Insurance product development in the new regulatory landscape

Publication January 2013


In the spring of 2013 the Financial Conduct Authority (FCA) took over the supervision of all conduct related matters in insurance firms. In its twelve years regulating financial services in the UK the Financial Services Authority (FSA), predecessor to the FCA, fell short of its statutory objectives – not least in respect of securing an appropriate degree of protection for consumers and maintaining confidence in the UK financial system. Although insurers were not participants in the main causes of the financial crisis, the mis-selling of payment protection insurance by banks has brought considerable scrutiny of product design.

The Government reforms to financial services regulation aim to tackle the problems which the FSA was unable to address during its tenure. The Financial Services Act aims to provide the two new regulatory bodies, the Prudential Regulatory Authority (PRA) and the FCA with more effective tools and resources to ensure that past regulatory errors are not repeated. The FCA has been given the task of addressing the failure of financial services firms to ensure that consumers are given a fair deal. The Government sees the change as an opportunity “to reset conduct standards for the financial services industry”.

The FCA has been given a mandate from both the Government and the public to take a much more proactive approach to consumer outcomes. Through a combination of new powers and objectives and the continuation of the FSA’s “credible deterrence” approach to enforcement, the FCA has set about changing the way firms operate to ensure that customers are not left disgruntled and out of pocket.

Consumer protection at the heart of the approach of the FCA

Consumers are central to the FCA’s approach to supervision. The FCA has a strategic objective to ensure that markets function well in addition to three operational outcomes which are to ensure that:

  • consumers are given products that meet their needs;
  • the integrity of the financial sector is protected and enhanced; and
  • markets are competitive.

It is clear that consumer protection is an all pervasive aspect of the FCA’s work. In order to fulfil its strategic objective of ensuring that markets function well, consumers will have to be given a fair deal. Financial products must be developed and sold with the consumer at the centre. Boards must be motivated by good customer outcomes and ensure that they are kept fully abreast of the consumer experience of their products and services, addressing failings robustly as soon as they come to light.

The FCA believes that from the boardroom down to the point of sale and beyond, firm behaviour, attitudes and motivation must embrace good conduct to ensure that customer experiences and outcomes meet their expectations.

So what does the FCA mean by good conduct? The FCA will expect firms to meet the expectations of their customers, seeing it as their responsibility to treat customers fairly and operate in a fair and reasonable manner.

Providing a benchmark for firms’ good conduct will be the six treating customers fairly (TCF) outcomes which will remain central to the FCA’s approach to product supervision.

The six outcomes are:

  • Outcome 1 Consumers can be confident that they are dealing with firms where the fair treatment of customers is central to the corporate culture.
  • Outcome 2 Products and services marketed and sold in the retail market are designed to meet the needs of identified consumer groups and are targeted accordingly.
  • Outcome 3 Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale.
  • Outcome 4 Where consumers receive advice, the advice is suitable and takes account of their circumstances.
  • Outcome 5 Consumers are provided with products that perform as firms have led them to expect, and the associated service is of an acceptable standard and as they have been led to expect.
  • Outcome 6 Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint.

The supervisory approach of the FCA

FCA supervision is focused on those firms with the greatest potential to cause most harm. There are fewer supervisors specifically allocated to firms. Firms are categorised into groups reflecting their potential to affect the FCA’s objectives. Under these categories insurance groups with a very large number of retail customers will be supervised differently to smaller intermediaries. Firms were contacted by the FSA early in 2013 to inform them of which of the supervisory categories they fall into.

The FCA supervises firms using a three pillar approach: a Firm Systematic Framework (FSF), event-driven work and campaigns on particular sector issues and high risk products.

The FSF is designed to assess whether the interests of customers and market integrity are at the heart of the business. In order to answer this, the FCA will undertake a review of governance and culture to consider how conduct risks are identified and managed. Thematic reviews will look at product design to determine whether products and services meet customer needs, as well as sales and after-sales processes to ensure there are sufficient systems and controls in place to ensure customers are treated well.

With fewer supervisors allocated to individual firms the FCA proposes to undertake an increased amount of what it calls “event-driven work”. This might include scenarios where there is an increased risk to consumers or where an existing risk has been identified and needs to be addressed.

In addition, the FCA seeks to ensure there is sufficient resource to concentrate on any emerging market issues. This allows it to carry out reviews of particular products or issues relating to a specific market. A sector risk assessment will identify problems so that, in combination with firm-specific issues, emerging sector issues can be resolved.

Product governance and intervention

A particularly costly lesson that has been learned following the FSA’s approach to conduct supervision has been the need to tackle issues when they emerge, thus preventing widespread detriment to consumers. The FCA will pay greater heed to whistleblowers and the warnings of consumer organisations in order to understand better what risks exist.

