Final Notice
FINAL NOTICE
Date:
7 August 2014
1.
ACTION
1.1. For the reasons given in this notice, the Authority hereby imposes on Stonebridge
a financial penalty of £8,373,600.
1.2. Stonebridge agreed to settle at an early stage of the Authority’s investigation.
Stonebridge therefore qualified for a 30% (stage 1) discount under the Authority’s
executive settlement procedures. Were it not for this discount, the Authority would
have imposed a financial penalty of £11,962,317 on Stonebridge.
2.
SUMMARY OF REASONS
2.1. On the basis of the facts and matters described below, Stonebridge breached
Principle 3 (Management and control) and Principle 6 (Customers’ interests) of the
Authority’s Principles for Businesses between 1 April 2011 and 31 December 2012
in relation to telephone sales of Personal Accident, Accidental Death and Accidental
Cash Plan insurance products. These products were underwritten by Stonebridge
and sold to customers on its behalf by various authorised intermediary firms to
whom Stonebridge had outsourced its sales and customer services operations.
2.2. Stonebridge failed to take reasonable steps to ensure that its customers were
treated fairly. It identified its target market as being persons who typically were in
2
the middle-to-low income bracket and did not have a college degree or professional
qualification; yet the sales process it designed provided insufficient information and
channelled customers who had families towards the broader, costlier family cover.
Stonebridge designed sales scripts and call flows that emphasised the availability of
cancellation rights during the sales calls. However, when customers tried to cancel
their policies, the post-sales cancellation process designed by Stonebridge
presented customers with barriers to cancellation. All of these factors resulted in
customers taking out policies that they did not fully understand.
2.3. These failings were made possible by Stonebridge’s poor systems and controls, and
inadequate oversight of the Outsourcing companies. There were deficiencies in the
training material designed by Stonebridge. Stonebridge failed to ensure that sales
calls and post-sales cancellation calls by the Sales outsourcing company and the
Customer service outsourcing company were subject to adequate quality assurance
procedures. It also failed to obtain adequate management information to oversee
whether customers were being treated fairly by the Outsourcing companies.
Furthermore, Stonebridge was unable properly to monitor its systems and controls
in the European Offices because its Compliance department was inadequately
resourced.
2.4. Stonebridge breached Principle 6 during the Relevant Period by failing to pay due
regard to the interests of its customers in the UK and treat them fairly. Its business
strategy of maximising sales of the Products was implemented at the cost of the
fair treatment of its customers. In particular:
a) There were deficiencies in the sales process guides designed by Stonebridge to
facilitate the sales calls, known as call flows, which were designed in a manner
that channelled customers who had families automatically towards the broader
and costlier family cover;
b) The sales process encouraged sales personnel to make use of cancellation rights
to secure sales. Customers were encouraged to purchase the Products by being
informed that they could cancel their policies within 30 days and not incur any
fees if they did not consider the Products suitable for their needs; and
c) When customers wanted to cancel their policies, the customer services
personnel presented barriers to cancellation. Stonebridge’s training process
encouraged these personnel to overcome customers’ objections which resulted
in customers not succeeding in cancelling policies despite several attempts.
2.5. Stonebridge breached Principle 3 in the UK during the Relevant Period by failing to
provide adequate oversight in relation to the sales and post-sales cancellation
processes at the Sales outsourcing company and the Customer services
outsourcing company. Stonebridge failed to identify and address the following
weaknesses in the implementation of these processes:
a) The Sales outsourcing company failed to provide information in a clear, fair and
balanced manner. The sales personnel failed to disclose adequate information at
the point of sale, including the exclusions and limitations of the Products. In
addition, the pace of the sales calls conducted by the Sales outsourcing
company was too fast to be adequately comprehensible;
b) The sales personnel at the Sales outsourcing company failed to inform
customers of Stonebridge’s identity at the beginning of the sales calls;
c) The sales personnel at the Sales outsourcing company failed to inform
customers of the implications of some payment options at the point of sale;
3
d) If a customer bought a policy providing a narrower scope of coverage following
cancellation of a policy, in some cases personnel at the Customer services
outsourcing company did not provide adequate and comprehensible information
about the replacement policy which included information on exclusions and
limitations; and
e) Stonebridge failed to take reasonable steps to ensure that sales calls and post-
sales cancellation calls were subject to adequate quality assurance procedures.
2.6. Stonebridge breached Principle 3 during the Relevant Period by failing to take
reasonable care to implement adequate systems and controls in relation to the
outsourcing of its sales and customer services operations to the Outsourcing
companies responsibly and effectively, with adequate risk management systems.
