Month: August 2020

FCA on Business Interruption Insurance

FCA Tests the Water on Business Interruption Insurance

A test case brought by the FCA, seeks to clarify wording used in business interruption insurance. If successful, it could have profound implications on almost 400,000 policy holders.

The FCA is bringing the case in order to end uncertainty around how pandemic related business interruption claims should be treated by insurers, and how any resultant losses should be assessed. As part of this, they will be examining the fine print of more than 40 insurers including Hiscox, Royal Sun Alliance, QBE and Ecclesiastical (the largest insurer for churches).

The case centres on a number of key areas of dispute including:

  • Denial of access: Many business interruption policies cover against losses incurred from being denied access to premises. This will have been a serious issue for many businesses which were forced to close during the height of the pandemic. Some also cover losses incurred because premises have been closed by public authorities, due to an emergency which endangers human life.
  • Losses: In a successful claim, losses will need to be assessed against what the business would have earned if the interruption had not occurred. In this case, the uncertainty surrounds whether this includes what the business would have earned had there been no pandemic, or what it would have earned had it stayed open during the pandemic. If it’s the latter, many businesses, such as pubs, will see relatively little benefit as the pandemic would have reduced business to near zero even if they had been able to stay open.
  • Notifiable disease: A number of policies will provide businesses with cover if there has been a notifiable disease at or near their business, within a specific radius.

Business interruption insurance has been top of the regulator’s agenda during the pandemic. According to a report from McKinsey, 60% of small and medium sized businesses feel their insurers were not transparent over how COVID-19 would affect their policies.

Many who had business interruption cover will have assumed they’d have had some protection from their insurers only to discover that diseases such as COVID-19 are specifically excluded.

Confidence and trust in the sector has fallen with a third of businesses saying they will stop buying business interruption cover altogether.

It’s a difficult balancing act for the insurance sector. On the one hand, insurers were keen from the outset to make it clear that they would not be on the hook for any business interruption pay outs.

A spokesperson for Ecclesiastical said:

“Our business interruption policies were not designed to provide cover for pandemics and have specific exclusions against infectious diseases like Covid-19 within them.”

Even before the lockdown, the industry was making its stance clear. The Association of British Insurers asserted at the time that:

“Irrespective of whether or not the Government orders the closure of a business, the vast majority of firms won’t have purchased cover that will enable them to claim on their insurance to compensate for their business being closed down by the coronavirus.”

However, insurers are also keen to avoid severe reputational damage as a result of the pandemic. Ecclesiastical says it has provided some measures of support including enhanced cover and an automatic extension in cover for 30 days beyond renewal to prevent customers becoming unintentionally uninsured.

The argument boils down to definitions. While the FCA accuses insurers of ‘cherry picking’, they accuse the regulator of blurring the lines between distinct items.

Jonathan Gaisman QC, acting for Hiscox, said:

“We need to be aware that when the FCA invokes what the parties must have meant, the intention or at least the effect of that phrase is often to camouflage those points in its argument where there is nothing but their assertion.”

Court proceedings are now under way with a decision expected in September. The decision will be watched closely by businesses and the insurance sector alike.

ICO Reports on First Sandbox Projects

ICO Reports on First Sandbox Projects

The ICO has released the first two reports from its regulatory sandbox about innovation in data protection. Launched in September last year, the scheme trialed a number of innovations which sought to use personal data to deliver a variety of new services, while still maintaining data protection requirements.

Many of the projects have been delayed because of COVID-19, but these first projects include a ground breaking study in biometrics at Heathrow and a further education not-for-profit company, JISC. Both can shed light on the potential of data and the challenges involved in maintaining privacy.

Heathrow’s biometric passports

Heathrow’s experiment relied on using biometrics such as facial recognition to automate the passenger journey and ensure people can move through check-in, baggage drop, and onto the aircraft without having to constantly stop in order to show their passports.
Their study had to confront two important data issues. The first was who controlled the data. Heathrow would be considered a joint data controller for the activities and so would have to ensure complete security and transparency about what data it had.

Under GDPR rules it would also struggle to achieve compliance through the argument of a legal obligation, and so would have to seek explicit passenger consent for using the data throughout the passenger journey. This can be difficult to achieve in a system which is intended to minimimse interruption to the passenger’s journey throughout the process.

Both Heathrow and the ICO agreed that affirmative action completed by the passenger would not be a compliant means of shorting an express statement of explicit consent.

In the light of the trial then, Heathrow has decided to postpone its plans until it can come up with a GDPR compliant process for automating passenger journeys.

Student well-being

The JISC project meanwhile, aimed to protect student well-being while showing how the data about their activities could be used to improve the services on offer.

It faced issues around data protection as well as purpose compatibility. It would have to assess whether the data they intended to use would be fit for the original purposes for which it was collected.

Thanks to COVID-19 related delays, one aspect of the project could not be met, a report into the mental health analytics which both sides agreed would take place outside of the sandbox process.

Universities using data would have to demonstrate compliance through the accountability principle of GDPR which would include identifying the lawful basis for using the data and providing adequate notification notices to all students including those under the age of 18.

According to the report, both sides agreed that universities would rely on Article 6 of GDPR in which is covered public tasks or legitimate interests for the processing of certain categories of personal data.

