From 1 April 2009, insurance intermediaries will be subject to a more stringent systems and control regime. As a matter of urgency, they should therefore focus attention on the size of fines given out by the FSA to firms in breach of Principle 3 of the general "Principles for Business" in the FSA Handbook. This Principle states that "a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems."

The Common Platform

The FSA is extending the common platform at chapters 4 to 10 of the FSA's Senior Management Arrangements Systems and Controls sourcebook (SYSC) to almost all firms regulated by the FSA. Notably the common platform will not apply to insurers, managing agents and the Society of Lloyd's until the outcome of the Solvency II Directive is known. At that point a consultation will be undertaken on extending the common platform to them.

What does the Common Platform Cover?

The common platform covers key areas of business, being:

  • Business structure and contingency planning
  • Training, competence and expertise
  • Compliance, internal audit and financial crime
  • Risk control
  • Outsourcing
  • Record keeping
  • Conflicts of interest

We now look at the application of SYSC in some of these key areas.

Outsourcing

Outsourcing arrangements are useful but logically increase operational risk because a firm may transfer responsibility for risk management and compliance to a third party which may not be managed to the same standards. The current guidance is very minimal when compared with the rules which are set out at SYSC8. These specify a requirement for proper supervision and the taking of appropriate action if there is a failure by that firm to comply with law or regulation, a difficult task if the outsourcer is in a different jurisdiction. However, SYSC8 will not apply to existing outsourcing arrangements.

Critical Functions

There is an additional layer of rules where a firm outsources critical or important operational functions or any of its regulated activities. In those circumstances the firm remains fully responsible for discharging all of its regulatory obligations, notwithstanding the outsourcing. A function is critical or important if a defect or failure would materially impact the firm's continuing compliance with its regulatory obligations, its financial performance or the continuity of its regulated activities.

Conflicts of Interest

Intermediaries already understand the obligation upon them to manage conflicts of interest fairly, both between themselves and their customers, and between customers (Principle 8). In what may be the biggest change in terms of effect, SYSC10 will now apply to intermediaries and requires the implementation of a formal regime for recording, managing and disclosing conflicts. In addition firms are given guidance on the establishment of a conflicts policy.

Recommendation

Whilst SYSC will largely reinforce the good business practice of many firms, those responsible for risk management in firms should assess rigorously the requirements of SYSC against their commercial practices going forward

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.