ICS are regularly contacted by clients who have run into an unexpected issue they are not sure how to deal with. In one recent instance, a Lloyd’s coverholder got in touch requesting urgent assistance with its latest annual coverholder audit; the client was uncertain how to respond to several of the questions in the coverholder audit and turned to ICS for help.
The questions causing the client the most anxiety this time round included data protection and its provisions for protecting against financial crime. The client was rightly concerned about the correct way to answer the questions posed by the audit documents.
We were quickly able to guide them through the process and help ensure, not only that the firm had all its regulatory ducks in a row, but that it was able to evidence this in the way most likely to satisfy Lloyd’s.
Following an initial discussion, the client was able to provide us with details of its current approach across a range of relevant areas including data protection and financial crime. Working from this as a starting point, we were able to clarify, in each area, exactly what the audit was asking for – and to then work with the client to ensure they could provide the information the coverholder audit was looking for.
One of the gaps we identified from the client’s documentation was the lack of a granular policy on subject access requests (SARs). Drawing on our combined London market and regulatory compliance expertise, we were able to create both internal and external SAR policies that met current audit expectations.
This is one of several areas in which a rising compliance bar has caught many insurance firms off guard. Previously, firms were only being asked to prove that their staff were aware of and understood what the rules required of them. Now, there is a much stronger emphasis on evidencing that firms have the policies, procedures, and appropriate metrics in place to ensure that this knowledge is put into practice.
One of the ways we were able to help the client meet this requirement was by adding things like its compliance manual and policies and procedures to the ICS online learning and development platform that its staff already use to study and record CPD hours. Having staff also use the system to ensure familiarity with the relevant compliance requirements has an added benefit in that it automatically creates a record not only that they have reviewed the material, but also of how long they have spent doing so. This makes it easy to ensure that all staff are fully aware of what’s required – and to evidence this subsequently.
Another issue for insurance firms is that Lloyd’s and the FCA tend to have somewhat different requirements. Firms who’ve experienced the greater level of detail and granularity typically requested by Lloyd’s are increasingly adapting their approach to compliance issues – and the whole culture of their organisations – to bring them in line with this ‘gold-plated’ approach. It’s a safe bet that this is where the market will be moving in any case, before long.
The client was hugely appreciative of everything ICS had done – both in overcoming the initial urgent challenge, and in bringing the firm’s processes, and procedures into line with current compliance expectations. ICS staff working with the client enjoyed being able to utilise their knowledge of regulatory requirements and got tremendous job satisfaction in the process.