On 22 July 2016 the FCA published its Thematic Review on “Principals and their appointed representatives in the general insurance sector” (TR16/6) (the “Review”).
The Review is critical of principals’ understanding of their regulatory obligations for their appointed representatives (“ARs”) and the level of oversight and control of the ARs’ activities, and provides a stark warning that this will remain an area of supervisory focus and enforcement.
In carrying out its Review, the FCA assessed:
whether principals had considered the impact of appointment of ARs on their business and core activities and had taken reasonable steps to put in place appropriate risk management frameworks to enable them to manage the risks associated with appointing an AR, and
whether principals could demonstrate that they had adequate oversight and control over the activities of their ARs, and particularly over their sales activities, to enforce compliance with relevant requirements.
The FCA’s work addressed all phases of the relationship, from the initial selection and appointment of ARs, through set-up and contracting, to the ongoing oversight and termination of ARs.
FCA expectations for principals with ARs
The Review reiterates the FCA’s expectation that principals should be able to demonstrate that they consistently comply with their regulatory obligations to:
- consider the impact of ARs on their own business model and ability to meet threshold conditions;
- assess the solvency and suitability of their ARs;
- take reasonable steps to put in place an appropriate risk management framework to identify and manage the risks ARs present to their business;
- put in place compliant contractual arrangements with their ARs;
- have adequate controls over their ARs’ regulated activities for which the principal has responsibility; and
- have adequate resources in place to monitor and enforce compliance with the relevant requirements that apply to the regulated activities for which the principal is responsible.
The Review notes that principals’ regulatory obligations to control their ARs’ activities are no less than for their own activities, so the FCA expects principals’ controls and oversight to encompass all elements of their ARs’ activities, including ensuring the sales activities are compliant with PRIN and ICOBS.
The FCA expects principals to be able to demonstrate that they are consistently meeting the regulatory requirements so that their customers who receive products and services delivered by the ARs are consistently being treated fairly and receiving appropriate outcomes.
FCA concerns and actions
The issues the FCA identified are serious and widespread and showed that over half of the principals in their sample did not fully understand the risks arising from their ARs’ activities, or were unable to demonstrate that they were complying with their obligations to control and oversee these activities. In over a third of firms, the FCA identified material risks to customers arising from their poor practices, which left the FCA with no alternative but to take early supervisory intervention actions to protect the interests of customers.
The FCA’s main concern is the material risk of customer detriment arising from the activities of ARs that are not subject to appropriate control and oversight from their principal. The role of the principal in providing an appropriate control framework is critical in ensuring these ARs sell insurance products in a compliant manner and deliver fair customer outcomes.
The failings in the sales processes and practices of many of the ARs increased the risk of mis-selling and gave rise to instances of actual and potential customer detriment.
At the date of the Review, the FCA has taken early intervention actions in relation to five of the 15 principals in its sample. These actions include:
- agreeing the imposition of requirements on the principal’s regulatory permissions, including in each case preventing the principal from taking on any new ARs;
- asking principals to cease sales activities; and
- commissioning two FSMA section 166 skilled persons reports to assess whether detriment has been suffered by customers from mis-selling and consider the adequacy of systems and controls.
The FCA is also considering the need for customer redress, and will consider the need for further thematic or supervisory work.
The FCA expects this will remain an area of supervisory focus and will consider the need for other regulatory action as a result of the findings of its Review, including assessing whether there is a need for policy intervention or any adjustment of the FCA’s approach to authorisations.
In terms of immediate next steps, the FCA is:
- sending a Dear CEO letter to the CEOs of principals with ARs operating in the general insurance sector, setting out its expectations and what actions the FCA expects them to take to address the issues raised in the Review;
- sharing its findings with the sector, and will continue to work with the principals included in its detailed review, to address and resolve the issues identified, using the full range of regulatory tools as appropriate;
- planning to perform additional work with some of the principals in the wider survey sample that were not included in its more detailed work. This will focus on principals that the FCA believes to be higher risk, as well as those about which it had concerns regarding the quality of data provided to it.
The findings of the Review fall under three main headings:
1. Business models and risk management
The FCA considered principals’ business models and risk management frameworks and found that almost half of the principals in its sample could not demonstrate that they had considered and understood the nature, scale and complexity of the risks arising from their ARs’ activities and, in particular, the risks these activities presented to customers. This resulted in some ARs conducting activities outside their principal’s core areas of expertise, where the principal lacked the ability or resources to oversee them effectively.
2. Governance and oversight
When considering the appointment of new ARs, the FCA found that many principals could not demonstrate how they had met their own obligations to consider the solvency and suitability of the AR, the impact on their own compliance with threshold conditions, or the adequacy of their own controls and monitoring resources.
At appointment stage and when contracting the relationship, the FCA found that some principals had not been effective in setting up an appropriate operational framework for their ARs, both in terms of contractual arrangements and the broader control environment. The FCA saw examples of contracts that were not fully compliant with the relevant requirements as well as shortcomings in categorising ARs, setting up multiple principal arrangements and implementing the approved persons regime.
The FCA found that over half of the principals in the sample were not able to demonstrate consistently that they had adequate controls over the ARs’ regulated activities or adequate resources to monitor and enforce compliance by the ARs with the relevant requirements.
3. Customer outcomes
A key purpose of the regulatory framework is to ensure that customers buying insurance products from an AR of an authorised firm are afforded the same level of protection (and therefore no less likely to receive fair outcomes) as if they were purchasing products from an authorised firm. In many of the principals in the FCA’s sample, the shortcomings that were apparent in risk management, control and oversight gave rise to risks to customer outcomes, as the principal was not able to ensure its ARs complied with the relevant requirements – notably the requirements of PRIN and ICOBS.
In a third of the principals, the FCA saw examples of potential mis-selling and customer detriment as a result of ARs’ actions, with most of these issues not previously identified by the principal. This included customers buying products that they may not need, under which they may be ineligible to make a claim, or without being provided with enough information (including key exclusions) to make an informed choice.
It is clear that use of ARs by authorised firms is an area where there is an increased risk of customer detriment due to the expansion in the entities and individuals who carry on regulated activities away from the authorised firms themselves.
While the rules in SUP12 are very prescriptive in terms of what is expected of an authorised firm that wishes to appoint an AR, it appears from the Review that that there may have been a general “softening” in the adherence to those roles across the general insurance sector as a whole.
Following the Review firms operating in the general insurance sector should expect the FCA to take particular interest in their AR arrangements, from a supervisory and (if necessary) enforcement perspective.
Where the FCA finds that an authorised firm has failed to impose (and enforce) adequate controls over its ARs, the FCA has shown that it will not hesitate to impose penalties that could have a very serious impact of the firm’s business operations as a whole.