Brokers Ireland Compliance Update September 2020 Linda Doyle - - PowerPoint PPT Presentation

Brokers Ireland Compliance Update

September 2020

Linda Doyle

Items Covered

• GDPR and outsourcing
• Brexit
• Central Bank and Cyber Fraud
• Consumer Insurance Contracts Act 2019
• Covering PCF roles during COVID19
• Assessing Financial Soundness of Insurers – Role of

MGAs

GDPR and outsourcing

3

Article 24(1) Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Article 28(1) Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. Recital 81 When entrusting a processor with processing activities, the controller should only use processors providing sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of this Regulation, including for the security of processing. Article 28(3) Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller…

Data Protection considerations when outsourcing

4

What will the data processor being doing on your behalf? How much personal data will the data processor have access to? What personal data will the data processor have access to? Will it include sensitive personal data? Where is the data processor storing the data?

What due diligence is necessary?

5

Controllers are required to choose processors that provide sufficient guarantees that they will process personal data safely, securely and in accordance with applicable laws. This can be demonstrated by performing due diligence, and keeping a record of that due diligence. Controllers should also refresh their due diligence regularly during the course of the relationship.

Whose contract?

6

Article 28(3) Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the

• bligations and rights of the controller.

Its up to the Data Controller to ensure there is a written agreement between themselves and the data processor. But that does not mean the Data Controller has to write it. The contract must meet, at a minimum, requirements set out in Article 28(3) (a) to (h).

Where is the personal data going?

7

Data Controllers must find out where the personal data is being processed and stored. Are there other third parties involved in the processing, even partially? Who has access to the data? Is any of it sub-contracted? Is there a sub-contracting agreement in place? Is the personal data being transferred to outside of the EEA? i.e. to a third country?

• Is there an adequacy decision?
• Standard Contractual Clauses?

What happens if things go wrong?

8

Data security breaches can place a huge amount of stress on a controller's relationship with its data processor. Have clear expectations on both parties included in the agreement.

• Include a deadline for initial reporting of suspected breaches by the data processor to the

data controller.

• Include a plan for ongoing updates from the data processor to the data controller.
• Ensure as part of the plan resources will be set aside by the data processor to identify the

cause of the breach, and make plans to mitigate such a breach going forward.

What happens when the relationship ends?

9

Ending an outsourcing relationship can be more complex than simply providing a few months' notice in writing, and instructing the processor to return or delete personal data. Time may be needed to wind-down the services – to allow data controllers time to bring the services in-house or transfer to a new processor. Consider:

• The format for the return
• If the services will tail off over time
• An obligation on the provider to work with the controller
• The back-up practices of the provider.

Brexit

10

If there is a no-deal Brexit the UK’s transition period ends on 31 December 2020…

• Irish based MGAs/Wholesale Brokers that place business with UK providers
• UK Insurers
• UK Wholesale Brokers
• UK Based Markets withdrawing from the Irish Market
• UK Run-Off or Temporary Permissions Regime (TPR) and the Financial Service Contracts

Regime (FSCR). Your responsibility to ensure that all insurance undertakings or distributors, with which you engage, have or will have, the appropriate licensing/authorisations to underwrite/place EU risks for EU policyholders.

Central Bank, Cyber Fraud and Mandatory Reporting

11

Section 19 of the Criminal Justice Act 2011 imposes a requirement on organisations and individuals to report information relating to possible frauds which might either

• prevent the fraud being committed or
• secure the apprehension, prosecution or conviction of a person involved in fraudulent activity.

Any failure to comply with mandatory obligations uncovered in a subsequent regulatory investigation is likely to be viewed as an aggravating factor in the assessment of penalties. Section 19 also provides that a “person” (which includes a corporate body) is guilty of an offence if he or she withholds information which may be of material assistance in the prevention, apprehension, prosecution or conviction of any other person for certain prescribed “relevant

• ffences”.

Central Bank and Cyber Fraud

12

Members should consider reporting obligations under Section 19, not just their data protection or other regulatory obligations in response to incidences of cyber-crime. Includes knowledge of aiding, abetting, counselling or procuring the commission of a prescribed relevant offence, as well as conspiring to commit, or inciting the commission of an offence. A notification may be made to any member of An Garda Síochána. Maximum penalty that can be imposed is an unlimited fine and imprisonment for up to 5 years or both.

Consumer Insurance Contracts Act 2019

13

Signed into law on 26 December 2019 Commencement order signed on 1 September 2019 For information, see Summary and Guidance document which is on the Compliance Support section of our website, within section entitled Consumer Insurance Contracts Act.

Consumer Insurance Contracts Act 2019

14

The Act applies to life and general insurance contracts entered into and variations to such contracts, after the effective date(s) of the various provisions of the Act. Most provisions of Consumer Insurance Contracts Act 2019 are effective from 1 September 2020, with the exception of Section 8, 9, 12 and 14(1-5) which are effective from 1 September 2021. Section 18(4) postponed also, and will not come into effect from 1 September as originally planned. The Act will have a significant impact on all those who distribute insurance products, including brokers transacting both life and non-life business. The Act imposes duties on both the consumer and insurer post contract stage, as well as in respect of claims handling.

