FCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market

Transcription

1 FCA Restricted IAC Forum FCA Thematic Review Delegated Authority: Outsourcing in the General Insurance Market Lloyd s Old Library 25 September 2015

2 FCA Restricted Delegated authority: Outsourcing in the general insurance market Thematic review and the role of risk, audit and compliance Joseph Smith, Manager General Insurance Themes General Insurance & Protection

3 Background and scope Delegation of authority is a key component of the UK general insurance market 12 insurers (including Lloyd s insurers, companies and EEA passporting firms) and 20 intermediaries and TPAs Focused on delegated arrangements for UK retail and SME customers (75%:25%)

4 FCA Restricted Regulatory framework Insurers* Intermediaries Principle 2 Due skill, care and diligence Principle 3 Effective systems and controls Principle 6 Fair treatment of customers Principle 8 Fair management of conflicts of interest Permissions for Effecting contracts of insurance Carrying out contracts of insurance SYSC 3 and 13 Where outsourcing, the SYSC requirements apply ICOBS 8.1 Insurer is always responsible for the claims outcome Permissions for Making arrangements and arranging deals Assisting in administration and performance SYSC 4, 8 and 10 Robust governance arrangements Conflicts of interest ICOBS 8.3 General intermediary duties *Insurers include EEA firms passporting on an establishment basis. EEA firms passporting on a services basis should consider the scope of their UK operations.

5 High-level findings Outsourcing and due diligence Delegating authority not always treated as outsourcing Impact on customers Product design and review What is product being underwritten and who s responsible? Is product designed to treat customers fairly? Claims handling Choice of party to handle claims. Claims processes appropriately designed and implemented. Oversight and monitoring Varied quality of oversight of outsourced functions. MI and monitoring rarely addressed customer outcomes. Allocation and communication Who is doing what within the outsourced arrangements? Is there effective communication to support good outcomes? 5

6 FCA Restricted Assessment of conduct risk and due diligence Risk appetite and approach Delegation of authority not always treated as outsourcing Conduct focus and risk-based approach Due diligence and controls around outsourcing Involvement of all stakeholders Process flexed according to risks Business model Consideration of customer needs and outcomes Turnover in delegated arrangements

7 FCA Restricted Product oversight and control Product design, distribution and review Understanding and ownership of responsibilities Clear customer focus Selection of distribution channel Monitoring and MI Regular and appropriate MI on customer outcomes Consistency of information Analysis and response Sharing of information Root cause analysis Evidence of work undertaken to address issues

8 FCA Restricted Claims processes, control and oversight Claims outsourcing - Due diligence and processes Risk based due diligence considering capabilities Input to or review of claims processes Standards and outcomes Set expectations for how claims are handled Reasons for declinature or repudiation Conflicts of interest Consideration of incentives and conflicts of interest

9 FCA Restricted Oversight, monitoring and MI of outsourced arrangements Creation of an oversight framework Information flows to the insurer Review and analysis

10 FCA Restricted Audit of outsourced arrangements Current role of audit Useful part of control framework Reactive not proactive Audit scope and output Breadth and resourcing Conduct focus Issue identification and reporting Follow-up

11 FCA Restricted Complaint handling Completeness of information Potential for complaints under-reporting Lack of focus on non-reportable complaints Consistency in approach Potential for different customer outcomes Root cause analysis and follow-up actions Lack of central collation and analysis Issues are therefore not identified and dealt with

12 FCA Restricted The role of risk, audit and compliance

13 FCA Restricted The role of the risk function How can risk help? Making the strategy and risk appetite real Identifying key risks of delegation Setting parameters for engagement Who and what? Role in designing processes with challenge

14 FCA Restricted The role of compliance How can compliance help? Helping the business to understand Contribution to core processes Providing the voice of the customer Monitoring

15 FCA Restricted The role of audit How can audit help? Providing an independent view Focused and targeted review Challenging the processes Feedback and driving change

16 FCA Restricted Effectiveness of control functions What will help control functions deliver? Clarity of roles and responsibilities Empowered to contribute Involved throughout delegation life cycle

