Tag Archives: fca

COVID: U.K. Financial Authority Response

SUMMARY

In the U.K., separate regulatory bodies are accountable to supervise prudential matters (solvency) and consumer protection (conduct). The Financial Conduct Authority (FCA) recently took several actions with respect to consumer protection in the context of COVID-19 using different tools than those available to U.S. insurance regulators.

Resolution of Business Income Coverage Disputes

The FCA has retained a law firm to represent the interests of policyholders in a proposed “test case” to be filed in court by the FCA against representative insurers. The FCA has requested insurers, intermediaries and policyholders to submit examples of disputed policy wordings and the respective positions of the parties.

It appears the action will be commenced before the end of July and is expected to result in binding outcomes as to the interpretation of selected wordings and guidance as to the interpretation of other wordings.

At least initially, the FCA’s statements suggested this litigation would be limited to a few rarely purchased coverage options not requiring “property damage.” It is now unclear whether the scope will expand to include coverages that are only triggered in the event of property damage.

Assessment of Product Value

In the U.K., insurance companies do not typically files forms or rates with the insurance supervisor. Instead, the insurance law imposes a duty to “act honestly, fairly and professionally in accordance with the best interests of its customer” on the insurer and its key executives. That duty includes an obligation to provide products that offer a reasonable value to customers.

The FCA plans to require insurers to assess whether and how the value of their products have been affected by the COVID-19 crisis. To the extent a product is no longer delivering the expected value (e.g., the insured risk no longer exists), the insurer must take appropriate action.

Insurers have six months to complete the assessment and take appropriate action. Insurers must be able to demonstrate to the FCA how they have discharged their obligations to customers.

Assistance to Customers in Financial Difficulty

The U.K. insurance law also imposes a duty to “pay due regard to the interests” of customers and “treat them fairly.” The FCA has issued guidance applying this duty in the context of the potential of temporary financial distress resulting from COVID-19 of individual and small business customers.

The FCA obligates firms to discuss options with policyholders that reach out to the insurer for that reason or who have missed a payment, inquired about making a COVID-19 business interruption claim or have asked for a reduction in coverage.

Options may include a reduction or waiver of premium, deferral of premium payments, replacing the policy with a less expensive product or reducing coverages.

Insurers must take steps to make policyholders aware of these possible options including in their websites.

DETAILS

Business Income Coverage Disputes

The FCA announced on May 1, 2020, its intention to commence a court action with respect to coverage for business income loss under policies issued to small and medium-sized businesses. Specifically, the FCA plans to seek a declaration on “key contractual uncertainties.” The insurance industry supports the FCA’s initiative and is working with the FCA to define the disputed issues.

FCA’s View of Business Income Coverage

In a “Dear CEO” letter of April 15, the FCA expressed its understanding that “most policies have basic cover [that does] not cover pandemics and therefore would have no obligation to pay out in relation to the COVID-19 pandemic.”

However, the FCA expects “where it is clear that the firm has an obligation to pay out on a policy . . . it is important that claims are assessed and settled quickly.”

See also: Business Continuity During COVID-19  

Two weeks later, the FCA acknowledged coverage decisions may be more complicated:

  • “[A]t least in the majority of cases, insurers are unlikely to be obliged to pay out in relation to the coronavirus pandemic.”
  • “[F]irms may consider there is no doubt about wording and decline to pay a claim, but customers may still consider there is genuine uncertainty about whether their policy provides cover.”

FCA’s Intention to Seek Resolution

The FCA has reached out to a small number of insurers (reportedly including QBE, Axa, Zurich and Hiscox). FCA has requested from each typical policy wordings and positions on coverage under several available but typically not purchased optional coverage extensions for:

  • Non-damage denial of access
  • Public authority closures/restrictions
  • Infectious/notifiable diseases

The FCA will “put forward policyholders’ arguments to their best advantage” and has hired an external law firm to do so. On May 15, the FCA asked policyholders to submit examples of disputed wordings and their arguments for coverage.

