On 24th March, the FCA published a webpage containing operational resilience insights for insurance firms.  This follows the FCA's 29 March 2021 shared policy statement with the Bank of England and the PRA on requirements to strengthen operational resilience in the financial services sector.  The FCA's new rules and guidance will come into force on 31 March 2022.

In order to form a view of firms' readiness for the new rules, the FCA requested information on a voluntary basis from a sample of 47 firms to assess how they had responded to the final operational resilience rules and guidance. This included insurers and intermediaries from the wholesale, retail and life insurance sectors.  From this, the FCA has published its observations and it encourages firms in scope of the new rules to consider them identify actions they may need to take. 

Key observations

Examples of good practice

Some firms demonstrated a clear understanding of the new rules, including firms that:

  • identified all the important business services expected for the firms’ business model;
  • considered possible harms at each point of the customer journey;
  • provided considered examples of the types of harm a consumer may experience, differentiated by product type, customer profile and distribution method;
  • provided carefully calibrated tolerances with accompanying rationales and possible alternatives;
  • correctly identified that no intolerable harm arose from their services being unavailable as similar products were available and easy to substitute;
  • considered the expectations to consider the impact on the financial stability of the UK economy and the safety and soundness of policyholder protection.

Areas for improvement

The FCA also noted areas that required further improvement, including firms that:

  • did not demonstrate an understanding of the FCA and PRA guidelines or had not yet applied them fully to their operational resilience programmes;
  • did not identify important business services that would reasonably be expected for the firm's business model or included internal or irrelevant businesses services;
  • identified important business service areas inconsistently between internal departments without rationale or justification;
  • did not consider consumer harm from being unable to purchase, amend or renew products;
  • applied unsuitable answers to services underpinning both corporate and commercial products without consideration of the end user;
  • did not meaningfully consider the impact of unavailable important business services on vulnerable customers;
  • appropriately identified high levels of consumer harm due to an unavailable important business service but set impact tolerances that seemed comparatively lenient;
  • provided broad or generic answers that had been applied across all identified important business services or impact tolerances;
  • copy-pasted the impact tolerances relating to intolerable customer harm for those relating to financial stability, safety and soundness and policyholder protection without appropriate rationale;
  • selected extremely short or extremely long impact tolerances;
  • misunderstood our definition of internal services or included internal services among the list of important business services.

The FCA's observations will be relevant to both Solvency II firms and insurance intermediaries which are enhanced scope SM&CR firms, and will also be of interest more broadly to other firms in the sector.