Complaints Handling Policy

1. Purpose

The purpose of this policy is to set out the obligations of Digital Completion UK Ltd. (“PEXA”, “the Company”, or “we” / “us” / “our”) and its employees or representatives for identification and management of complaints received in the ordinary course of our business.

We are committed to providing the best quality service to our customers and consumers. A customer is defined as a participant of the PEXA platform, (Financial Institution or Law Firm) and a consumer is defined as the customer of the participant. We have a low-risk appetite relating to matters which may have an adverse impact on our customers and other stakeholders and continually seek to minimise risk and exposure in this space.

This policy is designed to set out our approach to complaints received from customer organisations, hereby defined as a “non-regulated” complaint. As we are responsible for the PEXA platform, we are only able to deal directly with complaints relating to the platform and its operation.

Complaints between a customer and their consumers

We cannot deal with complaints between a customer and their consumers and therefore we will not be directly involved in complaints received from consumers. We have defined these as “regulated” complaints.

FCA Complaints Handling Rules

Regulated complaints should be dealt with in a way which enables a customer to meet the regulatory expectations in the FCA’s Complaints Handling Rules (DISP). Our obligations are:

• to identify such complaints;
• pass the details over to the relevant customer in a timely manner; and
• provide that customer with appropriate information to enable them to handle the complaint in accordance with their DISP obligations.
• If the FCA regulated complaint involves or relates directly to the use of Personal Data please refer to Section 8 and Annex 1.

Personal Data-related complaints between a customer and PEXA (non-regulated complaints)

If we receive Personal Data related complaints from our customers, hereby defined as a non-regulated “Personal Data-related” complaint about how PEXA has handled a customer’s Personal Data, we must deal with these in accordance with the requirements of relevant data protection legislation. Please refer to sections 3, 7 and Annex 3.

2. Scope

The policy applies to all PEXA employees, including Directors (Executive & Non-Executive), as well as staff within other third parties and any other persons engaged under a contract of service by or on behalf of the Company, whether on a permanent or temporary basis (hereafter “PEXArians”). In the context of this policy, third party refers to any organisation PEXA works with in respect of significant or material services provided to the Company including from other companies within the PEXA Group.

In the context of this policy, third party refers to any organisation PEXA works with in respect of significant or material services provided to the Company, including from other companies within the PEXA Group.

3. Definition of a Complaint

PEXA defines a complaint as an expression of dissatisfaction made to, or about, PEXA and which may be related to PEXA’s platform, processes, services (which include onboarding and training programmes), PEXArians or the handling of a complaint, where a response or resolution is explicitly or implicitly expected or legally required. Please note that the definition of ‘complaint’ includes any complaints relating to Personal Data.

A complainant is not required to expressly state the word “complaint”, “Personal Data” or “dispute” or put the complaint in writing for it to be considered a complaint.

Practical examples (not exhaustive) of complaints may include:

• A defect in the PEXA platform;
• Inadequate PEXA processes;
• Queue wait times;
• Quality of service provided;
• Inaccurate information being provided by us;
• Delays in responses or exception processes;
• Inadequate customer training;
• Delays or inaccuracy in the onboarding process;
• Useability of the PEXA platform;
• Inaccuracies in Personal Data held by PEXA; and,
• A complainant’s Personal Data has been processed in a way unbeknown to, or unexpected by, the complainant, e.g. transferring their Personal Data to an organisation and/or country that was not made aware to the complainant via a Privacy Notice.

Eligible complainants covered under this policy include a customer firm which relates to a participant of the PEXA platform.

4. Policy Principles

The principles underlying this policy are:

We will treat customers and other stakeholders with respect

We will treat customers and others in the PEXA network in a courteous manner and promptly respond to their complaints. Frontline PEXArians are empowered to resolve these issues wherever possible and have the authority to:

• obtain necessary information to assess the validity of the complaint;
• resolve issues or concerns, wherever possible;
• reject issues or concerns; and,
• direct complaints to the appropriate individual where necessary.

We will aim to resolve complaints efficiently

We will seek to address, investigate and resolve complaints with speed and continual customer focus. This includes ensuring appropriate resources are made available and used for effective complaints handling.