For its part, the Association of British Insurers called the FCA’s action a “welcome step” and indicated insurers are expected to pay some £900 million in undisputed business income claims.

The FCA has expressed the view that most policies do not cover COVID-19 because they only have “basic cover for BI as a consequence of property damage.” The coverage extensions FCA initially selected for litigation cover “BI losses arising other than from property damage.”

Where Is All the Contents Insurance?

Do you think home and contents insurance is broken? Then join us for our Getting the House in Order series on what’s wrong and how to fix it. Part 1 takes stock of the U.K.’s protection gap and its effect on different demographics.

I’m sure that at some point in life you’ve faced the too much stuff moment. For me, it was earlier in January, as I sought to escape the post-Christmas blues with a mini-break abroad.

Except – the drawer that once contained my passport now appeared to be home to a multitude of still-wrapped DVDs, a large hardback book, some errant Christmas socks and a pack of comedy coasters.

I located the passport in the end, several layers down. But I had to think: As a nation, we sure have a lot of household contents.

I began trying to quantify the volume of stuff in people’s homes, starting with my own overloaded passport drawer. Then the drawers in the living room, drawers in the kitchen, drawers in my flatmates’ rooms (the mind boggles). Beyond that, the drawers in all the houses along my street. And that’s just drawers. What of the cupboards, floors and lofts? The garden sheds, shelves and trunks? In every city, town and village in the realm …

To stave off insanity – at least temporarily – I decided to do a bit of research. It turns out there are 27.2 million households in the U.K., which means that, for starters, we’re looking at:

And what about that class of possession wherein modern man delights the most: consumer electronics? The U.K. is apparently home to 41,000,000 smartphones37,600,000 laptops and 32,800,000 tablet. Now that’s a lot of expensive silicon knocking about!

Today’s contents explosion has not been fueled exclusively by our couch-potato tendencies, let me add. We are a nation of 25 million bike owners, 1.5 million golfers and 825,000 tennis players (weekly), so we’ve got a fair bit of sporting equipment, too.

These two recent trends – gadgetry and fitness – have helped to make our “contents footprint” larger than any previous generation’s. In fact, the Association of British Insurers (ABI), in its recent Britain Uncovered study, put the value of contents stashed in U.K. homes at £950,000,000,000 (that’s almost £1 trillion!). That’s £35,000 per home, on average, comfortably outstripping the average U.K. salary of £27,000.

So, we’ve established that our small island conceals a scarcely imaginable volume of household contents, which brings us to our principal concern in today’s post: Where on Earth is all the contents insurance?

See also: Can Insurtech Rescue Insurance?  

The same Britain Uncovered study found that 28% of U.K. households had no contents insurance whatsoever. That leaves 16 million people and £266 billion of household possessions unprotected.

— £266 billion of household possessions are at risk in the U.K. —

This figure could be higher still. The ABI estimate was based on the number of uninsured households only, excluding those that are merely under-insured. Indeed, the Telegraph reckons that 6.8 million homes (25% of total households) may be under-insured, meaning that only a minority of U.K. homes have appropriate levels of cover.

This contents protection gap has different causes – and solutions – for different people. At buzzvault, we’re pioneering an approach that matches contents cover to customers’ individual needs, whatever they own (sign up for buzzvault beta here, we’d love to know what you think).

However: tech wizardry on its own never solved anyone’s problems. So it’s more important than ever that insurers truly understand their customers. To help with this, we’ve provisionally identified three demographics whose varying needs aren’t met by today’s providers. Let’s take a look.

Contents Insurance: Renters

As if only getting one shelf in the fridge weren’t bad enough already, “generation rent” miss out in more ways still.

You see, that elusive house purchase isn’t just significant as a first step on the property ladder. A purchase is a major trigger for purchasing insurance, as well. Most home contents insurance is currently sold as a bundle with buildings insurance, which is generally mandated by mortgage providers. So, while homeowners are practically forced to take out contents insurance, little impels renters to even think about it.

