Global and national regulators are still smarting from the battering they took in the wake of the financial crisis a decade ago. Many were accused of being asleep on the job, of having relaxed regulations too much and not spotting the looming problems across the world’s financial markets. Their response has been to review, revise, strengthen and extend regulation across all sectors. This includes the insurance industry, despite its many protestations that its severely depressed investment returns make it one of the victims of the financial crisis, not a cause of it.

The main focus in the immediate aftermath of the crisis was prudential regulation, mirroring the tougher rules for banks. Solvency II and IFRS17 are both consequences of that phase of regulatory review.

That focus is now shifting. Regulators are not sitting back. Conduct risk is moving centre stage, bringing pressure on the financial services sector to do more to protect vulnerable customers (see paragraph below: EIOPA raises its conduct risk game). This relentless pace of regulatory change is clear evidence of the determination of governments and regulators not to be caught out again.

“Some of it is still a backlash from the financial crisis and the ‘light touch’ approach to regulation, urged by politicians, that preceded it. That wasn’t necessarily the direct cause of the financial crisis, but it created a regulatory environment in which it could happen,” says Mathew Rutter, Partner at DAC Beachcroft in London.

“As a consequence, governments and politicians want to appear to be the champion of the consumer and this is driving the regulatory agenda.”

Conduct risk in the UK

As that agenda develops, there is an expanding range of regulatory requirements in different jurisdictions focused on demonstrating customer value and eliminating poor advice, so-called ‘conduct risk’. The specific actions may differ, but they are all essentially pulling in the same direction and influencing each other. There is an emerging international consensus on what conduct risk means and how consumer detriment manifests itself. Insurers need to plan to manage the impact of the regulatory changes flowing from this, as it is changing the way insurance products are designed and sold.

The UK has been one of the leaders in developing a new regulatory regime for conduct risk, partially driven by two decades of mis-selling scandals around personal pensions, endowment mortgages and payment protection insurance. As a result, the Financial Conduct Authority (FCA) is now far more proactive, says Rutter.

“It has moved from reacting to abuses and just preventing detriment, to trying to ensure that markets work better, focusing on improving outcomes for consumers rather than just preventing harm.”

This is evident in the debates around dual pricing (where new customers are charged lower premiums than existing customers), add-ons and overall product transparency.

Some of these issues are not as simple as regulators and consumer champions make them out to be, says Rutter:

“With dual pricing everyone focuses on those who lose out, but there are others – those who shop around – who benefit from it. It would be hard for the industry to agree collectively to move to single pricing without being at risk of breaking competition law. Single pricing will also leave firms vulnerable to those who want to buy market share.

“If you also attack add-ons and marginal benefits in products, you run the danger of ending up with bland, vanilla products with no differentiation and everyone charging the same price. What does that mean for consumer choice?

“I think the FCA understands these dangers, but it is under a lot of political pressure to do something about things like dual pricing.”

Impact on Europe

Across Europe, the industry is coming to terms with this new proactivity among regulators, with the European Insurance and Occupational Pensions Authority (EIOPA) setting a firm lead. In February 2019, it published a framework for assessing conduct risk throughout product lifecycles, making clear this was a priority as it follows up what it sees as the success in driving through the implementation of the Insurance Distribution Directive (IDD) (see paragraph below: Vulnerable customers – the new regulatory horizon).

National markets certainly feel the IDD has been the catalyst for tough action by regulators. “The IDD has increased the attention paid to conduct risk. Regulation started slowly with the compliance and risk management procedures under Solvency II, but now we have a lot of changes, especially to commissions and processes in firms,” says Dr Alexander Beyer, Partner at Legalign firm BLD in Cologne.

The German Federal Financial Supervisory Authority – BaFin – has clamped down on commission sharing by insurers and intermediaries, including commission overrides and using vouchers as an incentive to buy policies.

“This has had a significant impact on intermediaries as they are no longer allowed to receive additional commission based on how many contracts from an insurer they have in their portfolio or accept any form of bonus commission,” says Beyer.

Rebating commission to a policyholder has also been outlawed as part of the implementation of the IDD. This has already been challenged in the courts in Germany where they have said that only an insurer can reduce the premium, not an intermediary.

Beyer says the market anticipated many of the new requirements the IDD would impose, creating voluntary codes so that the impact of the changes has not been overly dramatic for many insurers, outside of the commission debate.

In Spain, the situation is slightly different, advises Marisol Lana, an Associate at DAC Beachcroft in Madrid: “The IDD should have been transposed into national law in July 2018 and applied from October 2018, but this has still not happened. The project has been paralysed by the call for parliamentary elections and it is not expected to be ready until 2020.

“However, even without waiting for the legislation, Spanish insurers are taking steps well beyond the proposed regulation, focusing on transparency and putting the customer at the heart of their actions. The change of paradigm towards conduct risk is already very noticeable through the websites of the vast majority of Spanish insurers. The Spanish insurance regulator is also focused on promoting and improving the information provided by and transparency of the insurance market, encouraging insurers to simplify the language of their products and tailoring it to the target profile of customers for each product.”

