CMCOB 2.1 General principles

CMCOB 2.1.1 R

1A firm must act honestly, fairly and professionally in accordance with the best interests of its customer (the client’s best interests rule).

CMCOB 2.1.2 R

1A firm must establish and implement clear, effective and appropriate policies and procedures to identify and protect vulnerable customers.

CMCOB 2.1.3 G

1 Customers who have mental health difficulties or mental capacity limitations may fall into the category of particularly vulnerable customers.

CMCOB 2.1.4 R

1A firm must not engage in high pressure selling in relation to regulated claims management activity.

[Note:CAPR CSR 3]

CMCOB 2.1.5 R

1A firm must not carry out a cold call in person.

[Note:CAPR CSR 4]

CMCOB 2.1.6 G

1 CMCOB 2.2 sets out further rules and guidance in relation to generating, obtaining, and passing on leads.

CMCOB 2.1.7 R

1A firm must not make or pursue a claim on behalf of a customer, or advise a customer to make or pursue a claim, if the firm knows or has reasonable grounds to suspect that the claim:

  1. (1)

    does not have a good arguable base; or

  2. (2)

    is fraudulent; or

  3. (3)

    is frivolous or vexatious.

CMCOB 2.1.8 G
  1. (1)

    1A firm should take all reasonable steps to investigate the existence and merits of each element of a potential claim before making or pursuing the claim or advising the customer themselves to make or pursue the claim.

    [Note:CAPR GR 2(a)]

  2. (2)

    In accordance with Principle 1 (Integrity) and Principle 2 (Skill, care and diligence), the firm’s investigations should be such that it is able, in presenting a claim, to make representations which:

    1. (a)

      substantiate the basis of the claim;

    2. (b)

      relate to the nature of the claim and are specific to the claim; and

    3. (c)

      are not false or misleading, or an exaggeration-

  3. (3)

    In complying with CMCOB 2.1.7Rfirms should have regard to:

    1. (a)

      relevant guidance, including about their decisions, published by the Financial Ombudsman Service, any other relevant statutory ombudsman, or statutory compensation scheme; and

    2. (b)

      decisions by the Financial Ombudsman Service, or any other relevant statutory ombudsman, or statutory compensation scheme concerning similar claims in respect of which the firm acted for the claimant to whom the decision was addressed.

CMCOB 2.1.9 R

1A firm must publish on its website (if it operates a website) the standard terms and conditions of the contracts it enters into with customers.

[Note:CAPR CSR 11]

CMCOB 2.1.10 R

1A firm must not take any payment from a customer until the customer has signed an agreement with the firm which provides for such a payment to be made.

[Note: CAPR CSR 11]

CMCOB 2.1.11 G
  1. (1)

    1CMCOB 2.1.10R prohibits a firm from taking a payment from a customer before the customer has signed an agreement with the firm. It is not sufficient for the firm to enter into an agreement with the customer orally for this purpose: the agreement should be signed.

  2. (2)

    The signature should be on a hard copy of the agreement which may be given or posted to the firm, else sent by fax, or scanned or photographed and sent electronically. Alternatively, the customer could insert a digital image of their handwritten signature into an electronic copy of the agreement before returning the agreement to the firm by email.

  3. (3)

    The FCA would not view an agreement as having been signed for the purposes of CMCOB 2.1.10R where the customer does no more to indicate their acceptance of the firm’s terms and conditions than to send a text message or email or to tick a box on a website or web-based form.

  4. (4)

    The firm will also need to have complied with the requirements of CMCOB 4 (Pre-contractual requirements), including the requirement to take reasonable steps to ensure that the customer understands the agreement (see CMCOB 4.3.1R(3)). Where an agreement is entered into electronically, those steps should include the firm satisfying itself that the customer has had the opportunity to familiarise themselves with the contract.

CMCOB 2.1.12 R
  1. (1)

    1This rule applies in respect of an agreement entered into between the customer and the firm under which the firm is to provide claims management services.

  2. (2)

    The firm must:

    1. (a)

      allow the customer to cancel the agreement during a period of 14 days beginning on the day that the agreement is entered into; and

    2. (b)

      permit the customer to terminate the agreement at any time after that period.

  3. (3)

    Where the customer cancels an agreement under (2)(a), the firm must provide the customer with a refund of any payments made to the firm.

  4. (4)

    Where the customer terminates an agreement as in (2)(b), the firm must not charge the customer an amount in excess of what is reasonable in the circumstances and reflects the work undertaken by the firm.

  5. (5)

    This rule:

    1. (a)

      does not apply if regulation 8 (Terms and conditions of termination in an employment matter) of the Damages-Based Regulations 2013, or any equivalent provision made under the law of Scotland, applies; and

    2. (b)

      is subject to:

      1. (i)

        CMCOB 2.1.13R and CMCOB 2.1.14R; and

      2. (ii)

        the claims management fee cap (see CMCOB 5).