81% of “generation rent” lack contents insurance, at least according to the Improving Access to Household Insurance report by the Financial Inclusion Commission (FIC). That means we’re looking at a staggering 10.5 million uninsured renters. That’s more than the entire population of Sweden!

No assessment of the travails of renterdom would be complete without a cursory look at our nation’s students. Negative attitudes toward insurance are rife among this demographic. This explains why, despite the average student lugging more than £2000 of possessions along with them to start their studies, nearly half of them aren’t covered. And this, even though students are possibly God’s gift to burglars.

Many renters could afford contents insurance, and would buy it, if only the thought crossed their mind for more than a second. So there is less a product failing for insurers than a failure to package and market their product in a relevant, customer-friendly way. Indeed, it’s that adage again: Insurance is never bought, it’s always sold.

The Financial Conduct Authority (FCA) classifies two-thirds of renters as potentially vulnerable to harm due to low levels of financial capability and resilience, health issues or risk of life events creating difficulties. Contents insurance could provide a significant umbrella.

Status: At Risk

Contents Insurance: Poorest Households

Only 40% of those earning £15,000 or less each year have contents cover, compared with more than 75% for the highest incomes (according to the FIC’s Improving Access to Household Insurance). And, in an unfortunate co-occurrence, it is precisely these individuals who are most exposed to household risks — be that house fires, floods or burglaries.

Lower-income households live with 30 times the risk of arson as more affluent households. They’re also eight times more likely to be on tidal floodplains. To cap it all, socially rented housing is twice as likely to be burgled as owner-occupied properties.

These are damning stats. They tell the story of unacceptable numbers of at-risk households having to bear the cost of personal disaster on their own.

Covering total loss from savings is bad enough – worse still is the fact that many poorer households aren’t even in a position to do this. More than 7 million UK adults have less than £1000 in savings. And less than a quarter of those in social housing could replace a washing machine from savings and income alone (Citizens Advice Quids in survey).

The financial inclusion debate has so far centered on banking, payments services and affordable credit – but accessible insurance has a part to play here, too. Tackling the protection gap won’t eliminate the savings gap, but it will de-risk it.

To do this, insurers need to find ways to make lower-premium products economically viable. This will almost certainly require new distribution mechanisms to achieve scale, reduce cost and reach people regardless of their level of financial education. Tenants insurance schemes (sometimes called “Insurance with Rent”) are welcome in this regard but have had limited adoption so far.

Status: Highest Concern

See also: Why 5G Will Rock the Insurance World  

Contents Insurance: Average Homeowners

Some better news: More than 80% of those owning their home outright or with a mortgage have some form of contents cover in place (FIC: Improving the Financial Health of the Nation). However, these customers aren’t home and dry. More often than not, they have inadequate cover for the value of their contents.

What we have here is endemic under-insurance, where coverage isn’t absent but is still patchy – leaving few people with optimal protection.

When taking out insurance, people typically underestimate the value of their belongings by 40%. In the event of a total loss, this means they can recover max 60% of the value of their stuff. And many insurers operate an averages clause, whereby this percentage (representing the degree of under-insurance) is applied to all claims.

To give you a flavor: Over the past three years, 6% of people have missed a typical pay-out of £1000 from their home insurance providers because they haven’t bought the right level of cover, according to a poll of 2,000 Britons by insurance broker Swinton Group.

The main reason for under-insurance is the steady creep in home contents value. This, we estimate, grows by an average of 24% over a three-year period. While the rhythm for updating insurance policies is generally annual, we update our possessions daily, weekly and monthly.

A one-size-fits-all approach to contents insurance doesn’t just lead to poorer households tending to pay over the odds. It can also lead to wealthier households paying too little – and then being hit with the consequences, without warning, when it’s time to claim.

Topping up homeowners insurance isn’t as great a social good as providing a financial umbrella for the nation’s neediest households. However, much work for the insurance industry remains to be done here that could justifiably be called low-hanging fruit. These households are, after all, already receptive to insurance and tend to own the most stuff.

