This country-specific Q&A gives a pragmatic overview of the law and practice of insurance & reinsurance law in the United Kingdom.
It addresses topics such as contract regulation, licensing, penalties, policyholder protection, alternative dispute resolution as well as personal insight and opinion as to the future of the insurance market over the next five years.
This Q&A is part of the global guide to Insurance & Reinsurance. For a full list of jurisdictional Insurance & Reinsurance Q&As visit http://www.inhouselawyer.co.uk/index.php/practice-areas/insurance-and-reinsurance-3rd-edition/
How is the writing of insurance contracts regulated in your jurisdiction?
The regulation of insurers and reinsurers (collectively, "(re)insurers") in the United Kingdom ("UK") changed substantially following the 2007-2008 financial crises and the implementation of the Solvency II directive.
The Financial Services and Markets Act 2000 ("FSMA") established a system for the regulation of various “regulated activities”, as set out in the Financial Services and Markets Act 2000 (Regulated Activities Order) 2001 ("RAO"). Whilst the UK's regulatory framework derives mainly from FSMA and its related implementing legislation and rules, it is also substantially influenced by and, where required, implements various European laws, including the Solvency II Directive.
Under FSMA no person may carry on a "regulated activity" in the UK unless they are an "authorised person" or an "exempt person". Authorisation to carry on (re)insurance business in the UK may be obtained directly from the relevant UK regulator, or for a European headquartered (re)insurer firm, by passporting into the UK from that European head office's jurisdiction.
A review by the UK government in the wake of the crisis led in 2013 to the then single financial services regulator, the Financial Services Authority ("FSA"), being replaced by, and its functions distributed between, two new regulatory authorities, the Prudential Regulation Authority ("PRA") and the Financial Conduct Authority ("FCA") (together the "Regulators").
(Re)insurers are regulated by both Regulators (and are therefore described as being "dual-regulated"), although the PRA acts as the "lead regulator" and therefore is the main point of contact for supervisory decisions. Insurance intermediaries are regulated by the FCA only (see further paragraph 4 below).
The UK's regulatory system also applies to Lloyd's of London ("Lloyd's), a specialist reinsurance market in the City of London within which multiple financial backers, grouped in syndicates, come together to pool and spread risk. Both Lloyd's and syndicates operating within it are dual-regulated. The majority of reinsurance business written by underwriters at Lloyd’s (also known as "members") is placed through brokers and both members and brokers are regulated by the FCA.
As noted above, much of UK insurance regulation derives from EU law. As a result the potential exit of the UK from the EU ("Brexit") results in some uncertainty as to the future (both immediate and long-term) of insurance regulation in the UK.
The European Union (Withdrawal) Act 2018 repeals the European Communities Act 1972 on "Brexit day" and provides that almost EU and EU-derived law will be "onshored" as it stands immediately before the UK's departure from the EU. It also provides the government with wide powers, exercisable for two years following Brexit, to amend UK law to rectify deficiencies arising from the disapplication of EU law and the onshoring process. The UK Treasury has indicated that immediately following Brexit certain of such powers will be delegated to the PRA and FCA. The regulators have in turn issued some announcements setting out how they intend to use these delegated powers.
The PRA and FCA's approach to insurance regulation is not expected to change immediately post-Brexit. Accordingly, in the short-term, Brexit will affect firms which operate cross-border in the UK and Europe, either passporting their insurance permissions outwards from the UK to the EU or inwards from the EU to the UK. In the event of a no-deal Brexit this passporting would no longer be available.
Most (re)insurers affected have planned for this contingency and taken steps to restructure their business to ensure that they are able to continue to operate in the event of a no-deal Brexit. The UK and EU insurance regulators have also agreed memoranda of understanding setting out how the regulators intend to cooperate with respect to supervision, enforcement and exchange on information in a no-deal Brexit scenario. These memoranda have not been made public.
The European Insurance and Occupational Pensions Authority ("EIOPA") has also published recommendations for national EU insurance regulators with respect to how UK insurers operating in the EU should be treated in no-deal scenario in order to minimise disruption to policyholders. These guidelines suggest that UK insurers will be able to run-off existing cross-border business although they will not be able to enter into new contracts or renew or extend existing contracts.
Are types of insurers regulated differently (i.e. life companies, reinsurers?)
In principle, all types of (re)insurers are regulated in the same way, all being (subject to a few exceptions) subject to Solvency II and to prudential regulation by the PRA.