17 Our expectations Our expectations Risk-based controls considering customers when outsourcing Appropriate oversight of outsourced activities and associated products Meet responsibilities as product provider Sufficient and appropriate monitoring and MI 17

18 FCA Restricted Q&A

19 IAC FORUM NEIL GRIFFITHS 25 SEPTEMBER 2015 Lloyd s 1

20 Agenda Solvency II Minimum Standards Lloyd s 2

21 GENERAL UPDATE Internal model approval application (IMAP) submitted to PRA Addresses over 300 Solvency II requirements whilst articulating unique structure of Lloyd s 7,417 pages including: Covering letter Overview documents describing Lloyd s 102 IMAP documents¹ 55 supporting documents² ¹ Provided to address specific IMAP requirements ² Providing additional information and evidence to support the IMAP Lloyd s 3

22 GENERAL UPDATE We expect ongoing discussions with the PRA but do not expect a formal decision until end of 2015 Lloyd s will continue to work closely with PRA during this period Around 20 IMAP firms (Lloyd s counted as one) still in the process Originally around 100 were involved PRA will advise all IMAP firms in December whether or not they have got model approval Key areas where approach continues to develop.. Model Change Pillar 3 Lloyd s 4

23 Syndicate model changes All major model changes require Lloyd s approval in readiness for a Solvency II live environment in 2016 Enables Lloyd s to continually monitor syndicate internal models as they evolve Pre-approval of major model changes by the Standards Assurance Group (SAG) ahead of implementation by the managing agent Links to the annual CPG process Major model changes reviewed by SAG, with capital impact reviewed by CPG Lloyd s 5

24 pillar 3 For Lloyd s to be able to meet its Pillar 3 requirements, all agents must be ready by end 2015 Thematic review of agents readiness in Q3 2015, taking into account: Compliance so far in dry runs and interim reporting Review of agents Pillar 3 status reports submitted on 30 June 2015 Continual assessment of agents Solvency II compliance Significant concerns over Pillar 3 may result in agent being downgraded from green to red Consideration of prudential measures by Lloyd s Lloyd s 6

25 Agenda Solvency II Minimum Standards Lloyd s 7

26 MINIMUM STANDARDS Lloyd s Minimum Standards Framework now in place Solvency II requirements baked in to the new minimum standards A number of self assessments staggered over the course of 2015 Market Oversight Plan published Lloyd s 8

27 INTERACTION WITH IA FUNCTIONS Lloyd s keen to utilise planned Internal Audit reviews to support minimum standards and other assessments Number of recent examples where Internal Audit reviews have been used instead of specific Lloyd s reviews Interaction with audit functions to increase in Q to increase understanding of 2016 plans Recognise that we need to better flag potential IA involvement Encourage agents to proactively send draft 2016 plans to Risk Assurance Account Manager to ensure any likely duplication in reviews can be flagged early. (or to Risk.Assurance@lloyds.com ) Lloyd s 9

28 Lloyd s 10

29 LMA Internal Auditors Committee Forum Senior Insurance Managers Regime LMA Internal Auditors Committee Forum September 2015 Update and key thoughts on implications for Internal Audit September 2015 PwC

30 Senior Insurance Managers Regime Background Key features Implications & key areas for Internal Audit PwC 2

31 New regime for key individuals strengthening management accountability Backdrop Continuing focus on management; SII; Banking sector Extending individual accountability broader reach through management Enhanced conduct standards for individuals New model for approvals / notifications fitness & propriety assessments by firms Additional management arrangements responsibilities & accountabilities, governance Dual regulated firms PRA + FCA regimes co-ordinated; changes to FCA regime Implementation 2016: 1/1/16 PRA regime & transitional arrangements 8/2/16 Grandfathering applications 7/3/16 FCA regime; Full PRA & FCA regime PwC 3

