In the past few years, governments, and businesses all over the world have been preoccupied with the Covid-19 pandemic and its aftermath, which likely put a number of regulatory/legal changes on hold.
As these new regulations now start to come into effect, the re/insurance industry will slowly start to see what their impact will be and the ripples they will have in the following years, especially regarding cyber risk, Environmental, Social, and Governance (ESG), and fraud, MGA Spring Insure’s Senior Underwriter Bethany Thomas commented in a recent interview with Reinsurance News.
“There are a number of regulatory updates or legal developments that had perhaps been put on hold because of the pandemic. I think these changes, the effect they will have on policyholders, and how re/insurance companies react to those changes, are going to be a big theme over the next few years or so,” said Thomas.
“Regulatory changes have started to flow through in the last year, and more will come across 2023 and beyond. For example, the Financial Conduct Authority (FCA) introduced their new Appointed Representatives (AR) regime in December 2023 and the UK government rolled out mandatory TCFD (for financial disclosures for climate related risks) in April 2022, starting with some of the largest companies and financial institutions initially.”
“The FCA are also doing a review, with the Treasury, of the existing senior managers and certification regime (SMCR). We also have the Economic Crime and Corporate Transparency Bill currently going through Parliament with a recent, significant amendment making it a corporate offence to fail to prevent fraud.”
“It feels like there are a lot of developments in play at the moment, and the re/insurance industry naturally has to be quite reactive to those changes. Ultimately, when claims start coming in, that is when we are going to really understand what the exposure is.
“What the market has to do now is to be aware of those changes, plan and much as possible, and wait to see what starts rocking the boat,” she noted.
According to Thomas, ESG, cyber risk and fraud are three main areas the re/insurance industry should keep an eye on, as she believes they will be highly relevant as new legislation and regulation come in.
“ESG is at the top of everyone’s agenda at the moment, and it is interesting to see how the UK and Europe seem to have been leading the way regarding putting new reporting requirements in place. Historically, it’s been more common for the US to sets the trends in the insurance space, and the UK follows,” Thomas commented.
Adding: “So, it will be interesting to see how things play out in terms of TCFD reporting requirements. Are companies meeting those requirements? What will the claims be regarding directors failing to meet those requirements? Will the requirements be cascaded down to smaller firms over time, and when?”
“Perhaps there’ll be disputes between shareholders and directors as to what their ESG targets are, whether these are too stringent or not far-reaching enough, and if they are meeting them at all?”
She continued: “Also, with the proposed amendment to the Economic Crime Bill regarding the failure to prevent fraud, I think that could have big ramifications for Directors’ & Officers’ (D&O) insurance, for example. If the Bill passes with this amendment, it’s very possible that companies and/or individual directors could be held to account if it’s found that they have failed to prevent fraud in their business.”
Regarding cyber risk, Thomas pointed out that one of the main issues to look out for would be how it interplays with other risks because of the new legislations.
Thomas said: “With cyber risk, it’s still relatively new and emerging in insurance terms, but it will be interesting to see how it interplays with Professional Indemnity (PI) risk and D&O risk.”
“For example, it could already be argued that failure to put adequate systems in place is deemed to fall within the definition of a ‘wrongful act’. So, with the possible, new ‘failure to prevent fraud’ offence, this could have an interesting effect on the duty of directors to prevent cybercrime particularly.
“Once various regulatory and legal changes are implemented,” she said, “the first claims might only start to come through two or three years later, but it may be longer still until large or monumental claims are reported on publicly.
“The industry does not know exactly what the effect of all these legal and regulatory changes will be, especially with many coming at once… At the moment everything has to be speculative. So, the industry has to be aware of the changes, think about what the implications could be, and be as ready as possible to react.
“It is an interesting landscape at the moment; there is and there will be a lot of shifting in the future. In the meantime, it will be interesting to see what the market does to respond,” Thomas concluded.
