Strengthening accountability in insurance
Strengthening accountability in insurance
The Senior Insurance Managers Regime (“SIMR”) of the Prudential Regulation Authority (“PRA”) provides a regulatory framework for standards of fitness and propriety, conduct and accountability to be applied to individuals in positions of responsibility at insurers. It sets out a set of senior insurance management functions (“SIMFs”) where individuals within those functions require the PRA’s pre-approval to perform, and various associated regulations.
The Financial Conduct Authority (“FCA”) has a similar Approved Persons Regime (“APR”). Some executive and other functions that do not require PRA pre-approval under SIMR are considered as controlled functions under the APR.
The FCA’s Senior Managers and Certification Regime (“SM&CR”) is in place for banks, but does not cover insurers. The SM&CR aims to reinforce and clarify the expectations of individuals within their governance structure. The PRA and FCA are now obliged to extend the SM&CR to insurers and replace their current respective regimes. The FCA proposals for implementing SM&CR are set out in consultation paper CP17/26, whilst those from the PRA are in CP14/17.
In addition, the PRA’s consultation paper CP8/17 sets out proposals to amend SIMR and strengthen governance through requiring insurers to take steps to encourage diversity.
Who does this apply to?
The proposals within the consultations affect all insurers including Solvency II firms, Insurance Special Purpose Vehicles (“IPSVs”), branches of non-UK firms and non-directive firms (“NDFs”). The proposals affect most staff within a firm and all approved individuals (except those within firms’ Appointed Representatives).
Within the firm classifications, there are the following additional splits:
- Large Firm: those with gross annual premium income of £1 billion or more in each of the previous three financial years, or with assets of £10 billion at the end of each of the last three financial years
- Large NDF: NDF where the value of assets relating to all regulated activities carried on by the firm as included in its two most recent reported annual accounts is more than £25m, where an NDF is an insurer that is not a UK Solvency II insurer, a UK ISPV or a third country branch
- Small NDF: NDF that is not a large NDF
- Small Run off Firm a firm with less than £25m technical provisions that no longer has permission to write or acquire new business.
Senior Managers Regime
Under the CP17/26 proposals, the FCA will be required to approve the most senior people performing key roles (if the roles already exist) within an insurance firm. These controlled functions are defined as Senior Management Functions (“SMFs”) and are held by persons defined as Senior Managers (“SMs”). SMFs are those functions with the greatest potential to cause harm.
The PRA will be maintaining its current SIMFs, although these are likely to be renamed SMFs (to align with the FCA). In addition, the PRA proposes the following amendments:
- new SIMF24 – the Chief Operations function, applies to Solvency II Insurers and Large NDFs: This function would be the most senior individual responsible for managing the internal operations and technology of a firm. The SIMF recognises the importance of operational continuity, resilience of operational systems on the safety and soundness of firms. The SIMF may be split between two or more individuals provided that the split reflects the overall responsibility for operations and technology.
- new Prescribed Responsibility (PR) for the firm’s performance of its obligations in respect of the outsourced operational functions and activities, applies to all insurers except Small Run-Off Firms: Firms will be required to allocate the PR to an individual approved by the PRA for a SIMF or by the FCA for a relevant senior management function (“SMF”). For a third country branch, the PR will only apply to the activities of the UK branch.
- new PRA SIMF6, the Head of Key Business Area Function for individuals who are responsible for large business areas or divisions within a firm, applies to large business areas or divisions: For this purpose, a large business area or division is defined as having gross total assets equal to or in excess of £10 billion and accounting for more than 20% of the firm’s gross revenue. In addition, the individual does not report to an individual within a SIMF 6 role in the same division.
- separation of the Chairman (SIMF9) and Chief Executive Officer (SIMF1) functions, applies to large Firms: Both roles cannot be held by a single individual.
- separation of executive and oversight roles within a group, applies to large Firms within a group: An executive within one part of the group cannot take on a NED oversight SIMF role for any Large Firm within a group, to avoid possible significant conflicts of interest.
Certification Regime (“CR”)
Firms will need to identify certification functions, which are defined as functions where it is possible to cause significant harm to a firm or to any of its policyholders but which are not also FCA or PRA SMFs or non-executive director (“NED”) roles. The individuals covered by the PRA proposals depend on the type of firm.
The functions covered by the FCA Certification Regime are:
• Significant Management Function
• proprietary traders
• CASS oversight function
• functions subject to qualification requirements
• Client Dealing function
• algorithmic traders
• material risk takers
• anyone who supervises or manages a person performing a Certification Function
Fit and Proper requirements
A person carrying out a certification function does not require regulator approval, but firms must provide certificates to individuals in certification functions at least annually and keep a record of these certificates. This is to show that the firm is satisfied the individual is fit and proper. A firm must propose steps in relation to an individual if the decision is not to issue a certificate.
Firms will be required to obtain regulatory references before appointing individuals to SMFs and certification functions.
Both the FCA and PRA propose to extend all regulatory references rules as they currently apply to other insurers to small NDFs as well. In particular, these firms will need to request references going back six years for all individuals being appointed to a SIMF or a certification function at the NDF and include mandatory information in the references provided to other firms (going back six years). Other reference rules are stated within each individual consultation paper.
Individuals in certification functions will be subject to the relevant PRA and FCA conduct rules.
