Recent developments in conduct risk management

Chain with red link

For a number of years now, legislators from around the globe have poured huge energy and resources into assisting with the development, and in some cases complete reworking, of their prudential regulatory regimes. Local regulatory authorities have been similarly active in the implementation of these changes. Finally, the dust is starting to settle on this latest wave of change, with the likes of Solvency II for insurers now in place in Europe, and the own risk and solvency assessment (ORSA), in its various guises, firmly recognised globally as a key cornerstone of best practice when it comes to sound solvency management.

Now attention is slowly but surely starting to turn to conduct, the second key function of regulatory authorities, and legislators have become active again. Recent years have seen conduct risk push its way ever higher up the agenda. What do we mean by conduct risk though? The International Association of Insurance Supervisors (IAIS) has succinctly described it as ‘the risk to customers, insurers, the insurance sector or the insurance market that arises from insurers and/or intermediaries conducting their business in a way that does not ensure fair treatment of customers.’ The chair of the Financial Stability Board (FSB) has stated that ‘the scale of misconduct in some financial institutions has risen to a level that has the potential to create systemic risks.’ Such observations have served to further place conduct risk management in the spotlight, not just in the insurance industry but across the whole spectrum of financial services firms.

So what has been happening in this space? At a global level, the IAIS and the FSB have both been active. The IAIS has, through its Insurance Core Principles (ICPs), set out a number of key conduct requirements, namely suitability of persons (ICP5), corporate governance (ICP7), risk management and internal controls (ICP8) and conduct of business (ICP19). The FSB, charged with developing and promulgating global financial policies designed to minimise the likelihood of another financial crisis, has published a number of reports on measures to tackle misconduct in financial services. In May last year, it published a report setting out the next steps in its work to consider the role that governance frameworks have to play in reducing misconduct. It listed the following five themes as key elements of conduct risk management:

  1. Clearly defined corporate strategy and risk appetite with relevant controls.
  2. Appropriate expertise, stature, responsibility, independence, prudence, transparency and oversight on the part of board members and control functions.
  3. Corporate culture.
  4. Effective control environment.
  5. Appropriate people management and incentives.

In Europe, there are a number of recent or soon to be implemented initiatives in the consumer space, applying to a wide range of financial services firms. They include:

  • Insurance Distribution Directive
  • Product Oversight and Governance requirements
  • Packaged retail and insurance-based investment products (PRIIPs)
  • Updated version of the Markets in Financial Instruments Directive (MiFID II)
  • Product complexity and sales process requirements
  • Proposals for PRIIPs following environmental or social objectives

In the UK, the Financial Conduct Authority has been quite active of late, publishing a large volume of guidance, consultations and reports. Amongst them are guidance to firms on the actions they should consider taking in the fair treatment of customers in closed insurance books; proposals to drive competitive pressure on asset managers and increase value for money for investors; and proposals to extend its Senior Managers and Certification Regime to insurers. This latter initiative is likely to drive a cultural shift within firms, with the onus now moving from the firm as a whole to the individual in order to ensure good practice in relation to the treatment of customers.

The United States has also witnessed recent developments in the consumer protection sphere, including the creation of the US Department of Labor Fiduciary Rule, designed to address US regulatory concerns that distributors’ product recommendations to their clients were being driven by compensation rather than what might be considered to be in the clients’ best interests. This Rule was partially implemented in June last year, with full implementation due in 2019. Amongst a range of other things, it expands the definition of a ‘fiduciary,’ bringing into scope insurance agents, insurance brokers and insurance companies.

This is just a sample of the global developments that are taking place, with similar examples in countries like South Africa, where the conduct risk regulatory environment is already reaching quite a mature state. Closer to home, the Central Bank of Ireland is also becoming more vocal in relation to consumer protection, with the unveiling of its Consumer Protection Risk Assessment model last year, and its subsequent activities with regulated entities in rolling out this new model.

It’s clear that conduct risk is becoming a key area of focus for all stakeholders in the insurance industry, right around the world, and we can expect more activity in this space over the coming years. This will bring both aspects of consumer protection—prudential regulation and conduct—more in line with each other, through a more complete, robust and dynamic tool kit, helping to ensure better outcomes both for providers and consumers of financial products.

If you are interested in more information on current global developments in conduct risk you may find this paper to be of interest.



Eamonn Phelan is a Principal at Milliman and a member of the SAI's Enterprise Risk Management Committee


The views of this article do not necessarily reflect the views of the Society of Actuaries in Ireland, the Enterprise Risk Management Committee, or the author’s employer. The article was edited by the Communications Subgroup of the Enterprise Risk Management Committee.