Out-Law News 6 min. read
25 Sep 2023, 3:18 pm
UK insurers have been advised to embed regulatory requirements into their organisational culture to ensure they meet the increasing expectations of the Financial Conduct Authority (FCA).
Hannah Ross, who specialises in insurance regulation at Pinsent Masons, was commenting after the FCA made clear that it expects board members at UK insurance companies to take a proactive role in driving good outcomes for customers.
In its latest portfolio letters to chief executive officers across the UK insurance market, the FCA said: “As a regulator, we are required to comply with our statutory obligations, we do this by focusing our resources on ensuring firms achieve good outcomes for consumers to meet their needs and to ensure the market is functioning well. We expect boards to do the same and oversee firms and ensure their objectives are in line with our priorities.”
“While we generally see good intent from boards, we are concerned that not enough action is being taken to ensure good outcomes for customers. We therefore expect firms’ boards to ensure concrete, proactive action is taken throughout the firm in line with our rules and expectations and not to treat them as a compliance exercise or wait for us to force action,” it said.
Ross said the comments reflect the more stringent standards financial services firms now need to meet under the consumer duty rules, which took effect at the end of July.
“Here we see the FCA picking up where the consumer duty left off, again setting out a clear expectation that good outcomes should be driven from the top down,” Ross said. “The onus is on boards to do the right thing and drive the right, proactive behaviours. Insurance firms should embed FCA rules as part of their culture, rather than simply consider them a box to be ticked off to avoid FCA enforcement action.”
The FCA’s call to action was included in its portfolio letters that set out its priorities between now and the end of 2025 in three sectors of the insurance market – personal and commercial (7-page / 179KB PDF); wholesale (6-page / 173KB PDF); and life (9-page / 194KB PDF). A separate letter details the FCA’s priorities in the funeral plans sector (6-page / 172KB PDF).
Four common themes for the entire insurance market emerge across the letters – the FCA’s drive to ensure firms are putting customers’ needs first; its focus on progressing the diversity, equity, and inclusion (DEI) agenda; the emphasis on addressing operational resilience and risk attached to dependence on third parties; and the regulator’s focus on improving standards in relation to the ‘appointed representatives’ regime.
In relation to putting customer needs first, the FCA stressed its desire to see the new consumer duty rules embedded in what insurance companies do, as part of its broader drive to set and test higher standards.
“We have a strong focus on consumer duty implementation especially in the current tough macro-economic environment – for both consumers and firms,” the FCA said. “We expect firms to assess and address issues with products & services, price & value, consumer understanding and consumer support. We also expect firms to put the consumer at the centre of their business to ensure they are delivering good consumer outcomes – both for open products and services now and in readiness for the duty applying to closed products and services from 31 July 2024. We set out our expectations on implementing the consumer duty for personal & commercial lines insurance and life insurance earlier this year.”
The FCA noted it was considering using ‘mystery shopping’ exercises among other regulatory tools to “assess the effectiveness of this implementation”.
In relation to DEI, the FCA said there is room for improvement across all areas of the wholesale and the personal and commercial insurance markets. It highlighted particular concerns about lack of the culture at wholesale insurers and linked the absence of an inclusive culture to the prevalence of cases of “non-financial misconduct, including discrimination, harassment, victimisation and bullying”. The FCA also called on life insurers to “be able to show how they are actively working towards having a diverse workforce at all levels in their organisation”, highlighting how this can help firms attract and retain talent.
On Monday 25 September, the FCA and the Prudential Regulation Authority (PRA) opened new consultations on proposed new rules and guidance designed to promote diversity and inclusion in UK financial services. The move to strengthen rules and guidance in this area reflects priorities outlined by the FCA in its 2022-2025 business plan and its July 2021 discussion paper on diversity and inclusion.
Another central theme of the FCA’s letters is its desire to minimise the impact of operational disruption.
In respect of the life insurance and personal and commercial insurance markets, the regulator said it is “particularly concerned with the level of governance, oversight and contingency planning on outsourced services where, if a problem occurs, customers suffer harm because adequate controls and contingency plans are not in place”, while in its wholesale market letter it stressed the “substantial harm to wider society” that could arise if “information on sensitive risks in the UK” is compromised.
In its letters, the FCA advised insurers to draw up “credible plans” for managing and recovering from “operational problems” and to “take remedial action where necessary and notify the regulators promptly as appropriate”. It flagged the particular risk of cyber attacks and said insurers need to have “adequate controls in place where information is held by third parties”.
The FCA’s messages in relation to operational resilience reflect ever-increasing regulatory scrutiny in this area. Both the FCA and PRA imposed new rules on operational resilience that came into effect on 31 March 2022. In essence, they require UK financial services firms to identify their important business services and set maximum tolerable levels of disruption – and ensure they remain within those parameters. The FCA and PRA’s expectations in relation to those requirements are expected to increase over the period to 31 March 2025, after which the rules will be fully effective.
Experts at Pinsent Masons have previously outlined how financial services firms can flow operational resilience requirements into services contracts, and how technology providers can support firms meet their regulatory requirements on operational resilience.
Improving oversight of ‘appointed representatives’ (ARs) will also be a priority for the FCA in the next couple of years.
ARs carry out certain regulated activities but are not directly authorised by the FCA. Instead, authorised financial firms known as ‘principals’ are responsible for overseeing their ARs’ regulated activities. An FCA review previously found a higher incidence of harms, from mis-selling to fraud, in all sectors where principals and ARs operate, prompting the regulator to develop new rules for the regime. Those rules took effect late last year and include a strengthened framework for requiring principal firms to ensure they have appropriate systems, controls and resources to oversee their ARs effectively.
In its letters, the FCA said: “Our strengthened rules … give principals more responsibility for ensuring your ARs are fit and proper. We are using data and analytics to help us identify higher risk principals and taking appropriate action on outlier firms. We will be testing that firms are properly embedding the new rules across the AR regime and increasing and improving our engagement with principal firms and other stakeholders. We expect principal firms to ensure high standards both within their firm, and at their ARs. Principals need to take steps to ensure their ARs operate within those high standards and to take assertive action with those ARs that fall below the principal firm’s standards.”
Insurance regulation expert Matt Saward of Pinsent Masons said: “The FCA’s comments in respect of AR’s indicate that, despite the enhanced rules coming into force towards the end of last year, the FCA still sees AR models as having the potential to drive poor customer outcomes.”
“Principals must have prescribed terms in their AR agreements to allow them to effectively monitor and oversee their AR’s activities and, in practice, we often see principals including even greater contractual controls than those strictly required by regulation even though, historically, such controls may not, necessarily, have been regularly utilised,” he said.
“Reading between the lines, it appears that the FCA expects principals to be taking a more involved role in supervising their ARs and, where appropriate, utilising their contractual rights to take action against ARs. If principals do identify AR misconduct, they should carefully consider the contractual mechanisms at their disposal and take appropriate action to rectify this and to prevent further failings. This could be a difficult balancing act for principals whose ARs hold the greater commercial bargaining power. It is, however, foreseeable that, where an AR has systemic conduct issues or persistently commits breaches, the FCA will consider using its full range of enforcement powers against a principal who is aware of such issues but has failed to fully address these,” Saward said.