How to Assess the Biggest Ethical Risk in Insurance


Conflicts of interest crop up in virtually every insurance function and at every stage of a policy’s life cycle. This is because of two factors:

  • the prevalence of principal-agent relationships
  • the information asymmetry between policyholders and the market.

As these two factors are pretty much permanent features of the insurance market, this makes conflicts of interest a permanent ethical risk to which insurance firms are exposed.

Let’s be double clear here. Conflicts of interest are not something that only insurance brokers or financial advisers need to pay attention to. They can exist in both the design and underwriting of policies, in counter fraud operations and at the claims stage as well.

So given that conflicts of interest are therefore a fact of life for virtually every insurance firm, how should you go about assessing them? You’ll have referenced conflicts of interest in your code of ethics, created a stand-alone policy for it and supported this with a set of procedures and controls for managing them. This may feel like the job is already done, but more than that is needed, for three reasons

  • certain parts of your business will produce the most serious conflicts of interest and you need to be vigilant that the right level of resource and support is applied there;
  • the firm’s business plan, and probably its wider business model as well, may be changing in ways that affect the scope and depth of the conflicts of interest being encountered;
  • the controls being used to manage those conflicts of interest may not be working as intended.

Scope is King

The first step in any risk assessment exercise is to establish the right scope for it. This is really important, for too narrow a scope means some risks end up being ignored, even though they could be influencing how people engage with your business. On the other hand, too wide a scope could swamp the whole exercise with superfluous information.

The right balance comes from setting a relatively wide scope of COI information and then prioritising what you find in a fairly ruthless manner, ending up with a clear set of important issues that matter to your business. The scoping itself is a two stage process:

  • deciding which types of conflict of interest to assess;
  • identifying the network of relationships and influences that your firm works within.

Let’s begin with the types of conflict of interest to assess. As it’s a common mistake to recognise some conflicts and not others, I’ll outline the different types.  To do this, we need to define what a conflict of interest is.

A conflict of interest is defined as: “A person ‘X’ has a conflict of interest if …….. X is in a relationship with another ……. requiring X to exercise judgement on the other’s behalf and …….. X has an interest tending to interfere with the proper exercising of judgement in that relationship.”

Three Categories

From this definition emerges three categories of conflicts of interest (COIs) faced by insurance firms.

Category 1 : is the COI actual, potential or perceived? An actual conflict of interest occurs when an individual actually does act against the interest of a party whose interest that individual has made a commitment to serve. A potential conflict of interest is a situation in which it is possible that an actual conflict of interest could occur. A perceived conflict of interest occurs when a client feels that another party is not acting in their interests (when that other party has made a commitment to do so), but in fact, it turns out that the conflict is being adequately managed.

Category 2 : is the COI personal or impersonal? A personal conflict of interest occurs when the interest interfering with the performance of an obligation is some sort of gain for a person or that person’s firm. An impersonal conflict of interest occurs when the two interests in conflict are both being served by the same person or that person’s firm.

Category 3 : is the COI individual or organisational? An individual conflict of interest occurs when the interest interfering with the performance of a commitment is some form of gain for a particular individual. An organisational conflict of interest occurs when the interest interfering with the performance of a commitment is some form of gain for an organisation.

Some Examples

Here’s some examples. An insurer whose decision systems assesses the policyholders ‘willingness to accept’ their proposed decision is creating a conflict of interest that is actual, personal and organisational.

An insurance broker recommending a particular policy to a client so that its higher commission helps him achieve his annual target is creating a COI that is actual, personal and individual.

A loss adjuster who arranges for his firm’s repair contractor to attend the damaged property is working within a COI that is perceived, personal and organisational; it might also be an actual, personal and organisational COI if that contractor is slower, more expensive or of lower quality than the policyholder and insurer would have wished for.

A common failing in many firms’ assessment of COI risk is to omit perceived COIs, despite the insurance industry being fuelled by many perceptions of what’s being done in who’s interest. The best rule of thumb to follow is this: does a particular type of COI influence how your firm is judged by either clients, partners, peers or regulators? If it does, include it.

Relationships and Networks

Let’s move on to the second stage of our process for scoping COIs, that of the network of relationships and influences that your firm works within. Within that network lies the many varieties of conflicts of interest that your risk assessment needs to identify and weigh up.

