In our careers in delegated authority (DA), we have seen DA management develop from a cottage industry within insurance into a fully-fledged technical profession in its own right.
Historically, DA management was little more than tracking the physical cover notes held by an insurance agent. These physical cover notes were attached to the front of the paper insurance documents issued by an agent and underwritten by the insurer. The policy numbers used were tracked against a list. Any spoiled cover notes were recorded and tracked back in when the agency relationship ended. Otherwise, an unscrupulous individual could use the cover notes to issue very real looking insurance policies.
The firms who held this box of cover notes for issuing policies were known as coverholders. A term still used by Lloyd’s today.
Some notable legal and regulatory changes have seen a culture shift within DA from maintaining relationships with independently regulated firms to managing insurance agents who can cause their insurer principals big financial, regulatory and legal damage.
Notable events driving this paradigm shift include the Bribery Act 2010 and the introduction of the associated person, the formation of the FCA and its thematic review on outsourcing aka delegated authority, large fines for failures in DA oversight and skilled person reviews targeting DA. The changes to DA keep coming with GDPR, IDD and Consumer Duty.
Year on year, it seems, the scope of DA management broadens. This is reflected in our investment in our people and development of our technical offerings such as our nine tests for Consumer Duty.
As the scope of DA continues to expand, it can be challenging to define where it fits within an insurer’s structure.. Is it too regulatory for an underwriting or claims process? Could it be too varied for operations and too service driven for compliance or risk management? Wherever it sits in the organisation chart, our holistic model for DA management demonstrates the interconnectedness of all DA specialist roles.
Our model summarises the DA management roles into three pillars and places them within a firm’s risk management framework, as all activities should be.
The due diligence, monitoring and auditing pillars sit on a horizontal plane with oversight activity running consistently through the three of them.
Consider how this will apply for sanctions screening.
An insurer performs a risk assessment within their risk framework and determines that a particular contract of delegation require pre-bind and pre-payment sanction screening against the HMT, UN and OFAC sanctions lists.
The firm that is to be granted delegated authority provides their sanctions screening policy. The policy identifies that sanctions screening is post-bind. The due diligence team reviews the policies and requests that their approach is enhanced to pre-bind. The contract is reviewed to ensure that the sanctions screening requirements are expressly and correctly included.
The coverholder policy is updated and the delegated authority contract can go live.
The firm with DA provides a quarterly report of product level QA outcomes which included sanctions screening against their procedures within its scope.
The audit reviews a sample of risks. This includes evidence of pre-bind sanction screening. Evidence is reliably maintained on the file by a few handlers however there are gaps for other. A finding is raised which the insurer monitors with the firm.
This example shows how our holistic model for DA management can easily demonstrate the role of DA functions and how they interact.
This can help insurers and other firms who delegate avoid some of the pitfalls identified in the FCA’s thematic review such as relying on audit to fact-find or information collect rather than as a detective control.
If you want to know how a firm will do it, its due diligence; if it’s a firm showing that they did do it, its audit.