Status: Vulnerable

We will revisit all these themes in greater depth as this series progresses. Next, we’re looking at what can be done about the low adoption and engagement that insurance products have traditionally faced.

It’s a certainly a challenge to sell a product no one covets or, in the main, understands. But rather than waiting for the public to start caring, the industry should explore ways to take insurance out to its customers: one approach being to embed it into other services customers do care about.

Where Can You Find Growth (Part 2)?

We are continuing our two-part series on where leaders should focus for growth in a changing world that is full of new technology. This post builds on Part One, which covered major trends, the need for customer insight and what is required to manage your data effectively.

Our attention turns again to your customers — but this time also considering the issue of their irrational behavioral biases. How should this human trait influence your plans or focus for growth?

With irrational customers, what should you do?

With the Financial Conduct Authority (FCA) focused on behavioral economics (BE) and expecting providers to take it into account, the days of assuming customers will act rationally are numbered.

I’m sure most of you have at least heard of BE. The success of popular books on the subject — from the easy to read “Nudge” to the slightly more challenging “Thinking Fast and Slow” have ensured that there has been plenty of media coverage and social media debate on the implications and appropriateness for policy and action.

See also: How to Take a Bold Approach to Growth  

As with many academic disciplines, different experts use slightly different nomenclature to order the different irrational behavior or biases observed. However, for financial services clients, a good place to start is the list of 10 biases published by the FCA. My own experience in helping clients test communications or design marketing to take irrational biases into account suggests this list covers the bases.

Do you test your communications?

Of course, the focus of FCA regulatory action is ensuring the customers receive positive outcomes through products and services suitable for their needs. Unfortunately, some agencies offer to help businesses understand and act to protect customers from BE biases by seeking to “rubbish” traditional research or the role of customer insight teams. This is so misguided. Most successful BE projects require well-designed research, as well as behavioral analysis, data capture and database marketing skills in experimental design. In other words, it is probably your existing customer insight team that is in best place to take such work forward.

Given that most firms focus first on ensuring their communications could not be accused of manipulating biases, two biases (in particular) are worth considering:

  • Framing, salience and limited attention: Is the bias such that different decisions are made if information is presented/structured differently (as sommeliers know well).
  • Present bias: Is the present over-valued compared with the future (i.e., I would accept a smaller payout now, compared with delayed gratification with better return).

Still, other biases matter and occur from time to time. For a fuller list, see this previous post summarizing all 10 biases.

Conclusion

There are many different and exciting innovations happening, including the use of blockchain, robotics, virtual reality and machine learning. But, having seen those innovators who go on to thrive and those who do not, I am making the case to focus on people — not technology.

Developing a strong customer insight capability that is supported by well-managed data and is used to guide all interactions with customers is a sustainable route to growth. However, to achieve both customer loyalty and the approval of regulators, you will also need to consider irrational customers.

We are practically in a “seller beware” market, so, to truly protect your business, make sure you know (better than your competitors) how to help your customers achieve positive outcomes. Oh, and learn how to tell them what you know in their language.

See also: Does Your Culture Embrace Innovation?  

Such a human-centered-design approach to business is not easy, but it is fulfilling. Focus on understanding and serving your customer better. When you have a compelling story to tell, you will also be able to mobilize one of your biggest weapons. That, of course, is all the people who work in your business.

To modify the oft-quoted line by President Bill Clinton about what matters most: “It’s the people, stupid.”

How to Avoid Being Bit by GDPR (Part 2)

This is Part Two of a two-part series focused on helping data insight leaders plan for GDPR. Find the first part here

With the EU-approved General Data Protection Regulation (GDPR) set to be implemented in the U.K. on May 25, 2018, GDPR must be a consideration for all insight leaders.

In the first post, we focused on needing to check your potential exposure with regard to these topics:

  • Higher standard of what constitutes consent;
  • Challenges if using “legitimate interest” basis;
  • Permission needed for profiling and implications; and
  • Data impact of people’s right to be forgotten.