These weaknesses in systems and controls led to customers being placed at an
unacceptable risk of being mis-sold the Products. Specifically, during the Relevant
Period:
a) Stonebridge’s governance structure during the Relevant Period was inadequate
in that it did not ensure that the Outsourcing companies had effective controls
to ensure that customers would be treated fairly. For instance:
i) Various Board and Executive Committees within Stonebridge during the
Relevant Period did not effectively oversee whether the Outsourcing
companies were adequately addressing the risks affecting customers and
failed to ensure that issues brought to their attention were rectified on a
timely basis; and
ii) The Committee responsible for setting remuneration was not instructed to
consider ‘Treating Customers Fairly’ objectives when determining the
incentive schemes for its own staff and the staff at the Outsourcing
companies. In addition, there was inadequate focus on considering customer-
specific
risks
and
regulatory
obligations
when
setting
remuneration
guidelines. Consequently, Stonebridge did not give sufficient weight to
addressing the risk of customer detriment when setting up incentive schemes
for staff;
b) Stonebridge did not obtain adequate management information from the
Outsourcing companies to enable it to identify, measure and manage risks to
the fair treatment of customers. The management information that Stonebridge
obtained was unclear and incomplete, which meant that there was lack of
effective monitoring of the Outsourcing companies;
c) Stonebridge pursued an aggressive timetable to outsource its customer services
function to the Customer services outsourcing company without putting in place
adequate systems and controls to enable it to oversee whether the Customer
services outsourcing company was treating its customers fairly; and
d) Stonebridge had an inadequately resourced Compliance department to enable it
to monitor the systems and controls in its European Offices to an appropriate
standard and did not take reasonable steps to address this. Stonebridge’s
processes failed to identify subsequent changes to call scripts made by one of
the Outsourcing companies after the Compliance department had approved
them.
2.7. The Authority considers these failings to be particularly serious because a
significant number of customers were placed at risk of mis-selling by Stonebridge’s
failings. At the end of 2012, Stonebridge had 558,000 customers of which
approximately 40% were based in the UK and the remainder were based in Europe.
During the Relevant Period, 486,644 customers were sold policies on Stonebridge’s
behalf by the Outsourcing companies in the UK and the European Countries.
2.8. Stonebridge has carried out a past business review of all of the sales conducted in
the UK by the Outsourcing companies during the Relevant Period and has
proactively commenced a similar exercise in relation to the Products sold in the UK
and the European Countries. Further, it will compensate any customers who have
suffered losses as a result of the failings identified in this Notice. The scope of this
past business review is significantly wider than that of the Skilled Person’s review
and includes all current policy holders.
2.9. Further, in response to the Authority’s concerns, Stonebridge has taken a number
of proactive steps. It has voluntarily ceased distribution of the Products in the UK
and the European Countries, replaced its executive management team who were in
charge during the Relevant Period and comprehensively revised its governance
structure and Operating Board membership, and improved the design of its
products
and
policy
documentation.
It
has
also
revised
its
contractual
arrangements with the Customer services outsourcing company in order to
strengthen the level of oversight to be provided in future and implemented new
company policies and procedure for managing its prudential and conduct risk.
2.10. This action supports the Authority’s consumer protection objective.
3.
DEFINITIONS
3.1. The definitions below are used in this Final Notice.
“the Act” means the Financial Services and Markets Act 2000
“the ARC” means Stonebridge’s Audit and Risk Committee
“the Authority” means the body corporate previously known as the Financial
Services Authority and renamed on 1 April 2013 as the Financial Conduct
Authority
“Business Partners” means various catalogue sales firms, online retailers and
credit card companies that provide customer lists to Stonebridge to enable it to
market its insurance products to the Business Partner’s customer base
“Call flows” means the less prescriptive sales process guides used in the UK to
facilitate the sales calls. The guides set out a sequence of steps which sales
personnel had to carry out during the calls. These guides were not as rigid as the
detailed call scripts used in the European Countries
“Customer services outsourcing company” means the authorised intermediary
firm engaged by Stonebridge from November 2011 until the end of the Relevant
Period to carry out its customer services operations in the UK and the European
Countries which included dealing with post-sales cancellation calls
“DEPP” means the Authority’s Decision Procedures and Penalties Manual
“European Countries” means Germany, France, Italy and Spain where the
Products were marketed during the Relevant Period
5
“European Offices” means Stonebridge’s offices in Germany and France, and its
branches in Italy and Spain, comprising Stonebridge’s staff members who set up
and managed Stonebridge’s relationship with the Outsourcing companies in the
European Countries
“the Outsourcing companies” means, together, the various intermediaries
contracted by Stonebridge to carry out sales and customer services in the UK and
the European Countries during the Relevant Period including the Sales
outsourcing company and the Customer services outsourcing company. Each of
the intermediaries was authorised in the relevant country to conduct insurance
mediation activities
“Period 1” means the period from April 2011 to December 2011 in respect of sales
and also from December 2011 to May 2012 in respect of cancellations
“Period 2” means the period from August 2012 to October 2012
“Principles” means the Authority’s Principles for Businesses
“the Products” means, together, the Personal Accident, Accidental Death and
Accidental Cash Plan insurance products sold to customers on behalf of
Stonebridge
“RAG rating” means Red, Amber, Green score used by Stonebridge for
performance measures
“the Relevant Period” means 1 April 2011 to 31 December 2012
“Sales Calls” means telephone calls made by the Sales outsourcing company in
relation to the sale of one of the Products that were reviewed by the Skilled
Person including calls that did not result in a sale
“Sales outsourcing company” means the authorised intermediary firm engaged by
Stonebridge to conduct telephone sales of the Products on its behalf in the UK
during the Relevant Period. This company also provided customer services
operations until November 2011
“the Skilled Person” means the independent third party commissioned by
Stonebridge at the Authority’s request to prepare a skilled persons report under
section 166 of the Act reviewing the sales and customer services operations
“SRC” means Stonebridge’s Strategic Risk Committee
“STIC” means the Short Term Incentive Compensation scheme in place at
Stonebridge that was used to calculate the bonuses payable to the staff
“Stonebridge” means Stonebridge International Insurance Limited
“TCF” means Treating Customers Fairly. TCF focuses on the delivery of the
Authority’s statutory consumer protection objective
“TCFC” means Stonebridge’s TCF Committee
“TCF Outcomes” means the six improved consumer outcomes which are the aims
of the Authority’s TCF initiative. These outcomes were first outlined in the
Authority’s July 2006 publication, “Treating customers fairly – towards fair
outcomes for consumers” and remain core to what the Authority expects of firms.