The five FCA generic conduct standards of integrity, due skill, care and diligence, openness with the regulator, considering customers and treating them fairly and observing market conduct standards apply to all employees within an FCA certification function or SMF. The FCA also proposes that they apply to all employees other than ancillary staff (such as catering and reception staff). These rules would also apply to employees performing a SIMF role on a temporary basis or someone who should have been an approved SIMF.
The PRA will apply the first three generic conduct standards, referred to above, to a PRA certification function or SMF along with the additional relevant conducts standard required for the particular type of firm. The conduct rules will also continue to apply to an individual in a governing or compliance oversight senior management function approved by the FCA. Key function holders will still also be required to observe the additional Senior Insurance Manger conduct standards.
Where appropriate the FCA and PRA will be able to take enforcement action for material breaches of the standards.
Firms must take reasonable steps to ensure that persons in certification functions (and anyone else to whom the conduct rules apply) understands the conduct rules including the provision of suitable training.
Notification of disciplinary action
Firms will be required to notify the PRA and FCA if they take disciplinary action for a reason set out in the Financial Services and Markets Act 2000 (“FSMA”) or if the firm believes there are grounds where an approval should be withdrawn. Notification to the PRA should be within seven business days.
Duty of responsibility
This applies to all firms.
The PRA’s CP14/17 sets out the how the new duty of responsibility, established through the addition of a fourth element to s66B(5) of FSMA, applies to senior managers and directors of insurers. The PRA will be able to take action for misconduct if:
• the individual has at any time performed as a senior manager at a firm;
• the firm contravenes, or has contravened, a regulatory requirement;
• at the relevant time, the senior manager was responsible for the management of any of the firms activities in relation to which the contravention occurred; and;
• the senior manager did not take such steps as a person in the senior manager’s position could reasonably be expected to take to avoid the contravention occurring (or continuing).
These rules apply to all firms except EEA Branches.
Prescribed Responsibilities are specific responsibilities currently defined in the PRA Handbook that a firm must give to SIMF holders, or an individual in a governing or compliance oversight senior management function approved by the FCA and, where relevant, to a non-executive director.
The following changes are proposed by the PRA:
- Solvency II insurers and Large NDFs: amendment of the responsibility to ensure the firm meets certain obligations under Insurance – Fitness and Propriety:
- to encompass all aspects of the operation of the regime, including the new Certification Regime
- to divided into four new prescribed responsibilities
- ISPVs: additional requirement to allocate a responsibility to a holder of a PRA S(I)MF, or to the holder of an FCA CF that is a ‘relevant senior management function’, for the operation of the regime, and for the operation of the new Certification Regime
- Small NDFs: additional prescribed responsibility for the operation of the regime, including the new Certification Regime
- third country branches and Swiss general insurers: four additional new prescribed responsibilities for risk management, systems and controls, compliance with the UK regulatory system and escalation of correspondence.
The FCA is now also proposing introducing some FCA Prescribed Responsibilities covering:
• the firm’s performance of its obligations under the Code of Conduct (in terms of training and regulatory reporting
• the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime
• Compliance with the Client Assets Sourcebook
The allocation of applicable Prescribed Responsibilities to a firm can be shared between the PRA and FCA or allocated to an individual regulator.
Statement of Responsibilities
This applies to all firms.
The record of the scope of responsibilities is to be renamed as a statement of responsibilities (“SOR”). The rules of the provision of the SOR to the PRA will be amended to include resubmission if there is a significant change to the SOR. SORs should include a full list of responsibilities and reflect how the business model, complexity, risk profile and size of a firm affects each senior manager’s or key function holder’s responsibility.
This applies to Solvency II insurers, Large NDFs and third country branches.
Governance maps will be renamed management responsibility maps and should be drafted in a clear and complete way with a consistent structure and an appropriate and proportionate level of detail.
This applies to Solvency II insurers and Large NDFs.
Firms must take all reasonable steps to ensure that a person taking on a Senior Manager role has all the information and materials they could reasonably expect to have in order to do their job effectively. A firm must have a policy in place explaining how it complies with this requirement, and maintain adequate records of the steps it has taken.
This applies to Solvency II insurers and Large NDFs.
A firm must ensure that every area, activity and management function (with regards to regulated and unregulated financial services activities only) has a SM with overall responsibility for it. The consultation sets out a series of steps for firms putting this requirement into practice.
The PRA proposes requiring Solvency II insurers and Large NDFs to have a policy to consider a broad set of qualities and competencies as well as a policy for promoting diversity when recruiting board members. This should help improve the effectiveness of the board in running the business to ensure the firm’s safety and soundness.
Each firm will need to assess its senior management roles to see whether any fall under the FCA SMR or the additional PRA SMFs and require FCA or PRA approval. Firms will need to allocate new FCA prescribed responsibilities to any SMs. SMs will be subject to possible FCA or PRA action if they fail to take reasonable steps to stop regulatory breaches. This last point is a major change from the current regimes. The Certification Regime is a significant change for insurers as it may apply to employees who were unaffected by the current regime and will need key consideration prior to its implementation. Firms will be required to maintain a stringent processes for identifying CFs, providing training and certification, ensuring awareness of conduct standards, drafting and updating SORs and obtaining and providing appropriate regulatory references.