Final Notice
FINAL NOTICE
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Financial Conduct Authority (“the
Authority”) hereby publishes a statement, pursuant to section 205 of the Financial
Services and Markets Act 2000 (“the Act”), that Alsford Page & Gems Limited
(“APG”) contravened regulatory requirements.
1.2.
The serious failings in this case warrant a substantial financial penalty. APG has
provided verifiable evidence that payment of such a penalty would have caused
the firm serious financial hardship. Had it not been for this, the Authority would
have imposed a financial penalty of £670,600 on APG.
1.3.
APG agreed to resolve these matters. As part of the resolution, APG has agreed
to make a payment of restitution of £399,902 to be distributed to affected
customers. This amount represents the brokerage fees APG made selling
extended warranty insurance products. Given APG is not in a position to make
this payment, APG’s current ultimate parent, PSC Insurance Group Limited, has
voluntarily agreed to fund it.
1.4.
The mechanism by which APG’s payment of restitution will be made is summarised
in Annex C to this Notice.
1.5.
The public censure will be issued on 20 April 2021 and will take the form of this
Final Notice, which will be published on the Authority’s website.
2.
SUMMARY OF REASONS
2.1.
APG diversified its business in 2013 into selling extended warranty insurance
products to retail customers via six appointed representatives (“ARs”). This was
a departure from its core business and expertise. APG did not sufficiently consider
or address the additional conduct risks associated with its new business or
customer base. The systems and controls put in place for its new business were
wholly inadequate and APG’s oversight of the ARs was limited and ineffective.
2.2.
The consequence of this was that APG had no assurance that its customers were
being treated fairly or being sold products they understood and which met their
needs. It also meant that APG had no effective controls in place to identify and
protect vulnerable customers who may have needed additional care and
protection in their interaction with sales agents.
2.3.
Between 1 February 2013 and 21 March 2016 (“the Relevant Period”), in its role
as principal to six ARs, APG breached Principle 3 (management and control) and
Principle 6 (customers’ interests) of the Authority’s Principles for Businesses (“the
2.4.
The Authority notes that APG’s current senior management were not in place
during the Relevant Period and were not involved in the extended warranty
insurance business at APG.
2.5.
It is essential that a principal firm has in place robust controls and oversight over
its ARs. A principal is responsible for how its ARs interact with customers.
Inadequate controls and a lack of risk-based oversight can lead to an increased
3
risk of poor customer outcomes. Where principals have appropriate monitoring
and adequate resources to perform this oversight, it is more likely they will
identify issues at their ARs which could lead to customers being treated unfairly
and ensure that, if there are, these issues are properly remediated and any
unfairness remedied. This was not the case with APG.
2.6.
During the Relevant Period, APG failed to take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems in relation to its ARs. This was for the following reasons:
1. it did not properly assess the adequacy of its resources prior to entering
into the extended warranty business to determine whether it had the skill
and capacity to effectively monitor the ARs;
2. the monitoring programme in place for the ARs was inadequate and
ineffective. It was in no way risk based and was not tailored for each AR.
Instead, a ‘one size fits all’ approach was taken across the AR network.
The programme overwhelmingly relied on the ARs monitoring themselves
with little input or challenge from APG, meaning that APG was unaware if
customers were treated fairly;
3. good quality management information (“MI”) was essential for adequate
oversight of the ARs. APG failed to properly consider conduct risk in the
reporting requirements it placed on its ARs. APG also failed to use the MI
that was generated to assess whether its customers were treated fairly
and to ensure conduct risk was appropriately identified and managed; and
4. there was a lack of oversight and challenge from APG’s second line of
defence (whose job it should have been to ensure sales agents complied
with required processes and regulatory rules and requirements) and there
was no proper third line of defence (i.e. an independent function
responsible for assessing risks across the AR business and providing
challenge to the second line of defence and to sales agents). Where there
was challenge from the second line, this was ineffective and did not result
in any change to the level and capability of the oversight of the ARs or to
the ARs’ performance.
2.7.
During the Relevant Period, APG failed to pay due regard to the interests of its
customers and to treat them fairly. APG did not sufficiently consider the
information needs of its customers and ensure that they were given timely,
appropriate and clear information about the policies sold by the ARs. APG’s
customers may have suffered detriment as a result of not being in a position to
make informed decisions to purchase cover or through purchasing cover which
met their needs. This was for the following reasons:
1. the call scripts that APG mandated its ARs use and the requirements for
using them were not of sufficient quality to ensure that sales calls were
clear, fair and not misleading;
2. important information about policies was not always provided or not
provided in good time. This included:
a) failure to confirm customers were eligible for the policy;
b) failure to communicate product benefits and exclusions;
c) failure to obtain customer consent to proceed on a limited
information basis;
d) payment details being taken before necessary disclosure was
communicated; and
e) failure to communicate all available payment options.
3. there was also a lack of adherence to the call scripts by the ARs. This was
not identified or corrected as a result of ineffective call monitoring by the
ARs and a complete lack of effective call monitoring and oversight by APG;
4. APG failed to ensure that its ARs adopted fair sales practices, resulting in
some customers purchasing insurance policies which they did not fully
understand, or could not afford, or did not need; and
5. APG failed to ensure that its ARs identified and acted appropriately upon
signals of potential vulnerability in customers, resulting in there being an
increased risk of mis-selling insurance policies to vulnerable customers.
2.8.
The Authority considers APG’s failings to be serious because the breaches caused
a significant risk of customer detriment.
2.9.
The Authority has therefore imposed a censure on APG as a result of its
contraventions of Principles 3 and 6. Had APG not agreed to pay restitution, the
Authority would have imposed a requirement on APG to do so using its powers
pursuant to section 384 of the Act.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“the Act” means the Financial Services and Markets Act 2000;
“APG” means Alsford Page & Gems Limited;
“AR” means appointed representative;
“the Authority” means the Financial Conduct Authority;
“Board” means the Board of Directors of APG;
“ICOBS” means the Authority’s Insurance Conduct of Business Sourcebook, within
the Authority’s Handbook;
“MI” means management information;
“Skilled Person” means the third-party appointed to produce the Skilled Person’s
Report;
“the Skilled Person’s Report” means the report produced by the Skilled Person (as
further explained at paragraph 4.31 to 4.36) pursuant to the Skilled Person’s
appointment under section 166 of the Act;
“Principal” means an authorised firm which permits its AR(s) to carry on regulated
activities under its Part 4A permission, given by the Authority under Part 4A of
the Act, to carry on certain regulated activities;
“the Principles” means the Authority’s Principles for Businesses, within the
Authority’s Handbook;
“the Relevant Period” means 1 February 2013 to 21 March 2016;
“TCF” means treating customers fairly;
“Thematic Review” means the Thematic Review report published on 22 July 2016
by the Authority, titled Principals and their appointed representatives in the
general insurance sector; and
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber).
4.
FACTS AND MATTERS
4.1.
APG’s core business is wholesale and reinsurance broking within the Lloyd’s of
London insurance market. This is a specialised field. APG advises on and arranges
insurance for insurers looking to offset their risks or to find cover for other
intermediaries. As part of this business, APG does not sell products to the general
public or deal directly with the party ultimately insured. Instead, its clients are
sophisticated counterparties with a detailed understanding of the insurance
market and applicable regulations. Accordingly, the risk of client detriment due to
a product not being suitable or the client not understanding it is very low.
4.2.
APG decided to diversify away from its core business and expanded into a new
area of selling and administering extended warranty insurance directly to retail
customers through a network of six ARs.
4.3.
This new area of business presented a very different risk profile to APG’s core
business as it meant that APG was responsible for the fair treatment of retail
personal lines customers. This meant providing insurance cover to individuals
against loss resulting from property, in this instance items such as household
appliances, satellite and television equipment. Prospective customers for the
extended warranty business were less financially sophisticated than the
professional clients APG usually dealt with. As a result, there was an increased
risk when dealing with these customers than was present in APG’s core business.
7
There was a greater responsibility on APG to ensure that the products sold met
customers’ needs and that customers understood what they were purchasing.
Principal/AR relationship
4.4.
During the Relevant Period, APG acted as principal to six ARs. Agreements with
the ARs were entered into between April 2013 and September 2014, before the
ARs started selling extended warranty insurance to the public.
4.5.
As the principal firm, APG was responsible for overseeing the ARs and was
accountable for what the ARs did. In its agreements with each of the ARs, APG
specified the type of business that the ARs were permitted to carry out and its
expectations of them. Although the ARs were the point of contact for customers
on a day-to-day basis, APG was ultimately responsible for how its AR network
interacted with those customers and their fair treatment. In the AR relationships,
it was APG as principal that was authorised and regulated by the Authority and
not the ARs. Where the ARs were conducting activities that were regulated by the
Authority, they were doing so on behalf of APG.
The extended warranty business
4.6.
The products sold by APG through the ARs were extended warranty policies which
provided cover in addition to a manufacturer’s or retailer’s warranties in respect
of household items such as TV and satellite equipment. During the Relevant
Period, the product range increased to include home emergency cover, boiler
breakdown and kitchen appliance cover.
4.7.
The AR business model operated by APG was predominantly to generate sales
through ARs cold-calling members of the public to offer extended warranty
products. Customers were either new to APG (i.e. they did not hold policies with
them) or were renewals (i.e. where they already held a warranty with APG). For
new business, individuals were contacted using call lists acquired by the ARs. The
extended warranty policies were also sold via mail application forms and internet
sales.
4.8.
The ARs were the point of contact with customers and were responsible for
arranging payment to APG, issuing the policies and dealing with claims.
Risks associated with the extended warranty business
4.9.
The move into retail personal lines business by APG carried a different type of risk
exposure for APG as it would be responsible for sales of insurance directly to
members of the public. The target market included vulnerable and elderly
customers as it focused on people who were at home during the day. This
customer base had a different level of financial capability to APG’s existing
customers and greater consideration of customer ability to access and understand
information about products was required. There was a risk of detriment through
customers: (i) not understanding the coverage provided and the exclusions built
into the policies; (ii) not being given enough information to make an informed
decision to purchase; and (iii) not being given appropriate information. There was
also a risk that potentially vulnerable customers would not be identified and
treated fairly through appropriate adjustments to the sales process.