We will communicate our complaints handling process

Our complaint handling process will be communicated to PEXArians, customers, complainants, and, where applicable, other parties directly concerned, in an easily accessible manner. Details of our complaints handling process will be held on PEXA’s website.

We will address common issues

Through root cause analysis and a culture of continuous feedback and improvement we will seek to address the common issues identified from complaints and refer them to our Product and Technology teams for consideration. In addition, we will report any such issues, and the progress on mitigation of them, to management. Any systemic risks identified through complaints and root cause analysis will be managed according to the PEXA risk management policies, with mitigating action plans implemented to prevent reoccurrence.

We will regularly review our complaints handling process

We will routinely assess the effectiveness of the complaint handling process and seek continual improvement that benefits our customers. As our services in the UK evolve, we will update this policy as required. This policy will be reviewed on an annual basis or sooner, if deemed necessary.

How we will share our complaints data and metrics

We will create and make available on request data and metrics surrounding PEXA complaint handling. The report will include metrics around complaints received, justified, resolved and outstanding. Any data and metrics that include Personal Data will be anonymised, where appropriate.

5. Roles and Responsibilities

The Roles and Responsibilities of individuals and teams within PEXA are set out in the table below:

Function/Title	Role and Responsibility
All PEXArians	Ensuring all complaints are identified in line with this policy. Directing complaints to the appropriate individual, team, or customer.
Operational Support Team	Providing a single, publicly recognisable point of contact for the receipt and management of complaints. Resolving complaints per the Complaint Handling Process and within timelines outlined in this policy. Accurately recording complaints within the Complaints Register in a timely manner.
People Managers	Ensuring that all employees understand and adhere to the Complaint Handling Process, read all the relevant policies and request further training where needed.
Quality Assurance Specialist	Overall management of complaints in line with this policy. Ensuring complaints are actioned and resolved within agreed SLAs. Generating monthly complaints MI (e.g. monthly reports on complaints received, justified, resolved and outstanding). Ensuring root cause analysis is undertaken on all new complaints to ensure accurate reporting, learnings and common themes are identified and implemented. Reporting any potential systemic risks identified through root cause analysis to Governance, Risk and Compliance.
Governance, Risk and Compliance	Assessing whether responsibilities for complaints handling have been appropriately assigned. Assessing the effectiveness and efficiency of the complaints handling process through appropriate risk forums. Reviewing time taken to respond to complainants. Providing recommendations for improvements to the Complaint Handling Policy and objectives. Providing a summary of complaints data / themes in management / Board reporting. Providing oversight of complaint process and responses to ensure agreed standards are being met.
UK Executive Committee	Encouraging and rationalising the importance of complaint identification and handling. Promoting and ensuring that all complaint MI is reviewed, and root cause analysis is regularly monitored. Ensuring that PEXA’s complaint handling strategy remains fit for purpose.
UK Chief Risk Officer	Monitoring the effectiveness of this policy and reviewing it on an annual basis. Reviewing cases of non-compliance with this policy and determining the appropriate course of action.

 

6. Complaints Handling Process

Complaints received from an eligible complainant will be handled via the process set out below and in Annex 2. Please refer to the process set out in Annex 3 for handling Personal Data-related complaints.

How a complaint may be made

If an eligible complainant wishes to make a complaint, they can do so via the following channels:

• Email;
• Post; or,
• Phone / verbal communication.

As stated in section 3, a complainant is not expressly required to use the words “complaint” or “dispute” for the issues they raise with us to be considered and recorded as a complaint. If a complainant is unhappy with a service which they have received from us, we will make them aware of our complaints process should they wish to make a complaint.

Our complaints process, which includes details on how to complain, is available on our website.

Acknowledging the complaint

When a complaint is resolved by the close of the third business day after receipt, we will send the complainant a summary resolution communication at the earliest opportunity. This includes confirmation that PEXA considers the complaint to be resolved. Where complaints are not resolved within three business days, we will send the complainant a prompt written acknowledgement providing early reassurance that we have received the complaint and are dealing with it. In any event, this letter will be sent within 5 business days of receipt of the complaint and will include a copy of the complaint handling process, to ensure complainants are aware of the next steps.

