Final Notice
FINAL NOTICE
To:
Mitsui Sumitomo Insurance Company (Europe) Ltd
ACTION
1.
For the reasons listed below, the FSA imposes on MSIEu a financial penalty
of £3,345,000 in respect of breaches of Principle 3 of the FSA’s Principles for
Businesses which occurred between 1 October 2009 and 31 March 2011.
2.
MSIEu agreed to settle at an early stage of the FSA’s investigation, and
therefore qualified for a 30% (Stage 1) discount under the FSA’s executive
settlement procedures. Were it not for this discount, the FSA would have
imposed a penalty of £4,780,000.
SUMMARY OF REASONS
3.
This case concerns a serious failure in MSIEu’s corporate governance and
control arrangements which resulted in it being poorly organised and managed
across its business as a whole following a decision to expand and diversify
into a new business area, by writing business for European clients through
three branches across Europe.
4.
The failings occurred despite the FSA clearly indicating that the change in
business strategy would require careful and focussed oversight from the
Board. Following an ARROW visit, the FSA Supervision Team wrote to
MSIEu setting out that oversight of the new and expanded business would be
reliant on good systems and controls, adequate pricing and reserving. A key
factor in achieving this was identified as the implementation of a new
underwriting and general ledger system. It also highlighted the importance of
the Board being supplied with management information of good quality and
quantity to enable effective apportionment and oversight.
5.
However, the corporate governance at MSIEu and the mix of skills and
experience of the Directors and senior management failed to change
sufficiently quickly to reflect the expansion of the business into a new area. In
addition, personnel operated in senior positions with limited experience of the
new business area and UK regulatory obligations. As a result, Board
effectiveness was weak and it failed to operate at the level appropriate for the
size and complexity of MSIEu’s developing operations.
6.
The control and oversight of the new business area was inadequate and
insufficient resources were given to developing this area. MSIEu was
concerned to achieve increased profitability through expansion of the business.
Prompt and effective action was not taken to ensure that appropriate corporate
governance and systems and controls were put in place to comply with UK
regulatory requirements. From December 2010 to the end of the Relevant
Period, MSIEu failed to hold sufficient capital to meet its ICG. MSIEu
accepted that by March 2011 its corporate governance was clearly deficient
and not fit for purpose.
7.
MSIEu breached Principle 3 by failing to take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems. In particular MSIEu failed to take reasonable care to:
a.
ensure that its corporate governance arrangements were operating
effectively;
b.
maintain adequate control and oversight over its branch office
business, despite the FSA indicating in 2009 that its plan to expand
into the non-JIA market required effective oversight;
c.
ensure that key posts were filled with staff with the necessary time,
knowledge, skills and experience;
d.
ensure appropriate segregation of duties and responsibilities, especially
relating to the Three Lines of Defence;
e.
implement in a timely manner effective IT systems and generate
adequate management information to enable it to control business
written in its branches; and
f.
ensure that it had sufficient capital to meet its ICG.
8.
The FSA regards these failings as serious. The weaknesses at MSIEu posed
risks to policy holders and as such had the potential to impact market
confidence. Significant actions have been required and undertaken by MSIEu
to remediate the position and to mitigate the risks to policy holders and FSA
objectives, although in this case the risk was significantly reduced by MSIEu’s
relationship with its parent company. Additionally, the breaches arose despite
specific communications from the FSA that identified the need for careful and
focused oversight from the Board following a decision to expand into new
business areas, and various internal reports from staff of issues regarding
corporate governance.
9.
The FSA also recognises that:
a.
the Holding Company commissioned the Review by an independent
third party into failings at the Firm and MSIEu voluntarily ceased
writing all new non-JIA business until the issues identified by the
Review could be appropriately remediated;
b.
MSIEu made every effort to co-operate with the FSA investigation;
c.
MSIEu is taking substantial steps, including the appointment of a
significantly changed Board and Executive Management team, to
address the issues identified by the Review so as to improve the control
environment including appointment of a new CEO, two independent
non executive directors, a General Counsel and Head Actuary; and,
d.
the capital shortfall against ICG was addressed by a substantial (£94
million) injection of capital from the Parent Company.
DEFINITIONS
10.
The definitions below are used in this Final Notice:
“ARROW” means the framework the FSA uses to make risk-based regulation
operational. ARROW stands for the Advanced, Risk-Responsive Operating
FrameWork.
“the Act” means the Financial Services and Markets Act 2000
“the Board” means the Board of Directors of MSIEu
“CUO” means Chief Underwriting Officer
“EDM” means the weekly Executive Directors Meeting of MSIEu
“the FSA” means the Financial Services Authority
“the Group” means the MS&AD Insurance Group
“GENPRU” means the part of the FSA’s Handbook entitled “General
Prudential sourcebook”
“Head Office” means MSIEu’s principal place of business in London, where
its central management and control functions are based
3
“the Holding Company” means MSIG Holdings (Europe) Ltd, a company
incorporated in the UK
“ICA” means Individual Capital Assessment, which is an ongoing assessment
by a firm of its capital resources undertaken as part of an assessment of the
adequacy of the firm’s overall financial resources
“ICG” means Individual Capital Guidance, which defines the amount and
quality of capital that the FSA thinks that a firm should hold at all times based
on an evaluation of the firm’s ICA. ICG may be substantially greater than the
firm’s minimum regulatory capital requirement.
