Module Application
Are the governance structures and risk management systems of your insurance organisation robust enough to operate within the UK's highly regulated financial services market?
Does your insurance organisation's business strategy, capital funding, and solvency levels, align with the PRA’s standards and expectations?
Is your insurance organisation's oversight of senior managers, including their qualifications, competencies, and behaviours, enough to meet the criteria of the Senior Managers Regime (SMR)?
Are your insurance organisation's operational procedures, customer engagement methodologies, and insurance product offerings sufficient to provide consistent positive customer outcomes?
Is your insurance organisation providing the PRA with the correct notifications in a timely manner? Are your systems and procedures for public disclosure enough to meet the minimum requirements set by regulators?
Is your insurance organisation equipped to transition smoothly from the Solvency II regime to the "Solvency UK" framework by the end of 2024?
Module Scope
Under the Financial Services and Markets Act 2000 (FSMA), the insurance sector in the United Kingdom is regulated by designated national authorities. There are two primary regulators:
● The Financial Conduct Authority (FCA), which regulates over 60,000 organisations that provide any financial service
● The Prudential Regulation Authority (PRA), which regulates banks, insurance, and investment organisations
These regulatory authorities have broad powers under FSMA to create stringent rules and standards for organisations wishing to provide financial services in the UK market to safeguard customers and the public. Due their significance in the wider economy, insurance organisations are dual-regulated, meaning that both the FCA and the PRA play active roles in regulation of the sector, and as such, insurance organisations must comply with various rules stipulated by both regulators.
This module addresses all areas of PRA and FCA regulation that apply to insurance organisations wishing to operate in the UK. Content provided falls roughly into the areas of authorisation, regulation, and customer relations. Specific rules for long-term insurance and general insurance are also provided in this module. Insurance organisations should adhere to the guidance provided in this module for satisfactory compliance with the rules that govern the insurance industry.
The module separates its guidance into the following core obligations:
1. Authorisation - Pathway
The PRA has a streamlined pre-application pathway for any organisation seeking to provide insurance services. While most organisations seeking authorisation will fall under the Solvency II regime, each will differ in the application pathway. Included are:
● Organisations that do not reach the threshold for becoming a Solvency II organisation
● Organisations seeking to become an Insurance Special Purpose Vehicles (ISPV)
● Organisations wishing to transact specialty insurance under Lloyd’s of London
This core obligations sets of guidance that ensures an organisation seeking authorisation follows the appropriate pathway for their needs.
2. Procedures for Authorisation
This core obligation sets out an overview of the procedures within the application pathway for insurance organisations to become authorised.
It is crucial that the steps in each stage of the application pathway be met, from pre-application meetings, to the payment of fees. Therefore, the following considerations be undertaken prior to starting the application process:
● Designate a competent team for engaging with the PRA throughout the application process
● Initiate pre-application meetings with the PRA, provide a comprehensive business plan, promptly address any feedback
● Develop an action plan to address business plan gaps and ensure the business plan meets Threshold Conditions
● Engage legal experts, set project timelines, recruit, and train the necessary staff
● Implement robust governance and risk management structures
● Be proactive in monitoring application progress and manage administrative matters such as fee requirements, timely payments and record keeping
3. Requirements for Authorisation
Guidance is given for each component of the authorisation application in this core obligation. Greater detail is provided for how organisations seeking authorisation should comply with requirements from the Regulatory Business Plan (RBP) to how to comply with the FCA's Consumer Duty.
To ensure full compliance of the authorisation pathway, an organisation should:
● Assign a senior manager to supervise the authorisation application
● Conduct financial stress tests, define a capital strategy aligned with business plans, document investment and funding details
● Design an effective governance framework
● Identify key business services, create incident response playbooks, and regularly test resilience capabilities
● Have policies which prioritise customer needs with great emphasis on positive customer outcomes
● Maintain consistent communication and engagement with regulatory authorities throughout the application process
4. Authorisation - Senior Managers
Senior managers wield significant control on an authorised organisation and consist of the most senior executive management and directors within an organisation. Therefore, the PRA and FCA
have in place the Senior Managers Regime (SMR) to increase individual accountability and standards of behaviour. An authorised organisation must ensure that senior managers performing senior management functions (SMF) are fit and proper.