[Note:CAPR CSR 17 and 18]

CMCOB 2.1.13 R
  1. (1)

    1A firm must not charge a fee to a customer in relation to a financial services or financial product claim before the provision of a claims management service to the customer other than seeking out, referrals and identification of claims or potential claims. [Note:CAPR CSR 15]

  2. (2)

    This rule is subject to CMCOB 2.1.14R.

CMCOB 2.1.14 R
  1. (1)

    1A firm must not charge a fee to a customer in relation to a claim in respect of a payment protection contract prior to the later of:

    1. (a)

      the customer withdrawing or deciding not to pursue the claim; and

    2. (b)

      the settlement of the claim.

  2. (2)

    A firm must not charge a fee to a customer in relation to a claim in respect of a payment protection contract if there was no such contract between the customer and the person whom it was alleged was the counterparty to the contract.

[Note:CAPR CSR 15 and 16]

CMCOB 2.2 Generating, obtaining and passing on leads

CMCOB 2.2.1 G
  1. (1)

    1The Principles (in particular Principle 6 and Principle 7) apply to actions of a firm dealing with a claim or a customer whose details the firm has obtained from a lead generator. For example, where there is a possibility that the lead generator is using misleading information, advice or actions to obtain a customer’s personal data, acting on those sales leads could amount to a breach by the firm of Principle 6 and Principle 7.

  2. (2)

    The definition of “customer” in the Glossary includes a person who may have a claim and either (i) may use the services of a person who carries on a regulated claims management activity or an activity which would be a regulated claims management activity but for the exclusion in the Regulated Activities Order; or (ii) in respect of whom a person carries on the regulated activity of seeking out, referrals and identification of claims or potential claims or an activity which would be the regulated activity of seeking out, referrals and identification of claims or potential claims but for an exclusion in the Regulated Activities Order. An individual who is contacted by a lead generator, or whose details are obtained by a lead generator and passed on to another firm, is, therefore, a customer of both the lead generator and, where relevant, that other firm.

Requirements relating to use of a lead generator

CMCOB 2.2.2 R
  1. (1)

    1A firm that accepts or proposes to accept sales referrals, leads or data (including details of claims or of customers) from a lead generator must:

    1. (a)

      ascertain whether the lead generator is an authorised person with a permission to carry on seeking out, referrals and identification of claims or potential claims; and

    2. (b)

      satisfy itself as to whether the lead generator has appropriate systems and processes in place to ensure compliance with (i) and (ii) (including that the referrals, leads or data have been obtained in compliance with (i) and (ii)):

      1. (i)

        data protection legislation; and

      2. (ii)

        the Privacy and Electronic Communications (EC Directive) Regulations 2003 (or, if the lead generator is established in an EEA State but has no establishment in the United Kingdom, the equivalent legislation in that EEA State).

  2. (2)

    The firm must take the steps required by (1):

    1. (a)

      before accepting sales referrals, leads or data from a particular lead generator for the first time; and

    2. (b)

      if the firm continues to accept sales referrals, leads or data from that lead generator, at appropriate intervals.

  3. (3)

    If the lead generator is not an authorised person with a permission to carry on seeking out, referrals and identification of claims or potential claims, the firm must take reasonable steps to satisfy itself that the lead generator may carry on that regulated activity without breaching the general prohibition.

  4. (4)

    The firm must keep a record of the steps it has taken under (1), and its conclusions in relation to (1)(a) and (1)(b).

CMCOB 2.2.3 G
  1. (1)

    1A firm may ascertain whether a person is an authorised person by checking the Financial Services Register on the FCA website.

  2. (2)

    In order to comply with CMCOB 2.2.2R(1)(b) the FCA expects firms and lead generators to ensure that they are aware of any requirements to obtain consent under:

    1. (a)

      regulation 21A of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the cold calling ban);

    2. (b)

      data protection legislation; and

    3. (c)

      any guidance published by the Information Commissioner’s Office in relation to data protection legislation and the cold calling ban.

  3. (3)

    In satisfying itself as to whether a lead generator has appropriate systems and processes in place to ensure compliance with data protection legislation, a firm should consider, in particular, the procedures by which the lead generator obtains customers’ personal data and customers’ consent to the use (including the acquisition, storage and sharing) of that data and whether there is consent to use it in the firm’s intended marketing.