We will also ensure the complainant is kept informed thereafter of the progress of the measures being taken for the complaint’s resolution. Complaints which take longer than 3 working days to resolve will be escalated to a Team Leader to ensure satisfactory resolution.

All complaints are recorded on the Complaints Register. Where complaints are received in writing or by telephone, the complaint will need to be logged to the same system and the appropriate category selected.

Assessing the complaint

We will investigate the complaint fully, taking account of as much information as possible. The complaint will be investigated, diligently and assessed fairly, consistently, and promptly. The investigation will look at the subject matter of the complaint, whether the complaint should be upheld, what remedial action or redress / goodwill gesture (or both) may be appropriate and where relevant, whether PEXA has reasonable grounds to be satisfied that another firm may be solely or jointly responsible for the matter alleged in the complaint, considering all relevant factors.

Whilst we hope that complaints will be resolved swiftly and effectively, we recognise that there may be times when we are unable to resolve complaints as quickly as we might like. In order to ensure complainants are kept updated we will write to them at the 4-week stage to apologise for the delay and explain that a further letter will be sent. All complaints outstanding for 4 weeks or more will be reported and tracked through the UK Executive Committee.

Response to the complaint

We will provide a final response to the complainant setting out our decision in respect of their complaint.

Where redress or a goodwill gesture is to be made, the final response letter will include an acceptance form for the complainant to confirm their acceptance of our offer prior to payment. This acceptance form will also confirm that any compensation is paid in full and final settlement of the complaint.

Where a final response cannot be provided within 8 weeks of receipt of the complaint we will write to the complainant to provide them with an update on their complaint. We anticipate that it is unlikely that we will take 8 weeks to resolve complaints and expect staff to make every effort to work together to avoid such a situation arising. All complaints outstanding for 8 weeks or longer will be escalated through a UK Executive Committee member to ensure the appropriate visibility and support is provided to resolve. If a resolution cannot be found, then a “deadlock” letter will be provided to the customer detailing the reasons behind this decision.

Complaint timeline

Timeline	Action required
Up to 3 days	Complaint handled by trained member of Operational Support Team. Classed as “there and then” complaint.
Greater than 3 days	Complaint escalated to Team Leader within the Operational Support Team. Acknowledgement letter sent to customer confirming we are dealing with their complaint and advising next steps. Team Leader will provide support and guidance to ensure satisfactory resolution.
At 4 weeks	Holding letter sent to customer, apologising for the delay and advising actions being taken to resolve. Complaint reported and tracked at UK Executive Committee.
At 8 weeks	Further written communication updating customer on progress. Complaint escalated to UK Executive Committee member to support resolution. Actions tracked through UK Executive Committee reporting.

 

Redress

There are agreed redress limits which are set out in the Complaint Handling Process. These limits are accompanied by the approval process and approval steps that are required to pay redress in excess of these limits.

Complaints will be responded to in a polite and professional manner, taking care to ensure that the complainants’ concerns have been fully addressed. Any monitoring of complaint files will ensure that this is the case and that responses are clear and easily understood.

7. Handling Personal Data-related Complaints from

Customers

Personal Data-related complaints received from an eligible complainant will be handled via the process set out below and in Annex 3.

Definition of Personal Data

Personal Data means any information that relates to an identified or identifiable natural person (Data Subject). It is a broad term and refers to any information that can be used to identify an individual (either directly or indirectly). For example, a person’s email address is Personal Data because it can be used to identify that individual.

How to identify and handle Personal Data-related complaints from our customers

If we receive Personal Data-related complaints from customer organisations, we must handle these in accordance with the requirements of relevant data protection legislation. Depending on the nature and severity of the matter being complained about, it may require us to notify the relevant data protection regulator, e.g. if it relates to a notifiable Personal Data breach, we will need to report it to the data protection regulator within 72 hours and to all impacted customers ‘without undue delay’.