4.10.
Although acknowledging that the new business posed a different risk level to its
core business, and would involve selling to potentially vulnerable members of the
public, APG did not clearly define the associated conduct risks and took only
limited actions to understand and address the risks the new business posed or to
consider the different requirements of its new prospective customer base.
4.11.
APG considered that the risks posed by selling extended warranty products to the
public were reduced as it assessed the products to be sold as relatively simple.
This was on the basis that: (i) extended warranty cover was not new to the
market; (ii) other firms were selling similar warranties; and (iii) there was a clear
market to sell to and the cost of the products was low. APG considered an
important part of its control framework to be that the products were easily
understood with limited exclusions. APG’s assessment of the products came from
the personal experience of some of its staff (who were insurance professionals
with experience of financial services and products) with extended warranty
products. However, APG failed to consider the information needs and
understanding of its customers who were not, in the vast majority of cases,
insurance professionals and had different information needs.
4.12.
Throughout the Relevant Period, APG did not have a clearly defined risk appetite
in respect of its ARs and the extended warranty business. Although APG
acknowledged that the extended warranty business carried a different level of risk
to its core business, it failed to examine this in more detail or consider each of
the possible risks and set tolerances for each. Had APG done this, the controls
and oversight over the ARs could have been appropriately tailored to risks and
the firm’s appetite for each.
4.13.
APG did have a risk register and this was reviewed on a monthly basis by the
Board. However, within the risk register there were only two potential risks
associated with the extended warranty business. These were that “the [ARs]
contract has expired” and “the AR is working outside the contract agreement”,
neither of which adequately covered conduct risk. There was no consideration
within the risk register of the additional conduct risks that APG was taking
responsibility for through selling products directly to the public, including the risk
of policies being mis-sold or the consideration of the additional needs of vulnerable
customers. The plan to manage the risks that had been identified was to be
reviewed twice a year and included a review of “agreement conditions, PI cover,
files and polices”. However, there was no evidence of such a review taking place
during the Relevant Period and no specific conduct risks relevant to the extended
warranty business were added to the risk register at any point.
Control and oversight of ARs
4.14.
As principal, APG should have set its expectations for how its ARs would operate.
However, the AR agreements did not clearly articulate the oversight role that APG
would play. Instead, the agreements simply listed the reporting responsibilities of
the ARs and required the ARs to provide access to their premises if requested by
APG. The agreements placed the responsibility for conduct risk on the ARs
requiring each AR to ensure sales agents adhere to a script produced by APG and
that customers “have all the information that he needs at the appropriate time to
make an informed decision”. However, as principal, APG was ultimately
responsible for this and could not delegate it to the ARs.
4.15.
Once the ARs had signed agreements with APG, they were provided with copies
of documents to govern interactions between them and customers. This included
policy wordings, call scripts, key facts documents, policy certificates and terms of
business between the AR and the customer.
Call scripts
4.16.
APG provided the ARs with scripts to be used in calls by sales agents to prospective
customers. The call scripts provided a template for the sales agent at the AR to
follow in making calls to the customer.
4.17.
Call scripts, provided they are fair, clear and not misleading and are carefully and
clearly followed by sales agents, are a useful tool to help ensure that customers
are given the information they need when deciding whether to purchase a product.
If customers are not provided with relevant information about a product during a
sales call, or are provided with inaccurate or wrong information, they risk being
misinformed and the potential for customer detriment increases as the customer
may be buying a product which is not suitable for them or which they do not need
or want. By ensuring that the script complies with regulatory requirements,
including ICOBS (see paragraphs 4.37 to 4.40 below), and that sales agents
adhere to the script, a principal can take comfort that risk of customer detriment
is reduced.
4.18.
APG relied on the sales to customers being scripted as a key control for mitigating
the risks the extended warranty business posed. Unfortunately, the scripts were
deficient in several keys areas and were not sufficient to consistently ensure that
calls were clear, fair and not misleading.
4.19.
The scripts contained in red text mandatory insurance and compliance
statements. A common phrase used by the ARs was “If it’s in red, it must be
said”. As part of the Authority’s review of a sample of 150 calls (see paragraphs
4.37 to 4.42 below), it was found that the red text was not fully adhered to in any
of the calls reviewed, demonstrating that this control was wholly inadequate.
Further, the inference that can be drawn from the statement “if it’s in red, it must
be said” is that it was acceptable to make deviations to the wording in other parts
of the script and to make additional statements not in the script. As part of the
Authority’s review of calls, deviations from the non-red parts of the scripts were
commonplace throughout the calls reviewed. This gave rise to an increased
potential for customer detriment.
4.20.
The scripts also failed to prompt sales agents at any point to ask the existing
customer fundamental eligibility questions including whether they already had
insurance cover in place. In the event that a customer stated they had already
held cover with another insurance provider, there was no provision in the scripts
that the call should be ended even though having existing cover would mean that
the product being sold did not meet the customer’s needs as it was not required.
By continuing the calls, there was an increased risk that a sales agent might apply
pressure or provide misleading information to the customer in order to persuade
the customer to buy further, unnecessary, duplicate cover, or cancel existing
cover, thereby treating the customer unfairly. In the calls reviewed by the
Authority, eight instances where the customer disclosed that they had existing
cover in place were identified. The agent proceeded to sell cover during these calls
in any event, often advising the customer to cancel the cover they already held.
4.21.
The call scripts did not consider the types of questions that were likely to be asked
by customers and therefore did not cater for customer interaction and
interventions. In the calls reviewed by the Authority, it is noted that when
customers did ask questions or raised concerns, the sales agents in their
responses often deviated into giving advice and/or inaccurate or misleading
information which could have induced the customer to purchase a policy which
did not meet their needs.
Monitoring of sales calls
4.22.
The monitoring of sales calls is also an extremely useful form of oversight as, if
done correctly, it tests the effectiveness of controls such as the use of call scripts
in ensuring fair customer outcomes. It can also encourage positive behaviour from
sales agents by assessing the way the sales agents interact with customers. This
could include how the agent speaks to the customer, their tone and clarity, and
whether the agent has identified an apparent vulnerability and adjusted their
approach because of it.
4.23.
APG did not monitor sales calls (save for brief periods during occasional site visits
– see paragraph 4.79 below) and required its ARs to monitor their own calls. APG
did not have any oversight of this control. The checklists used by the ARs were all
different to each other and highly variable in terms of the quality control they may
have provided. Three of the five checklists reviewed by the Authority did not
provide adequate quality control (see paragraphs 4.54 to 4.57 below).
4.24.
The results of the call monitoring by the ARs were included in monthly compliance
monitoring reports the ARs were required to submit to APG. The reports included
copies of each AR’s breaches log. The breaches log was intended to capture all
instances where the AR had identified, during each month’s call monitoring, that
the call script had not been strictly adhered to and outlined any training or
correction needs.
4.25.
The ARs were also required to report to APG with a breakdown of its sales, claims,
complaints and cancellations by policy each month.
4.26.
The MI that was generated, and APG’s use of that MI, was flawed in a number of
material respects which rendered it of limited use to APG in the assessment of
conduct risk. This is discussed in more detail at paragraphs 4.60 to 4.74 below.
Visits to ARs
4.27.
APG conducted occasional site visits to its ARs. These were on average twice a
year and were an attempt to assess whether the ARs were operating as expected
by APG. These site visits were regarded as an important control by APG but were
poorly devised and ineffective. This is discussed in more detail at paragraphs 4.75
to 4.80 below.
Intervention by the Authority
4.28.
APG was included as part of the Authority’s 2016 Thematic Review into the
oversight of ARs in the general insurance sector. The Thematic Review looked at
14 principals and identified a number of concerns in relation to how principal firms
oversaw and managed ARs. The review set out three main areas of concern: (i)
business models and risk management; (ii) governance and oversight; and (iii)
customer outcomes.
4.29.
Through its review work, the Authority identified serious issues with APG’s
approach to risk management and oversight of its ARs. Specifically, the Authority
had concerns about the adequacy of APG’s systems and controls in terms of
monitoring the activities of the ARs. In addition to this, the Authority had concerns
regarding the sales processes used by APG’s ARs and it was considered that
customer detriment may have occurred as a result.
4.30.
Following the Thematic Review, as a result of the serious issues identified, the
Authority requested that APG voluntarily vary the permissions it held which
determined the scope of regulated activities it could carry out. On 21 March 2016,
APG signed an agreement which prevented it from taking on any new ARs and
required the cessation of all sales activities by the six established ARs with
immediate effect.
4.31.
In April 2016, the Authority required APG to appoint an independent Skilled Person
to produce a report on APG’s extended warranty business. The scope of the report
was to review the effectiveness of APG’s oversight and monitoring of the six ARs
in the period from 1 January 2015 to 22 March 2016 and to review the
appropriateness of the sales processes and practices used by the ARs.
4.32.
On 30 May 2016, APG completely withdrew from the extended warranty business,
severing its ties with the ARs, and appointed an administrator and claims handler
to deal with the extant customer policies.
4.33.
The Skilled Person’s review was completed in October 2016 and a report was
produced. The Skilled Person found that APG’s governance, oversight monitoring
and control environment, whilst not entirely lacking, was not appropriate or
effective for APG’s diversification into the retail personal lines business. This was
a result of a lack of formality and rigour in APG’s oversight of its ARs which
compromised the firm’s ability to evidence robust control and risk management
of its ARs.
4.34.
The Skilled Person found that APG did not have sufficient experience of the
regulatory expectations of the extended warranty market, either within the
business or its key control functions, to robustly challenge the performance of the
ARs from a regulatory perspective.
4.35.
As part of its review, the Skilled Person listened to 150 recordings of calls which
had resulted in sales, made up of 25 calls made by each AR. As APG relied on its
call scripts as a key control in respect of its ARs, in reviewing the calls the Skilled
Person focused on analysing whether the purpose of the call and who was calling
was clear, whether the customer purchased a product they understood and
whether the customer was able to make an informed decision to purchase the
product. The Authority has also subsequently listened to and assessed each of
these 150 calls.
