This article was first published by Thomson Reuters.
Introduction
This article is the first in a series designed to highlight how, across different financial services industries, Operational Resilience is not merely an ongoing theme or project for compliance, or an end in itself, but is also an essential pathway to meet the requirements of the Consumer Duty and Vulnerable Customers frameworks.
This first article introduces the key concepts and seeks to illustrate them by reference to the FCA’s Operational Resilience insights as to good and bad Operational Resilience practices in the insurance sector.
The essentials
Under SYSC 15A.2 a firm (the next article will address the application of Operational Resilience in more detail; for present purposes, the applicable firms can be described as banks and insurers, plus larger FCA-regulated intermediaries and payment services / e-money businesses) must:
- Identify the ‘important business services’ which it provides (or are provided on its behalf) to any clients and which, if disrupted, could
- “cause intolerable levels of harm” to any client (in short, financial or non-financial “harm from which consumers cannot easily recover” – see FCA Policy Statement 21/3; the next article will address practical indicators in this regard) or
- “pose a risk to the soundness, stability or resilience of the UK financial system or the orderly operation of the financial markets”;
(for convenience, the above harms and risks referred to collectively below as “intolerable occurrence”) and
- for each such important business service, set an ‘impact tolerance’, being the maximum level of disruption, in terms of duration and otherwise, after which there would be an intolerable occurrence.
The lessons from insurance
The Financial Conduct Authority (“FCA”) says it “requested information on a voluntary basis from... 47 [insurance] firms... [including] insurers and intermediaries from the wholesale, retail and life insurance sectors... [which the FCA] analysed... in collaboration [as applicable] with the Prudential Regulation Authority...”
The FCA “assessed the answers... [against] 3 criteria...:
- the reasonableness of the important business services and impact tolerances selected
- consideration of consumer harm differentiated by product type or distribution channel
- consideration of consumer harm according to customer type or vulnerability.”
The FCA said that “some” (clearly not all, and possibly only a minority) of the firms “demonstrated a clear understanding of [the] rules”.
Key aspects of good and bad practices involved:
- understanding FCA and Prudential Regulation Authority guidelines and applying these fully to operational resilience programmes
- identifying all the important business services within a firm’s business model, and not seeking to take account of internal services or “irrelevant businesses services”
- considering possible harms at each point of the customer journey including:
- purchasing, amending and renewing a policy – having “correctly identified that no intolerable harm arose from their services being unavailable as similar products were available and easy to substitute”, and “considering the impact of unavailable important business services on [VCs]”; and
- making a claim or a complaint
- deploying considered examples of the types of harm a consumer may experience, differentiated by:
- product type
- customer profile, including commercial and retail customers
- distribution method
- articulating carefully calibrated impact tolerances – in terms of nature, complexity, duration and severity – with accompanying rationales and possible alternatives
- taking proper account:
- of the impact on the financial stability of the UK economy (at least in the case of “firms identified by the PRA as other systemically important institutions and insurers with gross written premiums exceeding £15 billion or technical provisions [in short, claims reserves] exceeding £75 billion, both on a three-year rolling average” – see section 3.15 of PRA Policy Statement 6/21), and
- of safety and soundness and policyholder protection, including (see section 2.5 of PRA Supervisory Statement 1/21) with respect to:
- “the potential to cause knock-on effects for counterparties, particularly those that provide financial market infrastructure or critical national infrastructure ...
- impact on the firm’s profit and loss ...
- the potential to cause legal or regulatory censure ...
- the significance to the policyholder of the risk insured ... and ...
- the potential for significant adverse effects on policyholders if cover were to be withdrawn or policies not honoured.”
- “consumers being unable to cancel a product...
- products and services... [which] have not been appropriately tested in a range of market scenarios ...
- [the distribution] of products... to customers for whom they were not designed...
- consumers incurring overly high charges on a product because they do not understand [its] charging structure or how [this structure] impacts on the [product’s] value...”
- Produce clear and robust conduct management information, which affected their ability to identify and address delays in the claims process.
- Have records of policy wordings that were easily accessible for claims handlers, which resulted in delays for customers...”
The ramifications of harm and customer characterisation
Harm
The concept of preventing customer harm is central to the Consumer Duty.
In particular, the “Cross-cutting obligation” at PRIN 2A.2.8 R provides that: “A firm must avoid causing foreseeable harm to retail customers” (in insurance, these are, broadly speaking, individuals and small corporates).
‘Foreseeable harm’ is not defined, but there is non-Handbook guidance in the FCA’s Finalised Guidance (“FG”) 22/5 in this regard – this guidance is of particular, but not exclusive, relevance for insurance (as per the FCA’s focus above):
That the FCA is not merely hypothesizing the above types of harm can be seen from its General Insurance and Pure Protection sectors Consumer Duty Portfolio letter and its explicit reference to its “review of business interruption insurance claims handling” (the “BII Review”). The latter included findings that “some firms did not:
The above factors indicate that undertaking Operational Resilience analysis should reveal “harms in the customer journey”. These harms will therefore be at least ‘foreseeable’ for the purposes of assessing firms’ compliance with the Consumer Duty. The next article will address the concept of harm that is both foreseeable and from which an easy recovery may not be made.
Customer characterisation: vulnerability
The guidance at SYSC 15A is explicit about identifying customer vulnerability as a factor in Operational Resilience compliance – see e.g. SYSC 15A.2.4:
(1) the nature of the client base, including any vulnerabilities that would make [a client] more susceptible to harm from a disruption ...”