At PEXA, we aim to promptly comply with our legal obligations while simultaneously striving to provide the highest level of customer satisfaction possible. Some examples of Personal Data-related complaints are as follows:

• Inaccuracies or gaps in the Personal Data we hold.
• A Personal Data breach involving the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the complainant’s Personal Data. For example, the complainant’s Personal Data was:
  • Accidentally shared with an individual who was not entitled to see it; or
  • Accidentally left in a public space.
• A complainant’s Personal Data has been processed in a way unbeknown to, or unexpected by, the complainant. For example, the complainant’s Personal Data was:
  • Transferred to an organisation and/or country that had not been made aware to the complainant via our Privacy Notice; or
  • Used for a different purpose to the original purpose for which their data was provided.

If you are, at any point, unclear on whether the complaint you have received is Personal Data-related and/or how to handle it, please reach out to your People Manager for further guidance.

Recognising individual rights requests

Under the UK General Data Protection Regulation (UK GDPR), individuals have a number of rights in relation to the personal data held on them by PEXA. Requests relating to these rights are different to personal data-related complaints and must be responded to in a specific manner and within prescribed periods that differ from the general complaints process. Therefore, it is important that you are able to recognise these types of requests and act on them quickly:

1. The right to be informed (i.e., an individual has the right to be informed about the collection and use of their personal data).
2. The right of access (i.e., an individual has the right to access and receive a copy of the personal data PEXA holds, as well as other supplementary information).
3. The right to rectification (i.e., an individual has the right to have inaccurate personal data rectified or completed if it is incomplete).
4. The right to erasure (i.e., an individual has the right to have their personal data erased from PEXA’s databases in certain circumstances).
5. The right to restrict processing (i.e., an individual has the right to request the restriction of use of their personal data).
6. The right to data portability (i.e., in certain circumstances an individual has the right to obtain and reuse the personal data PEXA holds for their own purposes across different services).
7. The right to object (i.e., an individual has the right to object to the processing of their personal data in some circumstances, for example, to withdraw consent to marketing emails).
8. Rights in relation to automated decision making and profiling (i.e., an individual has the right not to be subject to automated decision making and profiling in some circumstances).

For further information on these rights and what you need to do please refer to our PEXA Data Protection Policy (UK), our PEXA Response Procedures for Data Subject Access Requests (UK) and/or reach out to your People Manager for further guidance.

8. Complaints from Consumers (Regulated Complaints)

There may be instances where we receive complaints from those who are not eligible complainants, this includes complaints from a consumer in relation to the service provided by a customer or how our customer has handled a consumer’s Personal Data. In these instances, a separate process is followed as we cannot deal with complaints between a customer and their consumer and therefore, we will not be directly involved in complaints received from consumers.

Complaints concerning the actions or services of any other firm or business, including our customers, will be forwarded promptly to the appropriate firm / person to handle. Customers of the PEXA platform may have FCA regulatory obligations with respect to complaints (under DISP) as well as data protection regulatory obligations. To best support our customers and ensure a good customer experience, we will aim to forward the complaint to the appropriate firm within 3 working days. As well as forwarding the complaint in writing by email to the relevant firm, we will also notify the complainant in writing by email or post to inform them that their complaint has been forwarded.

The response to the complainant will include:

• the name and contact details of the firm and department (where applicable) responsible for responding to them;
• the reason why the complaint has been forwarded; and,
• that the complainant may or may not refer their complaint to the FOS (or ICO, in the case of Personal Data-related complaints) if they remain dissatisfied with the response.

Customers may need to ask us to provide them with information or other assistance so that they can respond to the consumer in line with their DISP or data protection obligations. Where customers ask us to do so, we will deal with such requests promptly and transparently.

Copies of all correspondence relating to forwarded complaints will be retained for six years for record keeping purposes.

For further details, please refer to Annex 1.

9. Third Party Complaints

PEXA accept eligible complaints from third parties on behalf of our customers. Third party complaints must include the name and contact details of the customer who has authorised the third party complaint in the same manner as we handle complaints received from customers, ensuring that the concerns raised are investigated diligently / thoroughly and resolved as quickly / competently as possible in accordance with the complaint handling process as set out in section 6.