4.36.
The results of the exercise gave rise to significant and very serious concerns. From
its review of 150 sales calls, the Skilled Person found that in 90% (135/150) of
the calls there was a high risk that customers purchased a product that they did
not understand or did not need. In those calls, the sales agents materially
deviated from what was required to be said by the call scripts and, on the basis
of what the customer was told, there was a high risk that the product had been
mis-sold and that the customer either:
1. did not understand and/or need the product;
2. was not clear about what was and was not covered under the policy;
3. did not make an informed decision to purchase; or
4. was not treated fairly and provided with appropriate information.
The Authority’s review of calls
4.37.
As stated above, the Authority conducted its own review of the 150 calls listened
to and reviewed by the Skilled Person. The Authority has found that only 2%
(3/150) of the calls reviewed were fully compliant with the ICOBS rules. ICOBS is
a part of the Authority’s Handbook and sets out the rules that firms selling
insurance must follow. The overall aim of ICOBS is to ensure that a firm treats its
customers fairly and that customers are given clear, fair information when sold
insurance. The rules contain requirements about what customers should be told
as part of the sale of insurance. This is to ensure that customers are given the
information they need, at the right time, to make an informed decision about
whether to purchase an insurance policy.
4.38.
Of the 98% (147/150) of calls which were not compliant with the ICOBS rules,
the Authority considers that 90% resulted in potential customer detriment. Of
this, 20 (13%) are considered to have resulted in clear customer detriment. The
remaining 8% of calls which were not compliant with ICOBS are considered
unlikely to have resulted in customer detriment.
4.39.
APG’s non-compliance with ICOBS rules was caused by information not being
provided by sales agents to the customer at the right time or not being provided
at all. Specifically, the calls:
1. failed to check that the customer was eligible for the cover;
2. took payment from the customer before the necessary information to allow
the customer to make a decision had been given;
3. failed to inform the customer of the available payment options; and/or
4. failed to obtain customer consent to provide abbreviated rather than full
distance marketing information.
4.40.
At Annex B to this Notice are examples found in the Authority’s review of calls of
how sales agents treated customers together with an outline of the key regulatory
failings.
4.41.
In the majority of cases where unacceptable sales practices were identified, this
was due to sales agents deviating from the call scripts. However, unacceptable
sales practices also occurred when call scripts were followed due to the flawed
design of the scripts, the guidance given on how to use them, and because of the
presence of misleading statements within the scripts (see above at paragraphs
4.16 to 4.21).
4.42.
There was a clear risk of customer detriment in the calls sampled. The customers
were not given the information they needed and may have purchased a product
which did not meet their needs.
Systems and controls weaknesses
4.43.
Principal firms are fully responsible for the conduct of their ARs. Robust oversight
and controls are critical to ensuring compliance with the regulatory regime and
mitigating conduct risk. Inadequate oversight and controls can increase the risk
of customer detriment if customers are sold products unsuitable for their needs,
not given information required to make an informed decision, or if poor sales
practices are followed by sales agents.
4.44.
APG should have had in place a risk based monitoring programme for its ARs
commensurate with the level of risk that each AR represented. This was necessary
to mitigate conduct risk. The risk based monitoring programme should have
considered the terms of the AR agreement, ongoing suitability and solvency of the
AR, the product sold, the sales method, sales volumes, the target market and the
number and experience of sales agents involved.
4.45.
Where a principal has appropriate and effective risk based monitoring in place
coupled with adequate resources to perform the oversight, it is more likely that it
will identify issues at its ARs which, if undetected, could lead to customers being
treated unfairly. Effective monitoring should also identify any customer detriment
that has occurred and allow for steps to be taken to ensure that such incidents
are properly remediated and not repeated.
Policies and procedures
4.46.
The AR agreement for each AR outlined the minimum compliance procedures that
the AR should have adhered to. However, the requirements contained in each AR
agreement were limited and included only: (i) a summary of the items to be
covered in the AR’s reporting to APG each month (as described at paragraphs
4.24 to 4.25 above); (ii) a requirement to adhere to the sales scripts provided by
APG; and (iii) a statement that all documents to be issued to customers must first
be agreed by APG.
4.47.
APG did not produce a suite of policies and procedures unique to the extended
warranty business to be used by ARs to ensure they properly followed the correct
compliant process when selling to members of the public. Instead, APG intended
that the policies and procedures it used internally as part of its core wholesale
insurance business would also be applicable to its ARs. This should have meant
the ARs would align themselves to APG’s internal control framework through
following its policies and procedures (although is arguable whether there is any
merit in aligning an AR to a policy designed for a different business market).
However, it transpired that in practice very few of these policies and procedures
were in fact provided to the ARs and many would have been of limited use to
them in any event.
4.48.
An audit of one of APG’s ARs, completed by an insurer underwriting the extended
warranty products sold, raised as an issue that policies for financial crime and TCF
were not in place at the AR and recommended that they should be produced.
These are two of the most fundamental areas for procedures to ensure that the
ARs meet regulatory requirements. The report, which was provided to APG, noted
that APG should devise policies for the AR to follow. However, no policies were
produced by APG at any time to cover these areas, nor were they produced by
the AR, and the matter was not followed-up on by APG (and no other ARs had
such policies either).
4.49.
APG held three AR forums over the Relevant Period. These were intended to
supplement the requirements placed on the ARs in the AR agreements. However,
limited policies and procedures were shared during these forums. Although there
was discussion of the guidance issued by the Data & Marketing Association (an
industry body which sets standards for UK and data marketing firms) in relation
to vulnerable customers at the January 2015 AR forum, there was no follow-up of
this despite the importance of stringent procedures being needed to ensure
vulnerable customers were treated fairly.
4.50.
As a result of an absence of guidance from APG, there were no consistent policies
and procedures followed by all the ARs which meant that there was a variance
across the AR population in terms of their respective approach to regulatory
compliance. This reduced APG’s ability to influence and affect the ARs’ conduct by
ensuring that appropriate systems and controls were in place within the ARs and
it served to increase the risk of potential customer detriment as a result.
Self-monitoring of calls by ARs
4.51.
In order for call monitoring to be an effective tool for mitigating conduct risk, the
review of a call needs to include measures by which conduct risks can be assessed
and if issues are identified they need to be addressed and steps taken to ensure
similar conduct is not widespread or repeated.
4.52.
The primary control around APG’s AR’s sales and interaction with customers was
supposed to be through the ARs monitoring their own sales calls. APG described
this as an important part of its oversight of the ARs. However, APG had inadequate
oversight of this control and did little to ensure that it provided effective risk
management.
4.53.
Very limited guidance was given by APG to ARs in terms of its expectations of
what should be covered by the call monitoring. Each AR decided on its own
approach to call monitoring, the numbers sampled, the areas monitored and the
content of the checklist used. The purpose of the checklist should have been to
ensure each AR was monitoring its calls properly, identifying conduct issues, and
addressing anything that went wrong. However, no standard checklist or criteria
to be included in call monitoring was produced by APG for use by the ARs and
each AR used a different checklist, of its own design, with a range of different
criteria.
4.54.
The Authority has reviewed the checklists used by five of the six ARs. Three of
the five were not sufficient to provide an effective review of a customer call to
determine whether the ARs’ interaction with the customer was a fair one.
4.55.
The specific issue of call script adherence was not considered at all in two of the
AR checklists, despite adherence to call scripts being cited by APG as an important
control. This meant that APG had no assurance from those two ARs’ call
monitoring that their call scripts had been followed and accordingly no assurance
that the customer had been given the information that APG required they be
provided with in order to make an informed decision on whether to purchase the
product. Results from the Authority’s call review showed that sales agents did not
adhere fully to the script in any of the calls sampled.
4.56.
In three of the five checklists reviewed by the Authority, consideration of the
conduct of the agent was not sufficiently robust. This was also noted as an issue
in a third-party audit of the sixth AR’s checklist. In one of the checklists reviewed
by the Authority, there was no consideration of the sales agent’s behaviour or
tone. In the other two, assessment of agent conduct during the sales call was
very basic and in generalised terms. The checklists did not provide effective
assurance as they lacked sufficiently detailed checks on the sales agent’s
behaviour.
4.57.
Three of the checklists failed to include vital detail required to check whether the
agent had provided important information to the customer to enable them to
make an informed decision on the product or making clear the call was non-
advised.
4.58.
Where any issues were identified by the ARs through the call monitoring checklist
review they were recorded in a breaches log. Recurring issues were identified by
the ARs yet there was no analysis by APG (or anyone else) as to whether the
issues formed part of a wider, more systemic problem. This meant that call
monitoring by the ARs had limited utility, at best, for the three that did consider
call script adherence, serving only to identify where a particular sales call to a
customer did not comply with the script rather than considering whether the AR’s
approach to customers meant they were being treated fairly.
4.59.
APG did not check the call monitoring undertaken by ARs to determine if it was
being done properly and it did not review the checklists produced. The ARs were
allowed to monitor calls on their own terms without any oversight. The only insight
APG had into the call monitoring activity by its ARs was the monthly compliance
monitoring reports and breaches log. The compliance monitoring report only
contained one question in respect of call monitoring, “percentage of calls
monitored and listened to”. This was not sufficient to give oversight of the call
monitoring activity as it did not consider whether the call monitoring done was
effective in identifying conduct risk issues.
Reporting by the ARs
4.60.
Good quality MI was essential for APG to adequately execute oversight of its AR
network. Strong conduct risk MI can be used to identify new and emerging risks
to customer outcomes and to highlight potential issues before they crystallise into
customer detriment. In addition to this, it can also identify where improvements
are needed to existing processes. As principal, APG was responsible for how its
ARs interacted with customers. The MI on complaints, cancellations, claims, and
the compliance monitoring reports submitted by the ARs should have been used
by APG to gain valuable insight into this through the reports themselves and
observed trends in the data over time. However, APG did not use the MI it
collected to provide effective oversight to its ARs or ensure that conduct risk was
appropriately managed.
Compliance monitoring reports
4.61.