6
The requirement to implement these outcomes is firmly rooted in the Authority’s
Principles for Businesses
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)
4.
FACTS AND MATTERS
Background facts
4.1. Stonebridge is a general insurance firm. It has been authorised since 1 December
2001 by the Authority. During the Relevant Period, it held the following
permissions in relation to its insurance activities:
a)
Accepting deposits;
b) Advising on investments (except pension transfers and opt-outs);
c)
Agreeing to carry on a regulated activity;
d) Arranging deals in investments;
e)
Carrying out contracts of insurance;
f)
Dealing in investments as principal;
g) Effecting contracts of insurance; and
h) Making arrangements with a view to transactions in investments.
4.2. During the Relevant Period, Stonebridge through the Outsourcing companies, sold
the Products to customers over the phone on a non-advised basis across the UK,
Germany, France, Italy and Spain. Lists of potential customers were obtained
through various Business Partners throughout the UK and the European Countries,
which included catalogue sales firms, online retailers, banks and credit card
companies. In return for the customer information, Stonebridge paid an agreed
percentage of the premiums it collected to the Business Partners. The Business
Partners were not actively involved with selling the Products to the customers. That
role was carried out by the Outsourcing companies.
The Products
4.3. Stonebridge internally viewed the Products as ‘high margin, lower claims risk,
supplemental “push” protection products, tailored for distribution through
telemarketing’.
4.4. The Products were available either to cover individuals or to cover an individual and
his or her family. The family cover also included a customer’s partner and any
children.
4.5. The Accidental Death Plan allowed relatives of policy holders to receive a lump sum
if the policy holders died as a result of an accident. The payment made to the
relatives varied according to the type of accident and the plan customers held, with
the standard product typically paying £500,000 for a public transport accident,
£50,000 for a road traffic accident and £25,000 for most other accidents. The
average monthly premium for the policy during the Relevant Period was £6.19 for
single cover and £8.76 for family cover.
7
4.6. The Accident Cash Plan enabled customers to receive a fixed amount of money
each day if they were unable to work or look after their family. For example, the
standard plan paid £350 per day for each day (for up to 365 days) in hospital in
the UK as a result of an accident. The average monthly premium for the policy
during the Relevant Period was £7.17 for single cover and £11.12 for family cover.
4.7. The Personal Accident Plan provided a range of fixed amounts for death,
hospitalisation and accidental injuries. For example, the standard Personal Accident
Plan paid from £1,000 for minor accidents to £250,000 for major accidents such as
those that cause permanent disabilities. The average monthly premium for the
policy during the Relevant Period was £6.35 for single cover and £12.93 for family
cover.
The business strategy
4.8. During the Relevant Period, Stonebridge focussed increasingly on developing
strategic alliances with its Business Partners. This focus strongly influenced product
development and the choice of the products that Stonebridge marketed to its
customers.
4.9. Stonebridge identified its target market as being persons who typically were in the
middle-to-low income bracket and did not have a college degree or professional
qualification.
4.10. Given these strategies, it was essential for Stonebridge to ensure robust controls
were in place to ensure compliance with regulatory rules and in particular that its
customers were treated fairly.
4.11. During the Relevant Period, Stonebridge earned revenues (equivalent to gross
written premium) of approximately £41.6m from sales of the Accidental Death
Plan, £49.2m from sales of Accident Cash Plan and £3.0m from sales of Personal
Accident Plan products in the UK and the European Countries, giving a total of
approximately £93.8 million across the Products. The UK sales made up 37% of
this revenue, followed by Germany, Spain, France and Italy which contributed
25%, 13%, 14% and 11% respectively to these revenue figures.