The FCA aims to intervene much earlier in products that it considers to pose risks to customers. Firms can expect greater scrutiny of product governance - how a product is designed to go to market, how it will operate and the means of distribution. The FCA will consider whether the product has been designed around a target customer’s needs; whether there is monitoring of customer outcomes; whether information reaches the board or those who can address issues promptly. Distribution strategies will be subject to review to ensure that they are appropriate for the product.

In particular, firms will be expected to have procedures in place to assess their target market. Products should be stress-tested and potential risks for consumers identified before the product reaches the market.

What is evident following the scandal of payment protection insurance mis-selling is that products are often sold to customers outside their target market. What might be a perfectly sound product for one market may be utterly inappropriate for another. Firms will be expected to identify accurately who will benefit from different products and, perhaps more importantly, who should not be sold a particular product.

The FCA will also examine whether products are good value for money – a huge change to the approach taken by the FSA. Charging structures must therefore deliver good consumer outcomes.

Early intervention in the product life-cycle will enable the FCA to prevent harm to customers. One of the powers granted under the Financial Services Act allows the FCA to ban temporarily products that pose an unacceptable risk to consumers. Examples of when such bans can be imposed are:

  • the widespread selling of products outside their target market;
  • products that are made unacceptable by the inclusion of terms or conditions that make them inappropriate for a significant number of customers;
  • products where incentives encourage inappropriate sales;
  • cases where a product is considered inherently flawed due to its poor value or disadvantageous features.

Beyond the UK

The FCA is not alone in focusing on the improvement of consumer outcomes. The European Insurance and Occupational Pensions Authority (EIOPA) will also be concentrating on the improvement of consumers’ experience of financial products. EIOPA Chairman, Gabriel Bernardino, has made it clear that consumer protection will be a key strategic objective of the authority. Furthermore, EIOPA has adopted procedures which will enable the European body to issue warnings and temporary prohibitions and restrictions on financial services activities that pose a serious threat to its objectives. 

As a result, products which pose a widespread risk to consumers across the European Union, may well be subject to intervention not just from local supervisory authorities but also from EIOPA.

Impact on insurance products

What this will mean for insurers is much closer scrutiny of product design to ensure that customers are given value for money - for example, if a proportion of customers are not going to be able to claim under a policy the design will be flawed and the FCA will expect firms to go back to the drawing board.

Adapting to the new culture

Insurers have been adjusting to the new regulatory environment and preparing for how the new supervisory approach may affect their business.

There are certain common failings identified in some of the enforcement actions taken by the FCA (and the FSA prior to legal cutover). By better understanding these failings and seeing how one failure can lead to other regulatory problems, firms can begin to structure their businesses so that emerging issues can be addressed swiftly.

In recent enforcement actions for breaches of conduct of business rules the following failings can be identified. Firms have failed to meet obligations to communicate in a way that is clear, fair and not misleading; failed to establish whether a customer was eligible to claim under a policy; failed to ensure that advice given to a customer was suitable; and failed to provide an appropriate statement of demands and needs to customers. In terms of the FCA’s Principles for Businesses, these failings frequently result in breaches of Principles 6 (treating customers fairly), 7 (communicating in a way that is clear, fair and not misleading) and 9 (ensuring that advice is suitable). These failings can be identified time and again in enforcement actions for mis-selling insurance products.

Common failings in insurance business

  • Failure in firms’ systems and controls to ensure that risks of customer detriment are measured and monitored. This might be considered a breach of the existing FCA Principle 3: A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.
  • Failure to understand TCF obligations and to understand what good conduct looks like. This might be considered a breach of Principle 6: A firm must pay due regard to the interests of its customers and treat them fairly.
  • Poor quality customer literature and information about products which means that customers fail to understand what they are buying and whether it is suitable for them. This might be considered a breach of Principle 7: A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading.
  • Products are not suitable for the customer and fail to meet their demands and needs. This might lead to a breach of Principle 9: A firm must take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to rely upon its judgment.

What should firms do?

Since the FCA began its work in April this year, the industry has come under increasing regulatory scrutiny. We advise firms to consider the following health check to ensure their businesses are meeting the new regulatory standards.


Firms should ensure that they have appropriate people in senior roles, especially acting as non-executive directors (NEDs). Recent enforcement action has made it clear that failures in systems and controls will throw light onto board competence. Firms must ensure that the right people are in place with suitable skills and qualifications for their role. That the right people are doing the right jobs in management will be scrutinised in the applications for approval of individuals in senior roles. In particular, NEDs are increasingly viewed as critical to how a regulator judges board competency.

Systems and controls

Firms should ensure that there are suitable systems in place to make sure that information is reaching the right people. Complaints data, sales processes and claims should be monitored to identify common failings and any emerging customer detriment. Suitable reports need to be made to the board by risk managers and compliance teams so that robust action can be taken where appropriate. Information systems need to be able to process data so that risks can be identified while ensuring that data protection is preserved and information is easily digestible. Reporting lines should be examined to ensure that there are appropriate means through which product issues and customer detriment concerns can be swiftly escalated. Regular reviews of customer issues should be considered at board level.