As described above, the ARs were required under their agreements with APG to
monitor the sales calls of their sales agents and submit compliance monitoring
reports together with copies of their complaints log, breaches log and sales data
each month. Compliance monitoring reports were considered by APG’s Board. The
intended purpose of the compliance monitoring reports was to provide oversight
of the ARs between site visits.
4.62.
The compliance monitoring reports were designed by APG and included a list of
15 questions to be completed by the ARs, which largely required yes or no
answers. The questions were poorly designed and failed to identify or flag up
conduct risks. As an oversight tool for assessing the regulatory compliance of the
ARs, the reports were not fit for purpose.
4.63.
In respect of one of the ARs, all the compliance monitoring reports submitted to
APG in the Relevant Period stated that 100% of sales calls were monitored and in
response to the question “number of calls that did not comply with the script and
action taken” stated zero. This apparently perfect figure should have been a red
flag to APG as it is a strong indication that the call monitoring and reports were
not picking up issues. This is not even taking into account the fact that APG had
itself noted issues with script compliance in respect of that AR in site visit notes
where APG listened to calls. This clearly suggested issues with the AR’s call
monitoring as a control. This should have been picked up by APG through review
of the compliance monitoring reports and consideration of its site visit findings
had those been effective controls.
4.64.
When the Authority reviewed the call recordings of the AR that had indicated it
had followed the call scripts for every sale in the Relevant Period, a very different
picture emerged. The Authority found that the call script had not been fully
followed by sales agents at that AR in any of the 25 calls reviewed. Of the 25 calls
monitored in respect of that AR, the Authority considers that all of them breached
ICOBS rules, but this was not detected by the AR or APG. There was significant
and material deviation in one call and moderate but material deviation in 13 calls.
Overall, the Authority found there to be clear or potential customer detriment in
14 of 25 calls reviewed in respect of that AR. This was not detected by the AR or
APG. A similar picture may be seen with the other ARs when comparing their
reporting of call compliance issues in the compliance monitoring reports and the
results of the call review by the Authority.
4.65.
APG’s agreements with the ARs required all customer complaints made to the ARs
to be referred to and handled by APG. However, in practice this requirement was
not followed and complaints made against ARs were handled by the ARs
themselves (the exception being the rare cases in which complaints were made
directly to APG).
4.66.
The ARs submitted a copy of their complaints logs to APG each month. These
were reviewed in APG’s monthly Board meetings. The logs set out a summary and
outcome of the ARs’ investigation into each complaint made by a customer. APG
considered the complaints log to be a performance indicator for monitoring any
potential issues within its AR population. However, complaints received by the
ARs, and reported to APG via the AR’s monthly complaint submissions, were not
included in APG’s own complaints log.
4.67.
Despite APG’s reliance on the ARs handling complaints, it did not provide any
training or guidance to the ARs on how to do this. No complaints policy was
provided to the ARs and limited feedback on the complaints logs submitted to APG
was provided to the ARs. The third-party audit of one of the ARs referred to above
(at paragraph 4.48 and 4.56) raised an issue that the AR was not recording all
complaints correctly (instead of recording all complaints it was only recording
expressions of dissatisfaction and therefore under recording complaints). The
report recommended that all complaints be recorded and reviewed to assess if
the AR was treating customers fairly and to analyse trends and patterns, but APG
did not ensure the issue was addressed.
4.68.
The reasons for complaints as well as the volume of complaints are important
metrics for analysing conduct risk. The volume of complaints can provide an
approximate idea of whether there are issues leading to potential customer
detriment. However, it is not enough to rely only on the volume of complaints as
an indicator of customer fair treatment. The fact that a large proportion of its
customer base was likely to be vulnerable, should have prompted APG to look
beyond complaints volumes. Where the customer base is likely to include a large
number of vulnerable customers, as APG’s did, it is not enough to only consider
the volume of complaints as customers may not be able to complain due to their
vulnerability. For that reason, it is always important to also look at the reasons
for complaints and carry out root cause analysis to understand if an issue flagged
in one complaint actually points to a wider more systemic problem. Although
APG’s written policy required that a “root cause analysis is undertaken” into
complaints, no root cause analysis was undertaken by APG into the complaints
received from the ARs.
Cancellations
4.69.
The rate of cancellation of policies after purchase is a useful metric as it can be
an indicator that policies are potentially being mis-sold. It is important to
understand the reasons for cancellation as these provide insight into the potential
for customer detriment. Reasons for cancellation may flag that: (i) customers are
not being provided with the information they need; (ii) the product is not
considered good value; (iii) undue pressure is being placed on customers to
secure sales; or (iv) vulnerable customers are not being treated appropriately.
Like complaints MI, it is important that there is root cause analysis of cancellations
and appropriate adjustments made to processes and controls, if necessary, based
on the findings of that review.
4.70.
APG received monthly reports from its ARs on cancellations of policies. These
reports included a breakdown of all the policies that had been cancelled in a
particular month including the reason why the policy had been cancelled.
Cancellation reasons included customers saying that they were already covered
by other insurance policies or in some cases because the customer suffered from
a vulnerability such as dementia or Alzheimer’s.
4.71.
Although data on the reasons for cancellation was collected by APG, it was not
used or considered by APG in any way. There was no analysis by APG to look at
the reasons for cancellation and the data did not form part of the MI reported to
the forums within APG responsible for the oversight of the ARs. Looking at the
data for the year to August 2015 for one of the ARs showed that two of the main
reasons why customers cancelled their policies was either that they were already
covered elsewhere or that they did not want the policy. This accounted for 38%
of the cancellations. This raises concerns about whether the sales agents at that
AR were giving customers the information they needed to make an informed
decision on whether to purchase a policy. These concerns can be seen in the
Authority’s review of calls, where sales agents in 12/25 (48%) calls omitted
information in relation to exclusions or eligibility. There were also two calls by that
AR where the customer disclosed existing cover. In one call, there was a clear
customer detriment in the sale of the policy, where an obviously vulnerable
individual was sold cover despite telling the agent they already had cover.
4.72.
Claims MI is another important indicator for conduct risk. Through analysis of the
percentage of successful claims, it is possible to consider the value for money of
the product to customers. High declinature rates may indicate that the product is
not meeting customer needs. As with the other types of MI reporting, it is
important that the data is not only collected but also analysed to understand its
conduct risk implications.
4.73.
Claims data was collected by APG. This was submitted by the ARs each quarter
and showed the total number of claims received, the number that were open still
at the end of the quarter and the number that had been rejected. From the fourth
quarter of 2015, the ARs were required to submit what was described as a
“quarterly general TCF report” by detailing the live policies in the quarter, the
claims declinature rate, customer cancellation rate, and complaints ratio for the
quarter. This data was collected by APG but was not used to assess the conduct
risk posed by the ARs or to inform a risk based management system for their
oversight. The data was simply consolidated by APG and submitted to the insurer
underwriting the policies. In reality, it served as a management tool to support
the sales business and was not a control to understand TCF and conduct risk
issues.
4.74.
The Authority’s review of this MI found a significant variance in claims declinature
rates across the ARs. This may suggest that claims were not being dealt with fairly
by some of the ARs or that customers handled by them were not purchasing
policies that met their needs. For example, in one quarter, the declinature rates
for APG’s biggest AR doubled versus the previous quarter and were almost ten
times as high as another of its ARs. The majority of additional declinatures were
as a result of claims being rejected because they were not covered under the
policy. This raises clear concerns about the sales practices of the AR and suggests
that customers were not being sold policies that met their needs. However, this
was not noted or investigated by APG and there was no additional monitoring of
that AR.
Site visits by APG
4.75.
APG visited each of its ARs in an attempt to assess whether they were operating
in compliance with the agreements. APG placed a high reliance on the visits as a
means of providing significant oversight of its ARs. Visits were considered a helpful
addition to the control framework because they allowed APG an opportunity to
see the ARs in their own environment and to sit with the sales agents as they
made sales. However, the site visits were of little value as a control and did not
provide effective oversight or monitoring of the conduct of the ARs.
4.76.
The frequency of site visits was not risk based. Each AR was visited on average
twice a year with no increase in the frequency of visits even if risk issues had been
identified. The third-party audit referred to at paragraphs 4.48, 4.56 and 4.67
above found several conduct risk issues at one of the ARs including issues with
call
monitoring,
complaints
recording,
cancellations
recording,
senior
management knowledge of TCF, call scripts and MI. The issues clearly suggested
an increased risk of poor customer outcomes but APG took minimal action to
manage that risk. There was no increase in frequency of site visits to the AR
following the audit report.
4.77.
When the Authority assessed 25 calls made by the AR as part of its review work,
it found that every call breached the ICOBS rules, including eight where there was
significant and material deviation with clear customer detriment and another eight
where there was moderate but material deviation from the script and where there
may have been potential customer detriment.
4.78.
There was also an absence of a risk based approach in deciding on areas of focus
for the site visits. Each visit would last a day and would broadly cover the same
agenda items for each AR. Following the third-party audit in September 2014, a
TCF section was added to the agenda for visits in April 2015 with sub-items for
training, cancellations, complaints log, customer queries and conduct risk.
However, in practice consideration of TCF was brief at best with no follow-up of
issues found.
4.79.
During the visits, APG would listen to a small number of sales calls. APG
considered this to be an important part of its oversight of the ARs. However, it
was not an effective control. It consisted of listening to five or six recorded calls
and also sitting amongst the AR sales agents listening to live calls for
approximately an hour. APG would listen to somewhere in the region of 60 calls
in total during each site visit. Considering that each AR made tens of thousands
of calls each month, APG only listened to a tiny proportion as part of its twice-
yearly site visits. The level of call monitoring done by APG was so small that it
severely limited the value of this as a control.
4.80.
The value of the exercise was further decreased by the way in which APG
approached those calls that it did listen to. It was informally done, with no
checklist or guide for the review and no record was maintained. When feedback
was provided to the ARs as part of this, it was often limited.
Absence of a three lines of defence risk framework
The model
4.81.
APG did not apply an appropriate three lines of defence risk management
framework to its extended warranty business. As a result, it failed to put in place
effective monitoring and controls capable of managing and mitigating conduct
risk.