The Incentive scheme
4.12. Stonebridge operated an incentive scheme which applied to all permanent
employees called the Short Term Incentive Compensation scheme (“STIC”). Senior
managers could potentially earn an additional payment of up to 75% of their
salaries under this scheme. The level at which STIC payments were made was
chiefly based on the performance of the company, and a key measure of the
performance of the company was the annual income expected to be generated
from policies issued. There was no provision, after expiration of the free period, for
claw-back of STIC payments if those policies were cancelled or were assessed as
being mis-sold. Although lack of compliance with regulation was listed as a factor
that could potentially reduce or prevent a STIC payment and, in particular, a senior
manager’s STIC payment calculations included a 10% weighting for TCF, in practice
insufficient weight was given to this factor.
4.13. The STIC rewarded sales without sufficient countervailing measures to take into
account the quality of the sales. The effect of this was to increase the risk of non-
compliance with regulatory rules and in particular the risk that customers would
not be treated fairly.
4.14. In addition, Stonebridge did not have sufficient oversight of, or input into, the
incentive schemes in place at the Outsourcing companies. The Skilled Person found
that although the incentive schemes at the Sales outsourcing company were
largely adequate, they did not link cancellations with sales and therefore potentially
led to a focus on volume of sales rather than quality. The Skilled Person found that
the incentive scheme at the Customer services outsourcing company was focused
on retaining customers who wanted to cancel their policies and potentially led to
the use of barriers to cancellation. The incentive schemes in place at these
Outsourcing companies increased the risk of mis-selling. Stonebridge did not have
effective governance arrangements and controls in place to identify and manage
this increased risk to its customers.
The sales process
4.15. During the Relevant Period, the sales process for the Products involved sales
personnel at various outsourcing companies making unsolicited telephone calls to
customers included in the lists provided by the Business Partners, using scripts and
call flows designed by Stonebridge. In the UK, sales personnel followed a call flow
process which provided guidance to the sales personnel on how to make sales
calls, whereas in the European Countries they were instructed to follow a call script
verbatim which had been approved by Stonebridge in the UK. Both processes
included disclosing the name of the Business Partner who had introduced the
customers to Stonebridge. The sales process involved customers being informed
about the policies, being offered various payment options, and being informed
about the exclusions and limitations of the policies they were purchasing.
Customers were also informed that if they cancelled the policies before the end of
the first 30 days, they would not have to pay any cancellation fees and all
premiums would be refunded. Following the sale of the Products and after quality
assurance by the sales outsourcing companies, Stonebridge sent the policy
documentation to customers.
4.16. Following the sale, Stonebridge conducted a second level review of the sales calls
that had been subjected to quality assurance by the sales outsourcing companies
to ensure that the companies were carrying out assessments consistently and
according to Stonebridge’s standards.
Background to the Authority’s investigation
4.17. During March and April 2012, the Authority reviewed a sample of sales calls and
had concerns that customers were buying products without fully understanding the
extent of cover under the policies.
4.18. In May 2012, the Authority communicated its concerns to Stonebridge. Stonebridge
did not initially agree with the Authority’s findings but commissioned an
independent review by a City law firm of the same sales calls that had been
analysed by the Authority. The law firm was instructed to identify further areas for
improvement. The independent legal review concluded that while improvement was
required in certain areas, there were no serious concerns in respect of its sales
process. An action plan was developed by Stonebridge, in consultation with the
Authority, to remedy the deficiencies identified.
4.19. In July 2012, Stonebridge, on its own initiative, commissioned a review of post-
sales cancellation calls. A total of 1,703 calls were assessed during the review, of
which 267 calls (16%) were deemed to have resulted in potential customer
detriment. Upon verification of the findings in the review of these post-sales
cancellation calls, Stonebridge reported the results to the Authority.
4.20. In October 2012, the Authority requested Stonebridge to appoint the Skilled Person
to review sales and post-sales cancellation calls in the UK over two distinct periods
to identify any customer detriment. The first period reviewed by the Skilled Person
covered sales for the period from April 2011 to December 2011 and cancellations
from December 2011 to May 2012 (Period 1). The second period covered sales and
cancellations from August 2012 to October 2012 (Period 2). The Skilled Person’s
review found that although there was no indication of wilful mis-selling or
pressurised selling, there were deficiencies in the sales process. Further, although
the Skilled Person found no evidence of actual customer detriment, it was of the
view that there was a risk of potential customer detriment. The review also found
weaknesses in the systems and controls around the sales and post-sales
cancellation process. As a result, the Authority commenced its investigation, the
results of which are set out below.
Weaknesses in the sales process
4.21. There were a number of deficiencies in the sales process designed by Stonebridge.
Deficiencies in the information provided at the point of sale
4.22. Stonebridge’s sales scripts and call flows, which provided guidance to sales
personnel at the Outsourcing companies on how to make sales calls, were poorly
designed. This resulted in customers not being provided with adequate information
on the range of cover available to them, payment options, and the exclusions and
limitations of products they were purchasing.
