White paper on the Prudential Regulatory Authority's Consultation Paper on the Senior Insurance Managers Regime: a new regulatory framework for individuals

On 26 November 2014 the Prudential Regulation Authority (PRA) issued a consultation paper on its proposals for a revised regulatory regime for senior insurance managers (SIMR). The purpose of the proposed changes is principally to implement Solvency II measures on governance and fitness and propriety, but the PRA has also taken the opportunity to apply aspects of the Senior Managers Regime proposed for banks, with the strong emphasis contained in those rules on individual accountability. While the PRA is the lead transposing authority in relation to Solvency II, the issue of fitness and propriety of key individuals at insurers also impacts the objectives of the Financial Conduct Authority (FCA), which has also issued a consultation paper on changes to the Approved Person Regime (APR).

Why are these proposals being tabled?

While the principal reason for the proposals is to implement Solvency II requirements, they also further a clear policy objective of increasing individual accountability in financial services institutions. Whilst accepting that the regime for insurers should not be identical to that for banks given that the risks posed by insurers to the PRA's objectives are different, the scope of the regime broadly aligns with the proposed regime for banks. Fortunately, the more draconian requirements of the banking regime, including criminal sanctions with a reverse burden of proof for regulatory failings, will not apply to insurers.

The main intention of the paper is stated to be: "...to ensure the fitness and propriety of all those individuals who are effectively running an insurer or performing a key function" and that "...senior management should be responsible for compliance by firms with the PRA's requirements."

Who is within the scope of the proposals?

The proposals will apply to all firms covered by the requirements of Solvency II (the PRA puts this at between 400 and 450 firms) except small non-Directive Firms - essentially those excluded from the scope of Solvency II by virtue of their size, and the nature of the risks underwritten by them. The PRA expects that only around 100 firms will fall within the small non-Directive Firm category. Existing rules will continue to apply to those firms, unless they opt in to Solvency II. The PRA will be consulting in due course on its approach to supervision of these entities.

The firms subject to the proposals include:

  • Retail and wholesale insurance and reinsurance firms
  • Lloyd's managing agents
  • Insurance special purpose vehicles (ISPVs)
  • UK branches of foreign firms headquartered outside the EEA

A separate consultation paper on non-executive directors will be issued in 2015 although this consultation paper covers them insofar as it relates to the Solvency II implementation.

What is the PRA proposing?

The proposed SIMR seeks to impose a greater focus on senior managers recognising the critical role they play in regulated businesses. The new regime covers three, overlapping, categories of individual:

  • Individuals performing one of the new PRA Controlled Functions (CFs) (in future also to be known as Senior Insurance Management Functions (SIMFs)
  • All senior personnel (referred to as "key function holders") who are effectively running the business, or who have responsibility for other key functions, which will include those approved to perform SIMFs and certain FCA CF
  • All individuals performing key functions

The term "key functions" covers the actuarial, risk management, internal audit and compliance functions prescribed by Solvency II; effectively running the business; and any other function which is of specific importance to the sound and prudent management of the firm. It will be the responsibility of the firm to identify key functions falling within these last two categories, depending on its business and organisation. There is no guidance on the meaning of "effectively running the business" (a concept lifted directly from Solvency II) which at least gives insurers flexibility to decide which individuals are fulfilling this role. Some generic guidance is given on identifying key functions, including whether the function is essential for the proper functioning of the firm or group considering its risk profile and business, and whether any failure in the operation or effectiveness of the function may threaten seriously the interests of the firm or policyholders.

There is a lack of clarity on whether "individuals performing key functions" covers only those individuals whose actions may threaten seriously the interests of the firm or policyholders; or every individual working under and/or reporting to a key function holder. This has implications in the context of the application of the fitness and propriety rules and the new conduct rules.

The new CFs

The scope of people subject to pre-approval before taking up a CF is in future to be more granular and more role specific than is currently the case, identifying those individuals who play a critical role within an insurer and would be held responsible for ensuring the ongoing safety and soundness of the firm and the appropriate protection of policyholders. This means that certain functions, such as the director function, which are currently PRA CFs will no longer be subject to pre-approval by the PRA. The new more focused CFs are expected to permit more focused scrutiny by the PRA at the pre approval stage.

