• No results found

FCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market

N/A
N/A
Protected

Academic year: 2021

Share "FCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market"

Copied!
41
0
0

Loading.... (view fulltext now)

Full text

(1)

IAC Forum

FCA Thematic Review

Delegated Authority: Outsourcing in

the General Insurance Market

Lloyd’s Old Library

25 September 2015

(2)

Delegated authority: Outsourcing in the

general insurance market

Thematic review and the role of risk,

audit and compliance

Joseph Smith, Manager

General Insurance Themes

(3)

• Delegation of authority is a key component of the UK general insurance market

• 12 insurers (including Lloyd’s insurers, companies and EEA passporting firms) and 20 intermediaries and TPAs

• Focused on delegated arrangements for UK retail and SME customers (75%:25%)

(4)

Insurers*

Intermediaries

Principle 2 – Due skill, care and diligence

Principle 3 – Effective systems and controls Principle 6 – Fair treatment of customers

Principle 8 – Fair management of conflicts of interest

Permissions for…

• Effecting contracts of insurance • Carrying out contracts of insurance

Permissions for…

• Making arrangements and arranging deals • Assisting in administration and performance

SYSC 3 and 13

• Where outsourcing, the SYSC requirements apply

SYSC 4, 8 and 10

• Robust governance arrangements • Conflicts of interest

ICOBS 8.1

• Insurer is always responsible for the claims outcome

ICOBS 8.3

• General intermediary duties

Regulatory framework

*Insurers include EEA firms passporting on an establishment basis. EEA firms

(5)

5

• Delegating authority not always treated as outsourcing • Impact on customers

Outsourcing and due diligence

• What is product being underwritten and who’s responsible? • Is product designed to treat customers fairly?

Product design and review

• Choice of party to handle claims.

• Claims processes appropriately designed and implemented.

Claims handling

• Varied quality of oversight of outsourced functions.

• MI and monitoring rarely addressed customer outcomes.

Oversight and monitoring

• Who is doing what within the outsourced arrangements? • Is there effective communication to support good outcomes?

Allocation and communication

(6)

diligence

Risk appetite and approach

•Delegation of authority not always treated as outsourcing •Conduct focus and risk-based approach

Due diligence and controls around outsourcing

•Involvement of all stakeholders •Process flexed according to risks

Business model

•Consideration of customer needs and outcomes •Turnover in delegated arrangements

(7)

Product oversight and control

Product design, distribution and review

• Understanding and ownership of responsibilities • Clear customer focus

• Selection of distribution channel

Monitoring and MI

• Regular and appropriate MI on customer outcomes • Consistency of information

Analysis and response

• Sharing of information • Root cause analysis

(8)

Claims outsourcing - Due diligence and processes • Risk based due diligence considering capabilities

• Input to or review of claims processes Standards and outcomes

• Set expectations for how claims are handled • Reasons for declinature or repudiation

Conflicts of interest

• Consideration of incentives and conflicts of interest

(9)

Creation of an oversight framework

Information flows to the insurer

Review and analysis

(10)

Current role of audit

• Useful part of control framework • Reactive not proactive

Audit scope and output

• Breadth and resourcing • Conduct focus

• Issue identification and reporting • Follow-up

(11)

Complaint handling

Completeness of information

• Potential for complaints under-reporting • Lack of focus on non-reportable complaints

Consistency in approach

• Potential for different customer outcomes

Root cause analysis and follow-up actions

• Lack of central collation and analysis

(12)

The role of risk, audit

and compliance

(13)

The role of the risk function

How can risk help?

• Making the strategy and risk appetite real

• Identifying key risks of delegation

• Setting parameters for engagement – Who and

what?

(14)

The role of compliance

How can compliance help?

• Helping the business to understand

• Contribution to core processes

• Providing the voice of the customer

• Monitoring

(15)

The role of audit

How can audit help?

• Providing an independent view

• Focused and targeted review

• Challenging the processes

(16)

Effectiveness of control functions

What will help control functions deliver?