The capital requirements under Solvency II are intended to be risk sensitive, realistic and market consistent, with (re)insurers having to hold sufficient assets to cover expected future liabilities. However, given the long-term duration of liabilities for life business in particular, there are a few provisions which relate specifically to life insurers. For example, the matching adjustment and volatility adjustment can be applied, with the consent of the PRA, to ensure that assets held to protect longer term liabilities are suitable and correctly reflect the risks associated with such contracts.
Conduct of business regulation for all (re)insurers falls under the remit of the FCA which has extensive rules relating to advertising and the promotion of insurance contracts, including rules to ensure the fair treatment of customers, for example. Broadly, conduct rules for life and long-term insurance business are governed by the FCA's Conduct of Business Sourcebook (COBS) whilst general business is covered by the Insurance Conduct of Business Sourcebook (ICOBS) – both sourcebooks are extended to apply to intermediaries also. The perceived risk to policyholders and efforts to reduce financial mis-selling influences the degree of regulation by the FCA, for example, sales of long term (i.e. life) insurance products which have an investment element to consumers are subject to additional requirements to ensure that customers are given as much information as possible before entering the contract.
Under FSMA reinsurers are treated as in the same way as direct insurers unless a rule specifies that they are excluded or subject to an alternative approach. There are certain provisions which are applied differently to "pure" reinsurers.
Are insurance brokers and other types of market intermediary subject to regulation?
Various activities undertaken in relation to contracts of insurance (including arranging a contract of insurance or assisting in the administration and performance and advising on contracts of insurance) are regulated under FSMA. Accordingly, authorisation must be sought from the FCA to act as an insurance intermediary (note that the PRA does not regulate insurance mediation).
It is also possible for an entity to become an appointed representative of a regulated firm in order to carry out mediation activities without itself being regulated, on the basis that the regulated principal has full responsibility for the actions of the appointed representative.
Is authorisation or a licence required and if so how long does it take on average to obtain such permission?
Permission must be sought from the PRA to carry on insurance business in the UK, i.e. to effect or carry out a contract of insurance) and from the FCA to act as an insurance intermediary. In either case ‘Part 4A permission’ authorisation application must be made and the relevant Regulator must make a decision on complete application within 6 months. If permission is granted, then the firm will receive a ‘Scope of Permission’ notice which will state the regulated activities that the firm has permission to carry out, when the permission starts and any requirements or limitations that the firm may be subject to.
Authorised firms appear on a publicly searchable Financial Services Register which shows which permissions they have been granted in relation to regulated activities.
Are there restrictions or controls over who owns or controls insurers (including restrictions on foreign ownership)?
It is a criminal offence to acquire or increase control in an insurer authorised in the UK without the prior approval of the PRA. The PRA may approve the change in control unconditionally, impose conditions or object to the acquisition.
A person will acquire control for their purposes if (i) they (alone or with their associated persons) hold 10% or more of the shares or voting power in an insurance undertaking (or its parent company) or (ii) they are able to exercise significant influence over the undertaking.
Approval by the PRA is also required when an existing controller proposes to increase its shareholding or voting power in an undertaking (or its parent company) above 20%, 30% or 50%.
There are no legislative restrictions on non-UK (or EU) nationals owning insurance companies.
Is it possible to insure risks in your jurisdiction without a licence or authorisation? (i.e. on a non-admitted basis)?
FSMA prohibits any person from undertaking a regulated activity by way of business in the UK without authorisation. However, simply insuring/reinsuring a policyholder/risk located in the UK does not itself amount to carrying out (re)insurance business in the UK unless activities are also carried on in the UK which amount to the effecting or carrying out of a contract of (re)insurance. Therefore, it is possible for overseas firms to structure their business such that, for the purposes of FSMA, they are not deemed to be carrying on (re)insurance business "in the UK". However, it should be noted that there is a significant amount of case law and regulatory guidance on the question of whether the business of an offshore (re)insurer is deemed to be carried on "in the UK" and the position is ultimately one to be determined on the basis of all the relevant facts and circumstances.
What penalty is available for those who operate in your jurisdiction without appropriate permission?
It is a criminal offence to undertake a regulated activity in the UK without permission, punishable by up to two years imprisonment or a fine. An agreement entered into without permission is unenforceable by the unregulated firm against the other party. A policy entered into by an unauthorised insurer is void at common law, accordingly the insured would be entitled to recover premium paid and can recover compensation for any loss sustained as a result of entering into a contract with an unauthorised business. There are limited exceptions that allow the contract to be upheld where just and equitable to do so.
How rigorous is the supervisory and enforcement environment?