The proposed CFs, which would in future to be also known also as Senior Insurance Management Functions (SIMFs), are:

  • Chief Executive Officer (SIMF1)
  • Chief Finance Officer (SIMF2)
  • Chief Risk Function Officer (SIMF4)
  • Head of Internal Audit (SIMF5)
  • Third Country Branch Manager (SIMF19)
  • Chief Actuary (SIMF20)
  • With-Profits Actuary (SIMF21) (does not apply to the Society of Lloyd's or Lloyd's managing agents)
  • Chief Underwriting Officer (SIMF22)
  • Underwriting Risk Oversight (applies to the Society of Lloyd's only)

As Solvency II fit and proper requirements apply to groups and holding companies, the PRA proposes that individuals in groups who intend to take up CFs in insurers, along with holding/other group company senior executives who have a significant influence on the management or conduct of the insurer's affairs, will be subject to pre-approval for a new CF/SIMF, Group Entity Senior Insurance Manager function (SIMF7).

Application process for SIMFs

As part of the revised application process, firms will need to provide information about an applicant's skills and experience and, presumably, how they would meet the core responsibility allocated to them. There would also be a greater emphasis on the due diligence undertaken by firms on candidates, to include qualifications, training and competence and personal characteristics and qualities as well as an obligation on the firm to have carried out and to be able to evidence having undertaken criminal records checks and employer references which, in turn, will be scrutinised as part of the interview process.

One specific area identified is that in future the interview would include an assessment of the applicant's technical and non-technical expertise and his or her understanding of the risks to the viability of the insurer and of the risks posed by the insurer to the wider financial system.

Fit and proper assessments

As well as performing their own assessment of the fitness and propriety of candidates for SIMFs, firms will need to assess the fitness and propriety of all other key function holders and of those performing key functions, with an emphasis on technical competencies and personal characteristics. Insurers will have to provide the PRA with information on the skills and experience of, and allocation of responsibilities to, any person taking up a post as a key function holder (including those performing PRA CFs). Insurers' assessment of the fitness and propriety of key function holders who are not performing CFs, will be supervised on an ex-post basis.

Solvency II requires insurers to assess the fitness and propriety of individuals performing key functions on an ongoing basis. The PRA will therefore expect insurers to promptly and fully investigate any matters identified by them which might be relevant to such an assessment. It may also test the design and robustness of an insurer's policies and procedures for reviewing fitness and propriety as part of its supervision of management and governance.

FCA CFs that will also apply

The FCA is proposing to make certain controlled functions which the PRA is proposing not to maintain as PRA CFs, FCA Significant Influence Functions (SIFs) subject to preapproval by FCA. The FCA also proposes to continue the existing approve and consent model for PRA CFs, to ensure that candidates for those functions are suitable from a conduct perspective.

The proposed FCA SIFs are:

  • Director function (CF1), for those directors not approved for a PRA SIMF
  • Apportionment and oversight function (CF8)
  • Compliance function (CF10)
  • CASS Operational Oversight function (CF10a)
  • Money Laundering Reporting officer function (CF11)
  • Significant Management functions (CF29) for those individuals not approved for a PRA SIMF
  • Customer function (CF30)

In addition to these, or ISPVs and third country branches, the Systems and Controls function (CF28) will apply (in the case of ISPVs, only for those individuals not approved for a PRA SIMF); and for third country branches the Actuarial function holder in a third country branch function (CF51) will apply.

The FCA states that the following SIFs would be most likely to be regarded by it as Solvency II key functions, depending on the circumstances of the firm:

  • Significant Management function (CF29)
  • Compliance function (CF10)
  • Apportionment and Oversight (CF8)

Individuals approved for those SIFs would also therefore be subject to PRA rules applying to key function holders.

Conduct standards

The proposed conduct standards cover three specific strands similar to those already established for the banking industry requiring individuals performing key functions to:

  • Act with integrity
  • Act with due skill, care and diligence
  • Deal with the PRA and other regulators in an open and co-operative way

Key function holders are subject to a direct obligation to comply with these standards; in the case of other individuals performing key functions, firms must police compliance. As already discussed, it is not entirely clear who falls into this category.

There are a further five proposed conduct standards, which only apply to key function holders, and require them to:

  • Take reasonable steps to ensure that the business of the firm for which they are responsible is controlled effectively
  • Take reasonable steps to ensure that the business of the firm for which they are responsible complies with the relevant requirements and standards of the regulatory system
  • Take reasonable steps to ensure that any delegation of their responsibilities is to an appropriate person and that they oversee the discharge of the delegated responsibility effectively
  • Disclose appropriately any information of which the FCA or the PRA would reasonably expect to have notice
  • When exercising their responsibilities, pay due regard to the interests of current and potential future policyholders in ensuring the provision by the firm of an appropriate degree of protection for their insured benefits.

Governance map

The PRA expects insurers to have clear structures of accountability and delegation of individual and collective responsibilities, including checks and balances to prevent dominance by an individual. Key function holders should remain accountable for the actions of those to whom they delegate responsibilities, including where insurers use third parties in respect of outsourced functions.