4.82.
The three lines of defence risk management framework is a model for governing
the lines of responsibility for risk management and control activities. The model
stipulates that the first line of defence in terms of risk management is the
commercial business, in this case the ARs selling the products. The second line of
defence is usually a business area and/or committee that is not engaged in
commercial sales and instead helps develop and monitor the first line of defence
risk controls. In this case, the second line of defence within APG had a very limited
role. The third line of defence sits above the other two lines and should provide
independent review, challenge and assurance on the effectiveness of both. This is
usually an Internal Audit function. In this case, APG did not task its Internal Audit,
or an equivalent, to the work of the ARs and the extended warranty business and
instead treated its Board as the third line. This was an inadequate substitute as
the Board was not independent of the commercial business.
First and second line
4.83.
APG’s application of the model was fundamentally flawed and there was a lack of
consistent and rigorous implementation of it which meant that APG did not deliver
effective risk management. Whilst the first line of defence ARs did carry out self-
monitoring and submitted reports to APG, there is little evidence that APG did any
more than consolidate the data to submit it onwards to the insurer underwriting
the policies and to the Board (who also participated in occasional site visits to the
4.84.
The weaknesses in the second line of defence at APG were substantial. There was
no written risk management framework for the extended warranty business. This
contributed to a lack of accountability and ownership of key oversight tasks by
the second line resulting in weak process and control design for monitoring the
ARs and the absence of a risk based approach.
4.85.
There is very little evidence that the second line of defence checked the outputs
or provided formal oversight and challenge on the monitoring conducted by the
ARs. The second line of defence failed to give any direction on how site visits to
the ARs should be conducted and what time should be spent on in terms of
considering a risk based approach. The failure to provide advice and challenge on
the implementation of more effective controls was due in chief to an over reliance
on a single staff member’s prior experience of working with ARs and the extended
warranty sector. This was exacerbated by a lack of experience in the retail
insurance sector by the second line of defence.
4.86.
APG failed to ensure that its second line of defence was adequately resourced and
failed to make changes to this area which became necessary when it moved into
the extended warranty business. As such, it was incapable of managing and
mitigating the risks that there were in this business.
4.87.
A committee was set up in January 2014 to regularly review the governance
structure across APG. Its responsibilities included: (i) review of policies and
procedures; (ii) allocation of responsibilities with matched skills; and (iii) review
of the AR controls.
4.88.
The committee should have met quarterly but only met five times out of a possible
nine over the Relevant Period. There was only superficial and limited discussion of
AR controls as recorded in the minutes and the committee provided little effective
challenge or oversight of the effectiveness of the AR controls. A more robust,
challenging and engaged forum was required if the second line was to be effective.
Third line
4.89.
The Board retained ultimate responsibility for ensuring adequate systems of
internal control and reporting. In its purported role as third line of defence, the
Board lacked independence from commercial concerns. This is reflected in the fact
that the Board minutes indicate that it spent limited time discussing potential risks
and issues with the ARs and most of the discussion about them was commercial
in nature.
4.90.
The Board was not the appropriate function to serve in place of an independent
third line such as Internal Audit. For example, APG considered site visits to ARs
to be a key part of its risk management system for its ARs but the Board
contribution to this was negligible. Summaries of site visits were reported to the
Board but these were typically very brief in nature and did not provide the Board
with any indication of the content of the visits or the nature of the issues identified.
The occasional attendance of Board members at site visits appears to not have
had real practical impact on how they were conducted and the Board members
attended in a largely observational capacity.
4.91.
In truth, there was no third line of defence in respect of the extended warranty
business and APG’s Internal Audit had no specific role with respect to the ARs and
no audits or reviews of the business were carried out. The first and second lines
of defence were left unchecked.
Effect of inadequate systems and controls on vulnerable customers
4.92.
As described above at paragraphs 4.43 to 4.80, one of the most serious
consequence of APG having inadequate systems and controls in relation to the
extended warranty business is that it had few, if any, ways of identifying whether
customers were being treated fairly and if they were being sold products that met
their needs or which they wanted. This failing is made worse by an absence of
effective controls to identify and protect vulnerable customers who needed
additional care and protection when dealing with sales agents.
4.93.
There were no provisions in the call scripts that the call should be ended without
proceeding to a sale if there were obvious indications that the customer was
vulnerable. Although APG circulated guidance to the ARs on dealing with
vulnerable customers, there was no follow up from APG to ensure that the
guidance had been understood and applied.
4.94.
This weakness is apparent from the Authority’s review of 150 sales calls. Within
this, there were 64 calls where the Authority identified indications of customer
vulnerability. This equates to 43% of the calls reviewed. Vulnerability indicators
included:
•
apparent confusion or memory problems on the part of the customer;
•
difficulty with the customer hearing or understanding what the sales agent
was saying;
•
difficulty speaking, seeing and/or physical difficulty (for example,
apparent when agents asked customers to check or find items in their
home – such as when asked to fetch a bank card);
•
financial difficulty, where the customer disclosed they did not have much
money, could not afford the policy or had limited funds;
•
having a carer, someone with power of attorney or a relative who handled
the customer’s affairs for them;
•
the customer disclosing that they were worried about being “scammed”
or having had previous issues with scams;
•
the customer having recently suffered a bereavement; or
•
the customer sounding very elderly or frail in addition to one or more of
the above indicators.
4.95.
In 59% (38/64) of these calls, the indicators were ignored by the sales agents
and no adjustment was made to the sales process. Of the 20 calls where clear
customer detriment was identified, 18 concerned customers who had shown
vulnerability indicators. Examples of this can be seen in the following calls where
there was clear customer detriment:
1. Customer A repeatedly said that they suffered from memory loss and that
they would need their carer’s assistance to look at the policy and decide if
they wanted to proceed. The agent did not wait for the carer’s assistance
and instead proceeded to set up the policy and process payment;
2. Customer B was confused about why the sales agent had called them.
Nonetheless, despite this confusion, the agent proceeded to sell cover for
both satellite and television equipment despite the customer disclosing
faults with her equipment which would have made her ineligible to make
a claim;
3. Customer C was clearly confused during the call and kept saying “no, no”
before hanging up. The sales agent telephoned back and was heard saying
to their colleagues “I’m ringing him straight back, I’m not having that” and
proceeded to take payment while the customer continued to be confused
and stumble over his words. The call was also poorly conducted, even if
the customer was not vulnerable, as no disclosures were made and no
terms and conditions or benefits and exclusions in relation to the policy
were read out meaning that not only was the vulnerable customer
pressured into buying the product, they did not have the information to
understand the product, what was covered and not covered, and they
would not have been able to make an informed decision about the renewal;
4. Customer D was also clearly vulnerable. They appeared to be elderly and
slurred their words. The agent on the call did not appear to make any
allowances for the customer’s vulnerability and told the customer to get a
card for whichever account had money even though the customer told him
that they had no money in the bank. The call was also poorly conducted
even if the customer was not vulnerable as the benefits, exclusions and
limitations of the policy were not disclosed despite the customer explicitly
saying that they did not know what was covered under the policy;
5. Customer E was disabled and unable to check the details of their television
in response to the agent’s questions about the make and model. The
customer disclosed that they had existing cover in place for their television.
This would have meant that the customer did not need cover from the AR.
However, the agent advised the customer to cancel their policy with their
existing provider claiming, without foundation, that their existing provider
did not comply with the Authority’s regulations and the AR did. The call
was also poorly conducted in any event because customer payment was
taken before any benefits, exclusions and limitations of the policy were
disclosed; and
6. Customer F had suffered a recent bereavement and struggled to read their
card details. They struggled to answer the agent’s questions and were not
able to provide very much information about their boiler other than that it
was over 20 years old. The agent did not mention exclusions and excesses
which would have been relevant to a boiler of that age. This call was also
poorly conducted in any event as payment was taken before any benefits,
exclusions and limitations of the policy were disclosed. The disclosures that
were made were incomplete.
Redress
4.96.
In light of its findings, the Skilled Person recommended that APG take immediate
action to address the 135 customers where a high risk of mis-selling was
identified. The Skilled Person recommended that APG undertake a pilot customer
contact exercise in relation to the 150 customer calls sampled by the Skilled
Person before moving onto a full remediation exercise if required. APG agreed to
this approach.
4.97.
APG consulted the Authority on its proposed approach to the pilot redress
exercise. The Authority highlighted the importance of ensuring customer
engagement in the redress process. Given the large proportion of customers who
may have been vulnerable at the time of purchasing a policy, the Authority
considered it appropriate that APG take a flexible and pragmatic approach to
assessing whether customers were due redress. APG did not agree to all the
recommendations made by the Authority as to the communications to be sent out
to customers and the proposed redress approach to be taken but, as the Skilled
Person recommended, appointed an independent third-party to advise and
considered at Board level how it should proceed. It also agreed to take the
concerns raised by the Authority into account in the pilot exercise to ensure that
redress process was fair.
4.98.
A pilot customer contact exercise was commenced by APG in October 2020. A
report on the pilot and APG’s plans for a full redress exercise were received by
the Authority in early February 2021. The report stated that APG did not consider
that widespread mis-selling had occurred and that APG would not carry out any
further customer contact. The Authority’s view is that the pilot redress exercise
undertaken by APG was not adequate and placed a disproportionate burden of
proof of harm on customers in light of the findings of the review of calls (see
paragraphs 4.37 to 4.42).
4.99.
APG has since, as part of resolution, agreed to pay restitution which is intended
to compensate customers as far as possible, as quickly as possible.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Notice are referred to in Annex A.
5.2.
Based on the facts and matters above, APG breached Principles 3 and 6 as
explained below.
5.3.
Principle 3 requires that a firm take reasonable care to ensure that it has organised
its affairs responsibly and effectively, with adequate risk management systems.
5.4.
During the Relevant Period, APG failed to take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems in relation to its ARs and extended warranty business. APG had little
experience of dealing with retail customers and its new business venture carried
a greater conduct risk than its core business. APG was required to put in place
systems and controls to enable it to effectively monitor its ARs, to establish
appropriate risk based controls, with sufficient oversight from the outset of its
move into the extended warranty business to ensure that customers were treated
fairly.