32 Which individuals are covered by the new regime broader reach across and down through the organisation Board & senior management PRA Senior Insurance Manager Functions FCA Significant Influence Functions Other Key Functions not otherwise a SIMF or SIF Non Executive Directors not otherwise a SIMF or SIF Employed in key functions but not the KFH All other employees engaged in regulated activities Senior Management PRA SIMFs FCA SIFs Other KFHs Key Function Holders Notifiable NEDs Notifiable NEDs Employees in Key Functions (not KFHs) Other employees PRA & FCA regimes co-ordinated - PRA Senior Insurance Managers Regime - FCA reformed Approved Persons Regime Recognition PRA & FCA overlap in some areas - Different perspectives / concerns Subject to interpretation & ongoing policy developments PwC 4

33 Further definition of individuals for pre-approval PRA SIMFs (Lloyd s managing agent) Senior Insurance Management Functions Chief Executive Officer SIMF1 FCA SIFS Significant Influence Functions Director (Exec) - not approved by PRA CF1 Chief Finance Officer SIMF2 Chief Risk Officer SIMF4 Head of Internal Audit SIMF5 Compliance Oversight CF10 Group Entity Senior Insurance Manager SIMF7 Systems and controls - not approved by PRA CF 28 Chairman SIMF9 NED Chair Nominations Committee (if applicable) CF7 (NED) Chairman - Risk Committee SIMF10 NED Chairman - Audit Committee SIMF11 NED Chairman - Remuneration Committee SIMF12 (NED) Senior Independent Director SIMF14 (NED) Chief Actuary SIMF20 Significant Management - not approved by PRA CF 29 Chief Underwriting Officer (GI) SIMF22 Actuarial Function in third country branch CF51 PwC 5

34 Prescribed responsibilities for allocation to SIMFs PRA SIMR prescribed responsibilities 1. Ensuring all individuals in key functions are fit & proper 2. Leading the development of firm s culture by governing body 3. Overseeing adoption of firm s culture in day-to-management 4. Production & integrity of financial information & regulatory reporting 5. Managing allocation and maintenance of firm s capital & liquidity 6. Development and maintenance of firm s business model by the governing body One or more PRA SIMFs or FCA SIFs 7. Performance of the firm s ORSA 8. Effective policies & procedures for induction, training & development of governing body 9. Effective policies & procedures for induction, training & development of all other key function holders 10. Independence, autonomy & effectiveness of firm s whistleblowing policies & procedures 11. Developing & overseeing remuneration policies & practices One or more NEDs PwC 6

35 Approved Persons requirements for individual conduct PRA Conduct Standards FCA Principles & Code Core Integrity Skill,care & diligence Organised for effective control Regulatory compliance Interests of customers provision to protect insured benefits Open & co-operative with regulator Detailed standards - examples Delegation and oversight Appropriate disclosures to regulator Separate and different articulation of regulatory standards for conduct of individuals Core Integrity Skill,care & diligence Organised for effective control Regulatory compliance Market conduct Interests of customers fair treatment Open & co-operative with regulator Detailed practices - examples Delegation and oversight Appropriate disclosures to regulator PwC 7

36 New approval / notification model for PRA Senior Insurance Managers Regime & FCA reformed Approved Persons Regime Senior Management PRA SIMFs FCA SIFs Regulatory pre-approval by PRA & FCA Pre-application fitness & propriety assessment by firm Individuals directly subject to conduct rules / standards for PRA Senior Insurance Managers and FCA Approved Persons Key Function Holders Notifiable NEDs Notification to PRA & FCA Pre-notification fitness & propriety assessment by firm PRA & FCA supervise assessments ex-post Firm required to ensure individuals observe PRA conduct standards Employees in Key Functions (not KFHs) Not notifiable to PRA & FCA Pre-appointment fitness & propriety assessment by firm PRA & FCA supervise assessments arrangements PRA / FCA do not take direct regulatory action with individuals Other employees General requirement for effective systems and controls to maintain fitness and competence of all management and staff (SYSC) Not subject to specific SIMR / APR conduct standards But general competence & conduct requirements apply PwC 8