“Independent NED” means Independent Non-Executive Director
“JIA” means Japanese Interest Abroad
“Mr Kumagai” means Yohichi Kumagai, who held controlled functions CF1
(Director) and CF3 (Chief Executive) at MSIEu throughout the Relevant
Period
“MSIEu” means Mitsui Sumitomo Insurance Company (Europe) Ltd, a
company incorporated in the UK
“the Parent Company” means Mitsui Sumitomo Insurance Company Ltd
(Japan)
“PAS” means MSIEu’s Pan-European Policy Administration System, an
underwriting and claims IT system
“the Relevant Period” means 1 October 2009 to 31 March 2011 (inclusive)
“the Review” means the review by an independent third party commissioned
by the Holding Company into MSIEu’s corporate governance referred to in
paragraph 22 of this Notice
“RMP” means Risk Mitigation Programme
“Three Lines of Defence” means MSIEu’s internal control framework
involving operational processes (the first line), compliance and risk
management (the second line), and internal audit (the third line)
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)
FACTS AND MATTERS
11.
MSIEu is an insurance company regulated by the FSA, carrying out
predominately wholesale insurance business including commercial property
and liability insurance. Based on its nature, scale and complexity, MSIEu is
categorised and supervised by the FSA as a Medium Low (ML) impact firm.
12.
MSIEu is 100% owned by the Holding Company which is in turn owned by
the Parent Company. The Parent Company first established a representative
office in London in 1924. It is now part of the Japanese MS&AD Group which
is one of the world’s largest non-life insurance groups.
13.
Historically, the focus of MSIEu was to service the business needs of the
Group’s Japanese domiciled clients in Europe and the Middle East. This was
known as JIA business.
14.
Up until 2007 MSIEu did not write any non-JIA business, i.e. any business for
non-Japanese clients. In 2007, a decision was taken to expand into non-JIA
business, focussing heavily on the market in Germany and France. MSIEu
enjoyed rapid growth in this area, which led to MSIEu’s gross written
premiums almost doubling by 2010. By year end 2010, approximately half of
MSIEu’s gross written premium was in non-JIA business. MSIEu’s head office
was in London but it had a number of branch offices in Europe.
15.
In April 2009, Mr Kumagai was appointed as executive Chairman of MSIEu.
A number of other new directors were appointed at the same time to replace
previous post-holders. These appointments occurred as part of a rotational
staffing strategy employed by the Parent Company which involved employees
of the Parent Company being seconded to MSIEu for a period of time
(typically three years). Employees were appointed from elsewhere within the
Parent Company, and typically had little or no non-JIA experience prior to
their appointment. Mr Kumagai joined at a critical stage, as MSIEu expanded
its non-JIA business. He chaired the Board and also sat on the EDM, a weekly
meeting between all executive directors to consider management issues.
16.
On 1 June 2009 the FSA Supervision team provided the Board with a Risk
Assessment/ Capital Adequacy Review Letter and RMP, resulting from an
earlier ARROW visit to MSIEu. This stated that:
“We also are aware of your intention to grow the business by expansion into
the local [i.e. non-JIA] market due to the saturation of the Japanese market.
This change in strategy will require careful and focused oversight from the
Board to maintain its success...
…the oversight of the new and expanded European and Middle East
operations is reliant on good systems and controls, adequate pricing and
reserving. A key factor is the new underwriting and general ledger system
(PAS) being implemented during 2008/2009. It is important that the Board is
supplied with management information on the new business venture that is of
the quality and quantity to enable it to discharge its apportionment and
oversight role effectively…”
17.
The letter also commented upon MSIEu’s governance and culture particularly
in relation to a need to appoint an Independent NED with experience within
the European market, stating that:
“Whilst historically the governance and regulatory culture of the firm is good,
we were concerned that currently on your firm’s Board there are no
independent non-executive directors to give a robust challenge……Also as the
firm diversifies into an increased local portfolio without the independent
expertise in this area of the business, there may not be effective oversight of
the risks involved…”
18.
On 26 June 2009, in response to this letter, MSIEu wrote to the FSA
responding to a number of items on the FSA’s RMP and provided the findings
of an internal audit report as was required by the RMP. The letter identified
various steps that MSIEu would take to address issues including:
a.
an update on implementation of PAS which stated that its installation
was imminent; and,
b.
recruiting high calibre independent non-executive representation onto
the Board.
19.
In late 2009, to address the FSA’s concern regarding the experience of the
Board described in paragraph 16 above, MSIEu appointed an Independent
NED with relevant and appropriate experience.
20.
The internal audit report recommendations included:
a.
a review of the effectiveness of the Board and executive committees,
with the results to be incorporated into the future running of the Board
and executive committees; and,
b.
ensuring that the role of MSIEu’s Operations Department was clearly
communicated and that branch offices developed procedures to operate
autonomously.
21.
During September 2010, after a further visit raised concerns, the FSA
requested details of how MSIEu intended to strengthen its reserves, an
overview of the controls and oversight of the European branches, and to
arrange a visit to the German branch.
22.