5.5.
The systems and controls in place at APG were wholly inadequate and meant that
APG was unable to, and did not, identify or address potential poor customer
outcomes. In particular, APG failed to:
1. properly consider the risk that the diversification of its business into retail
personal lines may have posed. APG did not set a risk appetite for its
extended warranty business and did not map its tolerance for risks to the
controls and oversight it put in place;
2. assess its controls and resources to ensure they were capable of effectively
monitoring the ARs and to ensure compliance with regulatory obligations;
3. create bespoke policies and procedures relevant to the extended warranty
business and the risks present therein;
4. ensure that its ARs were aligned to its control framework and it did not
provide the ARs with all of the policies and procedures it did have in place;
5. establish adequate controls and governance arrangements to effectively
monitor the ARs;
6. put in place effective call monitoring by the ARs, in particular, it failed to:
a) take steps to effectively monitor calls, instead relying on self-
monitoring by the ARs;
b) define and set out its expectations for what effective call monitoring
should be;
c) check the results of the call monitoring done by the ARs to ensure
that it was effective; and
d) analyse the results of call monitoring to identify and address
common issues which meant that the same issues occurred multiple
times;
7. give sufficient consideration to conduct risk in the MI it required its ARs to
provide or use the MI it received from its ARs to understand the conduct
risk posed by the ARs which would have informed APG’s oversight;
8. consider the relative risks posed by its ARs when it did monitor them. In
particular, APG failed to:
a) take a risk based approach to the frequency and content of site
visits thereby rendering the site visits ineffective; and
b) use MI and previous site visits to inform the oversight and
monitoring of the ARs; and
9. assess customer outcomes in relation to sales, complaints handling and
claims handling to improve customer outcomes. In particular, APG failed
a) perform root cause analysis on complaints;
b) consider reasons for cancellation of polices from a conduct
perspective; and
c) consider claims declinature rates across each AR or reasons for
declinature from a conduct perspective.
5.6.
Principle 6 requires that a firm pay due regard to the interests of its customers
and treats them fairly.
5.7.
During the Relevant Period, APG failed to pay due regard to the interests of its
customers and to treat them fairly. APG was responsible for ensuring that its ARs
gave customers the information they needed to make informed decisions on
whether to enter into a contract of insurance but they failed to put in place proper
systems and controls to ensure this happened. In particular, APG failed to:
1. consider the information needs of its customers and how these differed
from its existing client base in deciding to move into the extended warranty
business;
2. ensure that customers were given appropriate information about the
policies sold, in good time and in a clear format, arising out of:
a) failure to ensure that calls were consistently clear, fair and not
misleading due to providing inadequate call scripts and training on
how to use them;
b) a lack of adherence to call scripts by the ARs. This was not identified
as a result of ineffective call monitoring by the ARs and a lack of
call monitoring by APG;
c) failure to confirm customers were eligible for the policy;
d) failure to communicate product benefits and exclusions;
e) failure to obtain customer consent to proceed on a limited
information basis;
f) payment details being taken before necessary disclosure was
communicated; and
g) failure to communicate all available payment options;
3. ensure that its ARs identified and acted appropriately upon signals of
potential customer vulnerability, resulting in there being an increased risk
of mis-selling insurance policies to vulnerable customers; and
4. ensure that its ARs did not adopt unacceptable sales tactics, resulting in
an increased risk of some customers purchasing insurance policies which
they did not fully understand, or could not afford, or did not need.
6.
SANCTION
Financial penalty
6.1.
The Authority considers that a financial penalty of £958,100 (or £670,600 taking
into account a 30% discount for resolving the matter in Stage 1) in respect of
APG’s breaches of Principles 3 and 6 during the Relevant Period is appropriate.
However, APG has provided verifiable evidence that payment of such a penalty
would cause the firm serious financial hardship. For that reason, the Authority
hereby imposes a public censure in relation to APG.
6.2.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority
applies a five-step framework to determine the appropriate level of financial
penalty. DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms.
Step 1: disgorgement
6.3.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify
this.
6.4.
The Authority has not identified any financial benefit that APG derived directly
from its breach.
6.5.
Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.6.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that
reflects the seriousness of the breach. Where the amount of revenue generated
by a firm from a particular product line or business area is indicative of the harm
or potential harm that its breach may cause, that figure will be based on a
percentage of the firm’s revenue from the relevant products or business area.
6.7.
The Authority considers that the revenue generated by APG is indicative of the
harm or potential harm caused by its breach. The Authority has therefore
determined a figure based on a percentage of APG’s relevant revenue. APG’s
relevant revenue is the revenue derived by APG during the period of the breach.
The period of APG’s breach was from February 2013 to March 2016. The Authority
considers APG’s relevant revenue for this period to be £5,806,762.
6.8.
In deciding on the percentage of the relevant revenue that forms the basis of the
Step 2 figure, the Authority considers the seriousness of the breach and chooses
a percentage between 0% and 20%. This range is divided into five fixed levels
which represent, on a sliding scale, the seriousness of the breach; the more
serious the breach, the higher the level. For penalties imposed on firms there are
the following five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.9.
The following factors reflect the impact and nature of the breach.
The impact of the breaches
1. The breaches had an effect on vulnerable people. APG’s target market for
the extended warranty products weighed heavily towards vulnerable and
elderly customers as it focused on people who were at home during the
day. However, the needs of potentially vulnerable customers were not
given adequate consideration by APG and it failed to ensure that its ARs
identified and acted appropriately upon signals of potential customer
vulnerability. This resulted in there being a heightened risk of mis-selling
insurance policies to vulnerable customers.
2. The ARs approach to customers and how they spoke and interacted with
them evidenced a lack of care and a showed a basic disregard towards the
needs of those who may be vulnerable. The priority was to make sales and
no thought was given to the distress and inconvenience this approach may
have caused for customers and potential customers.
The nature of the breaches
1. The requirements of ICOBS should be a fundamental consideration in
everything that those who are regulated to sell insurance do. APG’s across
the board inability to ensure compliance with these rules is startling and
falls far below the standards expected of the industry.
2. The breaches were widespread and would have affected every retail
customer who dealt with APG during the Relevant Period.
3. There were serious weaknesses in APG’s governance, procedures,
management systems and internal controls relating to a significant
proportion of its business.
6.10.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be considered
‘level 4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
1. the Authority’s review of customer calls found a significant risk of customer
detriment through customers either being mis-sold policies or purchasing
a policy which did not meet their needs. The wide extent of non-compliance
with ICOBS suggests that the risk of customer detriment was extremely
high.
2. the breaches revealed serious weaknesses in APG’s governance,
procedures, management systems and internal controls relating to
oversight of the ARs. APG did not adequately identify or manage the risk
posed by its move into selling extended warranty insurance via a network
of ARs to retail customers.
6.11.
DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers the following factors to be relevant:
1. the breaches were committed negligently.
6.12.
Taking all of these factors into account, the Authority considers the seriousness
of the breach to be level 4 and so the Step 2 figure is 15% of £5,806,762.
6.13.
Step 2 is therefore £871,014.30.
Step 3: mitigating and aggravating factors
6.14.
Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.15.
The Authority considers that the following factors aggravate the breach:
1. The Authority published a Final Notice in 2013 in relation to Porta Verde
Financial Services Limited (“Porta Verde”). This Notice focused on failings
at Porta Verde which related to the mis-selling of extended warranty
insurance with extremely poor conduct on the part of sales agents and bad
treatment of vulnerable customers. This should have served as a clear
warning to APG about the standards required for those operating in the AR
field.
2. APG failed to take proactive, timely steps, once the weaknesses in its
processes were made clear to it in 2016, to contact customers to determine
whether they had been mis-sold products and whether they were entitled
to compensation.
6.16.
APG cooperated fully with the Authority’s investigation. There are no other
mitigating factors.
6.17.
Having taken into account these aggravating and mitigating factors, the Authority
considers that the Step 2 figure should be increased by 10%.
6.18.
Step 3 is therefore £958,115.73.
Step 4: adjustment for deterrence
6.19.
Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.20.
The Authority considers that the Step 3 figure of £958,115.73 represents a
sufficient deterrent to APG and others, and so has not increased the penalty at
Step 4.
6.21.
Step 4 is therefore £958,115.73.
Step 5: settlement discount
6.22.
Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have
been payable will be reduced to reflect the stage at which the Authority and the
firm reached agreement.
6.23.
The Authority and APG reached agreement at Stage 1 and so a 30% discount
applies to the Step 4 figure.
6.24.
Step 5 is therefore £670,681.01.
6.25.
The Authority would have imposed a total financial penalty of £670,600 on APG,
had APG not provided verifiable evidence of financial hardship, for breaching
Principle 3 and Principle 6.
Restitution
6.26.
APG has agreed to pay restitution to affected customers of £399,902 in relation
to its contravention of Principles 3 and 6. This amount represents the brokerage
it received in respect of sales of approximately 55,000 policies to approximately
33,000 customers. The Authority is conscious of the time that has passed since
the Relevant Period and of the potentially difficult circumstances of the customers
that were sold polices by APG’s ARs. It is clear from the findings of the review of
calls that breaches of ICOBS were pervasive through the sales calls and there was
a high risk that customers were being sold products that did not meet their needs
(see paragraphs 4.37 to 4.42).
6.27.
The Authority considers that the public censure and the agreement of APG to pay
restitution of £399,902 for the benefit of affected customers supports the
Authority’s objective of securing an appropriate degree of protection for
consumers.
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to APG under and in accordance with section 390 of the Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
7.4.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this Notice relates. Under those provisions,
the Authority must publish such information about the matter to which this Notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to APG or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.5.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.6.
For more information concerning this matter generally, contact Gareth Buttrill at
the Authority (email: gareth.buttrill@fca.org.uk).
Head of Department (Acting)
Financial Conduct Authority, Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.1.
The Authority’s statutory objectives, set out in section 1B(3) of the Act, include the
include the strategic objective to ensure that the relevant markets function well
and the operational consumer protection objective objective[s].