  4. (4)

    Firms are reminded that, under data protection legislation, they must have consent from the customer to process the customer’s personal data, for example to contact the customer or to pass their details on to a third party, unless one of the other conditions which renders the processing of that data lawful is satisfied. In this context, the FCA would normally expect firms to obtain consent and would only expect firms to be able to rely on the legitimate interests condition (under article 6(1)(f) the General Data Protection Regulation (EU) No 2016/679) very occasionally. Where the firm relies on consent which has been obtained by a lead generator, the firm should satisfy itself that the consent was properly obtained, and clearly covers both the firm and the use that the firm intends to make of the customer’s personal data. In relation to consent, firms are also reminded of the requirements in article 7(2) of the General Data Protection Regulation (EU) No 2016/679.

  5. (5)

    In satisfying itself as to whether a lead generator has appropriate systems and processes in place to ensure compliance with the Privacy and Electronic Communications (EC Directive) Regulations 2003, a firm should consider, in particular, the systems and processes the lead generator has in place to ensure compliance with the prohibition of cold-calling in relation to claims management services (regulation 21A) and the requirements in relation to the use of electronic mail, including text messages, for direct marketing purposes (regulation 22). The Regulations also contain restrictions on marketing by fax, email and text message and apply to both the caller/sender of the marketing (e.g. the lead generator) and the instigator (e.g. the firm, where the lead generator is acting on behalf of the firm). Both the instigator of the marketing and the business carrying out the marketing may be subject to enforcement action if any breaches occur. Firms should therefore ensure that any marketing carried out on their behalf by a lead generator is compliant.

  6. (6)

    A firm should have regard to the frequency with which it accepts leads from a lead generator when determining what an appropriate interval is at which it should take the steps required by CMCOB 2.2.2R: the more frequently it accepts leads from that lead generator, the shorter should be the interval; and where the firm accepts leads from the lead generator on an ongoing basis, it should take those steps regularly.

Recording the source of sales referrals, leads or data

CMCOB 2.2.4 R

1Where a firm accepts a sales referral, lead or data, or details of a claim or of a customer, from a lead generator, the firm must keep a record of the lead generator from whom it accepted that lead or those details for at least three years.

CMCOB 2.2.5

[Not used]1

CMCOB 2.2.6 R

1If the firm is not satisfied as to the matters in CMCOB 2.2.2R(1)(b), it must neither accept sales referrals, leads or data from that lead generator nor use sales referrals, leads or data obtained from that lead generator.

Notifying the FCA if a lead generator is not authorised

CMCOB 2.2.7 R
  1. (1)

    1If the lead generator is not an authorised person with a permission to carry on seeking out, referrals and identification of claims or potential claims and the firm is not satisfied that the lead generator may carry on that regulated activity without breaching the general prohibition, the firm must:

    1. (a)

      promptly notify the FCA in writing, using the form at SUP 15 Annex 4R; and

    2. (b)

      neither accept sales referrals, leads or data from that lead generator nor use sales referrals, leads or data obtained from that lead generator.

  2. (2)

    A notification under (1)(a) must include:

    1. (a)

      the identity of the lead generator and, if known, contact details for the lead generator; and

    2. (b)

      the firm’s reasons for not being satisfied that the lead generator may carry on seeking out, referrals and identification of claims or potential claims without breaching the general prohibition.

Provision of information by lead generators

CMCOB 2.2.8 R
  1. (1)

    1This rule applies to a firm from the time at which it could reasonably be expected to know or suspect that it is going to:

    1. (a)

      pass the customer, or details of a customer or of a claim, to a third party, or give details about the third party to a customer; and

    2. (b)

      receive a payment from the third party in relation to the firm doing so.

  2. (2)

    The firm must, in its financial promotions and in any communication with the customer, include a prominent statement to the effect that the firm receives payments from third parties to whom it passes customers, or the details of customers or of claims, or whose details it passes to customers, in respect of doing so.

  3. (3)

    If a communication relates to a claim which may be made by a customer, without using the services of the firm and without incurring a fee, to a statutory ombudsman or statutory compensation scheme the firm must ensure that the communication contains a prominent statement to the effect that:

    1. (a)

      the customer is not required to use the services of a firm which carries on regulated claims management activity to pursue their claim; and

    2. (b)

      it is possible for the customer to present the claim themselves for free, either to the person against whom they wish to complain or to the relevant statutory ombudsman or statutory compensation scheme.

  4. (4)

    Where the communication is made by voice telephony, the firm must comply:

    1. (a)

      with (2) at the start of the call; and

    2. (b)

      with (3) as soon as the firm knows the sort of claim to which the communication relates.

  5. (5)

    The firm need not comply with (2) or, as relevant, (3) if it has previously complied with those rules in respect of that customer within the previous month.

CMCOB 2.2.9 G
  1. (1)

    1CMCOB 2.2.8R applies to lead generators, and to other firms which generate leads, as soon as there is a possibility of customers, or the details of customers or of claims being passed to another person.

