This is the third of a four-part blog series on the FCA's Coverholder and TPA thematic review (often referred to by the FCA as its "distribution chain" thematic review).
There has been a fundamental shift in regulatory expectation and good market practice for delegated authority control and oversight frameworks.
This shift may increase cost in key control functions reinforcing the importance of a robust conduct risk assessment (as discussed in our previous blog) to achieve a proportionate and risk-based control and oversight framework. The risk assessment shows you the higher gross risk areas of your business and why they are high risk, enabling you to direct your resource – whether it be delegated underwriting management, compliance, claims or underwriting resource - so that you get more bang for your buck.
In this blog, we will discuss three of the more prominent aspects of a Coverholder and TPA control and oversight framework:
- Due diligence;
- Audits; and
- Management Information (MI).
Due Diligence
The risks posed by new Coverholders and TPAs are investigated through due diligence. Coverholders and TPAs that pose more conduct risk require more due diligence before being approved.
We see the market enhancing traditional due diligence requests that historically centred around licenses, E&O policies, director CVs and financial standing. While these remain important, firms are now requesting more conduct-specific information to determine, for example, the adequacy of conduct and oversight frameworks within the Coverholder or TPA. If a Coverholder is assessed as high conduct risk, in part due to the conflict created by having profit commission and claims handling authority, firms should request information from the Coverholder as part of the due diligence to demonstrate how this conflict is addressed, which may include the segregation of brokers and claims handlers.
An important first step is to include these additional information and evidence requirements in due diligence procedures. However, effective due diligence requires the proper assessment of information. Simply recording receipt of the information rather than its quality is unlikely to meet regulatory expectations.
Once due diligence is complete and deemed appropriate (i.e. the net conduct risk exposure is within conduct risk appetite), what should the process and governance be around approving this new arrangement? Can existing Committees be used where proportionate? And what audit trail should they be provided with on which to base their approval?
Audits
As with the due diligence process, audit frameworks should be informed by the conduct risk assessment both in terms of scope and frequency. Again this allows for resource to be focussed towards higher risk Coverholders and TPAs, with more frequent and more detailed reviews undertaken of high-risk agents. If due diligence found a weakness in certain areas of the Coverholder or TPA control and oversight framework, such as the monitoring of sales, this can be factored into the audit.
We've seen audits include a range of activities from documentation review, sample testing and interviews. The market appears to have largely adopted the Lloyd's Coverholder Audit scope which helps with consistency, although the interpretation and application of this scope remains important. It's clear that a good Coverholder or TPA conduct audit relies a lot on the auditor. The market is moving away from "yes/no" conduct questions, such as "does the Coverholder have a TCF policy?", towards requiring auditors to provide assurance on the quality of control and oversight frameworks and the evidence of fair customer outcomes.
Market solutions are likely to be the most efficient solution for some aspects of audits. The subscription market is based on reliance – following underwriters rely on the lead to set the terms of the contract. However, what is the most efficient way for following markets to place reliance on lead markets for audits of conduct risk? How much of the audit process can be centralised? We will discuss this further in our fourth and final blog over the coming weeks.
MI
Another key way to gain assurance on the on-going conduct performance of Coverholders and TPAs is to request specific MI at pre-determined intervals. Again, the MI requested can be proportionate to the conduct risk of the Coverholder and TPA so that low risk agents are not overburdened by disproportionate MI requests.
Conduct MI is being requested by a number of firms and Coverholders/TPAs are likely to be able to provide the information. However, the practicalities of how to receive the information on a larger scale and the commercials around providing this additional information are still being worked out by the market (i.e. is it charged for?).
We've seen a number of firms recently overhaul their conduct MI packs which has set a new bar for "what good looks like" for this important regulatory topic. Metrics provided by Coverholders and TPAs are an important aspect of these conduct MI packs to ensure oversight and challenge by internal governance structures.
Conclusion
Firms are expected to articulate how their Coverholders and TPAs are within their conduct risk appetite, and it is the control and oversight framework that provides the information for these answers. For this to work, firms cannot practically assess every control for every Coverholder or TPA. The conduct risk assessment provides the foundation for ensuring resource, systems and time is allocated appropriately and regulatory expectations are met.
Despite this use of risk assessments to find proportionality, the cost of delegated authority control and oversight may go up and we're seeing delegated authority teams (and other teams) within firms growing. Some insurers are considering whether it remains commercially viable to have large Coverholder and TPA populations, especially if the volume or profit provided by these relationships doesn't justify the cost of oversight.
Please also read our previous blogs from the series, The FCA's Coverholder and TPA thematic review | How prepared are you? and The FCA's Coverholder and TPA thematic review | Proportionality through risk assessments.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