In March and April 2011, two meetings were held between FSA Supervision
and MSIEu in which MSIEu reported that it held insufficient capital to meet
its ICG.
23.
In April 2011, after the second meeting between MSIEu and the FSA, the
Holding Company commissioned an independent third party to carry out a
review of MSIEu’s corporate governance. The Review was split into two
phases, Phase One (completed 3 May 2011) and Phase Two (19 July 2011).
24.
Phase One included a high level review of the oversight and governance and
systems and controls within the UK operation and the German branch. It also
considered the facts around the capital shortfall against ICG.
25.
Phase Two included an in-depth review of the corporate governance
arrangements and systems and controls at MSIEu including for the two largest
branches in Germany and France.
The Review – Phase One
26.
The Phase One report was received on 5 May 2011. Its key findings were that
the corporate governance structure, and the make-up of the senior
management team of MSIEu had not changed to reflect the developments in
its business, and that the board was weak and did not have the appropriate
resources to effectively oversee and control non-JIA business. It also found
that MSIEu had failed to meet its ICG.
The Review – Phase Two
27.
On 19 July 2011, the FSA received Phase Two of the Review. This raised
significant concerns about fundamental aspects of MSIEu’s corporate
governance, oversight of its branch operations, and systems and controls. It
identified:
a.
issues with the corporate structure, corporate governance, resourcing
and the Three Lines of Defence model used by MSIEu;
b.
significant weaknesses in MSIEu’s information systems, reserving and
aggregate exposure management; and,
c.
insufficient effective control, support and oversight of the European
branch offices, in particular the German branch.
28.
These issues, and MSIEu’s failure to hold adequate capital to meet its ICG are
considered in turn below.
Corporate structure, corporate governance, resourcing and the Three Lines of
Defence
29.
The Review identified concerns as to MSIEu’s corporate structure, with
numerous European branches and high central costs. It highlighted governance
concerns relating to a lack of Board effectiveness, due to a lack of appropriate
skill and experience, a lack of corporate behaviour on the Board, and difficult
decisions being deferred several times. The Review also identified that
inadequate staff resources and staff changes created gaps in MSIEu’s First
and Second Lines of Defence.
30.
The high central costs led to a concern during the Relevant Period to cut these
costs so as to improve profitability. This was a factor in the decision in early
2010 to merge MSIEu’s back office functions with those of another Group
company within the UK.
7
31.
The relevant skills and experience of the Board were also affected by the
Group’s rotational staffing policy, described above. As a result of this policy a
number of individuals with limited recent experience of non-JIA business
were placed into senior positions within MSIEu. They had restricted
experience and were unfamiliar with the business and the UK regulatory
environment. MSIEu’s senior management was aware of the need to ensure
that incoming staff were suitably skilled and experienced to perform their new
roles, and during the Relevant Period began to operate an interview procedure
to assess the suitability of such staff prior to allocating them their new roles.
Some training was provided to new staff on arrival. However, this did not
adequately address the issue and there remained a lack of relevant skills and
experience amongst key post holders.
32.
The corporate governance issues are apparent from a review of the minutes of
Board meetings and EDMs:
a.
In September 2009, Compliance reported to the EDM on a review of
Board and committee performance which identified that the various
executive committees through which MSIEu was controlled were not
operating effectively. During the Relevant Period no effective action
was taken by senior management in response to the findings of this
review: the chairmen of the respective committees were asked to
address the shortcomings identified but no checks were put in place to
ensure that this happened and was effective.
b.
In late 2009, MSIEu appointed an Independent NED with relevant and
appropriate experience in non-JIA business. In March 2010, the
Independent NED identified to Mr Kumagai a number of weaknesses
in MSIEu including its understanding of European markets, leadership
and corporate governance. He suggested a corporate governance
model for MSIEu to adopt, but no action was taken in response to his
analysis and suggestions.
c.
The need for changes to MSIEu’s corporate governance was also
raised at EDMs from March 2010, by MSIEu’s Internal Audit and
others, but no action was taken until late 2010. As part of its response
to the FSA’s request referred to in paragraph 20 above, MSIEu
confirmed by letter of 8 October 2010 that it would “undertake a
review of its corporate governance and report to the Board with
observations and recommendations.” This review was repeatedly
discussed at the EDM during October and November 2010, but no
agreement was reached as to how or by whom it should be conducted.
d.
At a Board Meeting on 25 November 2010, the Independent NED
observed that almost nothing had been achieved in relation to the
corporate governance review and asked what the plan was for the
following year. The drafting of new Corporate Rules was also
identified as long overdue, having been deferred since the Board
Meeting in May 2010. The Independent NED further observed that the
Board “did not have a CEO, CFO or an individual in charge of
operations. It was not clear who was running the company and who
was in charge”.
e.
On 27 January 2011, the Board approved as a concept a proposed
organisational restructuring of MSIEu. This included the proposed
appointment of the Independent NED as Chairman, Mr Kumagai’s job
title being changed to Chief Executive Officer and a single Director
being given direct responsibility for the European branches.
33.
Mr Kumagai had begun discussing this revised corporate structure with the
Holding Company and MSIEu’s Corporate Planning Department in December
2010. Only very limited input was obtained from those in MSIEu with
relevant expertise and experience in managing non-JIA business. On 24 March
2011, the Board approved the revised corporate structure, subject to a full
legal review being undertaken. On 1 April 2011, the new corporate structure
was announced to the staff.
