA has announced that the Financial Ombudsman Service will, from 1 April 2019, be able to entertain complaints from many more SMEs than so far (an additional 210,000 according to the FCA), and award higher levels of compensation which will keep pace with inflation. https://www.fca.org.uk/news/press-releases/fca-confirms-increase-financial-ombudsman-service-award-limit

However, the FOS remains an organisation set up to help consumers, not companies. Also, this “improvement” will only help SMEs which have a complaint about the way they have been treated by their Bank. So, it goes some way to address point “2” above, but not “1” or “3”.

If you are an SME and have any of the problems referred to here, then we should love to hear from you. We can offer a no obligation initial consultation and have plenty of experience in this area. We are also cost effective and fast.

 

Compliance Alert  

  
The Information Commissioner’s Office (“the Commissioner”) and the Financial Conduct Authority (“the FCA”) announced on 18 February 2019 that they had entered into a new Memorandum of Understanding (“MoU”).  
You’ll be relieved to know that this has nothing to do with Brexit, and indeed will stand whether Brexit occurs, and if it does, whether it is “soft” or “hard”.  
The MoU sets out in detail how the two regulatory bodies will work together in future.  
First, they will share information to assist each other with investigations and to enhance their existing powers by e.g. making the other aware of possible breaches.  Surprisingly the MOU states that in some cases “personal data” will be exchanged but only in accordance with GDPR and Data Protection 2018 principles.  This could be a difficult exercise and it will be interesting to see whether any business which is subject to enforcement action where personal data has been shared will seek to challenge the legality of the action.  
Secondly, they will co-operate with, and assist each other, in relation to enforcement proceedings.  The MoU will enable the Commissioner and the FCA to decide who will “take the lead” where proceedings open the door to either initiating them.  This is a sensible and effective deployment of resources.  
Collaboration between the two bodies is not new.  Since 2014, the FCA and the Commissioner have had a Memorandum of Understanding in place, laying out their formal relationship and demonstrating their commitment to co-operation and the co-ordination of their activities. They have also carried out consultations with a range of institutions to obtain feedback on proposals and approaches and to help shape their approach to compliance issues and enforcement.  
The latest MoU is welcome because it sets out the Commissioner’s and the FCA’s current attitude to a range of regulatory and enforcement scenarios.  
For example, see paragraph 31:  
“The parties will liaise closely to ensure that their separate awareness activities are complementary. Where appropriate, both regulators will share communication and publication plans to facilitate joined up messages and effective resource planning.”  
Also, paragraph 33:  
“The parties may refer a matter for action if the other body is considered more appropriate to deal with the matter.”  
The Commissioner and the FCA have agreed to appoint a person (referred to in the MoU as a “key person”) to “monitor collaboration to ensure that the MoU remains effective and fit for purpose.” They [the “key persons”] will also “seek to identify any difficulties in the working relationship” …  
“The Commissioner and the FCA will monitor the operation of this MoU and will review it biennially.” (paragraph 45).  
The Commissioner and the FCA have wide ranging investigatory powers and have already demonstrated their effectiveness.  In addition, they will act quickly and robustly to enforce.  So, it is essential that all UK businesses review relevant areas of compliance to ensure that they are fit for purpose, that procedures are in place, and that regular and adequate training is provided.  The first step is to carry out an audit, and we can either do this for you or provide you with guidance to enable you to do it yourself.   
© Perfect Solutions Oxford Ltd. 2019 
 

Compliance with the General Data Protection Regulation (“GDPR”) will become compulsory on 25 May 2018.  Whilst it is EU legislation, the Government has stated that its provisions will be incorporated into UK law post Brexit.

The driver for this raft of legislation has been the remarkable increase in data, particularly consumer data, sloshing around the internet over the past few years.  Think Facebook, LinkedIn, Google, Microsoft just for starters.  So far the use of such data has been largely unregulated.

Governments from around the World have recognised that all this data needs to be controlled, to protect not just businesses but consumers as well.  After all, as a consumer, don’t you want that?

There is a lot of scaremongering at present e.g.  talk of huge fines.  The reality is that the UK regulator, the Information Commissioner: https://ico.org.uk/ has declared that it prefers to take a supportive, rather than a punitive approach.

So what you have to do as a business, whether sole trader of multi-national, is to demonstrate to the Commissioner that you tried.  If you can’t show this then you might be in for a nasty fine.

