Is it time for insurers and brokers to take a more proactive role in addressing regulatory expectation?
Rather than taking a reactive approach to regulatory change, you should aim to be early adopters and embed best practice before it becomes mandatory. The post-crisis focus on the banking sector has driven enhanced risk management practices, which you should apply to the insurance sector.
Keeping ahead of the regulatory curve
Historically, the insurance market has taken a reactive approach to findings from FCA thematic reviews and supervisory assessments. Firms have generally responded to FCA intervention by enhancing control frameworks to address a particular theme, risk or FCA requirement such as an attestation or Risk Mitigation Programme.
But this isn’t always the most effective approach. Often adopting a reactive stance requires costly remediation, redress and rectification programmes, and can result in the FCA requiring a firm to commission an independent third party to undertake a Skilled Person Review.
Why are we talking about this now?
The general insurance market is under greater scrutiny than ever before, so it’s important to be proactive in identifying methods to improve your controls. Recent high-profile enforcement actions and Skilled Person Reviews demonstrate that the Financial Conduct Authority (FCA) is taking an increasingly interventionist approach.
Regulations such as the Senior Managers and Certification Regime (SM&CR), the Insurance Distribution Directive (IDD) and the General Data Protection Regulation (GDPR) are inherently complex and touch every aspect of an insurance firm’s business. This kind of change is too big to manage in a piecemeal fashion and need a holistic, enterprise-wide response.
Banks have a more mature control framework
Typically, the maturity and operational effectiveness of the insurance sector’s first line control frameworks are some way behind the banking sector. Many banks have introduced specific roles, such as the Chief Control Officer (CCO) or Front Office Risk and Control function (FORC) to improve synergies across the three lines of defence and take a holistic approach to managing risk.
The insurance market can learn from these experiences and apply similar techniques to enhance individual accountability, improve controls and embed operational resilience consistently in the first line.
What should you do now?
Establishing a CCO or FORC requires a proactive approach, underpinned by an agile culture that can rapidly adapt to regulatory change. You should consider how you can leverage this emerging control function to reduce duplication and embed stronger controls across the across the three lines of defence.
To achieve this, you should address the critical questions below:
- How do you identify, monitor and mitigate the risk of customer harm across your business?
- How do your governance arrangements support appropriate oversight of the conduct of business in your firm?
- How do you demonstrate the conduct implications of strategic decisions are thoroughly assessed?
- How do your senior managers evidence conduct is effectively managed and controlled in the first line functions they are responsible for? Are there gaps? How would they know if there were, and what would they do to rectify them?
- What are your early warning indicators and crisis management arrangements? How do you identify, escalate and report conduct issues effectively to ensure appropriate actions, including regulatory notification?
- How do you demonstrate that your people at all levels are appropriately trained and competent?
The FCA expects firms to fully implement and embed all legal and regulatory requirements, with robust oversight and effective first line operational controls. In the current environment, a firm and its senior management failing to meet the Regulator’s reasonable expectations will be exposed to significant regulatory risk.