The Principal is responsible for all its ARs’ regulatory compliance, and keeping good control over their activities is the only way to ensure this. This theoretical idea of control as the backbone of running a mortgage and/or general insurance (MGI) network is set out in practice as specific responsibilities and functions in the Systems and Controls (SYSC) and Supervision (SUP) sections of the FSA handbook.
As a way in to the subject, the first points to note are those that are contained in the FSA’s recent factsheet on ‘Controlling Appointed Representatives’ that was published in December 2005. The factsheet was produced following FSA visits to 15 networks that carry out a mix of investment, mortgage and general insurance business and it highlights three main areas of concern. These are: failure to adopt a sufficiently risk-based approach to AR controls; insufficient diligence and rigour in the process of enrolling ARs; and the need to improve both compliance documentation and the assessment of whether this documentation is compliant.
The key message in the factsheet is the establishment of a more risk-based approach – as the other two points are also fundamentally about risks to the business and its customers. Networks are warned that they must consider how many supervisory staff they really need to control their ARs properly, including making provision for any projected growth. Networks that use remotely monitored computer systems for supervision, training and competence, must be able to demonstrate they are taking steps to identify and monitor ARs who could be posing a potential risk.
AR enrolment
Looking at the need to use a more risk-based approach for the enrolment of ARs, networks need to apply the fit and proper test for approved persons as set out in the FIT section of the FSA Handbook, within its High Level Standards. The AR’s business should also be looked at from the point of view of financial soundness, being generally well-run and of good repute. Formal AR contracts that comply with the FSA’s required contract terms should be in place so that consumers are protected if any AR leaves the network and responsibility for the AR’s customers passes to the Principal. The third issue, of assessing and generating proper compliance documentation, hinges on adequate collection of management information and the use of that information to identify, measure, manage and control risks.
Elements of control
Standing back from these three facets of AR control that the FSA has identified as needing improvement, the overall elements of control that a network needs to cover will include the following. First, the network must identify an appropriate sales process that meets the regulatory requirements (to include fact-finding, IDDs, KFIs, provision of information on what mortgage and GI products are available, sourcing of the mortgage and GI products, checklists, suitability letters, etc).
Next, the network must have effective systems in place to allow intermediaries to follow that process. These systems must take into consideration the FSA’s Principles such as skill and care; management control; market conduct; customers’ interests; communications with customers; and the relationship of trust with customers. The network’s control system should also be able to do quality checks, ensuring that – at the very least – the products that have been recommended meet the requirements and circumstances of the customer, which would be recorded in the factfind. In short, a control system should not only ensure that each sale follows a compliant process that is in line with the principle of ‘Treating Customers Fairly’ (TCF), but it must also generate compliant and comprehensive documentation to prove it.
Regarding the ARs themselves, the network controls should include a centralised system that stores the intermediaries details; such as previous employment, examinations achieved and a record of all the cases they have been involved in. This should include a record of every case checked together with an audit trail of any action needed to be taken or any other monitoring activity. The network should also identify higher-risk situations and prove they have investigated these. For instance, they may want to investigate all cases where the customer is employed but is self-certifying their income. These cases should be looked at before they go to completion so the system needs to pick these up at the earliest possible stage. The network also needs to check and maintain the competence of their ARs through training and competence control systems. Finally, the network must have a complaints process in place and their ARs must follow the process that is laid down.
Documentation
A key message from the FSA’s Controlling ARs factsheet is that networks must assess how much documentation they need to prove compliance, and then actually produce it. So, one of the major questions that a network has to face is how they set up a system that adequately ensures TCF and is also following a risk-based approach. The answer to this lies on a sliding scale between fully manual and fully automated, with various mixes of manual with IT solutions in between. As the FSA factsheet points out – each network must assess its own risk factors and adopt an appropriate approach to its control systems and documentation. Again, on a sliding scale between ‘reactive’ and ‘proactive’, a fully manual system would tend to be at the reactive end whereas a fully automated system would be far more proactive. From the comments in the factsheet, it seems likely that a computer-based approach combined with supplementary manual checking would provide the best of both worlds.
The reason why manual audits and file checks are ‘reactive’ is that they can only be carried out after the advice and sales process has taken place and so they do not pick up any areas of risk in time to minimise the actual risk to the customer. They can, of course, track any ARs that seem to be showing evidence of greater levels of risk, but purely manual systems are subject to delays, mistakes and misinterpretation of isolated data. The FSA’s factsheet picks up on this point and warns that: ‘Many firms are assessing the compliance of their ARs individually, treating errors and omissions as isolated incidents. There is a risk that they may fail to identify emerging risks, whether relating to a particular AR or across all or part of the network.’
In order to keep up a consistently high level of monitoring to achieve what the FSA wants to see, those networks who are using reactive manual systems would have to employ a high ratio of supervisory staff to ARs to provide enough data collection and analytical resource. In this situation, the cost of manual supervision is likely soon to exceed the cost of investing in an IT solution that can provide a proactive approach to controlling ARs and, at the same time, can produce the necessary management information at the touch of a button.
Only a fully-integrated technology solution for compliant MGI advice and sales can provide the proper level of compliance support and control that is necessary in the prevailing regulatory climate. It should guide users through the entire advice and sales process, prompting and producing all the necessary records and documentation that the FSA expects to see. At the same time it should cover the training and competence and the supervision elements, and generate high quality management information for the network to make proper risk assessment and decisions. Some parts of the AR control system are available as off-the-shelf programmes. However, compliance technology packages that only provide parts of the necessary advice and sales process could leave users with gaps in records and documentation – even if the correct procedure had been followed. Currently, Home Buyer is the only system that combines all the elements in one package.
Attraction
Finally, on the subject of AR incentives, what is there to attract a firm towards the AR option? In opting for either AR or directly authorised status, the choice lies between retaining independence and sourcing all the compliance (either in-house or outsourced), or coming under the regulatory control of a network and paying a membership fee for the Principal to provide all the compliance. One obvious incentive to take the AR option is that the AR can leave regulatory compliance to the network and can spend the majority of the working day in generating mortgage business.
Often, if the network is also a packager, then its ARs can benefit from access to exclusive products, fast service via branded arrangements, and case-tracking facilities (if these are in place). In addition, a well-run network that can demonstrate high levels of risk management is not only likely to satisfy the FSA but it may also be able to negotiate substantial reductions in PI premiums that can be passed on as a cash saving to its ARs.
Bill Warren is director of the Complete Network
Richard Angliss is director of Home Buyer Systems Limited