34.
At the next Board meeting, on 20 April 2011, it was agreed that no further
steps should be taken to implement the new corporate structure until the
ongoing corporate governance review, the legal review, and a visit by the FSA
in MSIEu’s Cologne branch had been completed. In fact, the planned
restructure was not implemented, being superseded by a remediation
programme which has resulted in significant change to MSIEu’s structure,
management and governance.
35.
MSIEu had a lack of resources in key functions including that:
a.
It did not have a CUO. At an EDM on 5 May 2009 the appointment of
a CUO was discussed as being intended to “give the expertise to
oversee and support the non-JIA business and that this would enable
the firm to demonstrate that it can control its overseas business which
had been a concern of the FSA”. An individual identified as a suitable
candidate to act as CUO was vetoed by the German branch. This
individual was not appointed and no further steps were taken to identify
and appoint a suitable CUO during the Relevant Period;
b.
On 25 March 2010, a meeting of the Board confirmed the appointment
of a senior executive officer to oversee the branch operations. The
individual appointed was selected as part of the rotational management
strategy and had only limited experience of non-JIA business.
Consequently this did not make up for the absence of an appropriately
experienced CUO;
c.
Key appointments were made on an interim basis from March 2010
onwards and no steps taken to recruit permanent post-holders during
the remainder of the Relevant Period;
d.
From April 2010, MSIEu made appointments to key posts without
considering whether the post-holder’s span of responsibility was too
wide for him to perform his responsibilities adequately; and
e.
Key functions in the Second Line of Defence were under resourced
and therefore unable to fulfil their functions. Thus, MSIEu sought to
achieve oversight of the German branch’s underwriting through
reviews by third-party reviewers including reinsurers performing
reviews for the reinsurers’ own purposes, rather than any reviews and
testing by MSIEu’s Second Line of Defence.
36.
The Three Lines of Defence system was compromised in that responsibility
for functions within different Lines of Defence was not always allocated to
different individuals.
Information systems, reserving and aggregate exposure management
37.
During the Relevant Period MSIEu sought to implement PAS, an underwriting
and claims IT system, to standardise business processes across all branches
and hence to enhance the control environment. As referred to above,
implementation of this system was identified by the FSA in June 2009 as
being a key factor in providing management with adequate data to oversee and
control the growing branch business. Without such a system MSIEu was
unable efficiently to generate financial data that was required to control the
business.
38.
Although MSIEu reported to the FSA in June 2009 that implementation was
imminent, this had not been completed across all of the branches by the end of
the Relevant Period. There were fundamental difficulties with implementation
of the system, and, as a result, significant weaknesses arising from the lack of
an effective system by which the business could be monitored by
management.
39.
These difficulties were apparent to senior management, as reflected in the
minutes of Board and EDMs:
a.
At a Board Meeting on 30 July 2009, timing of the PAS
implementation was discussed and pressures on the budget noted. Mr
Kumagai expressed a “strong expectation that all directors, managers
and staff would implement PAS in accordance with the timescales”;
b.
At an EDM on 24 August 2009 it was reported that good progress
appeared to have been made with the implementation of PAS in
London and the system was about ready to be launched for a live run in
Germany;
c.
At an EDM on 26 November 2009, it was noted that the German
branch was finding the implementation of PAS to be very
cumbersome;
d.
On 21 December 2009 PAS was described as being used successfully
in the UK branch and “expected to go live in the German Branch in
January [2010] and the issues raised by German colleagues should
not prevent this”;
e.
At an EDM on 5 July 2010 it was noted that PAS had still not been
fully implemented at this stage;
f.
A visit by the CFO to the German branch on 27 July 2010 identified a
number of issues with PAS in the branch, in particular a reticence by
members of staff regarding its implementation, inefficient cash
matching and slow response times;
g.
On 29 July 2010, the Board was informed that PAS was now expected
to be completed in “at least mid to late 2011”;
h.
At a Board Meeting on 24 September 2010 a number of complaints
were raised about PAS and, in particular, its implementation in the
German branch. The Independent NED queried who was taking
ownership of this issue which had been repeatedly reported to the
Board but he did not see any progress and needed an answer as to how
the system was working; and,
i.
At the Board Meeting on 27 January 2011, it was observed by the
Independent NED that the implementation of PAS was a major issue
and he was concerned that “no matter how many times the issues were
mentioned at a Board meeting, nothing appeared to happen. It needed
to be solved”. Details were provided to the Independent NED about the
steps being taken to address the issue including that there was
oversight at the EDM which understood exactly what was going on
and that the mistakes had been identified and processes developed to
overcome them. It was, however, recognised that the same issues came
to the Board every meeting and that a plan to deal with them should be
communicated to the Board and employees.
40.
Despite these difficulties insufficient steps were taken to ensure that adequate
resources, including individuals with sufficient time and adequate IT skills and
experience, were devoted to implementation of the PAS system, either at the
outset or as difficulties with the system increased.
41.
The difficulties with PAS implementation led to numerous manual work-
arounds being put in place within the branches to input data into the various
information systems. This created concerns as to the quality of data being
provided to MSIEu’s senior management, Finance Department and auditors.
