Conduct, Culture and Financial Crime will be key regulatory watchwords in 2021.The Regulators' (FCA, PRA and the Society of Lloyd's) approach to the insurance sector in 2021 will see a greater focus on operational resilience, data security, anti-financial crime and non-financial misconduct.
The global coronavirus pandemic has focused Regulators' minds on operational resilience. Even before the start of the pandemic in 2020, operational resilience was still very much towards the top of the PRA and FCA agendas.
Operational resilience is defined by the FCA as "the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions".
The FCA and PRA want to increase the resilience of financial institutions to protect customers, the wider financial sector, and the UK economy from the impact of severe operational disruptions. To their credit though, considering the scale of the disruption in 2020, most insurance firms have coped well. Post-pandemic, we expect the Regulators to review and test those resilience plans.
Anti - Financial crime
Financial crime will always remain high on the Regulators' agenda; in particular, firms' systems and controls to counter and mitigate the risk that they may be used to further financial crime. Fraud probably represents the biggest material risk to the insurance sector; however, insurers and intermediaries should consider other elements of financial crime. For example, third party arrangements, where third parties are outside of the immediate control of firms, could be viewed by regulators and law enforcement agencies as 'associated persons' for the purposes of corruption and tax evasion legislation. Although general insurance does not readily lend itself to money laundering; as the banking sector strengthen their defences against professional money launderers, they will, in turn, look for other sectors to launder the proceeds of crime, and this includes insurance. The financial crime risks of financial and/or trade sanction breaches, is also relevant, especially when on-boarding a risk and paying a claim.
Protecting consumer privacy, data security and using data ethically were strong themes in the Financial Conduct Authority's last Annual Report. It is clear that data protection and cyber security will continue to feature heavily in the regulation of firms. Examples cited by the FCA which are likely to continue to be regulatory hot topics include the importance of ongoing penetration testing / ethical hacking to properly assess cyber resiliency; ensuring that personal data used in pricing is ethical and transparent; guarding against the potential for consumer harm associated with the increasing use of big data, artificial intelligence and the general trend of collecting and analysing ever more granular data about consumers. In November last year, the FCA issued a warning to firms that as the economic climate was causing some firms to change how they operate and others to leave the market or merge with others, any client data needed to be processed and transferred lawfully in compliance with data protection legislation.
Christopher Woolard's message in December 2018 that 'non-financial misconduct is misconduct, plain and simple' continues to ring true. Since that pre-COVID-19 message, we have seen the FCA focus increasingly on non-financial misconduct and cultivating firms in which such misconduct is not tolerated.
The FCA has repeatedly made its views clear that non-financial misconduct falls within its remit, and whilst there is no 'one size fits all' approach, improving culture in financial services, including policing all types of misconduct, is a continuing priority for the FCA.
Whilst everyone's experience of working from home has differed, it is true that for all of us, our working lives have been revolutionised. The FCA has repeatedly asserted that the combination of financial pressure and psychological stress on employees working in a remote environment may result in an increased risk of misconduct and could certainly lead to the decline of a firm's culture. Whilst firms must tackle the immediate financial and operational issues caused by the pandemic, the FCA has emphasised that it is equally important for firms to foster a healthy and inclusive work culture.
The continued remote working environment means that the lines between work and home, and professional, personal and social life have become blurred and firms must work hard to identify and manage emerging risks. For example, bullying and harassment through the use of WhatsApp or video calls, remote client relationships and client confidentiality. To reduce the risk of harm, the FCA expects formal processes and objectives to remain accessible, clear and re-enforced (irrespective of the work location).
Given the FCA's rhetoric, it is particularly important for both firms and Senior Managers to be able to demonstrate their consideration of these points in the context of the pandemic and throughout the areas of the business for which they are responsible.
The FCA expects Senior Managers to instil behaviours in their teams that comply with the five conduct rules and ensure that employees know what those rules mean for their particular roles. Senior Managers are also expected to regularly assess and certify that colleagues in key roles are "fit and proper". These assessments should include anything that could be seen as non-financial misconduct. The key to being able to demonstrate all of this is, of course, documenting the actions taken and showing pro-activity in addressing any issues identified.
The focus on culture, driving positive behavioural change and clamping down on non-financial misconduct has not wavered in the context of the pandemic. Firms, and their Senior Managers, must be able to demonstrate that, whilst their focus will inevitably have been on servicing customers, and financial and operational resilience, they have not lost sight of the importance of promoting healthy and inclusive work cultures by being pro-active and through clamping down on poor behaviours when necessary.
From a regulatory perspective: be it regulator or regulated, the pandemic is an unprecedented chapter, but it has not equated to a let-up in the Regulators' demands on the sector and seeking to ensure that insurance firms act in the best interests of their customers.