By Kerris Fryer, Head of Risk, Compliance & Company Secretary, Robus Risk Services
2022 has been a busy year for insurance conduct of business regulators in both Gibraltar and the UK, and subsequently the insurance industry. 2023 seems unlikely to be any quieter. In my opinion, having spent over twenty-five years in the insurance industry, in both commercial and regulatory roles, conduct risk deserves this enhanced focus.
But what does conduct risk really mean and why is it so important? Broadly, conduct risk covers the risk of firms acting in a way that causes detriment to their customers. Why is it so important? You could simply answer that question with ‘it’s the right thing to do’. If you need more convincing, you could look deeper into insurance firm failures. You will be unlikely to find a failed insurance firm which didn’t have underlying conduct or culture issues; a dominant CEO, for example, conflicts of interest, inadequate corporate governance, customer treatment not being sufficiently considered in the decision-making process… I could go on.
Both the Gibraltar Financial Services Commission (GFSC) and the UK Financial Conduct Authority (FCA) objectives aim to put customer protection at the heart of their focus. In 2022 both regulators introduced new insurance conduct of business reporting requirements and remedies, which are intended to help them and, more importantly, the Boards of firms themselves, ensure that their products work well for customers and that customers are treated fairly.
The FCA’s general insurance pricing practices rules ensure that renewing home and motor insurance customers pay no more than they would as a new customer, removing insurers’ ability to profit from customer inertia to change providers. They also make it simpler for customers to stop automatic renewals if they wish to do so. In addition, the FCA has enhanced its product governance rules, and data reporting requirements, to ensure that firms deliver fair value on all their insurance products. Furthermore, 2022 has .seen the GFSC launch its annual insurance conduct of business data report, which is closely aligned to the FCA’s reporting requirements.
The introduction of FCA’s new Consumer Duty is expected to bring about a step change in how firms across the financial sector, not just the insurance sector, behave. The FCA considers that the new Consumer Duty will “fundamentally shift the mind-set of firms” and establish an appropriate level of care to customers. The FCA expects the new rules to:
- Ensure that products and services have been designed to meet customer needs, characteristics, and objectives
- Ensure that the prices customers pay for products and services represents fair value to them
- Equip customers with the right information to make effective, timely and properly informed decisions, and
- Ensure customers receive the support they need.
The deadline (end of October 2022) has passed for firms to ensure that their implementation plan is in place and that the Board has scrutinised and challenged the plan to ensure that it is deliverable and robust enough to meet the new standards. Firms have until the end of July 2023 to implement the rules for new products and for existing products that are on sale, and until the end of July 2024 to implement the rules for closed products.
So what does this all really mean for the insurance sector, or indeed the wider financial services industry?
Managing conduct risk
In order for a firm to demonstrate good conduct, not only should they act lawfully and competently, they should act fairly and appropriately taking into account the wider impact their actions may have. Conduct risk should be embedded into everything a firm does, cutting across all departments and processes. As such, it’s less about having a single strategy for managing conduct risk, but more about embedding good conduct into the policies, procedures, and culture across the firm.
If they are not already doing so, firms need to consider the needs, characteristics, and objectives of their customers and how they behave, at every stage of the customer journey. As well as acting to deliver good customer outcomes, firms will need to understand and be able to provide evidence that those outcomes are being met.
Regulators will expect firms to be able to demonstrate they have considered, identified, and documented the conduct risks they are exposed to. They will expect to see, where possible, those risks being mitigated with robust policies, procedures, and governance. Firms must be able to demonstrate compliance with the rules. Vitally, firms must be able to show that customer treatment has been considered in decision making, and that Boards have appropriate oversight, are giving challenge and are ensuring remedial action takes place where results are not as expected or within their own defined risk appetite and thresholds.
I question whether some firms have regarded conduct matters as the poor relation of prudential requirements. But increasing focus in this area will demand that firms need to up their game if they wish to succeed.