42.
There were significant deficiencies in the reserving process, by which MSIEu
calculated the amount of reserves that it should hold so as to be able to meet
all future claims arising from policies currently in force and written in the past.
This process was run within the central Finance Department with limited
senior management involvement. There was no Reserving Committee,
integrated reserving methodology or sufficient resources to operate an
adequate level of control. These difficulties were exacerbated by MSIEu’s
difficulties in obtaining data of sufficient quality to support the process.
43.
There was also a lack of an aggregate exposure management process, by
which MSIEu could assess the total risks written onto its books. Although an
external party performed an annual aggregate exposure analysis on some risk
areas, weaknesses in the data quality of the non-JIA business resulted in low
reliability of the exposure reports. This created a risk that MSIEu was unable
to assess the risks on its books at any one time.
Management and oversight of the branch operations
44.
The Review identified concerns with MSIEu’s control and oversight of its
branch operations. The lack of a CUO and the corporate governance and
systems issues described above, which persisted throughout the Relevant
Period, significantly undermined senior management’s ability to monitor and
control its branch operations.
45.
MSIEu identified non-JIA business as representing better potential for growth
due to the relative saturation of the JIA market. However, it failed to
adequately resource oversight and control of the expansion of the non-JIA
business.
46.
On 27 July 2010, the CFO visited the German branch to carry out a review of
financial reporting and controls. This reported significant concerns about
financial record keeping and control in the German branch, which were
exacerbated by a number of other issues including difficulties with the
implementation of PAS.
47.
Capital requirement management by MSIEu gave no capital assignment to the
branches. As a result, the German branch gave little regard to the capital
implications from development in its business. Further, the German branch
was consistently allowed to exceed planned gross written premiums for the
branch, as it expanded as a greater rate than anticipated. This meant that
MSIEu was not able to monitor and plan its capital requirement but rather had
to manage its capital on a retrospective basis.
Capital Shortfall against ICG
48.
From December 2010 to the end of the Relevant Period (three months),
MSIEu failed to hold sufficient capital to meet its ICG.
49.
The FSA expects firms to meet ICG at all times and interprets ICG as its view,
at a point in time, of the adequate amount of capital that a firm must hold,
based on that firm’s risk profile. Should a firm’s capital fall below its ICG, the
FSA would take a view as to whether that constituted a breach of the threshold
condition of maintaining adequate financial resources or of GENPRU 1.2.26R.
50.
Concerns over the adequacy of MSIEu’s capital position were raised with
senior management throughout the Relevant Period, but inadequate steps were
taken to address them.
51.
Senior management had numerous discussions in relation to this issue,
including the following:
a.
On 1 September 2009, the EDM was informed that MSIEu’s
regulatory capital of £43.1m had fallen below its risk appetite buffer of
10% above ICG (being £43.8m) although it was still above the ICG of
£39.8m.
b.
On 19 October 2009, the EDM noted that the ICG was “up to £41.8m
which is only £1.3m below our regulatory capital position”.
c.
At an EDM on 8 February 2010, it was agreed that MSIEu would not
have the necessary regulatory capital in the next two years due to the
expansion of the non-JIA business. There were discussions about the
target of providing a Return on Equity to the Holding Company of
10.5%. The majority of the members of the EDM were reluctant to
seek a capital injection from the Parent Company without first having
generated additional profits from the business.
d.
At the Board Meeting on 25 March 2010, the Board again observed
that additional regulatory capital would be needed in the future as the
business expanded. The intended way to deal with the position was to
“maximise profitability and strengthen the infrastructure to gain
efficiencies”.
e.
By 25 October 2010, the EDM was aware that the projected shortfall
against ICG was nearly £2m. Some members of the EDM remained
reluctant to inform the FSA of the position at that stage. Instead, it was
decided to discuss the position with the Holding Company before
informing the FSA.
f.
An Extraordinary Board Meeting was held on 8 November 2010 to
discuss the shortfall against ICG. The Board recognised that the
shortfall could increase to £5m by 31 December 2010. It was
confirmed that the Holding Company was willing to provide additional
funds but that this was dependent upon first being provided with a
sustainable business plan.
g.
By letter of 12 November 2010, MSIEu informed the FSA that it
projected a capital shortfall of approximately £2 million against its
ICG as at 31 December 2010.
h.
By 31 December 2010 MSIEu had fallen short of its ICG by
approximately £1.8 million. In addition, a further shortfall was
projected for 2011 based on the 2011 business plan.
i.
At an EDM on 31 January 2011, it was noted that discussions with the
Holding Company about the capital injection had not started and were
to be put back to March 2011. However, it was submitted that this did
not fit with the need to submit the ICA to the FSA by the end of
February 2011 and that a timeline for the provision of capital from the
Holding Company needed to be agreed before then. The Holding
Company “wanted a business plan to ensure that there was a plan in
place to make profit otherwise the risk that MSIEu wrote might need to
be reduced.” At this stage, this required business plan had not been
provided to the Holding Company.
j.
