Good insurance business #3 - Regulatory intelligence
The Financial Conduct Authority (FCA) has published a "Dear board of directors" letter (PDF) to personal and commercial lines insurers. The letter's terms, however, indicate that its messages were intended for the general insurance (GI) sector overall.
The Financial Conduct Authority (FCA) has published a "Dear board of directors" letter to personal and commercial lines insurers. The letter's terms, however, indicate that its messages were intended for the general insurance (GI) sector overall. In short, the FCA's view is that there are significant risks of harm to "consumers and markets" that both the GI market and individual firms need to address, by a step-change in their culture.
The letter can be seen as a summation of work that the FCA has undertaken in the GI market in 2019, in that it refers to issues identified by the FCA in – and previous FCA publications about – various market sectors:
- poor oversight of, and poor remuneration practice in, distribution chains;
- risk of consumers being provided with unsuitable or poor value products;
- poor pricing practices;
- ineffective management of some regulatory change; and
- poor operational controls.
However, there is a broader and more ominous point for GI firms: that they have not as yet sufficiently "delivered changes to improve their governance and practices in line with relevant FCA policy and supervisory work …"
In other words, the FCA regards the GI market as not having kept up to speed with the spirit and the letter of regulatory rules and guidance, and with regulators' aims, intentions and approach. Generally, firms need to "significantly improve their governance and operational controls" to proactively engage with, plan for, and implement all relevant regulatory changes; and in particular, a lack of clear governance accountability has led to firms managing some regulatory change poorly, including complaints handling, disclosure at renewal and the requirements of the IDD.
For the FCA, "firms' effective implementation of regulatory changes … [is] fundamental to ensuring both the GI market treats consumers fairly and that consumers have products that meet their needs."
It seems that too many GI firms do not "have effective systems and controls in place right across their business, including key areas such as the three lines of defence, third-party oversight, and their overall operational resilience." If so, this means that GI firms have failed to make any substantive advances in conducting compliant business operations despite the lessons that regulators have repeatedly stated should be learned from developments such as:
- the 2008 financial crisis;
- the mis-selling of GI products such as PPI and 'add-ons'; and
- 20 years of rules and guidance under the Financial Services and Markets Act 2000, including nearly seven years of the FCA and its prioritisation of 'conduct risk' (against the objective of market integrity and customer fair treatment being at every financial services firm's heart).
The letter gives a clear warning that the FCA wants boards and senior managers in firms to prioritise embedding a healthy culture, with consumers at the heart of their business; and will hold senior managers accountable for failures to do so and the resultant harms.
Overall, the key risks of harm identified in the letter form part of the FCA's wider supervision of GI firms and there will be greater focus on these risks in the FCA's strategy for the period to January 2021.
Failings and harms
The letter outlines firms' "failings that can often be traced back to weaknesses in governance, senior manager accountability and employee incentives," such as:
- firms that have sold products which are unsuitable or of poor value to consumers and did not have effective governance over their pricing practices, so could not reliably assess and evidence how pricing decisions affect consumers and ensure fair outcomes;
- poor governance of incentive arrangements that drive behaviours that harm consumers, often caused by incentive structures which focus primarily on financial metrics – without taking broader factors into account;
- firms failing to offer sufficient protection of consumer data, resulting in data breaches and a risk of harm from more frequent and widespread cyber-attacks, potentially exacerbated by: complex and ageing IT systems; outsourcing of operations; and the increasing frequency of data transfer between firms;
- firms not considering sufficiently the potential costs and risks to consumers of borrowing to fund insurance cover, for example, credit assessments focus solely on credit risk rather than establishing affordability; and
- firms engaging closely with the Senior Managers Regime but not sufficiently with the Certification Regime and Conduct Rules.
The FCA expects firms to ascertain where and how improvements need to be made, for instance:
- firms must consider the degree to which they present risks of harm to consumers and markets and implement effective strategies to mitigate these risks;
- all firms must review their customer journeys and make any necessary amendments to meet the regulatory requirements;
- Boards must hold firms and senior management to account on their engagement and timely delivery of regulatory change;
- firms must ensure that consumers are better informed about products, and propose only those products which are consistent with the consumer's insurance demands and needs;
- firms must consider the value that the product offers to the end consumer and the impact that the distribution strategy/chain has on that product's value, including after firms have reviewed the GI distribution chain report, the associated "Dear CEO" letter and the final guidance and have identified and addressed any gaps in their approach;
- practices must not deter consumers from switching at renewal, for instance, by requiring consumers to contact them by phone to cancel auto-renewal, even if they originally took policies out online.
The FCA is not simply waiting for a year to see how the GI market responds to its letter and then responding accordingly. The FCA is instead planning a broad programme of work to include industry engagement, further multi-firm work to assess levels of compliance with the regulatory changes brought about by the Insurance Distribution Directive implementation - including how customer journeys have changed - and engaging with individual firms where it identifies non-compliance and poor consumer outcomes.
Also, the FCA is considering potential options for regulatory intervention on pricing practices and will issue its final report in early 2020.
Moreover, the letter repeatedly emphasises two features of the regulatory landscape that GI firms will need to take into account in 2020:
- "The Senior Managers and Certification Regime (SM&CR) aims to reduce harm to consumers and strengthen market integrity by creating a new system that enables firms and regulators to hold people to account. It will also help [regulators] to be more interventionist in future, and presents a unique opportunity to set a new standard of personal conduct for everyone working across the industry …"; and
- where the FCA identifies "firms that have not taken sufficient steps" to mitigate the risks they pose to market integrity and customer fair treatment, it "will intervene and consider all … regulatory tools to take appropriate action …"
It is clear the FCA regards the GI market as posing numerous and serious obstacles to the FCA's own regulatory objectives. The consequences for the market may prove to be stark and transformative. The FCA seeks widespread, profound and permanent changes in attitudes, words and actions.
This article was originally published by Thomson Reuters on 7th February 2020.