In an increasingly complex and diversified market, business acquisition and administration structures relying on the delegation of authority to third parties has become commonplace. The findings that the FCA has made in its thematic review, “Delegated authority: Outsourcing in the general insurance market” are therefore of significance for many participating in the UK general insurance market. The review analysed firms’ systems and controls surrounding outsourcing to determine whether they ensured appropriate oversight to achieve fair customer outcomes for UK retail and SME customers. It makes for depressing reading. Although not universal, within the review population the FCA identified control weaknesses resulting in the potential for unfair outcomes at all stages of the outsourcing cycle. As a result, the FCA will follow up specific issues, but more significantly will be addressing its findings in its ongoing supervisory work with insurers and intermediaries and will be raising its expectations with insurance trade associations.
The FCA reviewed 12 insurers’ outsourced underwriting and claims handling arrangements and the associated activities of 19 intermediaries and third party administrators. The regulator found that:
- Some insurers could not adequately demonstrate arrangements for assessing conduct risks associated with delegating authority (and some did not identify coverholder or TPA arrangements as outsourcing) with the result that appropriate controls were not being applied from the outset.
- Some insurers did not perform conduct focused due diligence when selecting entities to delegate authority to.
- Some insurers did not consider whether the products underwritten through such structures achieved fair customer outcomes in terms of value and service provision (rather, the focus was solely on financial gain).
- Some insurers did not design or control outsourced claims functions adequately (including ensuring remuneration structures did not give rise to conflicts of interest).
- The quality of oversight of outsourced functions and the quality of management information obtained was poor.
- Many insurers rely disproportionately on auditing as opposed to having ongoing oversight and review of third parties.
- Between insurers and intermediaries, there was often insufficient clarity surrounding the allocation of responsibilities.
- Intermediaries involved in product design often did not understand the regulatory obligations they assumed towards customers in doing so.
- Many insurers and intermediaries did not oversee product performance with an appropriate level of focus on customer outcomes (particularly when obtaining MI) and in some cases this extended to the complaints process.
The FCA is plainly keen that firms re-assess their systems and controls surrounding outsourcing to ensure they deliver appropriate customer outcomes. Whilst the report does highlight some areas where the FCA identified good practice, it also lists a litany of poor practice. Bearing in mind the needs of customers, firms need to be able to: (i) articulate clearly (using a risk-based approach) why they have selected a third party to outsource to; (ii) understand who is responsible for product design and be sure that the design was performed and that product distribution channels are policed with customers in mind; (iii) ensure claims processes are calibrated to deliver fair outcomes; (iv) implement appropriate monitoring and MI processes to ensure fair outcomes, particularly for claims (and not rely unduly on third line defences such as audit); (v) act on review/MI outputs; (vi) be sure that they know who is selling products and oversee them; and (vii) identify early and remediate appropriate customer conduct risks.
The FCA has indicated its intention to continue to engage with the industry by providing individual feedback to firms included in the review, as well as following up on specific issues and investigating whether they have resulted in consumer detriment.
Moreover, the FCA will maintain discussions with industry trade bodies about how best to address the issues identified, and will continue to consider how firms should respond to forthcoming changes to governance requirements under the Solvency II regime. The FCA has also identified that certain EEA firms passporting into the UK on a freedom of services basis may have inadequate UK regulatory permissions in view of their outsourcing activities and these entities are reminded to review their permissions with this in mind.