• Clarity of roles and responsibilities

• Empowered to contribute

(17)

17

Our expectations

Risk-based controls considering customers when outsourcing Appropriate oversight of outsourced activities and associated products

Meet responsibilities as product provider

(18)
(19)

© Lloyd’s 1

© Lloyd’s 1

NEIL GRIFFITHS

(20)

© Lloyd’s 2

© Lloyd’s 2

Solvency II

(21)

© Lloyd’s 3

© Lloyd’s 3

► Internal model approval application (IMAP)

submitted to PRA

► Addresses over 300 Solvency II requirements whilst

articulating unique structure of Lloyd’s

► 7,417 pages including:

– Covering letter

– Overview documents describing Lloyd’s

– 102 IMAP documents¹

– 55 supporting documents²

¹ Provided to address specific IMAP requirements

(22)

© Lloyd’s 4

© Lloyd’s 4

► We expect ongoing discussions with the PRA but do

not expect a formal decision until end of 2015

► Lloyd’s will continue to work closely with PRA during

this period

► Around 20 IMAP firms (Lloyd’s counted as one) still

in the process

– Originally around 100 were involved

► PRA will advise all IMAP firms in December whether

or not they have got model approval

► Key areas where approach continues to

develop……..

– Model Change

(23)

© Lloyd’s 5

© Lloyd’s 5

► All major model changes require Lloyd’s approval in

readiness for a Solvency II live environment in 2016

Enables Lloyd’s to continually monitor syndicate

internal models as they evolve

– Pre-approval of major model changes by the

Standards Assurance Group (SAG) ahead of implementation by the managing agent

– Links to the annual CPG process

– Major model changes reviewed by SAG, with

(24)

© Lloyd’s 6

© Lloyd’s 6

► For Lloyd’s to be able to meet its Pillar 3

requirements, all agents must be ready by end 2015

► Thematic review of agents’ readiness in Q3 2015,

taking into account:

– Compliance so far in dry runs and interim

reporting

– Review of agents’ Pillar 3 status reports

submitted on 30 June 2015

► Continual assessment of agents’ Solvency II

compliance

– Significant concerns over Pillar 3 may result in

agent being downgraded from green to red

(25)

© Lloyd’s 7

© Lloyd’s 7

Solvency II

(26)

© Lloyd’s 8 © Lloyd’s 8 ► Lloyd’s Minimum Standards Framework now in place ► Solvency II requirements “baked in” to the new minimum standards

► A number of self

assessments

staggered over the course of 2015

► Market Oversight

(27)

© Lloyd’s 9

© Lloyd’s 9

► Lloyd’s keen to utilise planned Internal Audit reviews

to support minimum standards and other assessments

► Number of recent examples where Internal Audit

reviews have been used instead of specific Lloyd’s reviews

► Interaction with audit functions to increase in Q4

2015 to increase understanding of 2016 plans

► Recognise that we need to better flag potential IA

involvement

► Encourage agents to proactively send draft 2016

plans to Risk Assurance Account Manager to ensure any likely duplication in reviews can be flagged

(28)
(29)

PwC

LMA Internal Auditors Committee Forum

Senior Insurance Managers Regime

Update and key thoughts on implications for Internal Audit September 2015 LMA Internal Auditors Committee Forum September 2015

(30)

PwC PwC

Background

Key features

Implications & key areas for Internal Audit

(31)

PwC PwC

Backdrop – Continuing focus on management; SII; Banking sector

• Extending individual accountability – broader reach through management

• Enhanced conduct standards for individuals

• New model for approvals / notifications – fitness & propriety assessments by firms

• Additional management arrangements

– responsibilities & accountabilities, governance

Dual regulated firms – PRA + FCA regimes – co-ordinated; changes to FCA regime

3 Implementation 2016:1/1/16 PRA regime & transitional arrangements8/2/16 Grandfathering applications7/3/16 FCA regime;

(32)

PwC PwC

• All other employees

engaged in regulated activities

4

• Board & senior management • PRA Senior Insurance Manager

Functions

• FCA Significant Influence Functions

• Other “Key Functions” not otherwise a SIMF or SIF • Non Executive Directors

not otherwise a SIMF or SIF

• Employed in key functions but not the KFH

KFHs Notifiable NEDs Senior Management PRA SIMFs FCA SIFs Other

Key Function Holders Notifiable NEDs

Employees in Key Functions (not KFHs)

Other employees

• PRA & FCA regimes co-ordinated

- PRA Senior Insurance Managers Regime

- FCA reformed Approved Persons Regime

• Recognition – PRA & FCA overlap in some areas

- Different perspectives / concerns

• Subject to interpretation & ongoing policy developments

(33)

