The FCA recently published a Thematic Review into the relationship between appointed representatives (ARs) and their principals in the general insurance sector. How does it concern leasing? Locke Lord partner Joanne Davis and paralegal Timothy Anson explain.
The FCA has made it explicitly clear that although its recent Thematic Review was focused on the general insurance sector, the findings may also apply to principals and ARs in other sectors of the UK financial services industry. The regulator has gone so far as to say: “We expect all principals to consider the findings in this report and to take appropriate action, where applicable, to address the issues that are relevant to them.”
The report itself was critical on a number of points around how principals approached their relationships with ARs. The FCA noted that the role of the principal in providing an appropriate control framework is critical in ensuring that ARs sell products in a compliant manner and deliver fair customer outcomes.
However, the FCA identified concerns in relation to principal firms’ understanding of their regulatory obligations for their ARs, as well as the level of oversight principals had of their ARs’ activities. In a number of instances, the FCA found that these shortcomings had resulted in customer detriment, such as mis-selling or failings in service provision. Citing previous work, the regulator also found that firms did not always understand and meet their regulatory obligations.
The findings and recommendations of the review therefore should be heeded by both those in the leasing industry that operate an AR network as principal, and those that are ARs themselves. In the report the FCA reiterates its expectations that principals should:
- Consider the impact of ARs on their own business model and ability to meet threshold conditions
- Assess the solvency and suitability of their ARs
- Take reasonable steps to put in place an appropriate risk management framework to identify and manage the risks ARs present to their business
- Put in place compliant contractual arrangements with their ARs
- Have adequate controls over their ARs’ regulated activities for which the principal has responsibility, and
- Have adequate resources to monitor and enforce compliance with relevant requirements that apply to the regulated activities for which the principal is responsible.
It concludes that principals are failing to meet these expectations in respect of three particular areas:
- Business Model and Risk Management
- Governance and oversight, and
- Delivering fair outcomes for customers.
The FCA found that a number of principals were unable to demonstrate that they:
- Understood the nature, scale and complexity of the risks arising from the activities of their ARs and, in particular, the risks these activities presented to customers
- Had appropriately assessed these risks when deciding to appoint ARs, and
- Had taken reasonable steps to put in place an appropriate risk management framework to identify, assess and manage the risks their ARs presented to their business and to customers.
Half of the principals in the sample were unable to demonstrate that they had considered how their potential ARs’ activities aligned to their existing activities, or whether they had adequate resources to oversee these ARs and enforce compliance with the AR contract and regulatory requirements.
Governance and oversight
Over half of the principal firms did not understand their supervisory requirements over the AR, particularly in relation to:
- Due diligence and proper appointment
- The requirements of the setup and contracting process, and
- Ongoing oversight and termination process.
In relation to due diligence and appointment many of the participating firms had only carried out limited due diligence on their AR network. Firms had failed to consider, assess and document the impact and risks of appointing an AR on their own business and had no appropriate regard for the specific activities being performed by the AR and the resultant risks.
Checks on the solvency and suitability of ARs were also too often conducted as a ‘tick-box’ exercise, and in larger networks no real exploration was conducted into the specific risks individual ARs presented.
A majority of principals had also failed to assess whether their controls were adequate to monitor the AR and enforce compliance, instead having an entirely outward-facing assessment of the AR. The FCA stressed that this “inward-facing”assessment when conducting appointments was vital an misunderstood by a considerable number of firms.
In relation to setup and contracting, contracts were found not to be compliant with the specific rules in this area.
Regulated activities were also not being properly identified and documented, with IARs engaging in activities beyond those permitted by being an IAR.
Finally on this, where multi-principal arrangements were in operation there was often a lack of multi-principal contracts documenting the relationships.
In relation to ongoing oversight, the FCA found that monitoring programmes were not commensurate with the level of risk identified for each AR, if a level of risk even identified for each AR, with too many “one size fits all” programmes being employed. Ineffective processes were found to monitor:
- Whether the AR and its senior management continued to be fit and proper
- The financial position of the AR (on at least an annual basis)
- The quality of the sales process (e.g. through file reviews or observed sales)
- The quality of advice given to customers (if applicable)
- Key performance indicators
- Reward and incentives policies and any conflicts of interest, and
- Compliance with the terms and restrictions set out in the AR’s contract.
The FCA also noted that identified issues were not always acted upon and there was an overreliance on IT systems that did not always transfer into physical action by the principal. Inadequate MI was also an issue.
Finally, termination processes failed to take into account that steps may be necessary to mitigate risks to customers upon ARs no longer being able to engage in regulated activities. Instead, too many firms were applying an immediate clean-break approach.
Principals keen to start thinking about precautionary steps should review the FCA paper thoroughly and begin thinking about whether they have the necessary knowledge about their ARs and their businesses.
Firms should also review their contracts with ARs, and particularly whether they have the requisite terms and controls.
Firms concerned that any of these elements may be inadequate should consider what remedial steps they can take to avoid any potential FCA action at a later date.