The most fundamental ethical risk in insurance is conflicts of interest. It pervades decisions across underwriting, claims, marketing and counter fraud. And it is ever present because of how the product is designed and delivered. As a result, many insurers have a standalone conflict of interest policy. Yet while such policies are often long established, they are also in danger of becoming stale and ineffective. What then should you look out for, when assessing how effective your firm’s approach to COIs really is?
In round terms, a good COI policy should set out commitments, show people how to deliver on them, and explain how progress is managed. Underneath those three themes lies a host of key points, which I’ll outline below, as a series of questions.
Has the firm explain why managing conflicts of interest is important? And is this explanation linked with other corporate commitments, such as the firm’s purpose, values and strategic objectives? Does this explanation mention customers and overarching themes like trust?
Is it clear what exactly the firm means by a ‘conflict of interest’? Does this encompass each type of conflict of interest - actual, potential and perceived?
Who is making this commitment on behalf of the firm, and how senior a person are they? Are they someone who has an everyday presence within the firm?
Does the firm translate this commitment in relation to the responsibilities of managers, supervisors and team leaders? In other words, does it make clear that the commitment needs to be owned by everyone, not just the senior management team?
Does the commitment cover all aspects of the firm’s business? For example, does it encompass core functions and ancillary activities, outsourcing arrangements and joint ventures, and customer facing and back room operations?
Is the commitment illustrated with examples of conflicts of interest relevant to the business, and what the repercussions might be if they weren’t handled properly? Are those repercussions expressed in both reputational and financial terms?
Is there evidence that the firm is taking a risk based approach, using a clear and up-to-date assessment of conflict of interest risks?
Are there clear mitigation steps for each of the three types of conflict of interest – actual, potential and perceived? And are these steps active ones, rather than passive ones?
Are there clear prohibitions on certain types of conflict of interest? And are explanations given for these prohibitions?
Is there a clear approvals procedure for unavoidable conflicts of interest and does this show clearly who is responsible and how any escalations are to be handled?
Is it clear who has responsibility for ensuring the mitigation controls are being used?
What guidance is available to show people how to get started and make progress in handling a conflict of interest? Does this contain real life examples illustrating the practical steps to be taken?
Is it clear where someone can go for help or a second opinion, on how to manage a conflict of interest?
How is the management of conflicts of interest embedded within significant projects that the firm might be engaged in, such as digital projects or partnerships? And in particular, are conflict of interest risk assessments undertaken as changes are implemented and new ways of working introduced?
Is guidance or training in ethical dilemmas available, so that people facing a tricky conflict of interest can handle it more confidently?
Is management information compiled on conflicts of interest, with incidents, mitigation controls, approvals etc clearly logged and analysed? And how often is this reviewed?
Does the management information provide users with a risk based perspective?
Does the management information include some form of dependency analysis, to show any accumulations of conflicts of interest?
Is there an assessment of the gross/net gap risk, between controls that are in place and controls that are being used?
How diverse is the information from which the management information is being sourced? Does it include, for example, complaints, internal or external whistleblowing cases, or FOS cases?
Does the management information include any input from staff on how they think conflicts of interest are being handled? Is their opinion being sought in appraisals or staff surveys?
Is it clear when conflict of interest policies and procedures were last reviewed? And is it also clear how up-to-date the latest risk assessment is?
What evidence is there that those with responsibility for managing and approving conflicts of interest receive performance feedback, and their response then tracked?
Quite a lot to do then, some of you may be thinking. Yet as the sector’s number one ethical risk, these steps are worth taking. Recall too that both firms and senior managers now have a regulatory obligation to act in the best interests of clients, and managing conflicts of interest properly is the main way to control that accountability exposure. This compliance perspective can also be backed up with an ethical narrative, for the proper management of conflicts of interest is fundamental for an insurer to truly be customer centric.
What is missing from the above of course, is how 'good' or more can be judged. That requires a more one-to-one engagement, so feel free to get in touch.