Failure to provide the customer with appropriate and comprehensible information
about the policy
4.23. Stonebridge designed the sales scripts and call flows that were subsequently used
by the Outsourcing companies. Each script varied to comply with local laws but in
essence all of them followed the same format. The sales personnel were directed to
establish early in the call whether the customer had a family. These scripts were
designed so as to steer customers who had families towards the broader and
costlier family cover. If a customer answered “yes” to the question which asked
whether they had children and/or a spouse, they were automatically offered the
family cover without being informed of the cheaper single cover. The customers
were not provided with all the relevant options about the levels of cover available
to them.
4.24. The Authority considers that if different levels of cover are available in respect of a
particular product, customers must be given that information at the point of sale to
enable them to make an informed decision as to which level of cover is appropriate
to their needs.
4.25. The Skilled Person found that in 80% of the Sales Calls (24 out of 30 calls) in
Period 1 and 70% of the Sales Calls (21 out of 30 calls) in Period 2 (45 out of 60
calls in total), customers were not provided with appropriate and comprehensible
information about the policy such as would enable the customer to make an
informed decision about the arrangements proposed, and in a way that
demonstrated that Stonebridge had had regard to the customer’s interests and
treating them fairly. In 37 out of these 45 calls, customers were not made aware
of the different levels of cover that existed for the relevant product and the
different costs associated with each level. In 16 out of these 45 calls (36%),
personnel at the Sales outsourcing company failed to provide correct information to
customers in relation to their eligibility for the Products and failed to explain
comprehensively the cover, benefits, key exclusions and limitations.
4.26. The Authority considers that there was a risk that customers agreed to the sale
without fully understanding the range of circumstances that were covered by the
policies. In one example, a customer explained to a sales person employed by one
of the Outsourcing companies that she was prone to falling over as her legs were
weak due to an historic injury. The sales person, departing from the sales script,
used this example of customer falling over and being hospitalised to explain that in
such an event she would be able to claim on the policy. However, the product
literature clearly stated that claims were not paid if the accident occurred due to
pre-existing medical conditions. The sales person failed to mention this exclusion
during the call. On the basis of the information provided to her, the customer
agreed to purchase the Personal Accident Product.
Not providing information in a clear, fair and balanced manner
4.27. Stonebridge failed to provide proper oversight over the activities of sales personnel
at the Sales outsourcing company who failed to provide information in a clear, fair
and balanced manner to customers during sales calls.
4.28. In some cases, customers were given inaccurate or misleading information about
policy coverage by sales personnel employed by the Outsourcing companies. For
instance, one customer was informed that an Accident Cash Plan policy covered the
customer if she cut her finger or if something happened to her in the garden. This
was an incomplete illustration because this particular product only paid out in the
event that the customer was unable to work or look after their family because they
had to stay in the hospital for at least 24 hours due to the accident. In some
instances, customers were informed that no payments were taken on the day of
the sales call. Although this was factually correct, it was prone to being
misunderstood by the customer because payment details were taken from the
customers during the call committing them to a payment in a few working days.
The Authority’s review of the sales cancellation calls showed that a number of
customers did not understand the policies they had purchased and were confused
as to why Stonebridge had taken direct debit payments without their prior
authorisation.
4.29. The Skilled Person found that in 20% of the Sales Calls (6 out of 30 calls) in Period
1 and 50% of the Sales Calls (15 out of 30 calls) in Period 2, the sales personnel at
the Sales outsourcing company failed to provide information in a clear, fair and
balanced manner.
4.30. The Skilled Person further found that the pace of 17% of these Sales Calls (10 out
of 60 calls) was inappropriately fast. The Skilled Person concluded that there was
therefore a risk that these customers did not fully understand the information they
were given.
Failure to explain Stonebridge’s identity and the purpose of the call
4.31. Stonebridge’s monitoring processes did not pick up that sales personnel at the
Sales outsourcing company failed to explain at the beginning of the sales calls that
they were calling on behalf of Stonebridge and what the purpose of the call was.
Instead, sales personnel initially gave an impression that they were calling on
behalf of the Business Partner before explaining that they were in fact representing
Stonebridge.
4.32. The Skilled Person found that in 80% of the Sales Calls (24 out of 30 calls) in
Period 1 and 43% of the Sales Calls (13 out of 30 calls) in Period 2, the sales
personnel failed to identify both Stonebridge and the purpose of the call explicitly
at the beginning of the conversation.
Failure to explain associated charges
4.33. Stonebridge did not provide sufficient oversight over the activities of the sales
personnel at the Sales outsourcing company, who failed to provide relevant
information about the payment options available to its customers.
4.34. The Skilled Person found that in 77% of the Sales Calls (23 out of 30 calls) in
Period 1, sales personnel at the Sales outsourcing company did not make the
customers aware, at the point when they were deciding on the payment method, of
the associated charges to which they might be exposed (namely if the customer
chose to pay through their account with the Business Partner, it might have
resulted in the customer paying interest on the premium if the outstanding balance
on the account was not paid in full each month). Where this information was
provided, it was given at the end of the sales call in line with the flawed design of
the call flows in use at the time. In addition, the Skilled Person found that in 17 out
of the 30 Sales Calls, the sales personnel encouraged customers to pay through
the Business Partner’s account by stating that payment through the store cards or
the catalogue statements was more convenient because this method of payment
did not require the customer to give bank details over the telephone.