10. Quality Assurance

The Business Quality Assurance Manager will be responsible for regular quality testing, with results collated and reviewed to produce a summary of complaints data / themes in management / Board reporting to help us identify any patterns and trends in complaints we have received. We will use this to inform whether enhancements to our current practices are needed and satisfy ourselves that the right outcomes have been reached.

11. Record Keeping

All complaints, in any medium, are recorded on our Complaints Register. For completeness, we will also record any consumer complaints forwarded to customer organisations and mark these as having been forwarded. Any postal / written letters will be scanned and stored electronically, with verbal discussions summarised in the register.

All PEXArians are expected to take due care to ensure that all material related to the resolution of a complaint is retained, this includes any correspondence to and from the complainant in relation to their complaint and any documents pertinent to the complaint and its outcome. These will be held in line with PEXA’s Records Management Policy (UK).

12. Training and Awareness

We ensure that all PEXArians receive training on an ongoing basis. All PEXArians receive standard induction training at the commencement of employment, after which role-specific training is undertaken. As a minimum, all PEXArians will be required to read this policy and attest to understanding it, on commencement of employment and at least every 2 years thereafter. All new starters who will be handling complaints in their role must undergo a training and competence review before they are allowed to handle complaints unsupervised. Training needs will vary by role, but we will ensure that all PEXArians are able to identify complaints, have knowledge of relevant laws and regulations including data protection laws, an understanding of how to escalate complaints internally and awareness of the logging and/or referral processes. This is to make sure that whoever may receive or identify a complaint can take proactive steps in progressing towards resolution at the earliest opportunity.

Records are maintained of modules completed by each PEXArian and refresher training is undertaken periodically. Further training and communication will take place in the event of a regulatory change, to ensure that staff remain up to date.

Any PEXArian requiring further training (above our standard package of complaints handling training) should speak with their People Manager, the UK Chief Risk Officer or the UK Chief Executive Officer.

Where necessary Governance, Risk and Compliance will provide additional guidance.

13. Risk Management

The first line of defence will be primarily responsible for customer experience and complaints handling. The Operational Support Team will be responsible for conducting root cause analysis, which will help us to:

• identify any recurring or systemic issues in order to make improvements to our services;
• increase PEXA’s understanding of what is important to the customers; and,
• address issues of concern to individual complainants.

This should include Senior Management oversight and challenge.

Compliance Monitoring by the second line of defence

The UK Chief Risk Officer is responsible for monitoring the effectiveness of this policy and will review it on an annual basis. The design and effectiveness of operational business controls are assessed within the annual Compliance Monitoring Programme. Results from monitoring are reported to Senior Management. Any issues identified are escalated as appropriate through to the UK Board.

Management Information

The Operational Support Team will be responsible for producing regular reports, which include, but are not limited to the following items:

• volume of complaints received indicating upward / downward trend on a periodical basis;
• number and percentage of complaints upheld;
• type of redress offered;
• number of breaches recorded;
• compliance with these procedures;
• statistical analysis and follow up of actions identified; and,
• ensure fair handling of complaints.

Complaints MI and reporting will also be considered as part of the third line of defence activity.

14. Breaches of this Policy

Failure to adhere to the policy may subject PEXArians working for or on behalf of PEXA to disciplinary action, up to and including termination of employment. In the event of non-compliance with this policy, PEXArians should escalate the matter to the UK Chief Risk Officer.

15. Related Documents

• Complaints Handling Process;
• Compliance Monitoring Programme;
• PEXA Data Protection Policy (UK);
• PEXA Response Procedures for Data Subject Access Requests (UK);
• Risk & Compliance Obligations Management Policy;
• Risk Management Framework Playbook; and,
• Risk Profiling Standard.

16. Further Advice

Advice on all matters relating to this policy is available from the Governance, Risk and Compliance function.

Annex 1

Process flow for a complaint received from a consumer, i.e. customer of a participant organisation (regulated complaint)

Annex 2

Process flow for a complaint received from a customer (non-regulated complaint)

Annex 3

Process flow for Personal Data-related complaints received from a customer (non-regulated complaint)