The PRA and the FCA have extensive statutory enforcement powers set out in FSMA. Where someone has breached the prohibition on carrying out a regulated activity without permission they may be imprisoned or fined. The sanction of withdrawal of authorisation is available to the Regulators where a business ceases to meet the threshold conditions (that is the minimum requirements both Regulators require for authorisation). The Regulators can also vary permissions, censure firms and individuals publicly for breaches of regulatory requirements and impose financial penalties, apply for an injunction where either regulator believes that a person or business will contravene a requirement of FSMA, seek a restitution order to recover assets received in contravention of a regulatory requirement and issue a prohibition order against an individual carrying on a regulated activity.
Both the PRA and FCA have investigatory powers. The PRA has the ability to outsource investigations to either the FCA or a third party expert ("skilled person").
All regulated businesses are under an ongoing obligation to inform the regulator of anything relating to the firm of which the regulator would reasonably expect notice.
How is the solvency of insurers (and reinsurers where relevant) supervised?
UK (re)insurers are subject to the European Solvency II regime (introduced on 1 January 2016). Solvency II is a forward-looking risk-based capital regime which was implemented across the EEA from 1 January 2016. Solvency II replaces the previous Solvency I regime (set out in various separate insurance and reinsurance directives) which required insurers to use a formula-based approach when calculating solvency requirements rather than assessing individual risks. Solvency II uses a market consistent approach to value insurers' assets and liabilities (i.e. the price at which a willing buyer would take them).
The regime applies to most insurers and reinsurers with head offices in the EEA. The Solvency II directive is a 'maximum harmonisation' directive aiming to implement a consistent regulatory framework across the EEA. The directive is supplemented with a Delegated Act – an EU Regulation which is directly applicable in each EEA state. The regime is also supported by Technical Standards which are directly applicable, and guidelines produced by the European Insurance and Occupational Pensions Authority (“EIOPA”) which apply to member states on a 'comply or explain' basis.
The Solvency II framework is broadly structured into three pillars: quantitative requirements (Pillar 1); qualitative requirements and supervisory review (Pillar 2); and transparency requirements (reporting and disclosure) (Pillar 3).
In the UK the PRA has responsibility for ensuring that firms comply with Solvency II.
What are the minimum capital requirements?
Solvency II introduced a risk-based capital regime, requiring insurers to assess the individual risks they are subject to on both sides of the balance sheet and hold sufficient capital against these risks.
There are two capital requirements under Solvency II: the minimum capital requirement (“MCR”) and the solvency capital requirement (“SCR”). SCR is the quantity of capital required to be held to protect against unexpected losses over the following year subject to a confidence level of 99.5%. MCR is set at a lower threshold - a confidence level of 85%. Insurers calculate their SCR using a standard formula, which is a standardised calculation set out in the Delegated Acts, or (subject to prior regulatory approval) a full or partial internal model which is tailored to the risk profile of the particular insurer.
Life Insurers may also seek regulatory approval to apply a 'matching adjustment' when calculating their liabilities which provides capital relief when holding certain long-term assets which match the cash flows of a designated portfolio of life or annuity insurance and reinsurance obligations.
Breach of SCR triggers regulatory intervention, designed to ensure SCR capital levels are restored, and breach of MCR can lead to an insurer losing its authorisation if the breach is not remedied within three months.
Is there a policyholder protection scheme in your jurisdiction?
The Financial Services Compensation Scheme (“FSCS”) protects policyholders (including consumers and small businesses) should an insurer become insolvent. Compensation is only available for financial loss. In the event of insolvency 100% of a claim is protected in respect of a compulsory insurance policy, professional indemnity insurance or life and long-term sickness policies. In all other cases, 90% of the claim is protected.
How are groups supervised if at all?
Under Solvency II groups are subject to supplementary supervision in addition to the solo supervision of individual insurance companies in order to protect policyholders against risks that might be present within a group but not necessarily apparent where only the individual insurance company is considered. The Solvency II Directive sets out the circumstances in which group supervision is triggered. Only one insurance entity within a corporate group need be headquartered in the UK (or elsewhere in the European Union) for group supervision to be applied.
Where a European headquartered Solvency II group is identified, it must hold eligible own funds equal to or in excess of a group SCR. Group own funds must be transferable and fungible across the group. The group capital requirement can be calculated using either a standard formula or an internal model (similar to individual entity capital requirements). The recognition of individual company own funds (in excess of any applicable solo capital requirement) at the group level depends on their availability and transferability between group entities. In addition, group-wide governance, reporting and intra-group transaction and risk concentration monitoring shall apply.
