3
Strategy for positive change - our ESG priorities: Governance and Culture
Poor governance and culture in the insurance market leads directly to poor outcomes for
consumers, market participants and employees and these have been key root causes of
recent major conduct failings.
Firms should be able to show how they are actively working towards having a diverse
workforce at all levels in their organisation. This will help firms understand customers’
diverse needs and make the market an attractive career proposition for future talent.
These positive outcomes can be advanced through firms assessing and improving the
drivers of culture in your firm, considering leadership, purpose, governance, and your
approach to recruiting, managing and rewarding employees. We have seen encouraging
market commitments in this area but remain disappointed on the general lack of
progress within the market overall, especially in the wholesale market.
Minimising the impact of operational disruption: Operational resilience and the
increasing reliance on third parties
Operational resilience is the ability of firms, financial market infrastructures and the
financial sector as a whole to prevent, adapt and respond to, recover and learn from
operational disruption. We have recently seen incidences of a lack of operational
resilience within firms to the detriment of customers and the wider market. We are
particularly concerned with the level of governance, oversight and contingency planning
on outsourced services where, if a problem occurs, customers suffer harm because
adequate controls and contingency plans are not in place.
Our Operational Resilience Policy (PS21/3) accompanied rules and guidance. Firm had a
year implementation period until the rules came into force on 31 March 2022. After that
firms needed to as soon as reasonably practicable and no later than 3 years, show that
they are which comes into effect in March 2025, requires in-scope firms to be able to
remain within Impact Tolerance (ITol) in severe but plausible scenarios for their
Important Business Services (IBSs). To meet this requirement firms must have scenario
tested their IBSs to identify any vulnerability in their operational resilience and acted on
any findings before March 2025, when the 3-year transitional period ends.
It is good practice for firms to have credible plans in place to manage and recover from
operational problems, take remedial action where necessary and notify the regulators
promptly as appropriate. In particular, we draw attention to the risks of cyber-attacks
and the need to ensure you have adequate controls in place where information is held by
third parties.
Improving oversight of Appointed Representatives
Many firms in the insurance market operate as principals with Appointed Representatives
(ARs) to bring benefits such as supporting innovation as some firms use the model to
trial new services and propositions, providing increased customer choice and driving
competition by providing market access for smaller firms. However, we have seen a wide
range of harms where firms operate with the AR model, as set out in our policy
statement last year. Our strengthened rules, which came into force on 8 December
2022, give principals more responsibility for ensuring your ARs are fit and proper. We
are using data and analytics to help us identify higher risk principals and taking
appropriate action on outlier firms. We will be testing that firms are properly embedding
the new rules across the AR regime and increasing and improving our engagement with
principal firms and other stakeholders. We expect principal firms to ensure high
standards both within their firm, and at their ARs. Principals need to take steps to ensure
their ARs operate within those high standards and to take assertive action with those
ARs that fall below the principal firm’s standards.