1.2.
Section 206(1) of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act… it may impose on him a
penalty, in respect of the contravention, of such amount as it considers
appropriate.”
RELEVANT REGULATORY PROVISIONS
Principles for Businesses
1.3.
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers set out in the Act.
The relevant Principles are as follows.
1.4.
Principle 3 provides:
“A firm must take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.”
1.5.
Principle 6 provides:
”A firm must pay due regard to the interests of its customers and treat them
fairly.”
ICOBS
1.6.
ICOBS 2.2.2R, in force throughout the Relevant Period, which stated:
“When a firm communicates information, including a financial promotion, to
a customer or other policyholder, it must take reasonable steps to
communicate it in a way that is clear, fair and not misleading.”
1.7. ICOBS 3.1.6R, in force throughout the Relevant Period, which stated:
“When a firm makes a voice telephony communication to a consumer, it
must make its identity and the purpose of its call explicitly clear at the
beginning of the conversation.”
1.8.
ICOBS 3.1.10R, in force throughout the Relevant Period, which stated:
“The performance of the distance contract may only begin after the
consumer has given his approval.”
1.9.
ICOBS 3.1.14R, in force throughout the Relevant Period, which stated:
“(1) In the case of a voice telephony communication, and subject to the
explicit consent of the consumer, only the abbreviated distance marketing
information (ICOBS 3 Annex 3 R) needs to be provided during that
communication.
(2) However, unless another exemption applies (such as the exemption for
means of distance communication not enabling disclosure) a firm must still
provide the distance marketing information (ICOBS 3 Annex 2 R) in writing
or another durable medium available and accessible to the consumer in good
time before conclusion of any distance contract.”
1.10. ICOBS 4.1.7R, in force throughout the Relevant Period, which stated:
“Prior to the conclusion of an initial contract of insurance with a consumer a
firm must state whether it is giving a personal recommendation.”
1.11. ICOBS 5.1.1G, in place from 31 March 2013 in the Relevant Period, which stated:
“(1) In line with Principle 6, a firm should take reasonable steps to ensure
that a customer only buys a policy under which he is eligible to claim
benefits.
(2) If, at any time while arranging a policy, a firm finds that parts of the
cover apply, but others do not, it should inform the customer so he can take
an informed decision on whether to buy the policy.
(3) This guidance does not apply to policies arranged as part of a packaged
bank account.”
1.12. ICOBS 5.1.2R, in force from 31 March 2013 in the Relevant Period, which stated:
“(1) A firm arranging a payment protection contract must:
(a) take reasonable steps to ensure that the customer only buys a
policy under which he is eligible to claim benefits; and
(b) if, at any time while arranging the policy, it finds that parts of
the cover do not apply, inform the customer so he can take an
informed decision on whether to buy the policy.
(2) This rule does not apply to payment protection contract arranged as part
of a packaged bank account.”
1.13. ICOBS 6.1.1R, in force throughout the Relevant Period, which stated:
“An insurer is responsible for producing, and an insurance intermediary for
providing to a customer, the information required by this chapter and by
the distance communication rules (see ICOBS 3.1). However, an insurer is
responsible for providing information required on mid-term changes, and an
insurance intermediary is responsible for producing price information if it
agrees this with an insurer.”
1.14. ICOBS 6.1.5R, in force throughout the Relevant Period, which stated:
“A firm must take reasonable steps to ensure a customer is given
appropriate information about a policy in good time and in a comprehensible
form so that the customer can make an informed decision about the
arrangements proposed.”
1.15. ICOBS 6.1.6G, in force throughout the Relevant Period, which stated:
“The appropriate information rule applies pre-conclusion and post-
conclusion, and so includes matters such as mid-term changes and
renewals. It also applies to the price of the policy.”
1.16. ICOBS 6.1.7G, in place throughout the Relevant Period, which stated:
“The level of information required will vary according to matters such as:
(1) the knowledge, experience and ability of a typical customer for
the policy;
(2) the policy terms, including its main benefits, exclusions,
limitations, conditions and its duration;
(3) the policy's overall complexity;
(4) whether the policy is bought in connection with other goods and
services;
(5) distance communication information requirements (for example,
under the distance communication rules less information can be
given during certain telephone sales than in a sale made purely by
written correspondence (see ICOBS 3.1.14 R)); and
(6) whether the same information has been provided to the customer
previously and, if so, when.”
1.17. ICOBS 6.2.5R, in force throughout the Relevant Period, which stated:
“(1) A firm must provide a consumer with information on the right to cancel
a policy.
(2) The information to be provided on the right to cancel is:
(a) its existence;
(b) its duration;
(c) the conditions for exercising it;
(d) information on the amount which the consumer may be required
to pay if he exercises it;
(e) the consequences of not exercising it; and
(f) the practical instructions for exercising it.
(3) The information must be provided in good time before conclusion of the
contract and in writing or another durable medium.”
1.18. ICOBS 6.3.1R, in force throughout the Relevant Period, which stated:
“(1) Before a pure protection contract is concluded, a firm must inform a
customer of the information in the table below.
(2) The information must be communicated in a clear and accurate manner,
in writing, and in an official language of the State of the commitment or in
another language agreed by the parties.
Information to be communicated before conclusion
(1)
The name of the insurance undertaking and its legal form.
(2)
The name of the EEA State in which the head office and, where
appropriate, the agency or branch concluding the contract is
situated.
(3)
The address of the head office and, where appropriate, of the
agency or branch concluding the contract.
(4)*
Definition of each benefit and each option.
(5)*
Term of the contract.
(6)*
Means of terminating the contract.
(7)*
Means of payment of premiums and duration of payments.
(8)*
Information on the premiums for each benefit, both main
benefits and supplementary benefits, where appropriate.
(9)
Arrangements for application of the cancellation period.
(10)
General information on the tax arrangements applicable to the
type of policy.
(11)
The arrangements for handling complaints concerning contracts
by policyholders, lives assured or beneficiaries under contracts
including, where appropriate, the existence of a complaints body
(usually the Financial Ombudsman Service), without prejudice
to the right to take legal proceedings.
(12)
The law applicable to the contract where the parties do not have
a free choice or, where the parties are free to choose the law
applicable, the law the insurance undertaking proposes to
choose.
Note: The rule on mid-term changes applies to items marked with an asterisk
(see ICOBS 6.3.3 R).
[Note: Annex III(A) to the Consolidated Life Directive]“
1.19. SUP 12.1.3G, in place from 1 April 2013 in the Relevant Period, which stated:
“The chapter also sets out the FCA's rules, and guidance on these rules, that
apply to a firm before it appoints, when it appoints and when it has
appointed an appointed representative. The main purpose of these rules is
to place responsibility on a firm for seeking to ensure that:
(1) its appointed representatives are fit and proper to deal with
clients in its name; and
(2) clients dealing with its appointed representatives are afforded the
same level of protection as if they had dealt with the firm itself.”
1.20. SUP 12.3.1G, in place throughout the Relevant Period, which stated:
“In determining whether a firm has complied with any provision in or under
the Act such as any Principle or other rule, anything that an appointed
representative has done or omitted to do as respects the business for which
the firm has accepted responsibility will be treated as having been done or
omitted to be done by the firm (section 39(4) of the Act ).”
1.21. SUP 12.3.2G, in force throughout the Relevant Period, which stated:
“The firm is responsible, to the same extent as if it had expressly permitted
it, for anything the appointed representative does or omits to do, in carrying
on the business for which the firm has accepted responsibility (section 39(3)
of the Act).”
1.22. SUP 12.4.2R, in force throughout the Relevant Period, which stated:
“Before a firm appoints a person as an appointed representative (other than
an introducer appointed representative) and on a continuing basis, it must
establish on reasonable grounds that:
(1) the appointment does not prevent the firm from satisfying and
continuing to satisfy the threshold conditions;
(2) the person:
(a) is solvent;
(b) is otherwise suitable to act for the firm in that capacity;
and
(c) has no close links which would be likely to prevent the
effective supervision of the person by the firm;
(3) the firm has adequate:
(a) controls over the person's regulated activities for which
the firm has responsibility (see SYSC 3.1or SYSC 4.1); and
(b) resources to monitor and enforce compliance by the
person with the relevant requirements applying to the
regulated activities for which the firm is responsible and with
which the person is required to comply under its contract with
the firm (see SUP 12.5.3 G (2)); and
(4) the firm is ready and organised to comply with the other
applicable requirements contained or referred to in this chapter.”
1.23. SUP 12.6.11A R, in force throughout the Relevant Period, which stated:
“A firm must take reasonable steps to establish and maintain effective
systems and controls for ensuring that each of its appointed representatives
complies with those terms of its contract which are imposed under the
requirements contained or referred to in SUP 12.5 (Contracts: required
times).”
SYSC Senior Management Arrangements, Systems and Controls
1.24. SYSC 3.1R, in force throughout the Relevant Period, which stated:
“A firm must take reasonable care to establish and maintain such systems
and controls as are appropriate to its business.”
1.25. SYSC 4.1.1R, in force throughout the Relevant Period, which stated from 1 January
“(1) A firm must have robust governance arrangements, which include a
clear organisational structure with well defined, transparent and consistent
lines of responsibility, effective processes to identify, manage, monitor and
report the risks it is or might be exposed to, and internal control
mechanisms, including sound administrative and accounting procedures and
effective control and safeguard arrangements for information processing
systems.”
From 23 July 2013 to 31 December 2013, SYSC 4.1.1R stated:
“(1) A firm must have robust governance arrangements, which include a
clear organisational structure with well defined, transparent and consistent
lines of responsibility, effective processes to identify, manage, monitor and
report the risks it is or might be exposed to, and internal control
mechanisms, including sound administrative and accounting procedures and
effective control and safeguard arrangements for information processing
systems.
(2) 8A BIPRU firm and a third country BIPRU firm must comply with the
Remuneration Code.”
