Insurance Bulletin, June 2018 Edition 3
In this issue: Regulation and legislation; Market developments; HFW Publications and events
1. Regulation and legislation
UK: FCA regulation of claims management companies: FCA consults on proposed rules
Following a review of claims management regulation in 2016, the government announced that the FCA would take over the regulation of claims management companies (CMCs) from the Claims Management Regulator. The FCA will become the regulator of CMCs which are established or serving customers in England, Wales and Scotland. The regulatory responsibility is due to pass to the FCA on 1 April 2019 and the FCA has published Consultation Paper CP 18/15 (CP 18/15) which sets out how the FCA intends to regulate CMCs. CP 18/15 can be found here.
- draft rules and the standards the FCA thinks CMCs should have to meet once they become FCA regulated;
- how the FCA will enforce its rules; and
- the process for CMCs to become FCA authorised.
The change has been prompted by concern about misconduct in the claims management sector.
Many of the existing Claims Management Regulator’s rules will be retained but the FCA will be making amendments and additions in a number of areas.
Proposed changes include the following:
- After 1 April 2019, all CMCs will need to be authorised by the FCA and meet the FCA’s Threshold Conditions. CMCs currently authorised by the Claims Management Regulator who want to carry on regulated claims management activity will need to complete a registration form informing the FCA they wish to continue to carry on regulated claims management activity and pay the relevant fee by 31 March 2019. The FCA will then issue the CMC with a “Temporary Permission". CMCs who are currently not regulated but will become FCA regulated will also need to apply for a Temporary Permission. CMCs will then need to apply for full authorisation. Further information can be found here.
- The Senior Managers & Certification Regime will apply to CMCs and the FCA will consult on this in a separate consultation paper1.
- Conduct of business rules will apply to CMCs. These rules will be included in a new FCA Handbook sourcebook called “Claims Management: Conduct of Business sourcebook" (CMCOB). Under the proposed rules2, CMCs will need to:
- act in the best interests of their customers including complying with the requirement to “act honestly, fairly and professionally";
- comply with general conduct of business rules including not presenting claims which the CMC knows or has reasonable grounds to suspect are fraudulent or without merit;
- provide a mandatory 14 day cooling off period;
- undertake sufficient due diligence on lead generators (the companies which provide the potential claimant details to the CMC) to ascertain that the lead generator is authorised and has appropriate systems and processes to ensure compliance with data protection and privacy electronic communications legislation;
- record calls with customers and retain the recordings for a minimum of 12 months;
- provide customers with key information on fees and alternative options; and
- ensure that advertising which uses “no win, no fee" or similar language includes information about the costs of the service and information about free alternatives (such as the Financial Ombudsman Service).
- Relevant sections of the Supervision manual (SUP) will apply to CMCs3.
- New prudential standards will apply to CMCs including requirements for CMCs to have sufficient financial resources to meet their liabilities4.
- There will be changes to rules regarding how CMCs hold client money and the FCA is proposing to apply the same client money rules to all CMCs5.
- Claims made under s75 of the Consumer Credit Act 1974 will be brought within the scope of FCA regulation6.
- CMCs will be brought within the compulsory jurisdiction of the Financial Ombudsman Service7.
The deadline for providing the FCA with feedback on the consultation is 3 August 2018. Following the consultation, the FCA will publish a Policy Statement in Q4 2018.
- Paragraphs 2.28 to 2.31, CP 18/15
- Section 4 “Conduct Standards", CP 18/15
- Section 5 “Supervision and reporting", CP 18/15
- Section 6 “Prudential standards and wind-down procedures", CP 18/15
- Section 7 “Client money", CP 18/15
- Paragraph 2.12, CP 18/15.
- Paragraph 1.20, CP 18/15
2. Market developments
EU: GDPR expected to increase insurance claims for data breaches
Insurers should brace themselves for an increase in insurance claims for data breaches since the General Data Protection Regulation (GDPR) came into force on 25 May 2018. Those were the conclusions of the International Underwriting Association (IUA) in a recent research paper.
Several reasons were identified by the IUA for the likely increase in data breach claims. These include the GDPR’s changes to the right to compensation for data breaches, lower thresholds for notification of breaches and increased defence costs. Another factor is the introduction of group litigation into data protection law, which allows consumer bodies to represent multiple individuals in mass claims. The IUA said “The introduction of the GDPR means people are likely to be more aware of their rights, are legally entitled to notification of any data breaches and have greater scope for seeking redress. Each of these factors could lead to a greater number of claims".
The IUA has stated that it expects increased numbers of claims to be made under general liability policies, where data protection cover is commonly provided as an extension. Others have predicted that there will be a significant impact on D&O and cyber insurance, both in terms of uptake of policies and claims. In relation to D&O, the GDPR provides significant scope for civil claims and regulatory action against directors and officers. In relation to cyber, many cyber policies cover the cost of regulatory investigations, which is a key reason why demand for cyber cover is set to increase.
Insurers are advised to check carefully whether their existing policy limits and sub-limits are appropriate for the post-GDPR environment. They are also advised to review references to data protection legislation in their policy wordings, examine current policy triggers, and review their existing risk management assessments (for example in relation to the extent of their clients’ GDPR compliance). The IUA has said “it is important that insurers understand how their liability products are likely to perform in the new data protection landscape". The IUA hopes that its report will serve as a catalyst for its development of new wordings for the GDPR regime.
These issues are of course in addition to insurers’ own obligations to comply with the GDPR. These are significant because insurers must collect and access a large amount of personal information, meaning that data processing lies at the heart of insurance business. The potential penalties for breach of the GDPR are serious. Aside from reputational damage, those in breach are liable to pay a fine of up to €20m or 4% of global turnover, whichever is higher.
Worldwide: Aon predicts cyber insurance will grow to US$4 billion by 2021
A report published by Aon has predicted that growth in premiums over the next three years will be most rapidly seen in the cyber insurance market and reach US$4 billion worldwide by 2021. That represents an annual rate of growth of 14.1%.
Studies by Aon concluded that over the last five years, cyber premiums grew by an average of 23% year on year - the most significant across all classes of business. The broker reviewed insurance bought by corporate, public sector and not-for-profit organisations for 2013 – 2017 and determined that this marked a trend in companies “putting a greater value on intangible assets, such as cyber and intellectual property". The Chief Executive of Aon Inpoint (Aon plc’s data, analytics, engagement and consulting team) Michael Moran believes that “there are multiple reasons for the increased focus and increased premiums ranging from financial statement protection due to a business interruption to the constantly evolving global regulatory environment including the European Union’s General Data Protection Regulation."
According to Aon's studies, global commercial property and casualty premiums were worth $730 billion in 2017 but would increase to $900 billion in 2021, with US commercial property and casualty premiums making up roughly one-third of these figures. In 2017, the classes of business which generated the largest of these premiums were manufacturing at $111billion, followed by agriculture, fishing and forestry at $72 billion as a result of demand from China and the US.
Aon predicts that rapid expansion at a rate of about 6% each year will be seen in financial institutions, mining and minerals and the technology and media sectors.
3. HFW publications and events
HFW Briefing: Fifth Circuit Sides with Insurer’s Denial of 30-month Late Hail Damage Claim
The United States Court of Appeals for the Fifth Circuit ruled this month in favor of Certain Underwriters at Lloyd’s, London in a property coverage matter related to hail damage claims asserted by a North Texas hotel. To read the Briefing by Gerard Kimmitt and Sheshe Taylor, please click here.