Consistent with this theme of individual responsibility and accountability, the draft rules require allocation of the following prescribed responsibilities to one or more individuals approved for a CF by either regulator (the last two must be allocated to a non-executive director):

  • Ensuring that the firm has complied with the obligation to satisfy itself that persons performing a key function are fit and proper
  • Leading the development of the firm's culture and standards
  • Embedding the firm's culture and standards in its day-to-day management
  • Production and integrity of the firm's financial information and regulatory reporting
  • Allocation and maintenance of the firm's capital and liquidity
  • Development and maintenance of the firm's business model
  • Performance of the firm's Own Risk and Solvency Assessment (ORSA)
  • Induction, training and professional development for all the firm's key function holders
  • Maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns
  • Oversight of the firm's remuneration policies and practices

The allocation of these and any other significant management responsibilities must be recorded in a Governance Map, along with details of reporting lines, key functions identified by the firm, highlighting those that amount to effectively running the firm, and the names of the individuals effectively running the firm or responsible for other key functions. Where the firm forms part of a group, the interaction of the firm's and the group's management and governance arrangements, and any reporting lines from key function holders to the broader group, must also be recorded.

The PRA expects to use the Governance Map as a supervision tool, including:

  • During the initial assessment for PRA approval, where it will be used to identify the areas a candidate will be responsible for managing and their ability to do so;
  • In daily supervision, to:
    • Identify the relevant individual to whom specific regulatory queries should be directed
    • Understand how the allocation of responsibilities has changed to reflect changes to the business model or in the external environment
    • Clarify which individuals are ultimately responsible for certain actions which supervisors expect the insurer to take
  • In enforcement cases, as evidence of individual responsibility for the area where an alleged breach occurred

Timing

While the detailed timing is still to be established, the proposal is that an initial tranche of rules will be made in March 2015 and commenced with effect from January 2016, in line with the timetable for transposing Solvency II. These would cover:

  • The requirement for firms to assess fitness and propriety of persons performing a key function
  • The criteria for that assessment
  • Notifications of information on individuals to the PRA
  • Identification of key functions
  • Compilation of a Governance Map

The timetable for the remaining rules will be determined later this year.

A further consultation will follow dealing with NEDs, as well as a technical consultation dealing with forms, consequential changes and the detailed rules on transitional arrangements from the APR to the SIMR. The current consultation is open for comments until 2 February 2015.

Comment

Fortunately the insurance industry largely survived the financial crisis, but it is clear that it will not escape the PRA's drive to change culture in financial services, which is largely a product of that crisis and the various recent scandals in the banking industry. The proposals take forward the PRA's objective of ensuring accountability and responsibility at senior level, enshrined in the FSMA regulatory principle that senior management should be responsible for compliance by firms with the PRA's requirements.

It is clear that the proposals will make it easier to apportion blame to specific individuals for regulatory failings, although the PRA states that the allocation of individual responsibilities is not intended to undermine or change the fiduciary, legal and regulatory responsibilities of the board. What is not clear is how in practice individuals subject to the SIMR at Board level, and having a specific responsibility allocated to them are to deal with a Board decision with which they disagree, but for which they would ultimately be personally accountable.

Some of the proposals are confusing, in part because the PRA is attempting both to meet the requirements of Solvency II and align the regime with the proposals for the banking sector. Solvency II rules apply to persons who effectively run an insurer or have other key functions. The PRA has broken down this group of persons into different overlapping sub groups, applying slightly different requirements to each. Additional FCA requirements also apply different groups of individuals. Understanding the scope of the regime will be a challenge.

While many of the proposed steps may already have been implemented by firms as a matter of best practice, the task of adapting existing governance frameworks to meet the new requirements will not be straightforward. Given the relatively short timeframe for implementation of the new regime, firms would be prudent to start taking steps now. For example, firms may need to consider enhancing recruitment and vetting procedures to meet the more rigorous requirements of the new regime, and to enable them to demonstrate assessment of fitness and propriety on an ongoing basis. Firms should also consider identifying individuals in other group companies who may be affected.

While described as a "consultation paper", this is consultation with a very small "c" and may be more aptly described as a pre-notification and with that in mind, firms would be well advised to start their preparations early.

Consultation response

Many firms will want to contribute individually to the issues raised in the consultation paper, however if you would prefer to make comments on a non-attributable basis then we are happy to include those for you in the Clyde & Co response. The consultation closes on 2 February 2015. Links to the consultation papers are at:

http://www.bankofengland.co.uk/pra/Pages/publications/cp/2014/cp2614.aspx

http://www.fca.org.uk/your-fca/documents/consultationpapers/cp14-25

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.