An Extraordinary Meeting of the Directors was held on 17 February
2011 to discuss the ICA which, as a result of the increase in non-JIA
business, had increased from the £37.6m reported in November 2010
to £48.6m. It was agreed that MSIEu would inform the FSA of the
position at a meeting on 30 March 2011 that had already been arranged
to discuss Solvency II.
k.
On 30 March 2011, MSIEu informed its FSA Supervision team that it
had fallen short of its ICG and projected that the shortfall would reach
approximately £7.7 million.
l.
MSIEu submitted a plan to recapitalise to the FSA on 15 April 2011.
m.
On 28 April 2011 MSIEu received a capital injection of £14m from the
Parent Company to address the capital shortfall against ICG.
Response to the Review
52.
On 11 May 2011 after a discussion with the FSA, MSIEu ceased writing new
non-JIA business from the German branch. Subsequently, the FSA requested
that MSIEu cease writing any new non-JIA business in all of its EU branches.
MSIEu agreed to do this voluntarily on 3 June 2011.
53.
After the receipt of the Phase One report, Mr Kumagai resigned from his
position as CEO of MSIEu on 1 June 2011. A further six members of the
board of MSIEu also resigned at this time.
54.
On 29 July 2011, MSIEu submitted a risk treatment plan to the FSA for all
issues identified.
55.
On 19 August 2011, MSIEu wrote to the FSA, stating that it accepted all of the
findings of the Review and that its “corporate governance system…was
clearly deficient and not fit for purpose”. . As a result, the firm has entered
into extensive remediation plans to resolve all of the issues raised in the two
reports.
56.
On 7 July 2011, in part as a result of matters outlined above, the FSA gave
MSIEu a new ICG which included a loading for management issues known up
to that date. The new ICG immediately caused a capital shortfall against ICG
of £17.6m which MSIEu addressed by way of a substantial capital injection
from the Holding Company of £80m on 10 August 2011. This was in addition
to the capital injection made in April 2011
FAILINGS
57.
The regulatory provisions relevant to this Final Notice are referred to in Annex
A.
58.
The FSA agrees with the findings of the Review. By reason of the facts and
matters set out above, MSIEu breached Principle 3.
59.
In addition, MSIEu breached Principle 3 by failing to take reasonable care to
organise and control its affairs responsibly and effectively, with adequate risk
management systems. In particular:
a.
MSIEu failed to take reasonable care to ensure that its corporate
governance arrangements were operating effectively, despite warnings
from within the organisation from the beginning of the Relevant Period
as to issues with corporate governance.
b.
MSIEu failed to take reasonable care to maintain adequate control and
oversight over its branch business despite being told by the FSA in
early 2009 that its plan to expand into the non-JIA market required
effective oversight. The control and oversight of the new business area
was inadequate and insufficient resources were given to developing
this area. MSIEu was concerned to achieve increased profitability
through expansion of the business. Prompt and effective action was not
taken to ensure that appropriate corporate governance and systems and
controls were put in place to comply with UK regulatory requirements.
It did not have in place a CUO to oversee the branch business nor
appropriately plan, assign and monitor the capital requirement arising
from the growth of the branches.
c.
MSIEu failed to take reasonable care to ensure that key posts on the
Board and across the organisation were appropriately filled with staff
with the necessary time, knowledge, skills and experience. The Board
did not have sufficient knowledge and experience to effectively
oversee and control the expanding non-JIA business which was
exacerbated by the Group’s rotational staff policy. Throughout the
Relevant Period there was no CUO. In early 2010 key directors moved
to other posts within the Parent Company, in line with the Parent
Company’s rotation policy. This led to a loss of corporate memory
and a lack of relevant skills and experience amongst key post holders
which was not adequately addressed. In addition, MSIEu did not take
reasonable care to ensure that those responsible for PAS
implementation had sufficient time or adequate IT skills and
experience, and allowed key functions in the Second Line of Defence
to remain under-resourced.
d.
MSIEu failed to ensure that duties and responsibilities were
appropriately divided between senior members of staff, and did not
take adequate steps to ensure that individuals were not given too wide
a span of responsibility. From April 2010, there was insufficient
segregation between the First and Second Lines of Defence.
e.
MSIEu failed to take reasonable care to ensure that PAS, a system
essential for providing management with adequate data to oversee and
control its branch business, was implemented effectively and in a
timely manner. Full implementation of PAS across all branches was
repeatedly delayed throughout the Relevant Period. It was hampered
by a lack of resources and suitable skilled and experienced personnel
to effect the implementation. In addition, MSIEu failed to take
reasonable care to ensure that there were adequate systems and
controls surrounding reserving and aggregate exposure management.
f.
MSIEu failed to take reasonable care to ensure that it held sufficient
capital resources to meet its ICG. Management were aware throughout
the Relevant Period that business growth might lead MSIEu to fall
below its ICG for the year, but whilst it informed the FSA, it took no
timely action to address this situation. As a result of this delay, MSIEu
failed to hold sufficient capital resources to meet its ICG from
December 2010. The shortfall amounted to over £7m by the end of
March 2011.
SANCTION
60.
The FSA’s policy on the imposition of financial penalties and public censures
is set out in the FSA’s Decision Procedure & Penalties Manual (DEPP) and
the Enforcement Guide. In determining the appropriate outcome in this case,
the FSA has had regard to this guidance. The FSA considers that the
seriousness of this matter merits the imposition of a financial penalty.
