In a survey of 200 insurance market executives carried out by DWF LLP in October 2017, 28 percent of respondents said that by 2022 the greatest risk they expected to face would be personal regulatory sanction from being associated with their firm's compliance failings.
The other contenders for the greatest risk were taking the blame either for poor financial results (number one for 40 percent of respondents) or operational failings, such as IT crashes (for 21 percent of respondents).
The most effective way the executives envisaged managing the risks they foresaw was being seen to challenge assumptions and plans at the highest level (i.e., explicit and minuted debate at board meetings) or having an effective understanding of their firm as a whole (in each case, for 22 percent of respondents).
Only 10 percent of respondents placed the most reliance on having a tightly drawn contract of employment and statement of responsibilities (i.e., "a statement setting out the aspects of the affairs of the authorised person concerned which it is intended that the [senior manager] will be responsible for managing in performing the function" under s 60(2A) of the Financial Services and Markets Act 2000 – (FSMA)) to help determine the scope of their risk exposure.
Regulators' SMR consultation papers
Significant regulatory publications before October 2017 were the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) consultation papers (FCA Consultation Paper 17/25; FCA Consultation Paper 17/26; PRA Consultation Paper 14/17) on implementing the Senior Managers and Certification Regime (SMR) in the insurance market (the SMR CPs).
The main messages in the SMR CPs were along the lines that:
"FSMA will now enable the [FCA/PRA] to take action for misconduct against an individual if:
- the individual has at any time performed as a "senior manager" at a firm;
- the firm contravenes, or has contravened, a regulatory requirement;
- at the relevant time, the [individual] was responsible for the management of any of the firm's activities in relation to which the contravention occurred; and
- the [individual] did not take such steps as a person in [their] position could reasonably be expected to take to avoid the contravention occurring (or continuing)."
The above responsibility is referred to as the "duty of responsibility".
There is little detailed, reliable contemporaneous evidence about insurance executives' approach to personal compliance risk. Without such evidence, one can only speculate about the extent to which the messages set out in the SMR CPs affected the mindsets of insurance executives at the time the survey was carried out. That said, an executive's perspective in relation to personal compliance risk can be inferred from the relevant regulatory publications available prior to October 2017.
A vital contextual consideration is, therefore, the history of enforcement action against insurance executives before 2017. Putting aside enforcement action relating to misuse of client monies, the starting point for the liability of executives for compliance failings within substantial insurance businesses is the 2012 FCA final notice involving Mitsui Sumitomo Insurance Company (Europe) Ltd (MSIEu) and its sometime executive chairman/managing director, Yohichi Kumagai.
Kumagai was fined under s 66 of the Financial Services and Markets Act 2000 (FSMA) and was prohibited, pursuant to s 56, from having (in short) a senior management function in the financial services markets because of: "a serious failure by Mr Kumagai to ensure MSIEu's corporate governance and control arrangements were fit-for-purpose … [including a failure] to ensure that the [relevant] underwriting … claims [and risk information] system was implemented effectively and in a timely manner … [so] that senior management was not provided with [appropriate] information … to effectively control the business [including meeting regulatory requirements for capital levels for four months]."
Kumagai's fine was for his failure under the Approved Persons Regime "to take reasonable steps to ensure the business of the firm for which he [was] responsible in his controlled function:
- [was] organised so that it can be controlled effectively;[and]
- [complied] with the relevant requirements and standards of the regulatory system."
In particular, his "standard of conduct was below that which would [have been] reasonable in all circumstances". His prohibition was on the basis that he was "not a fit and proper person to perform functions in relation to" MSIEu's regulated activities.
The SMR CPs' explanation of the duty of responsibility is not very far removed from the legal basis for the personal sanction of Kumagai. It may be that the case made a permanent impression on insurance executives in general. In one way, the Kumagai case could be seen as having a deterrent effect on insurance executive misconduct: after all, it was another two years before a final notice was issued in respect of senior insurance executives in the Swinton case.
In 2014 fines and prohibitions were applied against the then chief executive officer and chief financial officer, and a former marketing director of Swinton for their respective roles in putting "at risk the fair treatment of consumers" through the adoption of a strategy to increase sales of insurance add-ons. The sanctions in the Swinton case, however, related to conduct in the period April 2010- December 2011, whereas the relevant period for Kumagai was October 2009-March 2011.
The facts of the Kumagai, and Swinton executives' cases suggest there were compliance failures by insurance market firms, for which senior managers were responsible, as long ago as 2010-11. The fact that the regulator highlighted these failings in 2012 and 2014 may perhaps have made a permanent impression on insurance executives in general.
Or perhaps not: in 2016 the FCA applied a fine and prohibition against Colin McIntosh, a director of Coverall Worldwide Ltd. McIntosh had failed, in the period May-June 2013 in particular, to manage the risks he had "recognised" that an extensive distribution network for solicitors' professional indemnity insurance, operating via delegation and sub-delegation of underwriting functions, had breached the limits of underwriting authority originally delegated by the insurer, which could have resulted in the insurer's refusal to pay millions of pounds worth of claims.
The McIntosh case involved compliance failures by insurance market firms, for which senior managers were responsible, in 2013 as well as 2010-11. A further contextual consideration is that the FCA addressed, in various publications between 2013 and 2016, a range of compliance risks in the insurance market in general, including with regard to appointed representatives, delegated authorities, and commercial insurance intermediaries' conflicts of interest.
More intense regulatory scrutiny
The main compliance risk faced by insurance executives in the future, therefore, looks to be the more intense regulatory scrutiny of insurance market operating practices. The FCA's interim report on wholesale insurance brokers may also lead to profound change. The SMR CPs have served to highlight the risks inherent in what many executives may in the past have seen as acceptable market practices.
This article was written for Thomson Reuters Accelus Regulatory Intelligence