Is there more to GDPR than that?

I mentioned in my first post that I was concerned about an apparent complacency regarding GDPR readiness. After talking further about this with some leaders, I believe that one cause is risk and compliance teams advising that GDPR isn’t as bad as feared. This means there’s a danger of potential threats “falling between two stools.”

Let me explain.

From a risk-and-compliance perspective, many of the principles in GDPR aren’t hugely different from the existing U.K. Data Protection Act. Many of the changes come through greater evidence requirements and more specific guidance regarding what is expected in specific situations. For that reason, I can understand compliance experts not seeing the need for vastly different paperwork. However, leaving such an assessment to that team risks missing critical implications.

One of the reasons that insight leaders and data teams should get involved in discussions about GDPR is to spot technical/data/system implications of change. What may seem to be simply a clarification of language to a compliance expert sometimes has far-reaching implications for company data models and how data will be used or stored — for instance, the rights mentioned in Part One with regard to withdrawing permission for profiling (or the “right to be forgotten”). Most businesses’ existing data models will not currently cater to the new fields, and separation of records is required.

So, although wading through EU legal language may not sound like a fun day out, it’s worth data insight leaders and their teams talking through practical implications with their risk and compliance advisers.

Here are some other considerations for you to discuss.

Data model impacts from GDPR

The reason for titling this topic “Data model impacts” rather than “Database impacts” is our advice to maintain up-to-date data models for your business that give you independence from specific IT solutions. Whatever this is called, data insight leaders will want to identify any impacts to their data structures and any changes that may be needed to enable compliance ASAP.

See also: Missed Opportunity for Customer Insight

In our first post, we touched on both the need for consent (to marketing and profiling) as well as the need for evidence of this. There are further considerations.

Applying meaningful data-retention policies that can be justified as reasonable requires knowing the recency of such consent. In addition, data-controller responsibilities require the capturing and storage of consent data within any third-party sources of personal data.

Even the current Information Commissioners Office (ICO) guidance (before it was updated for GDPR) makes clear:

  • “Organizations should therefore make sure they keep clear records of exactly what someone has consented to.”
  • “Organizations may be asked to produce their records…”
  • “Organizations should decide how long is reasonable to continue to use their own data and more importantly a third party list.”
  • “As a general rule… it does not rely on any indirect consent given more than six months ago.”

Do your data models capture that granularity of data permission (what and when) and hold it against both internally captured personal data and any you may have purchased from third parties?

Data Protection Impact Assessments (DPIAs)

Data and analytics leaders within businesses often complain to me about not being consulted by internal project teams. It seems all too often the data implications of projects (especially on downstream systems like data warehouses) aren’t considered or are de-scoped from testing. This can result in considerable rework and in the worst cases to inappropriate marketing or customer contact.

Data Protection Impact Assessments (DPIAs) are intended to protect against such unintended data changes. Previously only recommended by the ICO, the GDPR is more explicit in what is expected:

“DPIAs to be carried out if the planned processing is likely to result in a high risk to rights and freedoms of individuals — including where processing involves ’new technologies’ or ‘large-scale processing.’”

So, what do you need to do for a DPIA? Basically, it’s an investigation to identify how such risks will be mitigated. Could the planned systems changes produce effects on either data stored or on use of data that would breach the GDPR? Is monitoring required to avoid this? Given that the ICO is due to publish a list of the kind of processing operations that require DPIAs, it’s worth planning for them.

As a quick checklist, you should seek to answer these questions regarding your DPIA:

  • What is the possible risk to individuals from changes (to systems, processes, etc.)?
  • What is the risk of non-compliance with GDPR? (Consider all the topics in our two posts.)
  • Which principles and regulations might be breached?
  • Is there any associated organizational risk? (E.g. reputations at risk if goes wrong?)
  • Who should be consulted? (This includes third parties and teams using personal data.)