Where a group is headquartered outside the EU, Solvency II group supervision may still apply, either to a sub-group or to the worldwide group, depending, for example, on whether a finding of equivalence has been made in relation to relevant third country jurisdictions.
Do senior managers have to meet fit and proper requirements and/or be approved?
Senior managers of UK (re)insurers are subject to fitness and propriety requirements under the Senior Managers and Certification regime ("SMCR") as well as under the FCA's Conduct Rules.
The SMCR has applied to insurers from 10 December 2018, replacing the previous PRA Senior Insurance Managers regime ("SIMR") and FCA Approved Persons regime. The SMCR will be extended to apply to further firms including insurance intermediaries from 9 December 2019. Fundamentally this regime aims to increase the individual accountability of senior managers in regulated firms whilst also making firms in most cases, rather than regulators, primarily responsible for assessing and ensuring the fitness and propriety of individuals who carry out certain controlled functions.
Under the SMCR certain executive and non-executive roles are designated 'Senior Management Functions' ("SMFs"). Appointment of an individual to an SMF requires pre-approval from the relevant regulator. Before taking up any SMF an application must be made to the relevant regulator for approval. The PRA and/or FCA will seek to ensure that the individual is fit and proper for the role. They will consider the individual's honesty, integrity and reputation as well as their competence, capability and financial soundness.
In addition to the SMFs, certain other additional responsibilities prescribed by the FCA need to be allocated amongst the firm's senior managers ("SMs"). Each SM's individual responsibilities must be set out in a 'statement of responsibilities' which must be submitted to the regulators. Each SM so identified has a duty to take reasonable steps to avoid the firm breaching its relevant regulatory duties. A regulator may take individual action against an SM who fails to take such steps.
Firms are also required to prepare and maintain a 'responsibilities map' setting out the key roles in the firm, the people responsible for them and lines of accountability.
The certification regime requires insurers to identify individuals performing certain 'certification functions', which are functions which relate to a firm's regulated activities and involve or might involve a risk of significant harm to the firm or its customers. Firms must assess and certify each relevant individual's fitness and propriety to perform that role at least annually.
Firms must also ensure that employees comply with certain "Conduct Rules" issued by the FCA. There are two tiers of Conduct Rules: the first tier applies to all employees and directors of a firm involved in carrying out its regulated and unregulated financial services activities; the second tier applies to senior managers. Each firm has notification, training and record keeping obligations in connection with these Conduct Rules.
Are there restrictions on outsourcing parts of the business?
In accordance with Solvency II, where an insurer outsources part of its business it will remain fully responsible for discharging all of its obligations under law, regulation and administrative provisions. Specifically, insurers must not outsource any critical or important part of the business in such a way as might lead to any material impairment in the quality of the firm’s systems of governance, any increase in operational risks, impairment of the ability of the supervisory authorities to monitor compliance or undermining of continuous and satisfactory service to policyholders.
How are sales of insurance supervised or controlled?
The FCA is obliged, under FSMA, to advance certain strategic objectives, including protecting customers. It is with these objectives in mind that the FCA has set out both rules and guidance in relation to sales of insurance policies. The requirements primarily seek to balance information asymmetries between the insurer and the policyholder; particularly where the policyholder is a consumer.
In addition to the rules and guidance set out in its Handbook, the FCA also requires all regulated firms to meet certain principles for businesses. Principle 6 requires firms to pay due regard to the interests of customers and treat them fairly. In order to meet these requirements, the FCA expects firms to meet six Treating Customers Fairly (“TCF”) objectives. The six objectives seek to ensure that products and services are marketed fairly, meet the needs of customers, are sold with clear and comprehensible information, any advice received is suitable and that customers do not face any post sales barriers.
Are consumer policies subject to restrictions? If so briefly describe the range of protections offered to consumer policyholders
Consumer policies must meet the requirements of the Consumer Rights Act 2015 (“CRA 2015”). The CRA 2015 prohibits the use of unfair contract terms in consumer agreements and consumer notices (including announcements, promotions and renewal letters). A term will be unfair if, contrary to the requirement of good faith it causes a significant imbalance in the parties’ rights and obligations under the contract, to the detriment of the consumer. Core terms (i.e. terms that either relate to the main subject matter of the contract or to the price to be paid) cannot be assessed for fairness to the extent that they are sufficiently transparent and prominent. Importantly, in insurance contracts core terms will include exclusions and conditions. To ensure that the insurer is able to rely on such terms both policy conditions and exclusions must be transparent (which will require drafting in plain and intelligible language) and also prominent (so that the consumer is sufficiently aware of the term). Certain terms are likely to be unfair such as high cancellation charges, terms that allow the insurer to determine the characteristics or price after the contract has been entered into. Any term found to be unfair will not bind a consumer.
