‘Talking the talk’ and ‘walking the walk’ on compliance management: prevention is better than punishment
1.1 The Financial Services Authority (“FSA”) has fined UK Insurance Limited £2.17m as a result of failed attempts by its subsidiaries, Direct Line Insurance plc and Churchill Insurance Company Limited (collectively, “UKI”), to manage the risks arising in connection with a forthcoming file review by the FSA.
1.2 In the context of a project to improve (i) complaints handling performance and (ii) the records as to such performance, UKI sought to prevent complaints personnel from falsifying and tampering with complaints files. Unfortunately, UKI’s approach to doing so caused the very tampering, and therefore the regulatory sanction, which it had set out to avoid. The FSA was especially concerned that the tampering was such that it would have been difficult to spot had it not been for (what appears to be) a ‘tip off’ that the tampering had taken place.
1.3 The essential causes of the tampering were:
1.3.1 the explicit threat from UKI’s management that complaints personnel would face disciplinary action if files were not compliant with UKI’s systems, which created an obvious increased risk of tampering by such personnel with the aim of creating the impression that file management had been compliant at all times; and
1.3.2 the absence of a system to ensure that tampering could be detected, reported and prevented. The FSA found a chain of causation between the approach to personnel management, and the absence of compliance monitoring, and determined that UKI had not operated with due skill, care and diligence in breach of ‘Principle 2’.
- The Facts
2.1 In early 2009, the FSA carried out a review of UKI’s complaints handling and identified areas for improvement in relation to both the substance of complaints-handling decisions and the process by which such decisions were reached. These areas included the improvement of the physical records as to –
2.1.1 the facts and matters taken into account by complaints handlers, and
2.1.2 the monitoring and reporting of issues and decisions on complaints.
2.2 As a result, UKI sought to carry out an action plan to achieve the required improvements. In February 2010 the FSA decided to conduct an assessment of UKI’s action plan by reviewing a sample of closed complaint files.
2.3 To prepare for the assessment, UKI instructed a third party to review 110 of the closed complaint files in March 2010 with a similar methodology to that which the FSA was expected to use. 28% of the 110 files failed the review.
2.4 UKI was concerned by the results of the review as the FSA’s planned visit was due within a week or so. UKI therefore held a conference call with complaints staff to discuss the results of the review, and instigated a further review of closed complaint files in order to bring the files to the required standard.
2.5 UKI explained to staff that:
2.5.1 if staff took immediate action to rectify the failings, that this would be viewed positively;
2.5.2 staff should ensure that files met UKI’s required standards;
2.5.3 anyone not operating to the required standard would face disciplinary action, especially if this was due to a lack of care.
2.6 It was agreed by the FSA and UKI that it was permissible for staff to add (i) minor administrative data such as reference numbers, and (ii) copy documents, provided that such documents –
2.6.1 had been considered or dealt with by a complaints handler, and
2.6.2 were already referred to in the file or had been dealt with electronically.
2.7 At the time of these calls around 10% of complaints staff were subject to performance improvement plans and a failure to reach the required levels of performance in the plans could lead to formal disciplinary proceedings. UKI was alive to the risk that staff might exceed the limits of permissible file rectification and so took steps to address this:
2.7.1 UKI issued instructions on what constituted appropriate steps in undertaking file reviews and rectification;
2.7.2 UKI’s risk department’s personnel visited the offices where file reviews were taking place; and
2.7.3 UKI retained a third party to monitor the progress of the review, although not the substance of the work done by staff in undertaking the file review.
The FSA subsequently found that at this stage only 5 files were subject to alterations, and these were acceptable.
2.8 Shortly before its review was due to take place, the FSA requested 50 specific files at the start of April 2010 “as soon as possible”. UKI instructed the complaints staff to collate the relevant files and undertake a final “10 minute” review to check they were at the required standard before sending them to UKI’s risk team working with the third party adviser. In the event, the final collation process took 8 days. UKI did not give staff any instructions that files should not be altered in an improper manner. The Neither the risk team nor the third party adviser checked the files for improper alterations which could have been made during the final collation period.
2.9 The FSA’s enforcement notice says that it “received information” (a tip-off?) that file-tampering had taken place. In June 2010 the FSA made a “short notice” visit to UKI. As a result of this visit, UKI agreed to undertake an investigation into the file review process. This investigation revealed that:
2.9.1 27 or the 50 files had been altered during the final collation process before they were provided to the FSA; and
2.9.2 28 documents within 27 complaint files had been altered or created.
2.10 The tampering involved material changes to the substance of the complaint-handling decisions and decision-making processes, including:
2.10.1 amendments to copies of customer letters and sections of complaints management documents setting out how staff had assessed evidence and reached conclusions, and
2.10.2 forged signatures of personnel who had a referral or sign-off function within the complaint-handling process.
3.1 There are two important compliance and risk management strands in the FSA’s decision against UKI:
3.1.1 The need for firms to be –
220.127.116.11 aware of the effects of their approach to personnel management in fostering a approach to, or culture of, compliance, and
18.104.22.168 constantly vigilant and active in managing the risks arising out of or in relation to personnel management and compliance projects; and
3.1.2 The extent to which complaints in the general insurance market are being appropriately handled.
3.2 In relation to the latter point, it is not known whether the FSA’s concerns around UKI’s complaints-handling related to the number of complaints taken in isolation, the number of complaints in the context of the number of policies handled by UKI, or the number of complaints upheld by the Financial Ombudsman Service (“FOS”). FOS complaints-handling statistics do not necessarily mark UKI out as having complaints-handling problems. However, it is clear from the FSA’s work on ‘Treating Customers Fairly’ (“TCF”) that complaints are an indicator of possible failings, and even in relation to wider systems and controls. Moreover, the principles of TCF are not reducible to mere statistics capable of proving that a firm has interacted with its customers on a fair basis in all regards.