How do you demonstrate this?  It’s not as onerous as you might think.  Here’s what you need to do:

  1. Audit your data.  Where is it?  What is it?  Record where and what it is.  A spreadsheet is perfectly adequate.  Remember, that under the GDPR you need to audit the data you hold about employees as well as customers and other businesses.  Paper records are fine – just keep them under lock and key, and shred any that you no longer need.  All data filed electronically should be protected by passwords/encryption.  Restrict “leakage” of data, e.g. on to USB sticks or laptops.
  2. Work out who is the owner (“Controller”) of the data, who are “Processors” and record that in a document along with what they do with the data.  E.g. used for marketing purposes. In larger organisations you must have contracts between the Controllers and Processors and everyone should be trained as to how to handle data.
  3. Make sure that you have a legal basis for processing.  Record it.  You can no longer grab a business card and then send emails to the giver.  Potential customers must be given the opportunity to positively consent (“single opt in”).   Ideally you should have a “double opt in” process.  Give email recipients an easy way to unsubscribe.  If you use e.g. Mail Chimp, or Constant Contact the double opt in and unsubscribe options are built in.
  4. Give your customers/businesses the rights set out in the GDPR.  E.g. the right to see their data, and the right to have it erased.  Document your procedures.
  5. Privacy by design.  Carry out due diligence checks on e.g. third party IT companies who host your data.  If you have paper records see “1” above:  lock them away or (if no longer needed) shred them.  Record the process.
  6. Manage breaches.  You only have 72 hours to report a breach (leak) of data, from when you become aware of it.  That’s reporting to the regulator and all those affected.  Document your procedures.  This is serious.
  7. Make customers aware.  This can easily be done by having a Privacy Policy on your website.  I’ve not seen many of these!  Sometimes, e.g. with a new customer it would be prudent to send them a Privacy Notice.  These documents outline how you are going to handle their data, and who the regulator is https://ico.org.uk/ .
  8. Third Party Suppliers.  There is an obligation on you to ensure that those with whom you deposit your data have, in turn, adequate GDPR compliance.  So you will have to ask them.  Do they have the appropriate ISO standards?  Where are their servers?  A shed in the back garden is not good enough.  If there is a leak of data from e.g. your website hoster, then you are equally liable. Potentially nasty.  So get a contract in place, and insurance.

I have recently advised a client who wanted to land a contract with an Australian Company.  He had to demonstrate that he complied with GDPR to get it.  He got the contract (worth several million) after I advised him and put all the processes and records in place.  So, this is not just a local issue – it’s as it was intended to be, worldwide.

For more advice contact me on this website.

House of Cards?

Every one of the 3,000 law firms accredited under the Law Society’s Conveyancing Quality Scheme (CQS) must now remove that marketing “badge” from all their material, following criticism from the Advertising Standards Authority ("ASA").

This is how The Law Society described the Scheme:

“The Law Society's Conveyancing Quality Scheme (CQS) provides a recognised quality standard for residential conveyancing practices. Membership establishes a level of credibility for firms with stakeholders such as regulators, lenders and insurers as well as residential homebuyers and sellers.

Since inception in 2011, the CQS has created a trusted community which has helped year on year to deter fraud and continually improve standards across the residential conveyancing sector.”

Most mortgage lenders have insisted that solicitors who want to be on their Panels must be members of the Scheme.

The Law Society has claimed that, to be a member, a solicitors’ firm has undergone “rigorous examination and testing to demonstrate that they have a high level of knowledge, skills, experience and practice”.

The ASA said that this was an exaggeration, given the checks that a firm must undergo to receive the Law Society’s approval. The checks are minimal – but the fees levied by The Law Society on applicants, have been “a nice little earner”. Here is the official Law Society Statement showing how firms must pay to be “accredited”:

Initial assessment and re-accreditation for the Conveyancing Quality Scheme includes an annual application and membership fee. Please do not make payment when submitting your application. On receipt of your application, the amount payable will be determined and an invoice will be sent to the individual applying for accreditation.

Initial accreditation

Application fees for initial accreditation are based on the number of partners at the practice.

And guess who ultimately foots the bill? Well you, the consumer, of course.

The Law Society emailed all CQS members to inform them of the ruling and the need to change their marketing if they repeated the claim.

The Society is also reviewing its marketing for other schemes – its family law accreditation scheme, for example, uses almost exactly the same wording, saying: “Members will have shown that they have and will maintain a high level of knowledge, skills, experience and practice in the area of family law.”

As the fees payable for these “accreditations” are removed will the consumer see a corresponding fall in solicitors’ fees? I wonder…

© November 2017 Hannen Beith

www.legalbusinesshelp.co.uk