Data potential

Both projects demonstrate the opportunities and risks associated with data. Much has been written about the use of facial recognition and data, in general, to streamline the process of fighting your way through the airport. As anyone who has endured a tough route through check-in would agree, anything that can make this easier will be welcome.

But systems have always run into the issue of data identification and consent, and this appears to be something Heathrow is yet to crack. GDPR sets the bar extremely high in achieving explicit consent as well as maintaining the necessary transparency and reassurance about how data will be used, and how and when it should be deleted.

By ironing out these issues and collaborating between regulators and innovators, sandbox initiatives such as this will be crucial in blending the potential of data with its regulatory obligations.

What is going on at the SFO?

What’s Going on at the SFO?

The Serious Fraud Office is reviewing its operations after a high-profile embarrassment in court. So what’s going on and can the biggest fraud regulator be fixed?

“Like a teenager who has found a new friend.” That’s how Judge Martin Beddoe described Lisa Osofsky, director of the SFO, as behaving in a high profile international bribery case. It’s the latest in a long line of negative headlines for the regulator which has seen some start to question its existence.

So, what went wrong and can anything be salvaged?

The latest case relates to the regulator’s prosecution of executives from Unaoil for offering bribes to secure lucrative contracts. The defence tried to get the case thrown out over Osofsky’s communications with David Tinsley, a former FBI agent and now private investigator working for the defence.

In a series of what were described as ‘flattering’ texts between the two sides, Tinsley appeared to be attempting to sweet talk Osofsky into going easy on his clients. She in return appeared to be trying to steer him towards persuading his clients to plead guilty.

It worked. Tinsley is said to have approached his clients behind the backs of their legal team claiming that they may receive a more lenient sentence if they agreed to plead guilty. The defence argued that these communications made it impossible for their clients to receive a fair trial.

Judge Beddoe dismissed the claim but upheld the criticism of senior figures within the SFO. The regulator has announced it will now undertake a review to see what learnings might come.

However, this is not the first time in recent memory that the SFO has been caught short. The last few years have been marked by high profile failures and long drawn out cases. There was the acquittal of former Barclays executives accused of conspiracy to commit fraud; there was the failed prosecution of former employees of Sarclad and Guralp Systems with the company reaching a deferred prosecution agreement; and the collapse of the Tesco fraud trial.

Such high profile failures prompted Compliance Week to suggest companies accused of fraud might decide to take their chances at trial rather than take the safer DPA option.

The SFO’s reputation has taken a pounding and prompts renewed calls for a fundamental overhaul of the organisation. Some have been calling for the regulator to be merged with the National Crime Agency.

Osofsky has been vocal in opposing such a move, but this latest episode doesn’t do her credibility any favours. Either way, the recently announced review needs to be much more than a box-ticking exercise. With experts warning of an increased risk of fraud in the fall out from COVID 19 the UK needs an anti-fraud regulator which is at the top of its game.

COVID-19: Opportunity Knocks for RegTech

COVID-19: Opportunity Knocks for RegTech

Every cloud has a silver lining. When COVID-19 hit, banks faced an enormous logistical challenge of shifting towards a secure, and efficient work from home environment. However, after the initial pain, they are now seeing the benefits as the pandemic helps accelerate the move towards digital.

Even before COVID-19 and all the chaos that came with it, digitisation represented the future. However, progress was slow. Even those organisations that accepted the need to evolve to keep up, were slow on the uptake. Old practices remained. Teams either failed to see the urgency or were suspicious of new technologies. COVID-19 meant that, like it or not, many had to make the leap and any concerns over security had to be resolved.

The effects have been rapid. Online banking has boomed as customers are shut out of branches. Even those who might have been reluctant before the pandemic found they had little option during it. Equally, teams have embraced remote working with video conferencing and online document editing becoming the norm.

In both cases those who had been reluctant adopters are realising the benefits. Employees who would previously have preferred to print and manage documents by hand are finding out how easy it is to quickly edit and send them online. Firms report relatively few home printers being used which not only reduces paper waste but without so many documents to potentially go missing, it improves security.

Across the board, people involved in digital transformation feel as if a dam has been broken. RegTech had already been growing… Investment doubled between 2017 and 2018 and projections foresaw rapid growth over the next five years. As with other areas of technology, progress was always stymied by a lack of urgency, fear of the new and legacy infrastructure.

Coronavirus has, in various ways, helped to dispel each of these. The most important is trust. In order to work effectively, RegTech firms have to convince banks to allow them to work with their most sensitive data. This carries significant procurement and compliance risk, but with increased use of technology and the sharing of data, it is helping banks to become more comfortable with the concept and to hone their due diligence.

At the same time, with financial and manpower issues becoming critical, the cost and resource savings from automated RegTech solutions also starts to become more appealing. As such, COVID-19 represents a moment of opportunity for the RegTech sector and many companies appear to be grasping this with both hands. Some have been offering open access throughout this pandemic, while others have been cooperating to improve the value they can offer their clients. Waymark Tech has been one of those providers offering free access to COVID-19 regulatory updates.

The result creates enormous opportunity for everyone. Banks have been forced to take the leap, while the specific nature of life during and after COVID-19 has increased the need for automation and technology. Going forward, technology will become even more important in maintaining the know-your-customer provisions, anti money laundering and fraud prevention.

Powered by WordPress & Theme by Anders Norén