61.
DEPP 6.1.2G provides that the principal purpose of a financial penalty is to
promote high standards of regulatory conduct. It seeks to do this by deterring
firms who have breached regulatory requirements from committing further
contraventions, helping to deter other firms from committing contraventions
and demonstrating generally to firms the benefit of compliant behaviour.
62.
The FSA introduced a new policy for imposing a financial penalty in March
2010, which requires the FSA to apply a five-step framework to determine the
appropriate level of the financial penalty. This policy is set out in Chapter 6 of
DEPP. In this case, as the Relevant Period is 1 October 2009 to 31 March
2011, the breach straddles both the old and new FSA penalty policies.
However, as the gravamen of the breach occurred from March 2010 onwards,
the FSA has applied the new policy to calculate the appropriate penalty for
MSIEu's breach.
63.
DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms.
Step 1: disgorgement
64.
Pursuant to DEPP 6.5A.1G, at Step 1 the FSA seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to
quantify this.
65.
The FSA has not identified any financial benefit that MSIEu derived directly
from its breach. The Step 1 figure is therefore nil.
Step 2: the seriousness of the breach
66.
Pursuant to DEPP 6.5A.2G, at Step 2 the FSA determines a figure that reflects
the seriousness of the breach. Where the amount of revenue generated by a
firm from a particular product line or business area is indicative of the harm or
potential harm that its breach may cause, that figure will be based on a
percentage of the firm’s revenue from the relevant products or business area.
67.
The FSA considers that the revenue generated by MSIEu from the growth of
its non-JIA business is indicative of the potential harm caused by its breach
and so should be considered MSIEu's relevant revenue for the purposes of
calculating the Step 2 figure. The FSA considers MSIEu's relevant
revenue over the Relevant Period to be £35,400,000.
68.
In deciding the percentage of the relevant income that forms the basis of the
Step 2 figure, the FSA considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels
which represent, on a sliding scale, the seriousness of the breach; the more
serious the breach, the higher the level. For penalties imposed on firms there
are the following five levels:
Level 1 – 0%
Level 3 – 10%
Level 5 – 20%
69.
In assessing the seriousness level, the FSA takes into account various factors
which reflect the impact and nature of the breach and whether it was
committed deliberately or recklessly.
70.
DEPP 6.5A.2G(9) lists factors that tend to show the breach was reckless,
including whether the firm’s senior management, or a responsible individual,
appreciated there was a risk that their actions or inaction could result in a
breach and failed adequately to mitigate that risk. The FSA considers that
MSIEu’s senior management was aware that there were weaknesses within the
business and took inadequate steps to address those weaknesses, and was
negligent in that in some cases its senior management failed to appreciate that
there was a risk that their actions or inaction could result in a breach.
71.
DEPP 6.5A.2G(11) lists factors likely to be considered ‘level 4 factors’ or
‘level 5 factors’. Of these, the FSA considers the following to be relevant:
a.
the breach revealed serious weaknesses in the firm’s management
systems and internal controls; and
b.
MSIEu’s senior management was aware there was a risk that the
weaknesses in the business could result in a breach but took inadequate
steps to address those weaknesses.
72.
DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3
factors’. Of these, the FSA considers the following to be relevant:
a.
MSIEu did not make any profit or avoid any loss directly as a result of
the breach. It is not clear whether the firm’s failure to introduce
appropriate controls indirectly increased its profit;
b.
there was no loss to MSIEu’s customers, either individually or in
general, and the risks to customers were significantly reduced by
MSIEU’s relationship with the Parent Company; and,
c.
MSIEu’s conduct included negligent conduct.
73.
DEPP 6.5A.2G(6) lists factors relating to the impact of the breach and DEPP
6.5A.2G(7) lists factors relating to the nature of the breach. These include the
factors referred to at paragraphs 68(a) and 69(a) and (b) above and the
following additional factors which the FSA considers to be relevant:
a.
MSIEu’s senior management was aware that there were weaknesses
within the business; and,
b.
MSIEu took some steps to address the weaknesses of which it was
aware, albeit that these steps were mostly late and ineffective.
74.
The FSA considers that the breaches, which involved significant failings in
corporate governance and which continued for a period of eighteen months,
represent a persistent failure by MSIEu and its senior management to address
risks which were brought to its attention by the FSA and by internal reports
prepared during the Relevant Period. Allowing its non-JIA business to grow
without implementing the appropriate controls could have put policy holders
at risk, albeit that in this case the risk was significantly reduced by the
relationship with the Parent Company. The FSA considers that the failure to
address doubts about MSIEu’s capital adequacy promptly shows a lack of
understanding of the importance of compliance with regulatory requirements,
even if MSIEu’s senior management was confident that additional capital
could be required at short notice from its Parent Company. The FSA
considers that in some instances some members of MSIEu’s senior
management failed to appreciate the seriousness of the concerns being raised
and the need to take effective action to address them.
75.
Taking all these factors into account, the FSA considers that this is a level 4
breach in terms of seriousness and that the appropriate Step 2 figure to reflect
this is £5,310,000.
Step 3: mitigating and aggravating factors
76.
Pursuant to DEPP 6.5A.3G, at Step 3 the FSA may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
77.