4.35. As a result, the customers were not fully aware of the potential for associated
charges. The Authority considers that this information is relevant to the
affordability of the Products and customers therefore should have been reminded
of this at the point of sale.
4.36. In June 2012, Stonebridge made changes to its call flows which resulted in
customers being made aware of the range of payment methods and associated
charges at the point when they had to decide how to pay for the Products. This
resulted in improvements in the quality of the sales calls, as confirmed by the
Skilled Person’s review, which found only 1 out of 30 calls in Period 2 that did not
communicate information on premium payment methods in a balanced manner or
make the customer aware of associated charges.
Use of cancellation rights to secure sales
4.37. The training materials designed by Stonebridge encouraged sales personnel at the
Sales outsourcing company to use cancellation rights in order to secure sales of the
Products.
4.38. The sales scripts and call flows prompted sales personnel to state to the customers
that they could cancel the policy at any time, and that if the cancellation was
completed before the end of the first 30 days, the customers did not have to pay
any cancellation fees and were refunded all the premiums they had paid to date.
The sales personnel used phrases like “it wouldn’t have cost you a penny”.
4.39. The training material used to provide guidance to sales personnel stated that they
could “make explicit use of the cancellation terms to make the sale”. This material
gave sales personnel wide discretion as to when, where and how many times they
could use cancellation statements during a phone call to secure the sale.
4.40. The Skilled Person found that in 43% of the Sales Calls (13 out of 30 calls) in
Period 1 and 43% of the Sales Calls (13 out of 30 calls) in Period 2, sales personnel
used cancellation rights to secure or attempt to secure sales.
Free periods of cover
4.41. Stonebridge’s sales process in the European Countries varied slightly from that
followed in the UK because in most of the sales in these countries, the customers
were offered free cover for periods of 30, 60 or 90 days. Providing periods of free
cover does not, itself, constitute a breach of any applicable regulatory requirement.
However, the Authority considers that this sales strategy, combined with
presenting barriers to customers wishing to cancel their policies, suggests that
Stonebridge was relying on some individuals either forgetting to cancel the policy
at the end of the period of free cover or being successfully discouraged from doing
so.
4.42. The STIC incentive scheme referred to in paragraph 4.12 potentially encouraged
this type of selling, since the key measure of performance effectively counted the
issue of a policy, even if it were to be promptly cancelled by the customer after the
expiration of the free cover.
4.43. Consumer inertia is an important barrier to consumers acting to cancel their
policies in situations such as this. The Authority’s research is continuing in
behavioural economics to establish why this is the case.
4.44. In this situation robust controls and processes, including scripts to guide sales
personnel through compliant sales processes, were needed to mitigate the risk of
consumers paying for policies which they did not wish to keep.
Failure by the Outsourcing companies in the European Countries to follow the sales
scripts
4.45. Stonebridge’s internal procedures meant that all of the sales scripts used by the
Outsourcing companies in the European Countries were required to be signed off
by the Compliance department before being implemented by sales personnel in the
European Countries. However, there was insufficient monitoring by Stonebridge to
detect any subsequent changes to the sales scripts on a timely basis.
Deficiencies in the information provided at the point of cancellation
Barriers to cancellation
4.46. As explained in paragraph 4.38 above, sales personnel at the Sales outsourcing
company emphasised during the sales process that if customers did not consider
the Products suitable for their needs, they could cancel their policies and not incur
any fees.
4.47. Before November 2011, if customers wanted to cancel their policies, they had to
contact the Sales outsourcing company to process their request. Stonebridge
designed training materials for the relevant persons so that they could respond to
the cancellation requests with a view to retaining the customers. One particular
training document which outlined how to retain such customers stated: “by the end
of this session you will demonstrate how to best approach a cancellation request
with the intention of retaining the customer… [and] effectively handle objections
presented by the customer in the retention process”.
4.48. From November 2011, the customer services operations for the UK and the
European Countries were handled by the Customer services outsourcing company
based in the UK. This company also presented customers with barriers to
cancellation.
4.49. Although the data available to Stonebridge indicated that cancellation rates were
high, nevertheless the Authority has identified the following examples of barriers to
cancellation in the Relevant Period:
a)
Although the sales cancellation scripts stated that customers should answer
three data protection questions before they could discuss their policy, the
Authority’s review of customer calls identified several instances where the
customer services personnel asked six data protection questions before they
initiated the cancellation process.
b) The Authority’s review of customer calls also identified some instances where
the customer services personnel refuted the customer’s concerns five times in
order to dissuade the customer from cancelling the policy entirely. They tried
to persuade customers to keep their policies or take out new policies with
reduced cover at a lower cost. For instance, they suggested that the customers
review the policy documents which the customer services personnel sent
through the post to help them to “make a more informed decision”.
