The UK Financial Conduct Authority (FCA) announced the result of its investigation into the use of third parties in the insurance industry at the end of July which has wider indications as to how regulators see third party risk. This work was set out as one of the FCA’s key priorities in their 2015/16 Business Plan.
What was this investigation about?
According to the FCA, appointed representatives generate annual revenues of over £500 million for the UK insurance sector.
The FCA approached 190 financial services firms operating within the UK insurance sector who used third parties (technically known as ARs or appointed representatives). It approached these firms and asked them to complete a survey. Fifteen firms were then selected for a more detailed review.
The original survey went to insurance firms who sold a wide range of products including home, motor, travel, asset protection and warranties via a wide range of methods. It did detailed work with fifteen of these firms and over half of them could not consistently demonstrate they had effective risk management. Action was taken against five of the firms. It visited fourteen of those firms and twenty-five ARs. It interviewed senior management and staff, reviewed policies, procedures, contractual documentation and customer files and also listened to sales calls.
What did the FCA find?
The FCA found that over half of these fifteen firms could not effectively demonstrate that they had effective risk management control measures in place to help them identify and manage AR risk.
The FCA found examples of potential mis-selling and harm to customers as a result of the actions of ARs – worryingly most of these issues had not previously been identified by the firm concerned. The issues included:
- Customers buying products they might not need;
- Customers buying products they might not be able to claim under;
- Customers not being given enough information to make an informed decision;
- In one firm, significant evidence of mis-selling, and
- Improper targeting of vulnerable people for sales activities with poor timing for calls.
What action has the FCA taken?
The FCA has issued a general reminder that firms have regulated responsibility for their ARs and it has restated its position that anything that an AR has done or omitted to do is treated for regulatory purposes as having been done or omitted to be done by the firm itself.
As a result of their work with the initial fifteen firms the FCA has taken action which includes:
- Commissioning more detailed reviews into two firms to look at mis-selling and the adequacy of systems and controls;
- Asking two of the firms to cease sales activities;
- Agreeing with five firms that they would stop taking on new ARs; and,
- Looking at customer redress and whether further regulatory action is required.
One firm closed down the relevant part of its operations.
In addition the FCA is also writing to the CEOs of other firms in the general insurance sector to remind them of their expectations and set out the actions the firm should take to address the issues raised in the report.
What are the lessons to be learned?
The lessons to be learned are relevant in many respects to the business world at large rather than just to the financial services sector. Third party risk has always been high on the regulators’ radar – recent bribery cases for example show us that this is not an issue confined to financial services.
All businesses need to supervise their representatives properly. They also need to have a programme in place to manage that risk. This is likely to include:
- Proper recruitment processes to make sure that the right calibre of representatives are appointed.
- A written contract with an AR – this is a regulatory requirement for FCA regulated entities and good sense for anyone else. This contract should give the company the right to terminate where the company has reasonable grounds to be concerned over the suitability of the AR. These contracts will need to be carefully drafted to make sure customers are looked after if there is a termination;
- Appropriate due diligence checks before an appointment is confirmed (including on solvency and suitability). This will include checking on the owners, directors and managers as well as the AR itself;
- A proper program of training for representatives which is regularly refreshed and focuses on actual risks;
- A comprehensive system of monitoring and review. Monitoring cannot be the sole responsibility of the same team who manage the representatives on a daily basis;
- A proper system of remuneration which is designed so that it does not reward bad behaviour;
- An appropriate system of alerting the business to concerns; and,
- Proper policies and procedures for ARs and those who manage the AR relationship.
For more information please contact Jonathan Armstrong or André Bywater who are lawyers with Cordery in London where their focus is on compliance issues.
Office: +44 (0)207 075 1784
Office: +44 (0)207 075 1785