PwC

PwC 5

PRA SIMFs (Lloyd’s managing agent)

Senior Insurance Management Functions

Chief Executive Officer SIMF1 Chief Finance Officer SIMF2

Chief Risk Officer SIMF4

Head of Internal Audit SIMF5 Group Entity Senior Insurance Manager SIMF7

Chairman SIMF9 NED

Chairman - Risk Committee SIMF10 NED Chairman - Audit Committee SIMF11 NED Chairman - Remuneration Committee SIMF12 (NED) Senior Independent Director SIMF14 (NED)

Chief Actuary SIMF20

Chief Underwriting Officer (GI) SIMF22

FCA SIFS

Significant Influence Functions

Director (Exec) - not approved by PRA CF1

Compliance Oversight CF10 Systems and controls - not approved by PRA CF 28 Chair Nominations Committee (if applicable) CF7 (NED)

Significant Management - not approved by PRA CF 29 Actuarial Function in third country branch CF51

(34)

PwC

PwC 6

PRA SIMR prescribed responsibilities

1. Ensuring all individuals in key functions are fit & proper

One or more PRA SIMFs

or FCA SIFs 2. Leading the development of firm’s culture by governing body

3. Overseeing adoption of firm’s culture in day-to-management

4. Production & integrity of financial information & regulatory reporting 5. Managing allocation and maintenance of firm’s capital & liquidity

6. Development and maintenance offirm’s business model by the governing body 7. Performance of the firm’s ORSA

8. Effective policies & procedures for induction, training & development of governing body

9. Effective policies & procedures for induction, training & development of all other key function holders

10. Independence, autonomy & effectiveness of firm’s whistleblowing policies & procedures One or more NEDs 11. Developing & overseeing remuneration policies & practices

(35)

PwC

PwC 7

FCA Principles & Code

Core

Integrity

Skill,care & diligence

Organised for effective control

Regulatory compliance

Market conduct

Interests of customers – fair treatment

Open & co-operative with regulator

Detailed practices - examples

Delegation and oversight

Appropriate disclosures to regulator

PRA Conduct Standards

Core

Integrity

Skill,care & diligence

Organised for effective control

Regulatory compliance

Interests of customers

– provision to protect insured benefits

Open & co-operative with regulator

Detailed standards - examples

Delegation and oversight

Appropriate disclosures to regulator

Separate and different articulation of regulatory standards for conduct of individuals

(36)

PwC

PwC 8

• Regulatory pre-approval by PRA & FCA

• Pre-application fitness & propriety assessment by firm

• Notification to PRA & FCA

• Pre-notification fitness & propriety assessment by firm

• PRA & FCA supervise assessments ex-post

• Not notifiable to PRA & FCA • Pre-appointment fitness &

propriety assessment by firm • PRA & FCA supervise

assessments arrangements

• General requirement for

effective systems and controls to maintain fitness and competence of all

management and staff (SYSC)

Senior Management

PRA SIMFs FCA SIFs

Key Function Holders Notifiable NEDs

Employees in Key Functions (not KFHs)

Other employees

• Individuals directly subject to

conduct rules / standards for PRA Senior Insurance Managers and FCA Approved Persons

• Firm required to ensure

individuals observe PRA conduct standards

• PRA / FCA do not take direct

regulatory action with individuals

• Not subject to specific SIMR /

APR conduct standards

• But general competence &

(37)

PwC PwC

• Level of scrutiny – continuing • Due Diligence vetting by firm

- Pre-application / notification

• Application processes – changing

- Forms – PRA & FCA combined - Pre-approval interviews – possible

PRA / FCA discretion

- Post-notification follow-up or interview – possible PRA / FCA discretion; Individuals or firms’ processes

• Transitional arrangements – grandfathering

- Equivalent functions; otherwise new applications

• Ongoing notifications & applications in response to changes

9

Application to perform controlled functions

Honesty, integrity & reputation

Employment history & references

Criminal record check (UK & overseas)

Financial history, civil proceedings

Regulatory history & references

Business history Personal

financial soundness

Financial history & status

Civil proceedings & arrangements Competence

& capability for role

Background & experience

Qualifications & training

(38)

PwC PwC

Oct 15 Nov 15 Dec 15 Jan 15 Feb 15 Mar 15

10

Gap analysis &

allocation of responsibilities Governance Map

Fitness & propriety assessments - New SIMFs / SIFs / KFHs - Grandfathering – review / refresh

- KF staff – assess / review

Fitness & Propriety assessment model Employment contracts, JDs, etc

Induction, training & development Statements of Responsibilities (SORs)

Governance oversight & review

SIMF, SIF & KFH Training

SIMF grandfathering applications New SIMF applications

Follow-ups / interviews?