Some may be obvious ones that your firm has long been familiar with; others may be ones that operate more 'under the radar' or in the background. Mapping out that network of relationships and networks help bring them all forward for review. That mapping can use tools like influence maps and social network analysis. The output is some form of visualisation of the sources, connections and strengths of the interests that can influence decisions. A key aspect of their use is around how to balance the role of individuals and organisations.

Remember that firms will not be the only users of such tools. They are now being used by journalists and campaigners to understand what is driving particular outcomes.

A Risk Focus

Let's move on. With a clear view of the different types of COI and of the relationships in which they are forming, you now begin to draw up a schedule of all conflict of interest risks and then focus in on those COIs that put your firm most at risk.

It’s tempting at this stage to just jump to the conflict of interest situations that you believe are the ones your firm should focus on. Resist this temptation: it’s far less productive than you might think. Instead, follow these four stages to your COI risk assessment:

  • identify the range of COI situations that create a risk;
  • put those COI situations through a prioritisation process;
  • gauge the extent to which your firm needs to improve its performance on each priority risk;
  • decide what you’re going to do with the outputs from those three stages.

In following these four stages, remember this: most conflicts of interest are situations, so don’t treat them as accusations. It is not a problem if your list of COIs gets longer and longer. In fact, some firms in the insurance market should find a great many. Much of the ethics around COIs lie not in being in one, but in how you then handle that situation.

“conflicts of interest are situations, so don’t treat them as accusations.”

And in that case, consider starting not with identifying conflicts of interest, but deciding what you’re going to do with what you find. In this way, your response is not encumbered by issues that arise in the earlier stages. I’ve seen this happen and it can be very disruptive.

Levels of Risk

This can seem a massive task for something like insurance, but you can break it down into three manageable stages: the different levels of ethical risk, the different types of conflict of interest, and then what are referred to as ‘reasons’ and ‘capacities’.

There are three levels of ethical risks in a market like insurance, as follows:

  • market level risk – these are the broad ethical concerns associated with the market your firm operates in, that could affect your firm either directly or indirectly;
  • firm level risk – this recognises the influence of the firm’s strategy, processes and culture on the ethical risks it faces;
  • employee level risk – this brings in how the firm manages individual employees.

Conflicts of interest operate at each of these three levels of risk. So for example, COI risk exists at the market level through the involvement of various kinds of brokers performing services for one party while being paid for so doing by another party. Influence maps can be used to sketch out where such market level COIs exist and the structural features that sustain them. You can repeat this, firstly for actual and potential COIs, and then for perceived COIs.

The firm level of ethical risk involves situations where the firm puts itself in a COI whilst servicing two interests that are in some way in conflict, and stands to gain by so doing. You can identify those situations more easily by looking for what are referred to as ‘reasons’ and capacities’.

Reasons and Capacities

The ‘reasons’ dimension to a COI risk assessment looks at why a firm should fail to manage a conflict of interest appropriately. The most common reason is financial gain but there are also others, such as reputational gains, political gains and gains relating to influence (such as appointments or preferment).

The firm should balance this recognition of various ‘relationship specific’ reasons for conflicts of interest being exploited, with the capacities available to it to exploit such conflicts. These can be indicators of information asymmetry, power imbalances between large and small firms, pricing transparency and market competitiveness. If your firm has reasons to exploit a conflict of interest, and the nature of that conflict provides it with the capacity to do so, then you begin to fill up your COI risk schedule.

You will of course be protesting by now that your firm may have reasons and capacities, but it also has values and controls to mitigate those risks. Indeed it may, but the key questions are how complete, and how effective, they are. This is referred to in ethical risk terms as gross and net risk. A firm’s gross COI risk assumes values that are ignored and controls that are non-existent or ineffective. A firm’s net COI risk assumes that values are lived up to and a full range of controls are in place and working. The reality will lie in between those two.

It's worth bearing in mind that there could well be conflicts of interest influencing those who are undertaking some aspect of your firm’s conflict of interest risk assessment. So while the three lines of defence looks good on paper, in reality it has not stopped the sector being confronted in recent years by big ethical challenges around fairness and bias. The reason for this is, I believe, down to conflicts of interest not being properly recognised or addressed within the three lines of defence.

Where to Start

What this means then is that perhaps the first function to conduct a conflict of interest risk assessment should be compliance. It would build confidence into the assessments undertaken in other functions.