The FCA has just published a damning Thematic Review: “Principals and their appointed representatives in the general insurance sector“.
The FCA asked 190 network principals to complete an online survey; asked 15 of these principals for more detailed information; and visited 14 of them. 5 of the 15 can no longer take on new appointed representatives (ARs); 2 have had to stop their ARs from selling some or all of their products; and 2 others have been required to commission a “skilled persons report”.
The FCA found 3 particular types of problem, which it believes are likely to be widespread:
- Almost half of the 15 principals couldn’t demonstrate that they’d considered and understood the nature, scale and complexity of the risks arising from their ARs’ activities, and the risks these activities presented to customers. Some:
- ARs were “conducting activities outside their principal’s core areas of expertise, [and] the principal lacked the ability or resources to oversee them effectively“;
- Principals had not considered “how the appointment of ARs would impact their business model and core activities“, or “how the activities of potential ARs aligned with their existing activities and whether they had adequate resources to oversee the AR and enforce compliance with the AR contract and regulatory requirements“;
- Principals didn’t have “an appropriate risk management framework to identify and manage the risk their ARs presented to their business and to customers“.
- More than half of the 15 principals didn’t have an effective risk management, oversight and control framework to identify, monitor, and mitigate the risks arising from their ARs’ activities – and some had not appreciated that they’re obliged to ensure that their ARs comply with the FCA’s rules:
- “many principals could not demonstrate how they had met their obligations to consider the solvency and suitability of the AR, the impact on their own compliance with threshold conditions, or the adequacy of their own controls and monitoring resources“;
- “some principals had not been effective in setting up an appropriate operational framework for their ARs … we saw examples of contracts that were not fully compliant with the relevant requirements as well as shortcomings in categorising ARs, setting up multiple principal arrangements and implementing the approved persons regime“
- In many of the 15 cases, the shortcomings that were apparent in risk management, control and oversight created customer risk, because the principal could not ensure that its ARs complied with the requirements of PRIN and ICOBS.
- “… we saw examples of potential mis-selling and customer detriment as a result of ARs’ actions, with most of these issues not previously identified by the principals … At the ARs of one principal … there was significant evidence of the mis-selling leading to actual customer detriment … we also saw potential customer detriment arising from shortcomings in some principals’ understanding and application of the client money rules“.
These issues were “serious and widespread” – only “a minority of principal firms … had a good understanding of their ARs and were able to demonstrate how they effectively managed, monitored and mitigated the risks arising from their activities“. So: the FCA is:
- sending a Dear CEO letter to principals with ARs operating in the general insurance sector;
- planning to work with the 15 principals, and the higher risk principals from the wider thematic review sample, to address and resolve the issues it’s already discovered; and
- considering the need for further thematic or supervisory work;
- considering whether a policy intervention or changes to its authorisation and AR registration process are required.
Perhaps surprisingly, the FCA doesn’t say whether it looked for or found any anti-money laundering control issues, although there are good reasons for supposing that it ought to have done so (see, for example, here and here). Nor does it say anything which suggests that it will proactively look at the principals and ARs operating in other parts of the UK financial services industry – even though it’s report is damning, and it acknowledges that the 20,000 ARs operating in the general insurance sector only represent about 25% of the UK’s entire registered AR population. That probably doesn’t mean non-general insurance principals and their ARs can relax – the FCA has a nasty habit of surprising people … and of reading across, from one sector to another … which probably means that all principals and ARs have been warned.
UPDATE: The FCA has now published its Dear CEO letter. The letter’s been sent to every FCA authorised firm with an AR operating in the general insurance sector. Every relevant CEO is now expected to (a) share the FCA’s letter with his board; (b) consider the FCA’s thematic report in detail; (c) work out whether his firm can demonstrate that it’s meeting its AR-relevant FCA Handbook obligations; and (d) make sure that any shortcomings are resolved pdq.