Abstract of air vent.


Published on 17 January 2018

In this chapter of our Annual Insurance Review 2018, we look at the main developments in 2017 and expected issues in 2018 in the regulatory sector.

Key developments in 2017

2017 saw consultation on three major regulatory changes: the Senior Managers and Certification Regime (SM&CR), the Insurance Distribution Directive (IDD) and the General Data Protection Regulation (GDPR).

In July, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) published three consultation papers outlining their plans for extending the SM&CR – which currently only applies to banks,building societies, credit unions and PRA-designated investment firms – to all financial services firms,including insurers and intermediaries. The FCA has announced its intention to publish a policy statement in summer 2018 that will set an implementation date (expected to be in 2018).

The requirements of the IDD, which replaces the Insurance Mediation Directive, were set out in three consultation papers during 2017. The FCA is currently considering feedback on the last, CP 17/33, and publication of final rules is expected in January 2018 – only just ahead of the current deadline for implementation on 23 February 2018. This date may now be delayed, following suggestions (in Europe and here in the UK) that the sector is not ready to implement such complex and significant changes.

IDD arrives amid increased regulatory scrutiny of the insurance distribution chain, following a series of thematic reviews since the FCA took over in 2013. Though it will not publish a final report next year, the FCA has announced its Wholesale Insurance Broker Market Study, which will focus on market power, conflicts of interest and broker conduct.

The Information Commissioner’s Office has consulted more than once during 2017 on the GDPR, most recently on guidance on contracts and liabilities between controllers and processors. This guidance is expected in late 2017 at the earliest. A Data Protection Bill to achieve GDPR’s implementation is currently making its way through Parliament, prior to GDPR’s introduction in May 2018. The threat from a newly empowered regulator to impose very substantial fines for data breaches is rightly the focus of many regulatory change projects.

What to look out for in 2018

2018 will be an eventful year for those in the insurance industry. The coming into force of SM&CR, IDD and GDPR will introduce increased accountability for individuals and firms, with conduct rules requiring compliance with new prescriptive rules. We recommend firms consider regulatory change in the round,looking for synergies and efficiencies between their projects.

The full SM&CR will be applied to insurers, who will thereby be treated like banks. The largest brokers will be subject to the full “enhanced” regime, with the rest of the intermediary community subject to the less demanding “core” regime. The regime will affect almost all of those working in financial services. For example, the new conduct rules will apply to all employees of financial services firms except for purely“ancillary” staff. When combined with the other changes, we expect the SM&CR to be more transformative for firms’ culture and conduct than the existing Senior Insurance Managers Regime.

The IDD rules seek to strengthen consumer protection and will apply to all persons who distribute insurance. Implementation will require firms to consider their entire governance and culture arrangements to adopt, for example, the new customers’ best interest rule. Achieving compliance will require a top-down approach, from board level through to front-line staff “on the ground”. Firms will also need to examine their distribution chains and end-user product information (which will need to include an insurance product information document).

The GDPR will introduce new requirements for insurers. Changes include an increase in the potential fines that companies will face for breaches, the fact that controllers will need to provide more information to data subjects, and new obligations regarding consent and accountability.

Download our full Annual Insurance Review 2018 for more insights.