The FSA considers that there are the following aggravating factors:
a.
MSIEu received direct communications from the FSA in 2009
identifying the need for careful and focussed oversight over its
growing business through good systems and controls;
b.
These issues were also highlighted throughout the Relevant Period by
internal reports senior management received from staff; and
c.
In 2010, the FSA published a policy statement (PS 10/15) emphasising
that the quality of governance is a major focus for the FSA.
78.
The FSA considers that the following factors mitigate the breach:
e.
The Holding Company commissioned the in-depth Review by an
independent third party into failings at the Firm and MSIEu voluntarily
ceased writing all new non-JIA business until the issues identified by
the Review could be appropriately remediated;
f.
MSIEu made every effort to co-operate with the FSA investigation;
g.
MSIEu is taking substantial steps, including the appointment of a
significantly changed Board and Executive Management team, to
address the issues identified by the Review so as to improve the control
environment including appointment of a new CEO, 2 independent non
executive directors, a General Counsel and Head Actuary; and,
h.
The capital shortfall against ICG was addressed by a substantial (£94
million) injection of capital from the Parent Company.
79.
The FSA also notes that MSIEu has no previous disciplinary findings recorded
against it.
80.
The FSA regards these aggravating factors to be serious but considers that the
mitigating factors set out above are also significant. Having taken all these
factors into account, the FSA considers that the Step 2 figure should be
reduced by 10% at Step 3. The Step 3 figure is therefore £4,780,000.
Step 4: adjustment for deterrence
81.
Pursuant to DEPP 6.5A.4G, if the FSA considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others,
from committing further or similar breaches, then the FSA may increase the
penalty.
82.
The FSA considers that the Step 3 figure of £4,780,000 represents a sufficient
deterrent to MSIEu and others, and so has not increased the penalty at Step 4.
The Step 4 figure is therefore £4,780,000.
Step 5: settlement discount
83.
Pursuant to DEPP 6.5A.5G, if the FSA and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP
6.7 provides that the amount of the financial penalty which might otherwise
have been payable will be reduced to reflect the stage at which the FSA and
the firm reached agreement. The settlement discount does not apply to the
disgorgement of any benefit calculated at Step 1.
84.
The FSA and MSIEu reached agreement at Stage 1 and so a 30% discount
applies to the Step 4 figure. The Step 5 figure is therefore £3,345,000.
85.
The FSA has therefore imposed a total financial penalty of £3,345,000 on
MSIEu for breaching Principle 3 of the FSA’s Principles for Businesses.
PROCEDURAL MATTERS
Decision maker
86.
The decision which gave rise to the obligation to give this Notice was made by
the Settlement Decision Makers.
87.
This Final Notice is given under section 390 of the Act.
Manner and time for Payment
88.
The financial penalty must be paid in full by MSIEu to the FSA by no later
than Tuesday 22 May 2012, 14 days from the date of the Final Notice.
If the financial penalty is not paid
89.
If all or any of the financial penalty is outstanding on Wednesday 23 May
2012, the FSA may recover the outstanding amount as a debt owed by MSIEu
and due to the FSA.
90.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those
provisions, the FSA must publish such information about the matter to which
this notice relates as the FSA considers appropriate. The information may be
published in such manner as the FSA considers appropriate. However, the
FSA may not publish information if such publication would, in the opinion of
the FSA, be unfair to you or prejudicial to the interests of the consumers.
91.
The FSA intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
FSA contacts
92.
For more information concerning this matter generally, contact Clare
McMullen (direct line: 0207 066052) or Stephen Smith (direct line: 0207
0662142) at the FSA.
FSA Enforcement and Financial Crime Division
ANNEX 1
RELEVANT STATUTORY AND REGULATORY PROVISIONS
STATUTORY PROVISIONS
1.
The FSA’s statutory objectives, set out in section 2(2) of the Act, are market
confidence, financial stability, consumer protection and the reduction of financial
crime.
2.
Section 206 of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act, it may impose on him a penalty,
in respect of the contravention, of such amount as it considers appropriate.”
3.
The procedures to be followed in relation to the imposition of a financial penalty
are set out in sections 207 and 208 of the Act.
4.
MSIEu is an authorised person for the purposes of section 206 of the Act.
5.
The requirements imposed on authorised persons include those set out in the
FSA’s Principles and Rules made under section 138 of the Act. Section 138
provides that the FSA may make such rules applying to authorised persons as
appear to be necessary or expedient for the purposes of protecting the interests of
consumers.
REGULATORY PROVISIONS
Principles for Businesses (PRIN)
6.
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the FSA Handbook. They derive
their authority from the FSA’s rule-making powers as set out in the Act and
reflect the FSA’s regulatory objectives. The Principles relevant to this case are as
follows:
7.
Principle 3 (management and control) provides:
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems.”
General Prudential Sourcebook (GENPRU)
8.
The General Prudential Sourcebook contains rules and guidance in relation to
the adequacy of a firm’s financial resources.
9.
GENPRU 1.2.26R provides:
“A firm must at all times maintain overall financial resources, including
capital resources and liquidity resources, which are adequate, both as to
amount and quality, to ensure that there is no significant risk that its liabilities
cannot be met as they fall due.”