Alternatively, customer services personnel tried to convince customers that
“different kinds of insurance all complement each other”. If a customer
explained that they wanted to cancel the policy because they were unable to
afford it, the customer services personnel offered them a reduced cover, often
without explaining the implications of the reduced cover.
c)
During one telephone call, it became apparent that the customer had tried to
cancel his policy since 2004 but on each occasion the customer services
personnel persuaded the customer to retain it. When the customer tried to
cancel his policy again the agent asked “is there any reason why you wanting
[sic] to cancel it now?” In response, the customer stated, “I don’t need it, I
just don’t need it, I’m sure I don’t”. Notwithstanding the customer making this
request, the telephone call ended with the customer keeping the policy.
4.50. Customer facing personnel at the Sales outsourcing company and the Customer
services outsourcing company were rewarded for successfully retaining customers
who wanted to cancel their policies.
4.51. The Skilled Person found that in 40% of the cancellation calls (8 out of 20 calls) in
Period 1 and 44% of the cancellation calls (11 out of 24 calls) in Period 2 (19 out of
44 calls in total), the customer services personnel presented customers with
barriers to cancellation. Only 4 out of these 19 cancellation calls resulted in the
customers successfully cancelling their policies. In 7 out of the 19 calls, customers
agreed to retain their policies in full and in 8 out of the 19 calls, customers agreed
to retain the policies with a reduced cover.
Failure to provide the customer with appropriate and comprehensible information
about reduced policy coverage
4.52. As a result of the retention process designed by Stonebridge, which encouraged
personnel at the customer services outsourcing companies to present barriers to
cancellation, many customers who tried to cancel their policies, instead opted for
reduced cover. This in effect meant that they agreed to purchase a new policy.
However, in a significant proportion of cases, personnel at the Customer services
outsourcing company failed to provide appropriate and comprehensible information
about the new policies. Customer services personnel should have explained the
revised benefits, exclusions and limitations to the customers. However, the
customer services personnel failed to provide this information during the call.
4.53. The Skilled Person found that in 35% of the cancellation calls (7 out of 20 calls) in
Period 1 and 56% of the cancellation calls (14 out of 24 calls) in Period 2,
customers were not provided with sufficient, appropriate and comprehensible
information about the policy to enable the customer to make an informed decision.
For instance, the customer services personnel failed to check whether the customer
was eligible to receive benefits under the policies or inform them about key
exclusions and limitations. In two cases, the Skilled Person found that the
customers believed that they were purchasing life insurance policies instead of the
Accidental Death policy and were uncertain which family members were covered
under the policy. The Skilled Person also found that two customers repeatedly
asked for more information because they did not understand the products being
offered by Stonebridge. However in response to these requests, the sales
personnel failed to provide clear and easily understandable information.
Weaknesses in systems and controls
4.54. There were a number of weaknesses in the systems and controls in place at
Stonebridge relating to its oversight of the sales and post-sales cancellation
process.
Inadequate Management Information
4.55. The management information that Stonebridge obtained to seek to ensure it was
treating its customers fairly was incomplete and unclear, which meant that
Stonebridge was unable effectively to monitor the Outsourcing companies during
the Relevant Period.
4.56. During the Relevant Period the ‘TCF dashboard’, Stonebridge’s management
information tool for monitoring TCF outcomes and ensuring timely delivery of
associated activities, was inadequate and ineffective. In particular:
a) The TCF dashboards were not fully or accurately completed. For example in July
2011, for the UK, Germany, Italy and Spain, the detailed executive summaries
were identical to one another; the action plans for each of these countries
contained the same two issues first raised more than a year previously; and no
trend commentary was completed. The poor quality of input from the European
Offices to the TCF dashboard remained an issue throughout the Relevant Period.
b) The RAG ratings did not effectively assess the extent of the risk to customers.
For example, in November 2011, Stonebridge’s office in Spain gave a Green
RAG rating score to its quality assurance process on the TCF dashboard.
However, the Compliance department had completed a review of the same
process and rated it as Red over the couple of months preceding the Green
rating.
Ineffective governance
4.57. Various Board and Executive Committees within Stonebridge did not effectively
oversee whether the Outsourcing companies were adequately managing risks
affecting its customers during the Relevant Period.
4.58. The TCF Committee (“TCFC”) was tasked with assisting the Audit and Risk
Committee (“ARC”) in the governance of the TCF policy and providing the first level
of challenge to senior management in relation to customer risk. It was intended to
ensure that the company met its obligations to treat customers fairly and
appropriately manage the risk of failing to do so. However, during the Relevant
Period the TCFC did not operate effectively to ensure that customers were treated
fairly. In particular, during the Relevant Period:
a) There was no evidence that the TCFC reviewed TCF internal controls in
accordance with its terms of reference.
b) The TCFC did not provide appropriate challenge to the results in the TCF
dashboard and the accuracy of the management information that made up the
dashboard. For example, in 2012 the regional dashboard regularly produced a
RAG rating that was obviously incorrect. The result was overridden to reflect the
correct position. However, the deficiencies in the metrics used in the dashboard
were not addressed by the TCFC within a reasonable time.
c) The TCFC was aware of the deficiencies in TCF reporting, but failed to resolve
this issue within a reasonable time.
d) The TCFC also failed to ensure that issues that were brought to its attention
were rectified on a timely basis. For instance, in March 2011, the TCFC became
aware that the complaint levels in Spain were high. The TCFC requested an
analysis to be carried out to determine why. However, this request remained
outstanding in February 2012.