Consumer Insurance Contracts Act 2019

15

Section 7: Insurable Interest An insurer cannot reject a claim from a consumer just because the consumer does not have insurable interest in the subject-matter of the contract of insurance. A consumer will still be required to demonstrate loss in order to make a valid claim. The Act does acknowledge that a consumer may be required to have an interest in the subject matter of a contract of insurance where that insurance contract is a contract of indemnity, where the interest required does not extend beyond a factual expectation of the economic benefits or losses that would arise in the normal course of events.

Consumer Insurance Contracts Act 2019

16

Section 10(1): Provision of information relevant to contract of insurance Within a reasonable time after concluding a contract of insurance, the insurer shall, where such is relevant to the particular contract, provide the consumer on paper or another durable medium with the completed application or proposal form.

Consumer Insurance Contracts Act 2019

17

Section 11: Right to withdraw from contract of insurance by notice: cooling off period A consumer may cancel a contract of insurance, by giving notice in writing to the insurer, within 14 working days after the date the consumer was informed that the contract is

• concluded. This does not affect the notice periods already provided under European Union

(Insurance and Reinsurance) Regulations 2015 ( S.I. No. 485 of 2015 ) or the European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004 ( S.I. No. 853 of 2004 ) which is 30 days in respect of life policies, irrespective of whether the sale took place on a non-face to face basis, and 14 days in respect of general policies only on sales that took place on a non-face to face basis (distance sales). The giving of notice of cancellation by the policyholder will have the effect of releasing them from any further obligation arising from the contract of insurance. The insurer cannot impose any costs on the consumer other than the cost of the premium for the period of cover. This right to cancel does not apply where, in respect of life assurance the contract is for a duration of six months or less, or in respect of general insurance, the duration of the contract is less than one month.

Consumer Insurance Contracts Act 2019

18

Section 15: Post-contractual duties of consumer and insurer Duties that existed under the principle of utmost good faith (post contract) have been removed. The consumer is under a duty pay the premium within a reasonable time (or otherwise in accordance with the terms of the insurance contract). An insurer may refuse a claim where there is a change in the subject matter, including as described in the “alteration of risk” clause, where it has effectively changed the risk to one which the insurer has not agreed to cover. Any clause that refers to “material change” will be interpreted as meaning any change that will take the risk outside that which was within the reasonable contemplation of the insurer and consumer when the contract was concluded. Exclusions must be in writing prior to commencement of contract.

Consumer Insurance Contracts Act 2019

19

Section 16: Claims handling duties of consumer and Insurer Insureds must  Cooperate with insurers  Notify within a reasonable time of the event Insurers must  Handle the claim promptly and fairly  Notify the insured of a claim as soon as practicable, if the claim was not made by the insurer  Engage with the insured – give them the opportunity to provide relevant information and evidence which could have an impact on their decision  Inform insured of the amount for which a claim has been settled, or rejected and the reasons for same  Pay any sums due to the insured within a reasonable time, and  Not solely rely on late notification clause alone to deny indemnity unless prejudiced. Both insurers and insureds must disclose information that they become aware of.

Consumer Insurance Contracts Act 2019

20

Conclusion Fundamental changes introduced by the Act Impact on the industry Right balance struck between protection of consumer and additional costs to insurers?

Consumer Insurance Contracts Act 2019

21

What brokers need to do…

• 1. MGAs
• 2. Terms of Business Agreements with clients
• 3. Procedures and Quote letter templates
• 4. Data Protection Privacy Notices
• 5. Staff Training

Updated Summary and Guidance document August 2020 specifically covering sections effective from 1 September 2020

Consumer Insurance Contracts Act 2019

22

Terms of Business Agreements with clients From 1 September, before a contract of insurance is entered into, consumers need to be advised of certain information :- a) New business and renewal b) Post-contract stage As you are the broker acting as advisor to the consumer you have a responsibility to advise consumers of their duties, and rights. Brokers Ireland’s Terms of Business Agreement Template is being updated.

Consumer Insurance Contracts Act 2019

23

New Business and Renewal

• If you have taken out a life insurance contract, you may cancel the contract by giving notice in writing us

within 30 days after the date you were informed the contract was concluded. And/Or If you have taken out a general insurance contract, and we have not met face to face, you may cancel the contract by giving notice in writing to us within 14 days after the date you were informed the contract was

• concluded. And/Or

If you have taken out a general insurance contract, and we have met face to face during the process, you may cancel the contract by giving notice in writing to us within 14 working days after the date you were informed the contract was concluded.

• The giving of notice of cancellation by you will have the effect of releasing you from any further obligation

arising from the contract of insurance. The insurer cannot impose any costs on you other than the cost of the premium for the period of cover.

• This right to cancel does not apply where, in respect of life insurance the contract is for a duration of six

months or less, or in respect of general insurance, the duration of the contract is less than one month.

