Skip to main content

Clifford Chance

Clifford Chance

Governance failings – takeaways from MS Amlin fine

Governance failings – takeaways from MS Amlin fine

Summary

The £9.7 million fine imposed on MS Amlin Underwriting Limited (MSAUL) by the PRA should prompt Lloyd's managing agents and insurers to review their risk management and governance systems and consider their approach to regulator engagement.

There are some specific circumstances related to the fine, which focused on underwriting governance and oversight at a time when MSAUL had experienced significant growth and diversification into new classes of business and new markets, together with a reorganisation of its business units, significant changes to the board and management teams and a group restructuring. The firm's systemic deficiencies were compounded by failures to promptly remediate known issues despite the firm's own internal assessments and the PRA's warnings. The Final Notice cited the firm's "overly complex and confusing" prevailing decision-making process which, in the PRA's view, obscured the board's ability to understand fully the nature of the business being underwritten on its behalf by business units operated by the group.

Key Takeaways and Practical Suggestions

Risk culture

Even though MSAUL had a number of systems and processes in place, including a 'three lines of defence' model, there were deficiencies in implementing risk management strategies and systems, which diminished their effectiveness. The fine, notwithstanding its specific circumstances, should encourage firms to review the functioning of their risk management processes. Firms should embed a strong and effective risk culture throughout the organisation, supported by adequate governance and oversight, and avoid overly complex organisational structures that blur lines of accountability and the delineation of responsibility.

Delegation

Lack of clarity over accountability and responsibility is a sign of weakness in governance systems and controls. The delegation of functions needs to be carefully managed and done in a way that allows the board to have adequate oversight and the ability to challenge and influence delegated decisions in critical areas. Challenge is a key role of non-executive directors and a lack of adequate challenge will affect a board's effectiveness. In the case of MSAUL, the PRA took the view that "inexperienced" board members created additional risk, as did changes driven by the wider group, to the board receiving appropriate management information from entity to business-unit reporting, impacting the ability to spot negative trends in performance.

Group dynamics

In this case, delegation of underwriting decisions to business units and outsourcing of operational and support services to group functions was a significant concern for the PRA given the materiality of the firm to the group. Governance within groups is a potential source of tension for directors, who owe their fiduciary and other duties to the firm, not solely to its shareholders, and also have regulatory duties, including to consider the interests of policyholders. It is also a source of concern for regulators, who acknowledge the existence of group dynamics (as illustrated by the SMF 7 group entity senior management function), but still require individual firms to have sufficient power, oversight and freedom to act in the interests of the firm and its customers.

Firms may be asked to demonstrate to the FCA and/or PRA that the board has sufficient discretion in how to apply and respond to proposals from group functions. An example would be through keeping records of the use of communication lines and forums that give the firm genuine visibility over group strategies and the opportunity for upward feedback and documenting challenge by the board.

Board effectiveness

The PRA highlighted that the nature/scale of underwriting losses in 2017 came as a surprise to the board. The regulator expects the board to prioritise and allocate sufficient time to issues of critical importance and complexity and ensure that meeting agendas and materials are updated and reordered as necessary to ensure sufficient time and prominence is given to key matters for the firm.

Inexperienced board members should be provided with adequate on-boarding and on-going training opportunities.

Management information

Management information should be meaningful and well-targeted and of an appropriate quality to inform discussions and form a reliable basis for decision-making. Board packs should not be overly long and unfocussed; this could be achieved by including KPIs and shorter summaries of the key information in a cover sheet, with signposting and clear document cross-referencing.

Individual board members and management must be aware of the parameters of their roles and there must be appropriate separation of responsibilities to avoid gaps and overlap. Regular check-ins and clear formal and informal communication lines between different functions help to ensure that each level understands what the others are/aren't covering.

The PRA pointed out that it communicates its expectations through policy and supervisory statements and other communications which firms are expected to be mindful of. Firms should engage directly with these materials and determine whether they are meeting the expectations set out in those materials – if shortcomings are identified and fundamental changes required, firms can expect more frequent and targeted warnings which, if not dealt with in a timely and effective manner, may lead to investigations and ultimately enforcement action such as public censure, a fine and/or complete prohibition.

Conclusions

Key areas for boards and compliance/risk management to consider:

  • Clarity of reporting lines
  • Quality of board packs and supporting materials
  • Relationships with the wider group and clarity on the role of the regulated board in a group context
  • Monitoring of the significant amount of regulator communications and implementation of recommendations
  • Identification and rectification of systemic failures
  • Share on Twitter
  • Share on LinkedIn
  • Share via email
Back to top