General insurance (GI) conduct and enforcement risk: Alsford Page & Gems Ltd - reading between lines on root causes of censure

The Financial Conduct Authority (FCA) has published a public censure of Alsford Page & Gems Ltd (APG). APG did not have the resources to pay the mooted £670,000 fine but instead used £399,902 supplied by its parent, PSC Insurance Group Ltd, to fund a comprehensive redress programme for customers.

On one analysis, the censure of APG reflects a range of issues which have been addressed in publications issued by the FCA and its predecessor regulator, the Financial Services Authority, during the last 10 years on the delegated (mis-) selling of general insurance to retail customers. The bulk of the factual background set out in the final notice concerns a scheme for the distribution of extended warranty insurance via appointed representatives (ARs) between February 2013 and March 2016 (the AR scheme).

It is reasonable to infer from the final notice, however, that the final straw which led to enforcement action was APG's unwillingness or inability to take fully on board the FCA's views in relation to a redress programme, and in particular the regulator's concerns about the risks which inappropriate sales practices pose to vulnerable customers.

Underlying failings

APG failed to manage the AR scheme effectively, in that:

• it failed to assess the adequacy of its resources prior to entering into the extended warranty business to determine whether it had the skill and capacity to monitor the ARs;
• its monitoring of ARs was inadequate and ineffective, was in no sense risk-based or tailored to each AR, but was rather a "one-size- fits-all" approach which relied on the ARs monitoring themselves with little input or challenge from APG;
• it failed to consider conduct risk in the reporting requirements it placed on its ARs, or to use the management information that was generated to assess whether its customers were treated fairly.

The purported three lines of defence risk management framework was ineffective. In particular, APG failed to task its internal audit team, or an equivalent function, to undertake "independent review, challenge and assurance" of the AR scheme. Instead, it treated its board as the third line, which was an inadequate substitute as the board was not independent of the commercial business.

"APG failed to pay due regard to the interests of its customers and to treat them fairly. APG did not … ensure that [customers] were given timely, appropriate and clear information about the policies sold … to make informed decisions," said the FCA in the final notice.

In particular, the call scripts that APG mandated its ARs to use, and the requirements for using, them were of insufficient quality to ensure that sales calls were clear, fair and not misleading. In addition, the ARs frequently failed to adhere to the call scripts supplied. This was not identified or corrected due to a complete lack of effective call monitoring and oversight on APG's part.

As such, APG failed to ensure that its ARs adopted fair sales practices, which meant that some customers purchased insurance policies which they did not fully understand, or could not afford, or did not need.

APG also failed to ensure that its ARs identified and acted appropriately on signals of potential vulnerability in customers (i.e., physical, psychological and/or financial frailty, as indicated by "confusion or memory problems", difficulty in hearing, speaking or movement, and statements that a third party handles their affairs). This led to a greater risk that insurance policies would be mis-sold to vulnerable customers.

Regulatory dialogue

APG had extensive contact with the FCA from 2016 onward and was reviewed as part of the FCA's 2016 thematic review of AR oversight. Following that review, APG signed an agreement with the FCA which required the immediate cessation of all sales activities by APG's ARs.

In April 2016 a skilled person was appointed under s166 of the Financial Services and Markets Act 2000 to report on the effectiveness of APG's oversight and monitoring of ARs between January 1, 2015 and March 22, 2016, and to review the appropriateness of ARs' sales processes and practices. The skilled person listened to 150 recordings of calls which had resulted in sales, made up of 25 calls made by each AR. It found that in 90% (135/150) of those calls, there was a high risk that customers purchased a product that they did not understand or did not need. The skilled person recommended that APG undertake a pilot customer contact exercise in relation to the calls sampled, followed by a full remediation exercise, if required. APG agreed to this approach.

The FCA was so concerned that it decided to review the recordings itself, which resulted in a similar assessment.

Findings against APG in relation to its use of management information to manage conduct risk were that:

• Neither complaints nor cancellations — both in terms of their volume and the reasons they arose — were properly "recorded or reviewed to assess if the ARs were treating customers fairly and to analyse trends and patterns". "[N]o root cause analysis was undertaken by APG into the complaints received from the ARs."
• Claims data "served as a management tool to support the sales business and was not a control to understand … conduct risk issues… there was a significant variance in claims declinature rates across the ARs … For example, in one quarter, the declinature rates for APG's biggest AR doubled versus the previous quarter and were almost 10 times as high as another of its ARs." "The majority of additional declinatures were as a result of claims being rejected because they were not covered under the policy. This raises clear concerns about the sales practices of the AR and suggests that customers were not being sold policies that met their needs. However, this was not noted or investigated by APG and there was no additional monitoring of that AR," the FCA said in the final notice.

The final straw?

APG consulted the FCA on a proposed approach to the pilot redress exercise. The FCA said that APG should take "a flexible and pragmatic approach to assessing whether customers were due redress". It is reasonable to infer that the FCA was expecting APG to err on the side of providing, not withholding or minimising, redress.

On the recommendation of the skilled person, APG appointed an independent third party to advise on handling the redress programme and considered at board level how it should proceed. APG agreed to take the FCA's concerns into account, but "did not agree to all the [FCA's] recommendations", in commencing the pilot in October 2020.

In February 2021 APG disclosed its report on the pilot exercise to the FCA. "The report stated that APG did not consider that widespread mis-selling had occurred and that APG would not carry out any further customer contact." The FCA's view was that the pilot exercise "was not adequate and placed a disproportionate burden of proof of harm on customers in light of the findings of the review of calls".

The final notice was then issued.

Preventing conduct risk

The effective management of insurance sales starts with the setting of appropriate terms in distribution agreements, including provision for the interrogation of performance against such terms. At every stage of insurance distribution management, firms must refresh their understanding of the FCA's published (or otherwise communicated) views and take them into account.

The surest way to prevent conduct risk is for firms to ensure they are constantly able to implement regulatory requirements in legal (especially contractual) materials.

First published by Thomson Reuters on 19 May 2021 by Jeremy Irving.