An FCA Thematic Review suggests that many more rule breaches are occurring in the general insurance market than we might have expected; and that insurers, intermediaries and outsourced-service providers should act quickly to identify and resolve them, if they want to avoid regulatory action.
The FCA’s “Thematic Review TR15/7 – Delegated authority: Outsourcing in the general insurance market” takes a detailed look at the delegated authority and other outsourcing arrangements (*) of a very small sample of general insurers, But, if it’s findings are representative, it seems all but certain that a significant number of technical problems exist in this market.
What did the FCA find?
- “many … insurers and intermediaries … did not appear to have adequately considered or recognised their regulatory obligations” (Chapter 2 includes a handy summary);
- “in many cases … insufficient consideration had been given by all parties to the interests and fair treatment of customers and how this might be impacted by outsourced arrangements“;
- Only a minority of firms had treated delegated underwriting as a form of outsourcing. So: (a) due diligence was sometimes restricted to checking the third-party was regulated and solvent – but that’s all; (b) some outsourcing insurers didn’t have a clear and well defined risk appetite in place, so they entered into relationships that were inconsistent with their risk appetite without realising they’d done so; and (c) the delegation was often poorly controlled at the outset, and throughout the relationship that followed;
- The contractual arrangements didn’t always accurately reflect (a) the extent of the delegation or outsourcing that had occurred; or (b) the responsibilities that flowed from these arrangements; nor did they include sufficient service standards and reporting obligations;
- In some cases, the insurer was underwriting products designed by third-parties, that were dissimilar to its core products; and it was doing this with little or no understanding of how the products worked, which customers they were being targeted at, and which customers they were suitable for. This generated significant conduct risk. It could have also generated significant prudential risk over time;
- Some insurers had little or no understanding of the processes being used to settle claims on their policies, and/or no meaningful control over the decisions and customer outcomes they generated;
- “In many cases … insurers performed very limited monitoring … and received limited or no conduct focused MI … There was often limited evidence that insurers had considered what monitoring and MI would be required to exercise appropriate oversight of … outsourced functions … In the majority of cases … there were clear requirements … for Bordeaux submission and other financial data [but] limited or no … reporting obligations or MI requirements regarding customer outcomes or service standards. Even where contractual arrangements were in place this did not always result in any MI being received or monitoring activity occurring … even where relevant information was … available at the outsourced partner…“
So what does the FCA expect?
- Insurers delegating underwriting and other authorities to:
- Recognise they’ve entered into an outsourcing arrangement; and
- Make sure they have effective, risk-based controls in place, that address both the decision to outsource and the ongoing monitoring of the outsourced function;
- Insurers to carry out a gap analysis to make sure their existing arrangements are, and future arrangements will be rule complaint – if gaps are found, they should be appropriately addressed;
- EEA firms passporting into the UK to consider whether they’ve inadvertently established a UK branch by outsourcing functions to UK agents – if they have, they “must act promptly to adjust their permissions“;
- Insurers and intermediaries to:
- Consider the extent to which each of them is acting as a “product provider”, before clearly identifying and allocating the responsibilities that flow from their conclusions;
- Review their existing monitoring and MI arrangements, to make sure they are adequate, and that the MI is being appropriately analysed and acted upon;
- Assess (a) the appropriateness of their existing distribution channels and sales activities; (b) the efficacy of their conduct risk mitigation arrangements; and (c) the adequacy of their oversight and control arrangements – before taking appropriate steps to address any shortcomings they find.
In the meantime the FCA will:
- Give feedback to the firms that contributed to its Thematic Review work;
- “Follow up on specific … issues identified in the course of our review and other regulatory interactions, investigating whether these have resulted in customer detriment and using the full range of regulatory tools as appropriate“; and
- “Focus on the questions and issues highlighted in this report in our ongoing supervisory work … to verify that firms have reviewed their activities … and taken steps to address any issues identified“
The following documents, available on our Blog Resources page, are likely to help insurers, intermediaries and outsourced-service providers respond to these challenges:
- The Commission Interpretative Communication on the Freedom to provide services and the general good in the insurance sector – which will help European firms to work out whether they have indirectly established a UK branch through their outsourcing arrangements;
- The proposed Insurance Distribution Directive (the so called “IMD2”), which may include measures relating to product oversight and governance;
- EIOPA’s consultation paper on the proposal for guidelines on product oversight & governance arrangements by insurers; and
- EIOPA’s Guidelines on Complaints Handling by Insurance Intermediaries
(* For example: product design, sales, and claims and complaints handling.)