DWF do a lot of work for insurers and back in October 2017, they used that access to ask insurance executives about the risks they were facing. This finding stood out in their survey…
“…that 28% of UK insurance executives thought that by 2022, the greatest risk they expect to face will be personal regulatory sanction because of their firm’s compliance failings.”
Here we are in 2022 and the news hasn’t exactly been awash with insurance executives being individually held to account for their firm’s compliance failings. So were they wrong? Has the risk receded? Have insurers’ got better at compliance? Have executives taken individual accountability to heart?
A Continuing Risk
The risk has definitely not receded. If anything, the type of issues that can generate the ‘proximate cause’ of such compliance failings have got bigger. Prior to October 2017, I could see that big issues like fairness in pricing were on the cards, but few insurance executives agreed. After October 2017, the loyalty penalty report drove home those concerns and raised the exposures to personal regulatory sanction. The regulator took a hard line in terms of remedy but a soft line in terms of individual or corporate sanction.
End of story then? Not at all. A much greater risk is currently facing the sector, in the form of discrimination concerns set out in Citizens Advice’s ethnicity penalty report. Again, the prospect of this was clear as far back as 2015 (more here), as was the enormous impact that could result if realised.
Does this mean that the regulator is likely to take a hard line on it then? Not unless they’re pushed to, in my opinion. On the fairness of pricing, the FCA preferred to orientate its thinking more around markets and systems, and less around outcomes, unless someone forced their hand. So, will Citizens Advice try to force the regulator’s hand on ethnicity? We will see shortly.
Confidence in Compliance?
Let’s move on and ask if insurers’ compliance has got better? I see insurers being more confident in their compliance, but I think that confidence is far from fully justified. After all, if compliance has improved, why has the sector faced challenges around both the loyalty penalty and the ethnicity penalty? As I’ve said before (here), the three lines of defence has inherent weaknesses, which both ‘penalty reports’ are exposing.
Have insurance executives simply got used to living with individual accountability and the risk of personal regulatory sanction that flows from it? I believe so, for two reasons. Firstly, the regulator hasn’t applied any such sanctions in a headline grabbing way. And secondly, time and familiarity softens many concerns. They’ve just got on with executive life.
Given this situation then (risks increased, over-confidence in compliance, an over familiar exposure), what should an insurance executive do?
They could raise awareness of fairness and discrimination amongst relevant staff. This is important, but not enough. It’s one thing being aware of an issue, but quite another thing to move from awareness to action, from thinking to doing. That’s where good leadership on ethics is needed.
Another response could lie in good policies and procedures. Again, these are important, but not enough. Policies and procedures do guide people but also suffer from two weaknesses. Firstly, they can feel like a standard that people have to attain, but which can often feel unattainable. To use an analogy, policies tend to be strong on the top of the ladder, but procedures tend not to be strong enough about how to climb it, especially on ethical issues like fairness. And secondly, they can sometimes become just ‘things on paper’, progressively ignored in the hurly burly of business decisions.
That’s why, for every policy on conflicts of interest, on fairness, on equality, for every piece of discrimination training, there needs to be equal attention given to ethical decision making. It is the ability to make decisions within your firm’s and your profession’s ethical framework that can often make the difference between the ‘thinking about it’ and ‘doing something about it’ that I mentioned earlier.
As your ethical decision making is developing, two steps could build reassurance in compliance. The conflicts of interest inherent in the three lines of defence create a systemic weakness in most compliance arrangements. Removing as much of that conflict of interest as possible will then reveal the extent of the gross net gap that is present. In other words, the difference between what should be happening, and what is actually happening.
Another way of addressing that gross net gap is for your compliance to embrace more challenge. It may seem strange, but one way to address concerns about individual accountability is to embrace the source of challenge that is driving that accountability exposure. In other words, replace the language of ‘defence’ with the language (and actions) of engagement. This changes the tone and opens up opportunities.
Individual accountability is here to stay. And at some point, the regulator will use it in a headline grabbing way, designed to teach the market, through a person, a lesson. It’s not something that I like to see happen, for the simple reason that lasting change comes from people leading by example, rather than people being made an example of.
The DWF survey was well timed five years ago. Now that we are in 2022, it would be great if they could repeat the survey and explore where executives currently feel the greatest risks lie. My guess is that concerns about personal regulatory sanction will be just as significant. That is a great pity. It is also something very much in the hands of insurance executives to address.