Financial reform in Australia

Some of the biggest upheavals in financial services regulation have been in Australia, where a series of financial scandals led to the creation of a ‘Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry’. This has created an ambitious and wide-ranging reform of financial services regulation, says Cain Jackson, Partner at Legalign firm Wotton + Kearney in Melbourne:

“We have had a period of ten years of dramatic reforms around financial services. This has tended to track corporate collapses and financial catastrophes, but now with the Royal Commission the Government is looking at non-financial risks, including conduct risk.”

This change is going to hit the insurance industry hard, says Nick Lux, a fellow Partner at Wotton + Kearney in Melbourne:

“The focus in the past has been on compensation and remediation. The Royal Commission has been very critical of the regulator for stopping there and not going on to punish and deter.”

This is having a major impact on insurers’ costs, with many now looking at extensive self-insurance of the costs of investigations and prosecutions.

According to Jackson, some of the criticism heaped on insurers has been unfair but is not going to go away as the media and politicians have the industry in their sights.

“Insurance has been caught in the backwash of the bad behaviour of the banks,” says Jackson, although the Australian insurance sector has had its own scandals to contend with, especially with add-ons, a parallel with the UK. “Car dealerships were selling add-ons as part of a loan and taking up to 70% in commissions. This affected about seven insurers but was one of the key case studies used to claim that the insurance industry was failing customers. The perception is that there is now a need for reform across the board rather than targeting problem areas.”

A new approach in the US

The pressure for tougher regulation of the behaviour of firms has also been a feature of the changing regulatory landscape in the United States.

A lot of insurance regulation there is at state level, but the tone and emphasis is set by the Securities and Exchange Commission (SEC) and it has been far more proactive in pursuing bad conduct by firms since the turn of the century, says Jim Thurston, Partner at Legalign firm Wilson Elser in Chicago.

Forced into action by scandals at Enron, the collapse of firms when the dot-com bubble burst and the behaviour of serial fraudsters like Bernie Madoff, the SEC and Department of Justice became tougher. “For the first time the US Government pursued the directors and officers for serious jail time. That was really unusual before the financial meltdown in the early 2000s,” says Thurston.

“The Government in the United States wants to be seen as one of the leaders and not to be lagging behind as it sometimes has been in the past.”

This new emphasis on weeding out and punishing bad behaviour has not changed since Donald Trump was elected President. “When he came to office many saw him as an ally of business and thought he would be friendlier. However, the SEC and Department of Justice enforcement actions against individuals and entities do not show much change.”

In 2015-16 there were 784 actions. This dropped slightly to 754 in 2016-17 but jumped by almost 9% to 821 in 2017-18. “These enforcement procedures are used as a barometer of how seriously the US Government is regulating the financial services sector.”

With new regulatory regimes coming on stream around the world, insurers and intermediaries are going to have to place conduct risk at the heart of their compliance regimes.

EIOPA raises its conduct risk game

The pan-European regulator published a new framework for conduct risk at the end of February 2019. It says its aim is to clarify the drivers of conduct risk and their role in the emergence of consumer detriment. It highlights the issues faced by consumers and the types of conduct risks EIOPA and the national competent authorities should focus on. It sets a common starting point for more practical supervision of particular products, services or market segments, for instance, through ‘deep dive’ thematic work or for future policy development, some of which has already been seen in the UK with the investigations into add-ons and the wholesale insurance markets.

The framework focuses on conduct risk throughout all stages of product lifecycles, that is to say from the point before a contract enters into force through to the point when all obligations under the contract have been satisfied.

The risks identified by EIOPA cover the following areas:

Business model and management risks – risks arising from how undertakings structure, drive and manage their business and from relationships with other entities in the value-chain. Manufacturing risks – risks arising from how products are manufactured by insurance undertakings prior to being marketed and how they are targeted to customers. Delivery risks – risks arising from how products are brought to the market and from the interaction between customers and insurance undertakings or intermediaries at the point of sale. Product management risks – risks arising after the sale of the insurance product relating to how products are managed and how insurance undertakings or intermediaries interact with and service customers until all obligations under the contract have ceased.

Many of these risks will not be new to firms, with issues such as product bundling, conflicts of interest and product reviews already covered by rules under the IDD. However, the framework provides important signposts for firms wanting to understand how the conduct priorities of EU supervisors and others might develop.

Vulnerable customers – the new regulatory horizon

The emergence of regulatory concern around vulnerable customers creates some tricky issues for insurers, starting with definition, says Mathew Rutter, Partner at DAC Beachcroft in London.

“How do you define vulnerability? How do you ensure consistency?” he asks.

“There are dangers of pigeonholing people if you take too simplistic an approach. For instance, you cannot assume that everyone over 80 is vulnerable and needs special consideration. It will not always be so much about the definition as how you apply it, as people may not define themselves as vulnerable.”

According to Rutter, defining vulnerability and identifying those who fall within the definitions will require firms to share data and this will raise all sorts of data protection issues that will have to be addressed by the regulators.

There is also a danger that some people may look to define someone as vulnerable in retrospect and argue they were sold cover they did not need or that was inappropriate. “If you regulate after the fact, firms will need higher margins to cover potential compensation.”

Submitted by Dr Alexander Beyer at BLD – Cologne, Jim Thurston at Wilson Elser – Chicago, Cain Jackson and Nick Lux at Wotton + Kearney – Melbourne, in partnership with DAC Beachcroft LLP.