Matt Drage, HuntswoodThe FCA’s July 2015 study of Outsourcing in the general insurance market (TR15/7) found that firms delegating authority in the UK general insurance market are falling significantly short in terms of the regulator’s oversight and governance requirements.
The review noted in particular that: “Firms demonstrate little understanding that delegation to third parties is outsourcing and are unaware of their responsibilities.”
A brief recap
To briefly recap the FCA’s findings, the thematic review reported that insurers and other firms within the value chain:
- Had an overreliance on initial audit of third parties, rather than developing internal controls to oversee the outsourced work on an ongoing basis
- Could not articulate the extent and nature of their oversight
- Could not articulate the management information (MI) provided and received by firms, and how it is used within the business
- Did not always assess conduct risks when delegating authority
- Did not treat delegation of authority as outsourcing and were unclear about their risk appetite when outsourcing
- Did not always carry out conduct focused due diligence when selecting a third party, and / or placed too much emphasis on financial and operational drivers
- Did not always understand their regulatory obligations
- Contractual arrangements did not always accurately reflect the extent of arrangement in place
- Did not consider or understand the products being underwritten, their distribution to customers or the delivery of post-sales service prior to agreeing to underwrite such products
- Did not consider the importance of ensuring consistency of complaint handling between insurers, intermediaries and other third parties involved in the provision and delivery of the same product
Aligning with the Regulator
The prevailing concerns for firms following the release of TR 15 / 7 will likely be around what they must do to assure the regulator and their boards regarding their approach to delegated authority.
Throughout the value chain, firms will need to ensure that they have a robust and holistic approach to delegated authority. Every part of the value chain has a responsibility under the FCA’s delegated authority requirements, and the importance of a joined up approach cannot be underestimated.
Firms trying to fully understand the regulator’s supervisory approach to this issue should consider these key points:
1. DELEGATED AUTHORITY IS OUTSOURCING
The FCA is unambiguous in the assertion that delegating authority does not mean delegating responsibility.
2. DIVIDE RESPONSIBILITY APPROPRIATELY
Responsibility for oversight within the value chain should be divided appropriately between the parties involved. Firms’ operating models and compliance functions will be key to mediating this activity, and will help to ensure that responsibility and oversight is apportioned correctly.
3. ASSURE THIRD PARTIES ARE COMPLIANT
If your firm is outsourcing work, consider whether you have risk-based controls in place to ensure fair customer outcomes. What does your assurance programme currently look like, and is it robust enough?
4. ENSURE YOUR AGREEMENTS ENABLE EFFECTIVE MI
Do contractual agreements enable clear communication and the sharing of information? What MI do you get from coverholders? Is it insightful and actionable? Does monitoring activity give a clear view of customer outcomes? How is this escalated within the organisation? All of these factors should be considered prior to delegating authority. However, there is also cause for reviewing your existing contractual agreements to ensure they facilitate an effective working relationship between parties.
5. ENSURE YOU CAN ARTICULATE HOW CUSTOMERS STAND TO BENEFIT
Firms should not make the decision to outsource on a purely financial basis. Therefore, think about the justification for the initial decision within your firm. Were factors such as perceived processing efficiencies, reduced claim times, access to dedicated resource or greater expertise in delivery part of the consideration? Can you evidence this? Showing that your firm has considered the benefits of outsourcing to customers is important in satisfying the regulator.
6. CONSIDER THE NATURE OF YOUR UK-BASED BUSINESS ACTIVITY
Firms passporting into the UK on a service basis must consider whether the level of their activity equates to having “established a branch”. Requirements here align with established case law, and the FCA asserts that firms should have “obtained appropriate advice if they are unsure of the position”.
7. UNDERSTAND YOUR OBLIGATIONS AS A PRODUCT PROVIDER
Insurers and intermediaries acting as product providers (established as part of the initial delegation agreement) should assess the existing distribution channels and sales processes to make sure they facilitate fair outcomes for customers. This includes assessing the effect of sales incentives on product suitability.
An ongoing area of focus
It’s clear that further focus in this space is inevitable. The industry has already seen at least two fines issued and a thematic review carried out with firms found wanting.
Ultimately, as an insurer, you will need to have oversight of all the key players in the customer journey and satisfy yourselves that you are giving sufficient due diligence and attention to third party relationships, not just at the start of your contract but on an ongoing basis.
If you feel that after ‘looking under the bonnet’ of your outsourced activity, that articulating the reasons behind your decisions or demonstrating the effective controls you’ve developed could be difficult for your firm, then the time is now to give this area further attention and focus.
Matt Drage is Head of Regulatory Affairs for Huntswood