Is insurance the new banking? Part 2: outsourcing issues
This series of articles explores the extent to which the general insurance (鈥淕I鈥) market has recently become a primary target of regulators鈥 activities, or is merely the 鈥榗ollateral鈥 victim of banking regulation.
This series of articles explores the extent to which the general insurance (鈥淕I鈥) market has recently become a primary target of regulators鈥 activities, or is merely the 鈥榗ollateral鈥 victim of banking regulation.
Our previous article considered the context for the implementation of the 鈥楽enior Managers & Certification Regime鈥 (鈥淪MCR鈥), and in particular its incremental application to the GI intermediary market. The article compared regulatory pronouncements about GI in 2002-2004 with findings from April 2019鈥檚 (TR 19/2) on the 鈥General insurance Distribution Chain鈥 by the Financial Conduct Authority (鈥淔CA鈥).
This article considers recent regulatory publications as to problems with outsourcing in the banking and GI industries, and in which industry are participants running the greater risks of regulatory enforcement in its approach to outsourcing (also referred to as 鈥榙elegation鈥 or 鈥榮ub-contracting鈥).
On 29 May 2019 Raphael & Sons PLC, a bank, was fined an aggregate 拢1.89m by the FCA and Prudential Regulation Authority (鈥淧RA鈥) for failings in relation to its outsourcing of certain functions for its 鈥榩re-paid鈥/鈥榗harge鈥 card operations (eg for payments of wages in lieu of bank account transfers, or gift cards).
The operations involved a process whereby the facilitation and management of transactions and balances, including payments made by customers via charge cards, were sub-contracted by Raphaels to 鈥楥ard Programme Managers鈥 (鈥淐PMs鈥) via 鈥(CPM) Agreements鈥(鈥淐PMAs鈥), and CPMs in turn sub-contracted payment authorisations and transaction reporting to 鈥(card) Processors鈥 via IT Service Contracts (鈥淚SCs鈥).
Raphaels contracted with Processors directly to the extent of a 鈥楥ompliance Agreement鈥 that allowed Raphaels to issue instructions in particular circumstances (eg that the Processor decline a transaction if a CPM breached its sub-contract with Raphaels). However, there was 鈥
- no effective alignment between (i) Raphaels鈥 risk management systems (eg risk profile analysis and risk appetite statement) and (ii) the terms of CPMs and ISCs, and
- no effective methodology (e.g. due diligence, monitoring) to do so.
In particular, there was no alignment of respective business continuity/disaster recovery plans/policies (鈥淏CP鈥). CPMAs did not substantively provide for the alignment of CPMs鈥 (and their Processors鈥) BCPs with Raphaels鈥 own.
The 2019 fine related to an 8-hour IT outage at a Processor from December 2015 as a result of which 3,367 Raphaels customers were unable to use their charge cards to make payments or check balances; 5,356 attempted transactions, with an aggregate value of 拢558,400, were declined (the 鈥淥utage鈥). The Outage followed a similar incident at the same Processor in April 2014 which Raphaels failed to investigate and learn from effectively.
The FCA/PRA made particular note of a Final Notice against Raphaels in 2015 in respect of outsourcing management failures between 2006 and 2014, and that after the Outage Raphaels 鈥
- appointed a new senior management 鈥 including compliance 鈥 team,
- commissioned a skilled persons report, and
- implemented a remediation plan.
What lessons might be learned from the above as to the GI industry鈥檚 approach to outsourcing?
Our previous article considered the FCA鈥檚 perspective on such approach. This perspective is informed by thematic reviews the FCA undertook contemporaneously with the circumstances underlying the fines against Raphaels: 鈥楧elegated authority: Outsourcing in the general insurance market鈥 (TR15/7) and 鈥楶rincipals and their appointed representatives in the general insurance sector鈥 (TR16/6).
These reviews were referred to in TR19/2, in particular in the following text:
鈥Our work on the GI distribution chain has revealed the extent to which many [emphasis added] firms have failed to respond sufficiently to our previous work and interventions 鈥 While we have seen some progress in the governance and controls around [outsourcing] 鈥 we often encountered a lack of customer focus or consideration of value. This was both in deciding what activities to undertake, who to partner with and what products to sell/distribute; as well as in the systems, controls frameworks, monitoring and MI 鈥鈥
An example intervention given in TR19/2 is: 鈥Liberty Mutual Insurance Europe SE (鈥楲iberty鈥) [being fined] over 拢5m (post reduction for early settlement) in October 2018 [following] an Enforcement action [for] failings in claims handling in a GI distribution chain.鈥
The final notice for Liberty (the 鈥淟FN鈥) included the following finding with clear parallels with findings as to Raphaels: 鈥淟颈产别谤迟测 did not undertake an adequate risk assessment, review or adequately plan for ongoing monitoring before the commencement of the arrangement to ensure that the [outsourced mobile phone insurance distributor 鈥 the 鈥淭hird Party鈥漖 would administer claims and complaints on Liberty鈥檚 behalf in a way which would ensure that Liberty complied with its regulatory obligations.鈥
For understanding the FCA鈥檚 perspective on GI outsourcing, it is notable that the LFN explained that:
- after the FCA鈥檚 2013 Thematic Review, , Liberty began a detailed investigation into the Third Party鈥檚 claims/complaints handling;
- Liberty鈥檚 Audit Committee asked its compliance function to undertake increased engagement with the Third Party, but the compliance function was 鈥溾entirely reliant鈥 on information being provided by the Third Party鈥 in reaching judgments that 鈥渢he Third Party was 鈥榩rofessional and well run鈥鈥;
- moreover, the Audit Committee reported to the Board that: 鈥the 鈥榮lim margins on the [the Third Party] business鈥 meant that Liberty would have to put 鈥榓 lot of [compliance] effort into an arrangement where they don鈥檛 make much money or any money back from it.鈥鈥
The LFN does not record what the Board鈥檚 response the above report was or any analysis and decision-making by Liberty on risk/cost benefits: the LFN is open to the inference that Liberty was willing to underwrite a book of business where it was unclear how compliant the handling of the book was.
The handling 鈥 and especially the payment 鈥 of claims on GI products is of course the crucible for ascertaining their value from the (potentially) different perspectives of insurers, intermediaries, customers, the FCA and the PRA. Differences in perspective arise from the GI market鈥檚 wish to maintain profitability and capital, which claims payments inevitably reduce.
Profitability considerations are also a key factor in other regulatory yardsticks for value:
- relative or 鈥榙ifferential鈥 pricing between 鈥
- versions of a product which share essentially the same risk mitigant effects and/or
- different customers that share essentially the same risk profile; and
- composition of gross premium, especially customer service value as a component of that premium.
As TR19/2 puts it: 鈥Customers may pay substantially more for a product which delivers no additional benefits compared to alternative, less expensive products available in the market 鈥 This could occur when a firm distributes the product to customers outside the target market or due to conflicts of interest in a firm鈥檚 remuneration structure incentivising it to sell a particular product [or] 鈥 customers paying increased prices as a result of remuneration that is paid to firms in the distribution chain who incur little cost or deliver little benefit to customers.鈥
While differential or 鈥榙ual鈥 pricing in GI is of course part of a broader set of converging regulatory initiatives by the FCA and Competition and Markets Authority around the 鈥榣oyalty penalty鈥 faced by customers, including vulnerable customers and the mortgage and savings markets, the FCA has plainly identified that remuneration in outsourcing, alongside value for customers, is inextricably linked, and that failings in these areas are a particular problem for GI.
This article was originally published by Thomson Reuters Regulatory Intelligence on 19 July 2019.