Cordery

Legal.Compliance.

UK Financial Conduct Authority takes action on third party risk

Introduction

The UK Financial Conduct Authority (FCA) announced the result of its investigation into the use of third parties in the insurance industry at the end of July which has wider indications as to how regulators see third party risk. This work was set out as one of the FCA’s key priorities in their 2015/16 Business Plan.

What was this investigation about?

According to the FCA, appointed representatives generate annual revenues of over £500 million for the UK insurance sector.

The FCA approached 190 financial services firms operating within the UK insurance sector who used third parties (technically known as ARs or appointed representatives). It approached these firms and asked them to complete a survey.  Fifteen firms were then selected for a more detailed review.

The original survey went to insurance firms who sold a wide range of products including home, motor, travel, asset protection and warranties via a wide range of methods. It did detailed work with fifteen of these firms and over half of them could not consistently demonstrate they had effective risk management.  Action was taken against five of the firms.  It visited fourteen of those firms and twenty-five ARs.  It interviewed senior management and staff, reviewed policies, procedures, contractual documentation and customer files and also listened to sales calls.

What did the FCA find?

The FCA found that over half of these fifteen firms could not effectively demonstrate that they had effective risk management control measures in place to help them identify and manage AR risk.

The FCA found examples of potential mis-selling and harm to customers as a result of the actions of ARs – worryingly most of these issues had not previously been identified by the firm concerned. The issues included:

  • Customers buying products they might not need;
  • Customers buying products they might not be able to claim under;
  • Customers not being given enough information to make an informed decision;
  • In one firm, significant evidence of mis-selling, and
  • Improper targeting of vulnerable people for sales activities with poor timing for calls.

What action has the FCA taken?

The FCA has issued a general reminder that firms have regulated responsibility for their ARs and it has restated its position that anything that an AR has done or omitted to do is treated for regulatory purposes as having been done or omitted to be done by the firm itself.

As a result of their work with the initial fifteen firms the FCA has taken action which includes:

  • Commissioning more detailed reviews into two firms to look at mis-selling and the adequacy of systems and controls;
  • Asking two of the firms to cease sales activities;
  • Agreeing with five firms that they would stop taking on new ARs; and,
  • Looking at customer redress and whether further regulatory action is required.

One firm closed down the relevant part of its operations.

In addition the FCA is also writing to the CEOs of other firms in the general insurance sector to remind them of their expectations and set out the actions the firm should take to address the issues raised in the report.

What are the lessons to be learned?

The lessons to be learned are relevant in many respects to the business world at large rather than just to the financial services sector. Third party risk has always been high on the regulators’ radar – recent bribery cases for example show us that this is not an issue confined to financial services.

All businesses need to supervise their representatives properly. They also need to have a programme in place to manage that risk.  This is likely to include:

  1. Proper recruitment processes to make sure that the right calibre of representatives are appointed.
  2. A written contract with an AR – this is a regulatory requirement for FCA regulated entities and good sense for anyone else. This contract should give the company the right to terminate where the company has reasonable grounds to be concerned over the suitability of the AR. These contracts will need to be carefully drafted to make sure customers are looked after if there is a termination;
  3. Appropriate due diligence checks before an appointment is confirmed (including on solvency and suitability). This will include checking on the owners, directors and managers as well as the AR itself;
  4. A proper program of training for representatives which is regularly refreshed and focuses on actual risks;
  5. A comprehensive system of monitoring and review. Monitoring cannot be the sole responsibility of the same team who manage the representatives on a daily basis;
  6. A proper system of remuneration which is designed so that it does not reward bad behaviour;
  7. An appropriate system of alerting the business to concerns; and,
  8. Proper policies and procedures for ARs and those who manage the AR relationship.

For more information please contact Jonathan Armstrong or André Bywater who are lawyers with Cordery in London where their focus is on compliance issues.

Jonathan Armstrong

Office: +44 (0)207 075 1784

jonathan.armstrong@corderycompliance.com

André Bywater

Office: +44 (0)207 075 1785

andre.bywater@corderycompliance.com

Contact a Cordery Specialist +44(0)207 118 2700 | Contact Us

Cordery is a trading name of Cordery Compliance Limited. Authorised and regulated by the Solicitors Regulation Authority.
SRA number 608187. Company number 07931532 registered in England and Wales. VAT number: 730859520
Registered office: Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom

Cordery Compliance Limited trading as Cordery provides some products and services which are not regulated by the Solicitors Regulation Authority; we will clearly state this to you if this is the case.

We use the word “partner” to refer to a shareowner or director of the company, or an employee or consultant who is a lawyer with equivalent standing and qualifications.

Cordery is a registered trademark of RELX (UK) Limited, used under license. The Knowledge Burst logo is a registered trademark of Reed Elsevier Properties Inc., used under license.

Copyright © 2021 Cordery. All rights reserved.