One final point:  Within the GDPR guidance, there’s also an expectation of being “designed for compliance.” There’s far less tolerance for new systems not being designed to store and use data in line with GDPR rules. So, it’s well worth reviewing any current and planned projects to ensure they are allowing for the data fields and checks that will be required. Don’t try to use the opportunity to blame legacy systems.

Record-keeping and contracts (What should these cover?)

Financial services firms will be used to the record-keeping requirements from other regulations (including FCA’s Conduct Risk). Another area where GDPR goes further than previous rules is in the expectation of records being kept. If a data controller or data processor has more than 250 employees, “detailed records of the processing” need to be kept. SMEs (fewer than 250 employees) are generally exempt, unless the processing carries a “high privacy risk” or involves “sensitive data.”

So what records must you keep?

As a rough guide, it’s high-level records on policies and people, including:

  • Name and contact details of data controllers and DPOs (more about them soon);
  • Purpose of processing;
  • Classes of data (e.g. personal, sensitive, product, etc.);
  • Details of recipients of data;
  • Details of any overseas transfers;
  • Data retention periods (replying on date stamps on data items); and
  • Security measures in place (data access, authentication, etc)

As an aside for insight leaders, recognizing the need to keep all these records prompts me to speak up about the need for better knowledge management solutions. Previously, I made a plea for more emphasis on metadata. Given that insight leaders also have a challenge to retain analysts and the insights they have gleaned while working there, an easy way to store insights and data as well as data about data is clear. However, despite years of variants of database, intranet, groupware and other potential solutions, most businesses still lack a routinely used knowledge management solution. I hope the success of products such as Evernote will prompt more complete solutions.

Data Protection Officers (DPOs) (Do you need one, and what should they do?)

Over the course of reading these two posts on GDPR, you may be beginning to wonder who carries the can. In other words, who is liable to go to jail or be prosecuted if this work is not done? The answer, for many firms will be the Data Protection Officer (DPO). Far from being a scapegoat, the DPO is intended to be the internal conscience — akin to an internal audit role in helping prevent breaches.

The ICO was previously silent on any formal need for such a position, despite the growing popularity of appointing Chief Data Officers (CDO). At one stage, it was expected that GDPR would require every organization to have a DPO, but the final wording was more tolerant.

The following have to have DPOs:

  • Organizations where processing is “likely to results in a risk to data subjects”;
  • Organizations involving large-scale monitoring or sensitive data (ICO guidance should clarify); and
  • Public authorities or bodies.

A DPO is required to have the requisite data skills, and their details should be published to encourage contact with data subjects. But there are also protections to ensure the DPO isn’t brought under undue internal pressure. The DPO isn’t to be instructed how to carry out the duties. DPOs may not be dismissed or penalized for performing their tasks, and they have to report directly to the highest level of the organization. Given that freedom and responsibility, it isn’t surprising that a number of businesses will ask their CDO to take on the DPO role, as well.

See also: It’s Time for a New Look at Metadata  

What are DPOs expected to do, then, if they can’t be over-guided internally? Well, this:

  • Inform and advise data controllers to ensure compliance;
  • Monitor compliance with GDPR;
  • Provide advice to others where requested (e.g. DPIAs); and
  • Cooperate with the ICO, including notifying the ICO about any breaches.

Given all the concerns, it’s not surprising to see a growing industry of data breach insurance. However, it’s worth reading about the requirements. Many require very stringent internal controls and may not pay out if any insider collusion is identified.

How are you preparing? Do you have any tips?

Only time will tell how the ICO operates under these regulations and how firms respond. So, it’s the start of a journey — but I encourage all data insight leaders to start that journey ASAP.

Please do also share what has worked for you. What have you found useful in thinking through the implications for your organization? Are there any tools or tips and tricks that you’d recommend?

As ever, we’d like to encourage the Customer Insight Leader community to share best practice and help improve our profession.

For further information — and perhaps a next step — I’d recommend the training and certification provided by the IDM. I’ve completed both and found them very useful.