Home Finance Between a Rock and a Hard Place: Balancing Compliance with UK Regulatory Requirements and Protecting Your Insurance Cover

Between a Rock and a Hard Place: Balancing Compliance with UK Regulatory Requirements and Protecting Your Insurance Cover

by internationalbanker

By Tom Webley and Mark Pring, Partners, Reed Smith





On a day-to-day basis, it is obviously important for regulated firms to understand the scope of their regulatory obligations and put systems and processes in place to comply with them. However, even the most prudent firms (and individual directors) may end up being subject to enforcement action or other scrutiny by regulatory bodies.

The good news is that some of the costs incurred in dealing with and defending against these actions might be recoverable under the firms’ insurance policies. But it is vital for firms to consider whether taking steps to appease regulators might take them outside the scope of their available insurance covers, leaving them exposed to unrecoverable costs. (For directors, such a risk may still be mitigated by available corporate indemnities or similar protections.)

Regulatory pressures

The traditional approach of many regulated firms has been to strike a balance between taking steps to ensure that they comply with their regulatory obligations and dealing with and/or defending against enforcement actions if and when they arise.

However, the FCA (Financial Conduct Authority) has clarified that this is not how it expects regulated firms to behave going forward. Last month, in her first speech in the role of joint executive director of enforcement and market oversight at the FCA, Therese Chambers emphasised that her expectation was for firms to “do the right thing” even when “nobody is watching” and to take proactive remedial steps when things go wrong.

Concerning enforcement action, in circumstances in which inflation is still high and interest rates are rising, the FCA will likely pay a lot of attention to how firms treat vulnerable customers struggling with debt during the cost-of-living crisis.

This is likely to play into the stated desire of the FCA that firms “do the right thing” to protect such customers. But what does “the right thing” mean in practice? Is it just reformulating the existing obligation to “treat customers fairly”? It is a fairly nebulous phrase, making it difficult to answer these questions precisely. Nonetheless, in her speech, Ms. Chambers did give some examples to demonstrate the sort of conduct that the FCA expects. These included instances in which firms had done more than was technically required of them, taken responsibility for “harm [they] did not cause” and cooperated “beyond what was expected of [them]”.

So, strict compliance with regulatory obligations, a growing trend in recent years that has formalised into the official approach, may no longer be sufficient. Firms are now expected to go above and beyond that, identifying issues proactively and resolving them voluntarily, even if that means providing greater redress than that for which the firm was liable. This is naturally laudable.

However, would insurers recognise this as laudable if firms subsequently tried to recoup any “losses” flowing from a voluntaryapproach to customer redress? Would insurance cover still be triggered during circumstances in which firms paid out money—not because of actual requirements but because they wanted to persuade their regulators that they were “doing the right thing”?

Potential risks to insurance cover?

Clearly, insurers’ responses to any proactive steps taken by insureds to comply with the FCA’s (and other regulators’) current philosophy will partly depend on the effects of the relevant policy language.

However, additional factors may come into play in the current economic climate. Many insurers, including those underwriting the type of “liability” risks for which regulated firms (and their directors and officers) seek protection, have suffered increased exposures to a range of claims. Consequently, premiums remain under pressure, and the scope of coverage has been restricted (perhaps the most high-profile example is the tightening of cyber-liability coverage, particularly by the Lloyd’s of London marketplace). Some insurers have even pulled out of certain markets, such as professional indemnity and directors’ and officers’ liability policies.

Further, while many insurers have recognised since the 2008 crash that regulators expect their insureds to resolve customer or investor complaints in as commercial and proactive a way as possible, they have required equally proactive “cooperation” from those same insureds under the terms of their policies. 

For some time, one particular area of sensitivity concerning the tension between regulatory and insurer requirements has been the scope of “mitigation costs” coverage under such policies.

In Ace European Group and others v Standard Life Assurance Ltd, the Court of Appeal held that the mitigation-costs “extension” clause under the relevant professional indemnity policy covered all the costs incurred by Standard Life in precluding potential claims from investors in a particular pension fund by making a “corrective” payment of more than £100 million. No distinction was made between those customers identified as potentially having been “misled” by certain marketing information relating to the fund and other customers (who thereby received a “windfall”).

The Court ruled:

“Any payments of loss, costs or expenses reasonably and necessarily incurred by the Assured in taking action to avoid a third party claim or to reduce a third party claim (or to avoid or reduce a third party claim which may arise from a fact, circumstance or event) of a type which would have been covered under this Policy (notwithstanding any Deductible amount)”.

The Court held that, on an objective assessment of the evidence, Standard Life had established that its costs were “reasonably and necessarily incurred” per the terms of the clause. The Court also posited that in the absence of express language in the clause, the insurers’ submission that Standard Life had other (equal) motivations in making the payment (brand management and regulatory concerns in particular) did not impact its entitlement to coverage. Further, although some investors received windfalls since the corrective payment made to the fund was “indivisible” and the clause did not require the discharge of a liability to an identified claimant, the Court held that the payment was recoverable under the policy.

The insurance market inevitably responded to this, tightening the scope of mitigation-costs provisions. Notably, policies have been amended to clarify that the mitigation-costs clause does not bite when a claim (as opposed to a “circumstance” that may lead to a claim) has been notified. That is the role of the primary insuring clause. Insurers have also dealt with the Standard Lifescenario by expressly providing that if a claim had been made by the potential claimant(s), the insured would have had a legal liability to each potential claimant. Additionally, insurers have provided, as a condition precedent to covering mitigation costs (and professional fees), that the insured seek insurer consent before incurring such costs and fees.

While all of this might encourage cooperation and “partnership”, we again live in a difficult claims environment for insurers. In our recent experience of “redress schemes” required of regulated firms (including following a “Section 166 Review” arising out of the Financial Services and Markets Act, or FSMA), insurers are likely to set very high standards, particularly in terms of evidence of potential liability, before agreeing to any indemnity, whether under mitigation-costs provisions or primary insuring clauses. As always, insureds should read the fine print. They remain between a rock and a hard place: They must do all they can to cooperate with their insurers and cajole them into actively participating in the regulatory processes in which the insureds find themselves embroiled.


Related Articles

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.