Some websites are difficult to navigate or overly complex, while some have become outdated, as technology and design best practice moves on.
On our compliance helpdesk we see a wealth of financial planning websites. Some good, some bad.
We can’t help you with the aesthetic design, or interface of your website, but we can help when it comes to the vital compliance matters.
Here are some of the more typical issues we identify when completing reviews.
Regulatory and ‘non-regulatory’ statements
It’s a common misconception that regulatory statements are a requirement of the FCA. They’re not. But this isn’t to say you shouldn’t have them present on your site.
We would always recommend that websites advertising regulated services include their regulatory statement. Nothing complicated, something as simple as ‘We are authorised and regulated by the Financial Conduct Authority’ will suffice.
Also, it’s worth noting that including your firms FCA FRN number will assist any potential clients who look you up on the FCA register.
Your website might include details of products and services that are not FCA-regulated. If you have chosen to include a regulatory statement, you do need to point out which of your services are not FCA-regulated.
Typical non-regulated services/products we see include: tax planning, estate planning, buy-to-let business, cash flow modelling and trusts.
Again, this needn’t be anything complicated. Here’s an example. Just tweak it to reflect the services you are promoting: ‘The Financial Conduct Authority does not regulate tax or estate planning’
When asked where to put a statement on the website, we recommend it is positioned in a prominent position within your website footer. Placing it within the footer ensures it’s visible on each page. This way you needn’t worry about including it within your page text.
FOS statement missing
Unlike regulatory statements, all regulated firms with a website are required to include information relating to the Financial Ombudsman Service and a link to the FOS website. We suggest firms use the following statement:
‘The Financial Ombudsman Service is available to sort out individual complaints that clients and financial services businesses aren’t able to resolve themselves. To contact the Financial Ombudsman Service please visit www.financial-ombudsman.org.uk.’
Again, it is important you display this information in a prominent place on your website. The footer is as good a place as any or, if preferred, within your ‘contact us’ page.
The same financial promotion rules apply to websites as they do to any other type of promotion. Therefore you must include risk statements where appropriate. Here are some quick examples of risk warnings for typical products and services:
If placing a client’s capital at risk, try:‘This investment may fall as well as rise, you may not get back what you put in.’
If relating to qualifying credit, try: ‘Your home may be repossessed if you do not keep up repayments on your mortgage.’
If relating to lifetime mortgages (or home reversion schemes), try: ‘This is a lifetime mortgage (home reversion scheme). To understand the features and risks, ask for a personalised illustration.’
Once again, make sure your risk warnings can be seen. The FCA expects risk statements to be included in a prominent position on the page and visible to the client whilst they are reading about the product or service to which they relate.
For Mifid II business risk warnings must be ‘at least equal’ in size to your main text.
For these reasons, keep risk warnings out of your website footer. Instead make them visible on the page where the relevant information is being provided.
Contact us forms
If you invite visitors to sign up to newsletters when visiting your website you probably have a details form. But does it meet data protection requirements?
Even though the user is voluntarily completing the form, we suggest you include an ‘opt-in box’ for clients to tick, and accompany it with the following wording:
‘You voluntarily choose to provide personal details to us via this website. Personal information will be treated as confidential by us and held in accordance with the appropriate data protection requirements. You agree that such personal information may be used to provide you with details of services and products in writing, by email or by telephone.’
Where advertising mortgage services we also recommend you include the following:
‘By submitting this information you have given your agreement to receive verbal contact from us to discuss your mortgage requirements’.
Some information is dictated by your firm type. Make sure your website includes the following.
For Companies and Limited Liability Partnerships:
- Company name and status e.g. Ltd or Plc or LLP name and status e.g. LLP.
- The registered office address (note this should be identifiable, not just a PO box number)
- The correspondence address (if different to the registered office address).
- The company or LLP registration number.
- The place of registration e.g. Registered in England.
- Directors’ or Members’ names – you do not need to name all of the directors or members of an LLP, but if you name one or more, then you need to name all of them, using their first name or initial and their surname.
- The main business address.
- Names of all partners or where a list of partners may be inspected.
- Sole traders
- Business name if one is used.
- Name of the proprietor.
- The main business address.
You’re not required to include this information on every page of your website. We’d recommend including it on your ‘contact us’ page to avoid overcrowding.
What you need to know is that The Privacy and Electronic Communications Regulations impose obligations where firms gather cookies on their websites.
You must ensure that visitors to your website:
- are provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and,
- are given the opportunity to refuse the storage of or access to that information.
In most cases firms do have a cookies page listed within the footer of their website, but consent is rarely obtained. This is not sufficient. We recommend that clients have a pop up on their site visible upon first access. It should include a link to the relevant information and a tick box for clients to confirm their understanding.
Your content should be up to date and relevant. Sounds simple but it can be difficult depending on the size of your website.
If you include information specific to a tax year for example, ensure that you use your financial promotion register to remind you that your website is to be reviewed at the beginning of the new tax year.
Gathering client information through your website
If any part of your website invites visitors to submit personal information to you, then to comply with data protection requirements you need to include your privacy notice as part of this process and inform the data subjects about how you will process their data and on what basis.
Tony Lewis is head of compliance and technical helpdesk at Threesixty