In their Operational Resilience insights, the FCA and Prudential Regulation Authority highlighted that some firms did not “meaningfully consider the impact of unavailable important business services on Vulnerable Customers”. This concept reflects the example of a form of ‘consumer duty’ harm given in FG22/5 expressed as: “consumers with characteristics of vulnerability being unable to access and use a product or service properly because [of unsuitable]... customer support...”
Addressing customer vulnerability under SYSC 15A can be assisted through looking at more specific circumstances addressed in the FCA’s Consumer Duty supervisory correspondence (portfolio / sector letters). Again, taking general insurance as an example, the portfolio letter (see above) referred to the BII Review’s finding that “[firms did not] [a]dequately identify Vulnerable Customers or [firms] took an inconsistent approach in dealing with the needs of Vulnerable Customers”.
Conclusion
It is clear from the shared concepts between the Operational Resilience, Consumer Duty and Vulnerable Customers frameworks that, for larger firms at least, Operational Resilience is a means of ‘across-the-board’ compliance on customer treatment. Further articles will address how smaller firms can benefit from taking an Operational Resilience perspective.
You may be interested in...
Published Article
Three peaks of consumer protection: Part two — intolerable harm
Published Article
The three peaks of customer protection: How ‘operational resilience’ enables compliance with the ‘Consumer Duty’ and ‘Vulnerable Customers’
Legal Update
AI modelling biases in quote engines
Legal Update
Pitfalls for retailers to avoid when offering access to ‘buy now, pay later’ products
Published Article
Consumer duty part 3 - 'The drill-down' into the 'cross-cutting' rules
Legal Update
Code of Conduct for ESG data and ratings providers – bridging the authenticity gap
Legal Update - ESG in 3D
ESG in 3D, December 2022
Legal Update
Code of Conduct for ESG data and ratings providers
Legal Update
All the pieces of the conduct puzzle: Governance, culture, D&I, innovation
Legal Update
Voluntary offset markets for carbon – a bad atmosphere?
Article
‘Decentralised and autonomous’ – evolution or misunderstanding of unincorporated association law?
Legal Update
The FCA’s anti-greenwash proposals
Legal Update
Disability and access in banking
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 4 November 2022
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 28 October 2022
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 7 October 2022
Published Article
Consumer duty part 1 - 'The drill-down' into the 'cross-cutting' rules
This article is the first in a series aimed to help firms get to grips on a practical basis with the ‘cross-cutting rules’ within the new ‘Consumer Duty’ framework.
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 30 September 2022
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 23 September 2022
Legal Update
FCA warns that vulnerable to scams amid cost of living crisis
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 26 August 2022
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 19 August 2022
Legal Update - The Uplink
The Uplink: Financial services regulatory news, 22 July 2022
Legal Update
The new Consumer Duty in a nutshell
Legal Update
Should the UK Financial Conduct Authority bring "competitiveness" back into its regulatory agenda?
Opinion
ESG for Beginners
As you probably know by now, the acronym 'ESG' stands for environmental, social and governance. Although the investment community initially coined the term, it has grown into a larger concept that can be applied more broadly to any business or practice.
Published Article
General insurance conduct and enforcement risk: Alsford Page & Gems Ltd - reading between lines on root causes of censure
Opinion
Credit broking: know your permissions
Press Release
Browne Jacobson advises on sale of TCL to idverde Group
Browne Jacobson has advised BGF and the shareholders of long-standing client TCL Group on the sale of the TCL business to idverde Group.
Published Article
Is insurance the new banking? Part 3: Inappropriate personal behaviour, and conduct risk, in the Lloyd’s Market
Legal Update
Legal and regulatory newsletter - October 2019
The aim of the newsletter is to provide our clients and contacts across the financial services market with quarterly updates and insights on topical legal and regulatory issues.
Legal Update
FCA considers regulating all promotions and warns of “high risk” mini-bonds and peer-to-peer IFISAs
Following an “explosion” in online promotions for high yield investment opportunities, the FCA says a “strong case” could be made for regulating how investment products are marketed to retail investors.
Legal Update
The disappearance of LIBOR
Companies should undertake a comprehensive review and audit to identify those products and legacy contracts that are LIBOR-linked and carry out an in-depth risk assessment of discontinuation. Where possible, companies should look at appointing an individual to oversee the programme.
Published Article
Is insurance the new banking? Part 2: outsourcing issues
This series of articles explores the extent to which the general insurance (“GI”) market has recently become a primary target of regulators’ activities, or is merely the ‘collateral’ victim of banking regulation.
Legal Update
The biggest change to the UK companies register since 1844?
On 5 May 2019 BEIS (the Department for Business, Energy & Industrial Strategy) published a consultation on options to enhance the role of Companies House and increase the transparency of UK corporate entities.
Published Article
Is insurance the new banking? Part 1: GI market and SM&CR
The UK general insurance market has for some time now been experiencing significant regulatory scrutiny, even pressure. There has been particular focus on the intermediation that procures customers' agreements with insurers, and the influence of intermediation on claims.
Opinion
Brexit: Accounts and financial reporting – have you assessed the possible impact on your business?
Despite all of the media attention around Brexit, very little is being said about the effect of Brexit on the accounting and financial reporting requirements for businesses operating cross-border.
Legal Update
Modern Slavery Act 2015 – latest developments
Momentum is gathering in the call to take a tougher approach to how large businesses tackle modern slavery issues in their supply chains.