37 Regulatory vetting and approval firms required to carry out pre-application/notification Level of scrutiny continuing Due Diligence vetting by firm - Pre-application / notification Application processes changing - Forms PRA & FCA combined - Pre-approval interviews possible PRA / FCA discretion - Post-notification follow-up or interview possible PRA / FCA discretion; Individuals or firms processes Transitional arrangements grandfathering - Equivalent functions; otherwise new applications Ongoing notifications & applications in response to changes Application to perform controlled functions Honesty, integrity & reputation Personal financial soundness Competence & capability for role Employment history & references Criminal record check (UK & overseas) Financial history, civil proceedings Regulatory history & references Business history Financial history & status Civil proceedings & arrangements Background & experience Qualifications & training Capability time & commitment, etc PwC 9

38 Implementing the new regime(s) key workstreams Oct 15 Nov 15 Dec 15 Jan 15 Feb 15 Mar 15 Key decisions Gov structure & responsibilities Determine SIMFs, SIFs, KFHs Governance oversight & review Review & refresh Gov policies & processes incl. Remuneration, Appointments, Succession Ongoing oversight of conduct standards & controls Gap analysis & allocation of responsibilities Determination of SIMFs / SIFs / KFHs & KF staff Governance Map Statements of Responsibilities (SORs) SIMF, SIF & KFH Training Key function staff training Ongoing maintenance of Governance Map & SORs Ongoing maintenance of SIMR & APR competence Fitness & propriety assessments - New SIMFs / SIFs / KFHs - Grandfathering review / refresh - KF staff assess / review SIMF grandfathering applications New SIMF applications KFH notifications Follow-ups / interviews? Ongoing applications & notifications SIMR / APR framework & approach Fitness & Propriety assessment model Employment contracts, JDs, etc SIMR & APR administration Induction, training & development Recruitment processes Ongoing maintenance of Fitness & Propriety Ongoing review of SIMR & APR arrangements PwC 10

39 Implications & key areas for Internal Audit Direct regulatory requirements for IA management & staff - Head Internal Audit SIMF 5 - If part of wider Group IA function potential SIMF 7 (Group Entity Senior Insurance Manger) - Key Function staff fitness & propriety; training - Demonstrate adherence to Conduct Standards Oversight & assurance preparation & implementation - Detailed requirements interpretation - Determination of individuals - Framework and processes - Implementation and administration - Ownership & organisation - Oversight of conduct standards - Links performance & reward, resourcing & succession planning, etc - Continuing regulatory developments - Material risk for IA oversight? Risk register? PwC 11

40 Final thoughts New regulatory requirements step change Implementation complex in practice New administrative burden initial and continuing Impact on Internal Audit function & oversight responsibilities Timescales challenging Action now PwC 12

41 The response to the Senior Insurance Managers Regime will be a key factor for the firm s supervisory relationship Alastair Noble, PwC Alastair is a senior manager in PwC s regulatory practice, specialising in regulatory compliance in the insurance sector. He has extensive experience of working with Lloyd s and London Market firms, with a strong focus on governance, risk and compliance management, and has worked with a wide range of insurance groups and international organisations. As well as over 18 years specialising in regulatory consulting, Alastair has an industry background of 18 years in the insurance sector. Joel Ramsden, PwC Joel is a senior manager in our Insurance regulatory team, with 10 years experience of working on prudential and conduct regulatory issues. Joel joined PWC from the PRA where he managed the PRA s supervisory framework team, having previously supervised a number of London Market firms, led the supervision team for a major Lloyd s managing agent. Joel s previous experience also includes representing the FSA at European and International supervisory colleges. PwC Financial Services Risk and Regulatory practice Alastair Noble alastair.n.noble@uk.pwc.com Lee Clarke, Partner lee.clarke@uk.pwc.com Joel Ramsden joel.ramsden@uk.pwc.com Prince Moyo, Manager prince.moyo@uk.pwc.com This material has been produced for the Lloyd s Market Association. This material comprises generic regulatory information and does constitute any advice. PricewaterhouseCoopers LLP does not accept any duty or responsibility to any other person in respect of this material PricewaterhouseCoopers LLP PwC 13