From the beginning of the Relevant Period, on 1 February 2013 to 22 July 2013,
SYSC 4.1.1R stated:
“(1) A firm must have robust governance arrangements, which include a
clear organisational structure with well defined, transparent and consistent
lines of responsibility, effective processes to identify, manage, monitor and
report the risks it is or might be exposed to, and internal control
mechanisms, including sound administrative and accounting procedures and
effective control and safeguard arrangements for information processing
systems.
(2) 8A BIPRU firm and a third country BIPRU firm must comply with the
Remuneration Code.”
DEPP
1.26. Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act.
The Enforcement Guide
1.27. The Enforcement Guide sets out the Authority’s approach to exercising its main
enforcement powers under the Act.
1.28. Chapter 7 of the Enforcement Guide sets out the Authority’s approach to exercising
its power to impose a financial a penalty.
ANNEX B
SUMMARY OF KEY ICOBS FAILINGS BY SALES AGENTS IN REVIEW OF CALLS BY
THE AUTHORITY
1.1.
The Authority’s call review found that 147/150 (98%) of calls reviewed breached
at least one of the ICOBS rules. APG’s non-compliance with ICOBS rules was
caused by information not being provided by sales agents to the customer at the
right time or not being provided at all. In these calls, there was a high risk that
the product had been mis-sold because the sales agent:
1. failed to provide the customer with appropriate information about the
product making clear what was and was not covered and ensuring that the
customer was eligible for cover;
2. took payment from the customer before the necessary information to allow
the customer to make a decision had been given;
3. failed to inform the customer of the available payment options; and/or
4. failed to obtain customer consent to provide abbreviated rather than full
distance marketing information so the customer did not make an informed
decision to purchase.
1.2.
This Annex outlines examples of key regulatory failings seen in the calls reviewed
by the Authority with examples taken from the call review illustrating the key
failings outlined above. This is in addition to those outlined at paragraphs 4.92 to
4.95 in relation to the treatment of vulnerable customers.
Sales agent failed to provide the customer with appropriate information about the
product making clear what was and was not covered and ensuring that the
customer was eligible for cover
1.3.
The information provided to customers should be clear, fair and not misleading.
The way the agents introduced the calls for new sales regularly implied an existing
relationship with the AR. Agents would state that the warranty had expired and
they were calling to put cover in place again. For example, in one call, which was a
new sale, the sales agent introduced the purpose of the call as “Just the initial
manufactures insurance you have for your repairs and breakdown on the television,
that’s expired now and is due to be updated. It’s just a routine call to put the policy
in place this year for you”. This had the potential to mislead customers into thinking
that the AR was already providing cover.
1.4.
Agents are required to make their identity and the purpose of the call explicitly
clear from the beginning. In eight calls reviewed this was not the case. In one call,
the agent said that the call was in regard to the customer’s satellite equipment box
and got customer consent to proceed with a policy before saying where he was
calling from, which the customer did not appear to recognise straightaway. Again,
this could have misled the customer into believing that the AR was their original
product provider or affiliated with them.
1.5.
In 9/150 calls (6%), the sales agents overstated the risk of the insured event
happening to induce the customer to buy cover. For example, in one call the sales
agent told the customer “just to put into perspective without having any insurance
policy in place you are subject to expensive call out and replacement fees set in
place” the sales agent gave the typical costs of call outs and replacement costs set
against the cost of the cover.
1.6.
In relation to sales of TV cover, there was a key exclusion that TVs over five years
old would not be covered. 74/150 calls reviewed by the Authority were sales of TV
cover, in 48/74 the sales agent did not check the age of the television. On the two
occasions where the customer disclosed that their TV was older than five years old
the sales agent proceeded to sell cover. In one call, when the customer did not
know the age of the TV, the agent offered to put the age down as less than five
years old “just to be on the safe side?”.
1.7.
Where customers disclosed existing faults with their equipment, they were assured
that it would be covered even though existing faults were a key exclusion. In one
call, a customer disclosed faults and explicitly asked if their TV would be replaced
to which the agent replied “and if the TV packs in altogether we just replace it again
with a new one for you… Well it saves you a few hundred quid buying a new one”
despite existing faults being a key exclusion on the policy which would render the
customer ineligible to claim.
1.8.
In five calls, customers raised objections on the basis that they had existing cover
and therefore did not need cover offered by the sales agent. For example, in one
call, the customer objected ten times to the cover offered and said they had cover
elsewhere. This was rejected by the agent who claimed to know that the customer
did not have other cover, overstated the risk of something going wrong with the
equipment and continued to offer the product until the customer eventually agreed.
Sales agents took payment from the customer before the necessary information to
allow the customer to make a decision had been given
1.9.
Customers should be given appropriate information about a policy in good time so
that they could make an informed decision. In 121/150 (80%) calls reviewed,
payment details or payment itself was taken from customers before any information
about the product had been given.
1.10. In some cases, customers were not asked to consent to the sale at all and were
instead just asked for their payment details. For example, in one call to an elderly
and confused customer who declined to renew her policy that had expired, the
customer was told by the agent "we're updating your payment details so you need
to pick one of those policies". This clearly suggested that the customer was required
to take the policy and it was not optional. Aside from this, the call showed poor
agent conduct as there was no information about the coverage, benefits or
exclusions on the policy offered to that customer, nor did the agent check to see if
the customer still had the equipment covered under the original policy.
1.11. Other examples of pressure sales tactics can be seen in the calls. In 16 (11%) of
calls, the agent continued to sell the policy even after the customer objected. In
one example, the customer says that they “don’t have any money in the bank” but
is told by the agent to get a bank card, “whichever one you think has got money
on it”. The agent also did not provide any information about the policy coverage,
benefits or exclusions on that call despite being told by that they did not have any
information from the previous year. This was ignored by the agent who used the
call (being a renewal) not to provide any information on the policy stating “Well, as
long as you’ve got those all the key facts and terms and conditions are the same
as last year, so it just means that we don’t have to read you out any disclaimers
this year around”.
1.12. Agents are required to give details of any cancellation rights, their duration and
any conditions or fees. Details of cancellation rights were not always given. In four
instances, the existence of cancellation rights was used as a sales tactic by the
agent to pressure a customer into buying a policy. In one call, after being told by
the customer multiple times that they could not afford the policy and asking to see
the paperwork first, the agent tells the customer that they need to proceed with
the policy to get the paperwork and then can cancel if they are not happy.
Sales agent failed to inform the customer of the available payment options
1.13. In 97/150 (65%) calls, sales agents failed to inform customers of all the available
payment options. In one call, the customer says “I can’t afford that, I’m a
pensioner” when the sales agent offers an annual payment for the policy. The sales
agent continues to offer cover for an annual payment and does not offer monthly
or quarterly payments to the customer despite their disclosed difficulty to pay an
annual lump sum.
1.14. In another call, after being told by the customer that they wanted to pay monthly,
the agent processes an annual payment despite the customer having told them
that they could not afford that. The agent goes on to use cancellation to urge the
customer to keep the policy and not complain by saying “if you don’t want to carry
on with the cover sir as long as you cancel within 14 days then you do get a full
refund”.
Sales agent failed to obtain customer consent to provide abbreviated rather than
full distance marketing information, so the customer did not make an informed
decision to purchase
1.15. Subject to the explicit consent of the consumer, only abbreviated distance
marketing information needs to be provided during the sales call. In 115/150 (77%)
calls, agents did not seek customer consent to provide limited information. Often
the agents described the information as “some important information we are
obliged to give you” and did not ask the customer if they consented to this or
wanted to receive full information instead. Some agents took the idea further and
told customers “not to listen” to the information or implied that it was unimportant
by saying things like “I will go through it as quickly as possible so I don’t keep you
on the phone too long”.
SUMMARY OF THE RESTITUTION PROGRAMME
1. APG has agreed with the Authority as part of resolution to pay restitution of
£399,902 (“the restitution fund”) to customers who purchased extended warranty
insurance.
2. PSC Insurance Group Limited will fund the restitution fund.
3. APG will administer the restitution programme.
4. PSC Insurance Group Limited will fund the entire costs of administering the
restitution programme.
5. The costs of administering the restitution programme are in addition to the costs
of funding the restitution fund and are not to be taken from the restitution fund.
6. The restitution fund will be distributed to customers of APG who purchased
extended warranty insurance policies from the ARs during the Relevant Period
(between 1 February 2013 and 21 March 2016).
7. APG will seek to contact customers proactively and will address customer enquiries
during the restitution programme process. Details of the restitution programme will
also be available on APG’s website and a dedicated telephone line and email account
will be established to deal with customer queries details of which will be on the
APG’s website and within all communications sent to customers.
8. Any customer who purchased extended warranty insurance in accordance with the
paragraph 6 above is eligible for a restitution payment from the restitution fund.
9. All eligible customers who respond to the restitution programme communications
will receive an equal share of the restitution fund. If a customer had more than one
policy, each policy will be counted separately when determining what an equal
payment is from the restitution fund.
10. The restitution payments are not intended to return to customers the full cost of
the policy/policies they held but will be an equal share of the fees APG generated
from selling the policies.
11. APG will not know how much the restitution payment for each customer will be until
it has made initial contact with customers and they know how many customers
wish to receive payments from the restitution fund.
12. Restitution payments will be made by bank transfer or by cheque depending on the
customer preference.
13. There will be a two-stage communication exercise. Customer contact details will be
ascertained by APG initially from its customer records. Given the passage of time
since the insurance was purchased, APG will use its best endeavours to verify the
customer’s address, including through the use of an enhanced tracing processes.
For example, tracing tools linked to credit reference agency data.
14. The first communication will ascertain that the contact details for the customer are
correct and the customer will be invited to make a request for payment from the
restitution fund.
15. The first communication will explain why the payment is being made and the steps
a customer should take to obtain payment as well as other relevant information.
16. The second communication will either be a letter with a cheque explaining that the
cheque must be banked within three months after which it will be invalid and no
further cheques will be issued, or a letter confirming that a bank transfer has been
made and the amount of it.
17. If it transpires from the communications that a customer is deceased, the next of
kin of the deceased, on establishing proof of death (for example by producing a
copy of the death certificate) is entitled to the restitution payment from the
restitution fund to the same value as the customer would have been entitled.