• The insurer cannot impose any costs other than the cost of the premium for the period of cover.

Consumer Insurance Contracts Act 2019

24

New Business and Renewal And post contract, you are under a duty to pay your premium within a reasonable time, or in accordance with the terms of the contract of insurance. A court of competent jurisdiction can reduce the pay-out to you where you are in breach of your duties under the Act, in proportion to the breach involved.

Consumer Insurance Contracts Act 2019

25

Post Contract Stage and Claims Property Claim If, in respect of the insurance contract the insurer is not obliged to pay the full claim settlement amount until any repair, replacement or reinstatement work has been completed and specified documents for the work have been furnished to the insurer, the claim settlement deferment amount cannot exceed i. 5% of the claim settlement amount where the claim settlement amount is less than €40,000, or ii. 10% of the claim settlement amount where the claim settlement amount is more than €40,000.

Consumer Insurance Contracts Act 2019

26

Post Contract Stage and Claims (continued) An insurer may refuse a claim made by you under a contract of insurance where there is a change in the subject matter of the contract, including as described in an “alteration of risk” clause, and the circumstances have so changed that it has effectively changed the risk to one which the insurer has not agreed to cover. Any clause in a contract of insurance that refers to a “material change” will be interpreted as being a change that takes the risk outside what was in the reasonable contemplation of the both you and the insurer when the contract was concluded. You must cooperate with the insurer in an investigation of insured events including responding to reasonable requests for information in an honest and reasonably careful manner. You must notify the insurer of a claim within a reasonable time, or otherwise in accordance with the terms of the contract of insurance.

Consumer Insurance Contracts Act 2019

27

Post Contract Stage and Claims (continued) Both parties have duty to disclose information after a claim has been made (whether it supports or prejudices the claim). Making false or misleading claim, the insurer is entitled to refuse to pay and to terminate the contract. The insurer will notify the consumer, where they become aware that a fraudulent claim has been made. They may void the contract. Treat it as being terminated form date of submission

• f the claim. Under no obligation to return any of the premiums paid under the contract.

Consumer Insurance Contracts Act 2019

28

Data Protection – Privacy Notice and Section 21(3) of the Act: Right of third party to claim against insurer

Where a person is insured under a contract of insurance against a liability that may be incurred by that insured person to a third party, where either of the following applies: 1. the insured person has died, or cannot be found, or is insolvent, or 2. for any other reason it appears to a court to be just and equitable to so order, the rights of the insured person will be transferred to and vest in the third party. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where they believe they have suffered a loss they will be entitled to seek and obtain information from the insurer

• r from any other person who is able to provide it concerning:
• the existence of the insurance contract,
• who the insurer is,
• the terms of the contract, and
• whether the insurer has informed the insured person that the insurer intends to refuse liability under

the contract.

Consumer Insurance Contracts Act 2019

29

Data Protection – Privacy Notice and Section 21(3) of the Act: Right of third party to claim against insurer

Example Wording “If you hold insurance against a liability that may be incurred by you against a third party, where for whatever reason you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vest in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that the policyholder has incurred a liability the third party will be entitled to seek and obtain information from the insurer or us [your broker] concerning:

• the existence of the insurance contract,
• who the insurer is,
• the terms of the contract, and
• whether the insurer has informed the insured person that the insurer intends to refuse liability under

the contract.”

Consumer Insurance Contracts Act 2019

30

Procedures and quote letter templates

• Consumers need to be advised of their duties under the Act. This will mostly be set out in

your Terms of Business document. However you must bring this to the attention of your client and inform them they must read it.

• Review your procedures.
• Quote letter templates
• Retain evidence.

Consumer Insurance Contracts Act 2019

31

• 4. Training
• Staff will need to be made aware of the changes resulting from the Act and trained

accordingly.

• Insurers should be providing assistance and guidance in this regard.

Covering PCF roles during COVID19

32

If a PCF role holder is unable to perform their role due to illness or if a firm cannot fill a permanent PCF role vacancy due to COVID-19, the firm can seek to have another suitable individual perform that role for a limited period. This requires prior agreement

• f the Central Bank.
• Identify suitable individual to perform the PCF
• Contact the Central Bank and state that you want to make a temporary appointment
• No individual questionnaire to be completed
• If Central Bank agrees to the request, they will issue a letter regarding the

appointment

• Keep situation under review and inform the Central Bank of any changes.

Assessing Financial Soundness – Role of MGA

33

On 22 April – Newsletter issued to members on what the Central Bank expected from brokers in respect of assessing financial soundness of insurers. Covering:  Role of the broker  Role of the MGA  Template checklist. MGAs are the entities that are bringing non-domestic insurers into the market. Brokers relying on MGAs to conduct sound due diligence. Such due diligence must be conducted regularly. Any issue that affects the financial soundness of insurer must be advised to brokers immediately by the MGA.

Compliance Update

34

Any Questions? Email compliance@brokersireland.ie