  2. (2)

    Examples of a firm receiving a payment from a third party in relation to doing any of the things mentioned in CMCOB 2.2.8R(1)(a) include (but are not limited to):

    1. (a)

      the third party paying the firm a fee for each sales referral or lead it passes on; and

    2. (b)

      the third party making a monthly, occasional or a one-off payment to the firm irrespective of how many sales referrals, or leads or data the firm actually passes on and irrespective of how this might be described (for example as a ‘marketing budget’).

  3. (3)

    Where that rule applies to telephone calls, it applies in respect of both incoming and outgoing calls, including voice telephony over the internet.

  4. (4)

    The guidance at CMCOB 3.2.8G also applies in relation to CMCOB 2.2.8R(3).

  5. (5)

    Firms are reminded that section 56 of the Legal Aid, Sentencing and Punishment of Offenders Act 2012 prohibits the payment and receipt of fees for the referral of legal services in cases involving personal injury or death.

CMCOB 2.3 Recording and retention of telephone calls and electronic communications

Recording and retention of telephone calls and electronic communications

CMCOB 2.3.1 R

1This section applies to telephone calls and electronic communications between the firm and a customer made for the purposes of, or in connection with, a regulated claims management activity carried on by the firm (“relevant communications”).

CMCOB 2.3.2 R

1 Firms must record all telephone calls and retain all other relevant communications.

CMCOB 2.3.3 G

1The requirement to record and retain all relevant communications applies to incoming and outgoing calls, text messages, emails, and other electronic communications between the firm (or a person acting for the firm) and a customer, including calls and communications relating to complaints about the firm.

CMCOB 2.3.4 R

1A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant communications:

  1. (1)

    on equipment owned by a person other than the firm; and

  2. (2)

    which the firm is unable to record or retain.

CMCOB 2.3.5 R

1A firm must notify a customer at the start of each telephone call (including a call made by voice telephony via the internet) that the call will be recorded.

Retention period

CMCOB 2.3.6 R

1The firm must retain telephone call recordings (including recordings of calls made by voice telephony via the internet) for a minimum of 12 months, from the latest of:

  1. (1)

    the customer withdrawing or deciding not to pursue the claim;

  2. (2)

    the settlement of the claim;

  3. (3)

    the conclusion of any legal proceedings commenced in connection with the claim;

  4. (4)

    the conclusion of the handling of any complaint made by the customer to or about the firm, including the handling of the complaint by an alternative dispute resolution scheme (such as the Financial Ombudsman Service);

  5. (5)

    the termination of the agreement between the firm and the customer; and

  6. (6)

    the date of the firm’s last contact (by whatever method) with the customer.

CMCOB 2.3.7 G
  1. (1)

    1For the purposes of CMCOB 2.3.6R(2), a claim is settled when the customer receives compensation, damages or redress in respect of the claim.

  2. (2)

    The effect of CMCOB 2.3.6R is that where, for example, the only contact with the customer is a telephone call made with a view to selling the firm’s services, but the customer does not engage the firm, the firm is required to keep a record of that call for at least 12 months. (Firms are reminded that, in relation to cold calling by telephone, the Privacy and Electronic Communications (EC Directive) Regulations 2003 prohibit unsolicited calls for the purposes of direct marketing in relation to claims management services without the consent of the subscriber of the line being called (regulation 21A).)

  3. (3)

    The effect of CMCOB 2.3.6R(4) is as follows. Where the firm would otherwise become entitled to cease to keep the record absent that provision but at that time there is a complaint that has been made and not concluded, the firm must retain that record for a minimum of twelve months from the point at which the complaint has been concluded.

CMCOB 2.4 Record keeping

CMCOB 2.4.1 G
  1. (1)

    1Firms are reminded that SYSC 9.1.1R requires a firm to arrange for orderly records to be kept of its business and internal organisation, including all services and transactions undertaken by it, which must be sufficient to enable the FCA to monitor the firm’s compliance with the requirements under the regulatory system, and in particular to ascertain that the firm has complied with all obligations with respect to clients.

  2. (2)

    Firms are also reminded that SYSC 9.1.5G states that in relation to the retention of records, a firm should have appropriate systems and controls in place with respect to the adequacy of, access to, and the security of its records so that the firm may fulfil its regulatory and statutory obligations. With respect to retention periods, the general principle is that records should be retained for as long as is relevant for the purposes for which they are made. For these purposes retaining records would include keeping all text messages, emails, and other electronic communications between the firm (or a person acting for the firm) and a customer.

  3. (3)

    As a minimum, firms should retain records in their files of any advice given to, and correspondence with, their customers, and of any correspondence with third parties in the course of their providing services to their customers.

  4. (4)

    CMCOB also imposes a number of specific record-keeping requirements: see Schedule 1.