Feb 2, 2024 4 min read

NAO report exposes the FCA’s Struggles with Data

The FCA has been struggling with data risks associated with both the market and its own transformation. So reported the National Audit Office recently. This explains the FCA’s hot and cold approach to data issues. So what does this mean for UK insurers over the next 12 months?

data risks
Data struggles have put the FCA between a rock and a hard place

The National Audit Office report focussed on three things:

  • how the FCA was adapting to changes in the financial services market;
  • how it was handling innovation;
  • how it was measuring its performance.

My focus will be on those aspects of the NAO report that relate to the FCA’s management of data. That’s because data has been hugely influential to the scope and direction of the key ethical challenges that insurers are facing.

The FCA’s capabilities and capacity in relation to data management matter here because at some point it will be called upon to judge and respond to those ethical challenges. It happened with the loyalty penalty super complaint in 2018. If it struggles to respond effectively to the next such event, then the people driving those ethical challenges might decide to go around the FCA and approach its political masters more directly.

So what ethical challenges lie ahead, for which the FCA’s handling of data could be material? The most obvious one is the ethnicity penalty, and I believe we will see significant developments around that in 2024.

Let's look in a little more detail at what the NAO had to say in its report about the FCA.

The NAO Findings

The NAO’s principles of effective regulation emphasise how a regulator like the FCA needs to have a proactive and forward‑looking approach to identifying potential issues and responding proportionately. Data is at the heart of the horizon scanning and risk identification that makes this happen.

This, in my opinion, is the most telling paragraph (2.13) about data in the NAO report..

“The FCA’s internal risk management system recorded around 70 risks relating to data as at the end of 2022. In July 2023, it recognised that its approach to identifying, assessing and mitigating data risks had not been fully integrated across the Data Technology and Innovation division or the business as a whole. It has sought to categorise the risks into four main themes: utilisation, acquisition, quality and storage. In July 2023, all four themes were rated as red and required strategic intervention. It is still working on collating identified data risks across the organisation to be able to manage them consistently.”

This explains what I mentioned earlier as the FCA’s rather hot and cold approach to data. On the ‘hot side’, you have a director of the FCA telling the Treasury Committee in 2019, in a discussion about discrimination in insurance pricing, that it had “the resources and expertise to pick inside those insurance models”. On the 'cold side', the Committee reported that those resources and expertise were not being used for that purpose. Instead, the FCA was taking insurers on their word about discrimination in pricing, or suggesting that customers worried about discrimination to look for cover with another insurer.

Horizon ; What Horizon?

I believe that both the loyalty penalty super complaint and the ethnicity penalty report took the FCA by surprise.  They really shouldn’t have done though. I saw both approaching, the former eight months prior and the latter several years prior.

And remember that the ethnicity penalty report was issued three years after the FCA director made that boast to the Treasury Committee. Three years in which it should have been using that resource and expertise to find out the issues for itself.

As I’ve said before, this is just as much about culture as it is about data management. Clearly though, if you do have the data that is signalling a big problem, then the culture, and the organisation’s response, should to tuned so as to respond. If you don’t have that data, any response is much less likely.

Some Implications

So what does this add up to, for insurers in 2024? Here are some thoughts…

  • The FCA could struggle to fully enforce the recent pricing reforms across the market. Work arounds attempted by some insurers could fail to be picked up. Compliant insurers then come under unfair competitive pressure.
  • The FCA’s promise to tackle the issues raised in the ethnicity penalty report through its Consumer Duty initiative will prove to be too late and too little. This will cause Citizens Advice to bypass the regulator and raise their concerns in other ways.
  • The FCA will struggle to convince the Treasury Committee, in future hearings about consumer access, that it has a clear picture of the extent to which insurers have been discriminating in their pricing. This will trigger a loss of faith in the FCA, the consequences of which should be of concern to the market. It needs a stable regulator.

There are others concerns, but those are the most obvious developments, given how things currently stand.

Should Insurers Worry

The market wants to work in a stable and ordered regulatory environment. That’s not what the NAO report on the FCA is signalling.  Insurers should therefore prepare for the regulator being…

  • more reactive than pro-active;
  • bypassed rather than engaged with;
  • understanding about issues, but never fully engaging with them.

The NAO report does say that the FCA is working to move many of its concerns about data management from a red flag to an amber flag. Time will tell how much they are able to deliver, given high staff turnover and a financial services sector undergoing lots of change.  

To Sum Up

The regulator is struggling to deliver the data components of a large transformation programme. That could well be behind its position that the problems raised in the ethnicity report are best addressed through the Consumer Duty. The delivery of that initiative has been built into the heart of its transformation. It may not have had the ability to respond in any other way, but as I’ve mentioned before, it is unlikely to deliver the right response in anywhere near enough time.

The FCA is therefore between what people call ‘a rock and a hard place’. And consumer groups may be unwilling to wait the length of time it takes for the regulator to extricate itself . For insurers, this means a less than stable regulator environment: the opposite of what they would prefer. The repercussions of that are what insurers should now plan for.

Get in touch to discuss a tailored workshop to explore the issues and influences behind the FCA's data management position.
Duncan Minty
Duncan Minty
Duncan has been researching and writing about ethics in insurance for over 20 years. As a Chartered Insurance Practitioner, he combines market knowledge with a strong and independent radar on ethics.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Ethics and Insurance.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.