Ongoing applications & notifications

SIMR / APR framework & approach

Ongoing maintenance of Fitness & Propriety KFH notifications

Key function staff training Determination of

SIMFs / SIFs / KFHs & KF staff

Recruitment processes SIMR & APR administration

Ongoing maintenance of Governance Map & SORs

Key decisions – Gov structure & responsibilities Determine SIMFs, SIFs, KFHs

Ongoing review of SIMR & APR arrangements

Ongoing maintenance of SIMR & APR competence

Review & refresh – Gov policies & processes incl. Remuneration, Appointments, Succession

Ongoing oversight of conduct standards & controls

(39)

PwC PwC

• Direct regulatory requirements for IA management & staff

- Head Internal Audit – SIMF 5

- If part of wider Group IA function – potential SIMF 7 (Group Entity Senior Insurance Manger)

- Key Function staff – fitness & propriety; training

- Demonstrate adherence to Conduct Standards

11

• Oversight & assurance

– preparation & implementation

- Detailed requirements – interpretation - Determination of individuals

- Framework and processes

- Implementation and administration - Ownership & organisation

- Oversight of conduct standards - Links – performance & reward,

resourcing & succession planning, etc - Continuing regulatory developments - Material risk for IA oversight?

(40)

PwC PwC

New regulatory requirements – step change

Implementation – complex in practice

New administrative burden – initial and continuing

Impact on Internal Audit – function & oversight responsibilities

Timescales – challenging

Action – now

(41)

PwC PwC

• PwC Financial Services Risk and Regulatory practice

Alastair Noble alastair.n.noble@uk.pwc.com Lee Clarke, Partner lee.clarke@uk.pwc.com

Joel Ramsden joel.ramsden@uk.pwc.com Prince Moyo, Manager prince.moyo@uk.pwc.com

13

This material has been produced for the Lloyd’s Market Association. This material comprises generic regulatory information and does constitute any advice. PricewaterhouseCoopers LLP does not accept any duty or responsibility to any other person in respect of this material. © 2015 PricewaterhouseCoopers LLP

Alastair Noble, PwC

Alastair is a senior manager in PwC’s regulatory practice, specialising in regulatory compliance in the insurance sector. He has extensive

experience of working with Lloyd’s and London Market firms, with a strong focus on governance, risk and compliance management, and has worked with a wide range of insurance groups and international organisations.

As well as over 18 years specialising in regulatory consulting, Alastair has an industry background of 18 years in the insurance sector.

Joel Ramsden, PwC

Joel is a senior manager in our Insurance regulatory team, with 10 years experience of working on prudential and conduct regulatory issues. Joel joined PWC from the PRA where he managed the PRA’s supervisory framework team, having previously supervised a number of London Market firms, led the supervision team for a major Lloyd’s managing agent. Joel’s previous experience also includes representing the FSA at European and International supervisory colleges.

References

Related documents

In particular, those part-time and mature students returning to study or who are first time older learners – for example women who have been caring for

TWR is defined as an integrated process of enquiry and action that strives to address challenging weed problems in the context of broad-based efforts to improve eco-

information regarding in situ tests in unsaturated soil, model bearing capacity tests on unsaturated soils, and predicting shallow foundation behavior in unsaturated soil with

While the KSTE evaluates the spillover from the creation of new firms intensive in knowledge, the Entrepreneurship Spillover evaluates the systemic effect of creating enterprises

Thus, the committee recommends that the teaching load for faculty in psychology at the undergraduate level be reduced to that of the faculty in the life or natural

The survey indicates half of United States and United Kingdom knowledge workers use a file sharing service 2 at their places of work, and over two-fifths (44%) use a

The index ranges available for the different objects and object types are defined in the communication profile.. Available, a.o., is also an area for manufacturer-specific

The Centers for Disease Control and Prevention de- fines pertussis as an illness with a cough that lasts at least 2 weeks with at least one of the following symptoms that cannot