Insurers and Appointed Representatives – Who is Really Responsible for Compliance?
In recent years the general insurance sector has thrived. The Appointed Representative (AR) Network model has been a chief enabler, giving insurers scale and market coverage. There are now hundreds of insurers and thousands of authorised intermediaries and ARs. However, this growth has not been without risk to consumers.
Historically the insurance sector has not been subject to the same lens that has forced change in the banking sector. However, this is set to change and AR Networks in general insurance will soon be affected by new regulatory rules.
In 2016 the FCA undertook TR16/6: Principals and their appointed representatives in the general insurance sector. This review revealed some significant shortcomings;
- A lack of understanding from principals of their regulatory responsibilities over the ARs they supervise
- Ineffective visibility and control by principal firms over their ARs.
- Several cases of mis-selling and customer detriment.
Alarmingly, from the review sample alone, the FCA took the following action;
- Five firms were stopped from taking on new ARs.
- Two firms had to limit or completely stop their ARs from selling.
- Two section 166 reports were commissioned.
Oversight, governance and support
With the Senior Managers Regime (SMR) being implemented into the insurance sector on 10th December 2018, no longer will principals be able to discharge responsibility for compliance. They must have oversight, governance and support their ARs in building, and maintaining, a compliant culture and environment.
In an ideal world, the Principal Insurer (PI) holds full responsibility for everything that ARs do. However, in practice, day-to-day, can PIs really know and approve of everything that an AR and its employees does?
PIs should be making a careful and honest assessment of each AR with the following considerations in mind:
- To what extent is the AR expected to be responsible for compliance?
- Does the AR know that this level of responsibility is expected of them?
- Does the AR accept that level of responsibility?
- Does the AR act in a compliant way, throughout their organisation?
- Can the AR be relied upon to be sufficiently compliant?
- Who tests AR compliance, how frequently and are the means used adequate?
- Even in the most compliant of ARs, does the PI appreciate that in all situations the ‘buck’ still stops with them?
On face value these questions seem relatively straight forward for PIs to answer. However, if these questions are framed against some of the key specific areas of compliance, would there be the same level of confidence?
- Policies, procedures, training and escalation of issues
- Example Areas of Compliance:
- AML/Fraud/Bribery & Corruption/PEP/Sanctions
- Data Protection
- Whistle Blowing
- Sales Protocols
- Treating Customers Fairly
- Complaint Handling
- Vulnerable Customer Management
- Customer onboarding and ongoing customer relationship management
- Suspicious Activity Reporting
- Sales Oversight
- Advertising & Marketing
- Market Share and Distribution
Risk and responsibility
By 10th December 2018, PIs will need to have carried out such an assessment and captured their responses. It will be these responses that will help GI firms identify their risks, risk owners and those with ultimate responsibility.
For AR networks to work compliantly there needs to be a close partnership and joint responsibility. PIs cannot negate their responsibility, they need to be proactive in supporting their ARs, and know exactly what’s going on. ARs equally need to be realistic. If they do not cooperate they may present too much of a risk to the principal, ultimately jeopardising the feasibility of the relationship.