The obligation on insurers to monitor Underwriting Agencies already exists (don’t wait for CPS 230)

APRA Media release Friday 1 November 2024

The Australian Prudential Regulation Authority (APRA) has applied an additional $10 million capital requirement to Pacific International Insurance Pty Limited (Pacific) following a review of its binder holder arrangements.?

The review identified fundamental deficiencies in Pacific’s oversight and control of its existing binder holder business and risk management framework.?These included weaknesses in accountability and adequacy of resourcing.

APRA acknowledges that Pacific has accepted the findings from the review and is committed to its remediation action plan. However, further effort is required to ensure the changes are executed and embedded successfully, and to verify their effectiveness in addressing APRA's concerns.???

APRA Member Suzanne Smith said that while the authority for underwriting can be outsourced the responsibility remains solely with the licensed insurer.?

“Outsourcing can help with solutions for hard-to-place risks or reduce operational costs for insurers, but it is crucial to understand that the overall risk stays with the insurer, as insurance risk and accountability are the reason why insurers hold licences in the first place.??

The obligation to monitor Underwriting Agencies already exists

The obligation on insurers to monitor their Underwriting Agencies may be in focus as insurers prepare to meet the new CPS 230 in July 2025 however, as evidenced by the APRA review of Pacific, the obligation already exists for general insurers (authorised under Section 12 of the Insurance Act) variously under CPS 220 (Risk Management), CPS 230 (Outsourcing), CPS 232 (Business Continuity Management), and CPS 234 (Information Security).

Lloyds underwriters also have obligations to monitor Lloyd's coverholders especially those providing insurance to Retail clients.

Insurers holding an AFS Licence also have obligations to monitor agencies & ensure the agencies staff are trained, competent & comply with the financial services laws.

In addition, insurers have obligations under the GI Code to monitor agencies who are Distributors &/or (claim) Service Suppliers.

Resourcing for monitoring

Insurers must have adequate resources to monitor. This includes people across the 3 lines of defence (business, risk & compliance function & internal audit) and technology.

An insurers risk management framework must provide a structure for identifying and managing each material risk to ensure the insurer is being prudently and soundly managed, having regard to the size, business mix and complexity of its operations

An insurers risk management function must be appropriate to the size, business mix and complexity of the insurer.

The Compliance function of an insurer must be adequately staffed by appropriately trained and competent persons who have sufficient authority to perform their role effectively, and have a reporting line independent from business lines.

A fit-for-purpose Monitoring Program

A fit-for-purpose Monitoring program includes the following components:

1. Conducting robust due diligence of an Underwriting Agency prior to appointment
2. Implementing an appropriate Binder agreement including obligations for managing financial service laws (on the agency) & data reporting to the insurer
3. Onboarding of the Agencies staff
4. Alignment to the insurers risk management framework and the agencies own risk management system (this is an obligation of the Agency under its own AFS licensee)
5. Ongoing financial service laws, GI Code and product training
6. Monitoring by the agency of their business operations including file reviews, call recording, attestations, control testing, 3 lines of defence activities, QA program and reviews conducted by the insurer.
7. Supervision by the agency of its staff including acting within delegated authority, standard operating procedures, processes, systems, team meetings, 1:1 meetings and hallway conversations
8. Incident and breach management
9. Complaints management
10. Data produced from the activities 5-9 above
11. Reporting
12. Annual review resulting in renewal or termination. If termination, an Exit Plan must be implemented.

Assistance and support for Insurers

I can provide the following compliance services for insurers:

• Compliance review of the insurers monitoring program and or of the insurers underwriting agencies; &
• develop fit-for-purpose Monitoring Programs for insurers to manage the risk from the use of material service providers

Assistance and support for Underwriting Agencies

I can provide the following compliance services for Underwriting Agencies:

• Compliance review of the adequacy of the agencies risk management system, compliance arrangements, & meeting insurer(s) binder agreement obligations;
• AFS Licensing (an Agency should hold their own ASF Licence rather than being appointed as an AR for a variety of reasons) ;
• Developing a risk & compliance framework including a fit-for-purpose Risk & Compliance Manual that protects the agency and insurer; &
• Compliance advice

To learn more about the compliance services I provide to insurers & Underwriting agencies click here