Product development

Product development should include stress testing against customer outcomes – does the product work as sold? Is the product reasonable value for money? Firms should identify the target market for the product, whether the product is suitable for that particular market, whether the terms and conditions of the policy are clear, fair and not misleading, and whether there are plans to distribute outside the target market and if so what changes should be made to ensure the product remains suitable.

Product oversight

Firms should consider whether there is sufficient management oversight of the product; including monitoring of complaints and review of sales processes (including sales script reviews).

Can a consumer opinion group be set up or can the firm utilise mystery shopping exercises to ensure they have an accurate view of their sales and after-care?

Distribution methods

Distribution methods should be appropriate for the product and target market. A review should be undertaken of how policies are sold. Do agreements with appointed representatives allow sufficient oversight of sales and generate appropriate information to enable suitable control? Would a product ban render any of these agreements unenforceable?

Sales incentives need to be examined to ensure that they are suitable to ensure products sold meet customer demands and needs. Reviews should be undertaken to understand what incentives operate and ensure that they are suitable. Where there are inappropriate targets operating – such as dissuading customers from cancelling policies – these should be reviewed in the light of good customer outcomes.

Are the profit margins from the product such that there are sufficient grounds to show that it is being sold inappropriately? How does the commission structure operate?

CPP – case study of mis-selling

The FSA fined Card Protection Plan (CPP), an insurance intermediary, £10.5 million for widespread mis-selling of card and identity protection in November 2012. This is the joint largest ever retail fine given by the FSA and demonstrates the regulatory change of climate against firms which treat their customers unfairly. Following its investigation, the FSA found that CPP had breached three of its Principles for Businesses, namely Principle 6 (treating customers fairly), 7 (communications with clients should be clear, fair and not misleading), and briefly 3 (organising and controlling affairs responsibly and effectively).

CPP estimated that the total cost of the investigation would be approximately £33.4 million, taking into account the fine, redress payments to customers and the costs of the investigation.

The size of the fine reflects the large number of consumers affected by the mis-selling and the failure by the firm, over six years, to address risks identified by the FSA following supervisory visits. During the relevant period, from January 2005 until March 2011, CPP sold or renewed more than 23 million policies, exposing a large number of consumers to the risk of buying products they did not want or need. During those six years CPP sold 4.4 million policies, making £354.5 million in gross profit.

What went wrong?

CPP’s sales processes were aggressive and overly persistent. The firm failed to draw a line between advised and non-advised sales, and pushed customers to buy cover they had no need for or renew policies they wished to cancel. Sales agents were given targets for dissuading customers from cancelling policies and were encouraged to tell customers to buy cover on the basis that it could be easily cancelled during the cooling off period. When CPP were unable to find a customer’s address when the policy was due for renewal, they took payments directly from the customer’s card without renewal documentation being sent. In addition, CPP relied on an unfair term in the contract which allowed them to use a customer’s emergency card to take payment when the customer’s main card had expired.

Underlying the mis-selling in most cases was a lack of customer need for the product being sold. Bank customers generally do not need insurance to cover fraudulent transactions on lost or stolen cards as they will not be liable for unauthorised payments. The CPP cover was marketed on the basis that up to £100,000 was available to cover such unauthorised transactions. In order to sell cover the risks of identity theft were exaggerated – in one example given in the Final Notice the sales agent told a customer of the “40 per cent increase in identity theft in the last year” when official statistics revealed the amount to be a mere 1 per cent.

Over the course of the relevant period FSA ARROW visits identified weaknesses and failures in risk management around sales processes. These failures culminated in a Section 166 report being undertaken in 2008. Given the persistent failure of management to address mis-selling issues, the FSA identified a failure to control affairs effectively (a breach of Principle 3).

What next for CPP?

As a result of the investigation CPP agreed to various changes to its permissions and to instigate a comprehensive governance review.

The change in CPP’s permissions includes a requirement that it:

  • stop all new sales of products except where insurance is sold as part of a package and to stop trying to retain customers who wish to cancel products;
  • extend the cooling off period for renewals from 14 days to 60 days; and
  • undertake a review of its past business overseen by a skilled person.

Furthermore, a skilled person has been appointed to monitor and report on the ongoing claims handling and complaints process.

CPP agreed to pay redress to affected customers and, in August 2013, the FCA reached an agreement with CPP and 13 high street banks and credit card issuers in order to offer redress to the seven million customers who bought and renewed card protection policies. It is now anticipated that the bill for redress could be up to £1.3bn. 

CPP and the 13 high street banks have voluntarily entered into a scheme of arrangement in order to provide customers with a simple means of claiming redress.

The scheme, established by the relevant banks and credit card issuers will take effect subject to the approval of the High Court. If a majority of CPP customers (the scheme creditors) vote in favour of the scheme, redress payments are anticipated to be made during Spring 2014.

Recent publications

Subscribe and stay up to date with the latest legal news, information and events...