Delegating authority in general insurance - what does good look like?

Posted: 30th June 2016

The FCA continues to assess conduct with regards to outsourcing in general insurance (GI) and, with the publication of TR15 / 7, it is clear that the entire GI supply chain contributes to the standard of customer outcomes – and therefore all parties (from the insurer through to distribution, underwriting and claims) are subject to FCA scrutiny.

So what exactly is it that the regulator is driving at? If there is one line from The Responsibilities of Providers and Distributors for the Fair Treatment of Customers (RPPD) and the FCA’s thematic review which summarises the issue to a tee it’s as follows:

“A customer's experience should not be affected by whether a product or service was provided and distributed by a single institution or by two or more institutions”

With much industry commentary accompanying the regulatory work, there is still an element of uncertainty over best practice in both regulatory and commercial terms. With this in mind, Huntswood’s latest white paper seeks to distinguish fact from fiction and provide firms with a practical operating model, implementation of which can enhance their approach to delegated authority (DA) oversight.

Here, we provide a high level preview of the practical points firms should look to consider as part of the model. For more detail on the points below, download the full white paper.

Insurance Boards and Executives

In the same light as Senior Insurance Managers Regime (SIMR), firms should record and map their decision making, creating a clear and auditable chain to demonstrate a holistic approach to their governance, controls and processes in this area.

As such, it is critical that your firm’s board and executives know that ultimate responsibility for all outsourced business rests with them – SIMR only increases visibility of this responsibility. This will then translate into your firm’s risk framework.

Risk Framework

The firm’s risk framework should consider the broad spectrum of risk; of course prudential and financial, but also conduct risk and the impact on customer outcomes, while not forgetting financial crime.

This framework sets the standards by which your business will be conducted and the standards against which the third parties you engage with must be assessed (both upfront and on an ongoing basis), which is how you should apply your due diligence.

Due diligence                                           

The risks posed by new Coverholders and Third Party Administrators (TPAs), for example, must be investigated upfront through due diligence. Coverholders and TPAs that pose more conduct risk require enhanced due diligence before being approved.

We have already seen the market enhancing traditional due diligence requests (which relied heavily on prudential assurance, errors and omissions policies and Directors’ experience, for example). While these remain important, firms are now requesting more conduct-specific information to determine the conduct oversight within the value chain.

Furthermore, if a Coverholder, for example, is assessed as high conduct risk - in part due to the conflict created by having profit commission and claims handling authority - firms should understand whether this is within their risk appetite and have a view on the controls they need to have in place to monitor any such arrangement.

Effective due diligence requires the full and proper assessment of information and should be challenged where appropriate and recorded for audit purposes.

Effective working of the three lines of defence

Crucial to the success of the three lines of defence (3LOD) is making sure that audits are independent and viewed as a detective and not a preventative measure to identify issues before they result in poor customer outcomes. We have noted within our white paper that there is often a blurring between 1LOD and 2LOD with respect to DA ownership. The 3LOD remains vital to ensure ongoing conduct compliance of DA agreements.

Audit frameworks in particular should be informed by the firm's conduct risk assessment, both in terms of scope and frequency. Again, this allows for resource to be focused towards higher risk Coverholders and TPAs, for example, with more frequent and more detailed reviews undertaken of higher-risk arrangements. If ongoing due diligence has found a weakness in certain areas of the Coverholder or TPA control and oversight framework, such as the monitoring of sales, this should factored into the audit.

We’ve seen audits include a range of activities from desk-based documentation reviews and sample testing, all the way to interviews with senior management. There has already been a general shift away from ‘tickbox’ questions, such as “do you have a TCF policy?” towards requiring auditors to give a view on the quality of conduct frameworks and also commenting on end consumer outcomes.

Management information (MI)

MI should be consistent and reported to the insurer, who should centrally collate all pertinent information. This is all the more important to ensure the firm remains within risk appetite.

Indeed, the FCA suggests that there were many instances of insurance providers not considering - or even requesting - MI despite it being available at the service provider level. Being able to receive, challenge and channel MI across the value chain is of vital importance. We have heard of the ongoing work within the Lloyd’s market in relation to MI and the good progress being made there.

For further information, download the full white paper