Determination is made by the PRA whether a person meets the minimum requirements to act in the capacity as a senior manager. An authorised organisation should follow the guidance set out in this core obligation:
● Establish a procedure to assess fitness and propriety before application
● Appoint a senior compliance manager to supervise the SMR approval process
● Set up mechanisms to inform regulators of alterations concerning approved SMFs
● Carry out yearly evaluations of approved individuals and communicate any concerns about senior managers’ fitness and propriety to regulators
5. General Regulation
Once an organisation is authorised by the PRA to conduct insurance activities, it will become subject to the rules set out in the PRA rulebook (as well as the FCA handbook when it comes to customer relationships). There are several universal compliance requirements for any authorised organisation by the PRA including:
● PRA threshold conditions
● PRA Fundamental Rules
● Cross-cutting rules and policies
● Policyholder protection
An authorised organisation that wishes to engage insurance activity must continually comply with these obligations.
Some steps it should take are:
● Forming a compliance team dedicated to upholding all threshold conditions, including legal status and effective supervision
● Develop a governance framework in line with the PRA's eight fundamental rules
● Initiate a consistent review mechanism to ensure compliance with PRA's overarching rules and policies throughout the organisation
● Contribute to the Financial Services Compensation Scheme
6. Solvency II Regulation
In addition to complying with the universal compliance requirements set out by the PRA, an organisation post-authorisation engaged in insurance activities also has Solvency II specific compliance obligations. Some areas covered include:
● Capital requirements
● Liquidity and funding
● Operational resilience
● Accounting and audit functions
● Risk management and control framework
● Outsourcing
● Reporting to the PRA and public disclosure obligations
● Groups, ISPVs and third country branches
Some steps the organisation should take to comply with Solvency II specific regulations are:
● Regularly perform an ORSA, ensure high-quality capital is held, and establish stress testing frameworks
● Set up effective policies and procedures to manage Solvency II requirements
This core obligation only applies to organisations that fall under the remit of the Solvency II regime. Additionally, organisations should be aware of the upcoming transition from the Solvency II regime to the “Solvency UK” framework by the end of 2024.
7. Regulation - Specific Events
Should changes in an authorised organisation occur, the PRA mandates that it be informed about specific events that might affect an organisation's authorised status. These events include when an organisation intends to start or stop certain regulated activities, experiences a change in control, undergoes significant changes in senior staff, or when it can no longer comply with specific PRA Rulebook guidelines.
An organisation should have in place procedures that trigger whenever specific events necessitate notification to the PRA.
8. Customer Relations
Although an insurance organisation primarily deals with the PRA, the FCA takes the lead when it comes to maintaining positive customer relations and outcomes. The FCA Consumer Duty (CD) applies to all insurance organisations and intermediaries operating in the UK and Gibraltar when selling insurance products to customers, covering both consumers and commercial policyholders, with specific exceptions for reinsurance, large-risk commercial policyholders, and non-UK policyholders.
CD rules require that an organisation offer products that are suitable, transparent, and not misleading to customers. An organisation must therefore ensure that all policies not only align with regulatory objectives but seek to put the interests of policyholders above profit.
9. Conduct of business standards (Long-term insurance)
The Conduct of Business Rules (COBS) encompass elements specific to both the investment and long-term insurance sectors. These rules are there to facilitate good customer outcomes. Topics covered in this core obligation include:
● Requirement for acting honestly, fairly, and professionally
● Customer communications
● Providing information to clients
● Product information
● The right to cancel
● Handling claims
10. Conduct of business standards (General insurance)
Insurance Conduct of Business Rules (ICOBS) are tailored to address the nuances and particularities of the general insurance sector. These rules are there to facilitate good customer outcomes. Topics covered in this core obligation include:
● Requirement for acting honestly, fairly, and professionally
● Customer communications
● Providing information to clients
● Product information
● The right to cancel
● Handling claims