Press Office Feature : The TCF Audit
|Posted:||07 Jul 2015|
Terms like proportionality, principle-, outcome-, and risk-based have made the role and function of the compliance officer more complex and challenging than ever before.
Whilst the methodology of compliance management remains unchanged, the scope to which it is applied has broadened substantially.
As such, compliance officers need to apply the ‘methodology of identifying, assessing, mitigating and reporting’ to the various aspects of market conduct risks so as to provide the risk and board committee with assurance on the adequacy and effectiveness of the controls they have in place to mitigate these risks.
With that said, the monitoring of compliance with the various outcomes of treating customers fairly (TCF), ethics and business integrity risks (commonly referred to as fraud), require not only competence, but technical skill. And this requires the compliance officer to understand the ins and outs of a company’s business operations.
When conducting an audit at a particular financial services provider, the compliance officer needs to formulate the questions he needs to ask in such a way that an in-depth understanding of the company’s policies and procedures and its impact on the end-user (customer), is gained.
In my view, the compliance officer is also responsible for helping companies better understand the link that exists between TCF and the roles and responsibilities of entities within the distribution value chain whilst taking the Regulator’s requirements into account when determining the risks that an organisation faces.
Questions the compliance officer could include in the audit scope
When it comes to TCF, ethics and business integrity, the compliance officer can include the following in the audit scope:
Research (product and service design):
Here the criteria used to determine the sophistication level of customers as well as the manner in which you define the average customer, and the differentiation of customers per product type, should be taken into account.
One would also need to assess how the sophistication level of customers has impacted wording and processes, and how frequently the company reassesses customer sophistication levels.
As far as market segmentation is concerned, the percentage of the following aspects would need to be taken into consideration:
Products and services:
The range of products offered, and whether or not the company maintains a product register, and risk-rate products based on customer sophistication and expectations, complexity and adequacy, should be considered.
One would also need to determine how frequently the company assesses their wording for simplicity and a full understanding of their product and service offerings.
Whether or not queries, rejections and complaints inform a company’s service offering or product development (and changes thereto) should also be taken into account.
Marketing and advertising:
Questions to ask, include:
Customer communication and disclosures:
Distribution value chain (service providers and outsourced business partners):
Here the compliance officer would typically have to determine which of the companies’ partners provide services within the value chain, and what exactly it is that these entities do.
The compliance officer would also have to determine:
Other questions that need to be asked are:
Distribution channel (broker, direct marketer, application form):
What the company does to determine if the chosen distribution channel suits the market segment or not, as well as what exactly it is that the queries, rejections and complaints the company receives tells them about the distribution channel they use, are all aspects to consider during the distribution channel auditing process.
Whether a company provides training on products, services and target markets or not, and if they provide feedback on the root cause undertaken in relation to queries, rejections and complaints to determine appropriate remedial action or not, are all questions to ask.
Should an underwriting management agency (UMA) be used, the compliance officer would also need to know if the UMA monitors complaints with brokers directly or not.
Claims and complaints handling:
Aspects the compliance officer would have to consider include whether or not a root cause analysis on complaints inform policy changes, and what a company’s complaints are telling them about the customer’s understanding of the policy wording, service providers, sales and complaints handling processes.
Ethical behaviour and practices:
Here one would have to determine:
Other aspects that would need to be considered include:
Overall, it is important to note that the impact of non-compliance with TCF, ethics and business integrity from an outcomes, risk and principle based perspective cannot be assessed in isolation.
Context should be established with regards to the nature, scale and complexity of the particular organisation’s business model, its chosen distribution channel, products and services offerings as well as customer base.
Book size, loss ratios, profitability as well as complaints and rejections statistics in itself do not provide a full picture of the risk and compliance culture within an organisation.
One complaint based on materiality, seriousness and the reputation risk it poses could necessitate a root cause analysis to be undertaken, resulting in a decision to implement certain mitigating controls and remedial actions.
Similarly, where potential customer detriment is identified through a single complaint, an organisation should consider the impact it could have on comparable customers who have not complained with the view to consider how best to address and rectify the issue where appropriate.
In light of the above, it is clear that the undertaking of a due diligence or compliance audit is no longer a case of asking a set of questions, verifying the answers thereto (by way of either sampling or a document collation), and determining the residual risk based on the adequacy and effectiveness of the business controls that are in place to mitigate the incidental risk.
An answer to a particular question from a functional point of view may potentially result in a multitude of other questions that need to be asked.
The lens, therefore, through which compliance officers now look at a particular business and the functions it performs is now three dimensional, as opposed to the (mostly) one dimensional application of the compliance methodology previously used.
Cornea Matthee is Group Compliance and Risk Officer, Centriq Insurance
|There are no comments at this stage. Be the first to comment!|
|Please Login To Comment On an Article - Click here To Login|
Car Insurance Quotes
Household Insurance Quotes
Business Insurance Quotes
Funeral Insurance Quotes
Life Insurance Quotes
Read the InsuranceQuotes Blog