Are the courts adept at handling complex commercial claims?
The commercial court in the High Court of Justice has a long history of dealing with complex insurance claims; the experience and quality of the judiciary that will hear international insurance claims is unrivalled. The English judiciary are widely regarded as impartial and expert in commercial disputes – frequently dealing with international parties. The extensive guidance provided by judicial precedent provides parties with a degree of certainty as to the outcome of commercial disputes.
Is alternative dispute resolution well established in your jurisdictions?
London Market insurers are some of the greatest users of alternative dispute resolution.
The UK is a signatory of the New York Convention. The use of both arbitration and mediation is well established. In England and Wales, the relevant law governing arbitration is contained in the Arbitration Act 1996 and any arbitration must be conducted within the framework of this Act. There are limited opportunities to appeal the decision of an arbitral tribunal.
What are the primary challenges to new market entrants?
The UK has a long-established and therefore mature insurance market that covers all product lines in life, general insurance and reinsurance and it has an infrastructure and depth of professional expertise rivalling any other global insurance hub. However, the past few years have seen extensive market consolidation in the pursuit of growth in an environment where rates have been falling, especially in competitive commercial lines. The soft market has resulted in low premium income in many lines and the ongoing low interest rate environment has made the operating environment challenging for any new market entrants.
The political and commercial uncertainty introduced following the EU referendum has meant that new market entrants do not have the same degree of certainty in relation to the breadth of market they can operate in as was the case before the Brexit vote. Potential new entrants looking to benefit from access to European markets may now consider jurisdictions other than the UK until there is greater clarity about the outcome of the UK Government’s plans to leave the EU.
In addition to market challenges, the UK is a highly regulated market. The cost of compliance can pose a significant challenge to new entrants, particularly in the light of the highly sophisticated Solvency II supervisory regime. On a more positive side, there have been a large number of Insurtech developments which offer insurers access to new data sources and a new customer base and may present an appealing proposition for new capital providers.
To what extent is the market being challenged by digital innovation?
The London Market is expected to be transformed by digital innovation such as distributed ledger technology (“DLT). From the sharing of identical information across networks, to the cryptography-based protections built into the technology, DLT represents an exciting development in the fight against cybercrime for insurance industry stakeholders.
Similarly, the harnessing and use of Big Data (a term referring to the increasing amount of digital information being generated and the analytical technologies which are being developed to make sense of this data) will change underwriting as insurers will have far greater access to personal (or at least risk-specific) information than ever before. With more personalised information and with automated processes, for example automated claims handling, insurers are seeing an opportunity to offer customers new product lines with potential cost savings.
Adapting to new business models will require significant investment (whether in research and development or acquisitions) by existing market players and start-ups are attracting funding. New market entrants that design their business models around new technology and the use of digital information may be able to steal a march on their competitors. In an overcrowded market, many existing product lines are likely to struggle without adaptation to the new digitally-reliant environment.
Over the next five years what type of business do you see taking a market lead?
As discussed above, a major theme for the industry will be technology and further digital innovation. We expect to see significant investment in Insurtech as well as advances in the application of DLT and artificial intelligence to insurance business. Digital innovation will play a part at every stage of the customer journey and will allow insurers to both drive cost saving through innovation and use data and analytics to provide more personalised products.
Cyber risk continues to be an area of growth, fuelled by an increasing number of high-profile data breaches affecting both companies and governments. As customers become more aware of the significance of cyber security and the consequences of its failure, insurance products that can offer credible solutions are likely to show growth ahead of traditional product lines.
In recent years we have seen high levels of consolidation due to regulatory and market pressures in Europe. We expect to see some further consolidation although not necessarily at the same high levels. In preparation for Brexit we have seen some shifts of business from the UK to the EU27 and although most (re)insurers have their Brexit preparations now in place we may see further activity as the Brexit process unfolds or develops.
Buyers are likely to include investors from outside the traditional insurance markets, including private equity. For life businesses the quest for returns is likely to result in insurers investing in different asset classes such as infrastructure projects.
We also expect to see significant growth with respect to insurance-linked securities ("ILS"), with the UK and Singapore emerging as new centres for the market. In particular, work done by the UK regulator in establishing a UK ILS regime which is adaptable enough to compete with the capabilities of other jurisdictions but from within the UK's well regarded regulatory and tax regime will, we expect, lead to growth in this area.