4.59. The Strategic Risk Committee (“SRC”) was an executive committee tasked with
assisting the ARC in identifying, quantifying and mitigating risk, overseeing the
effectiveness of controls and supporting risk management programmes, including
TCF-related controls. The SRC was responsible under its terms of reference for
ensuring that “fair treatment of customers is integral to the strategic and
operational risk objectives” of Stonebridge. The Authority considers that the SRC
was ineffective in this regard during the Relevant Period. In particular:
a) The management information presented to the SRC was inadequate. For
instance, from the beginning of the Relevant Period the Authority had raised
concerns about French complaints, which highlighted Stonebridge’s failure to
gather sufficient data about customer cancellations. This culminated in the
Authority sending a formal letter to Stonebridge on 2 September 2011 setting
out its concerns and requesting that Stonebridge review its sales process. Yet
the pack provided to the SRC that month contained no management information
that detailed progress with resolving this issue and “regulatory risk” was RAG
rated as Green throughout this period. Further, Compliance reports were not
regularly included in SRC packs prior to June 2012. In addition, the December
2011 SRC minutes noted that the French and Spanish offices were not providing
adequate input into the preparation of the risk dashboards.
b) The SRC minutes show no debate on customer risks and issues. The TCFC was
also charged with dealing with TCF issues, but was also ineffective in doing so.
4.60. The ARC was the Board committee which had oversight of the effectiveness of the
overall risk framework, of financial reporting and internal control principles and
practices during the Relevant Period. Although the ARC discussed Risk and
Compliance issues, the Authority considers that there was an inadequate level of
sustained challenge in respect of TCF risks, in particular customer-specific risks in
relation to sales through the Outsourcing companies:
a) In August 2010, Internal Audit informed the ARC of the lack of compliance
reviews or outcome testing within the Outsourcing companies in the European
Countries. In November 2010, an audit of TCF outcomes noted, among other
things, that less than half of the Compliance department’s oversight monitoring
activities had been completed, and no compliance oversight monitoring had
been undertaken at all in the Outsourcing companies in the European Countries.
The ARC accepted assurances that this was being addressed without further
enquiry as to the adequacy of the Compliance department’s resources. In May
2011, Internal Audit again reported to the ARC that the Compliance
department’s monitoring activities were behind schedule due to lack of
resources. Although Internal Audit pointed out that this issue was being
addressed, the Compliance department remained under-resourced throughout
the Relevant Period, as discussed further in paragraphs 4.74 to 4.75 below; and
b) Internal Audit informed the ARC in August 2011 of serious defects in respect of
processes and procedures involved in sales through the Outsourcing companies.
Despite the continuing concerns of Internal Audit and evidence of a substantial
increase in complaints, the ARC relied on verbal reassurances and failed to call
for management information to establish whether any customer detriment was
arising.
4.61. The Board’s Nomination and Remuneration Committee (“NRC”) approved the
structure and objectives for performance related pay operated by Stonebridge in
the UK and the European Countries. The terms of reference of the NRC did not
require consideration of customer-specific risks and compliance with regulatory
obligations when setting remuneration and incentives. Although the NRC increased
the TCF measure in the STIC bonus structure for senior management prior to the
Relevant Period, the Authority considers that, in practice, Stonebridge did not give
sufficient weight to addressing the risk of customer detriment when setting up
incentive schemes for its staff. As a result, the incentive schemes in place at
Stonebridge throughout the Relevant Period incentivised sales without adequate
consideration of the quality of those sales.
The Operating Board
4.62. Although the Operating Board did provide some degree of challenge and oversight
during the Relevant Period, it failed to ensure that the systems and controls
weaknesses affecting customers, which were raised at Board level, were remedied
on a timely basis and that requested actions were progressed to closure. For
example:
a) In September 2011, the Board called for a paper to confirm that all the actions
requested by the Authority in its 2009 review had been completed. This was
still outstanding in March 2012; and
b) In December 2011, the Board received an update on an audit being conducted
in Stonebridge’s French office in response to concerns raised by the French
regulator arising from customer complaints. One Board member enquired
whether the Compliance department’s oversight was sufficient. There is no
evidence that a response was provided and no follow up action points were
raised to address this matter.
Deficiencies in managing outsourcing arrangements
4.63. In or around May 2011, Stonebridge began the process of creating a new customer
services centre in the UK to handle all customer services calls across Europe. The
new customer services centre was intended to operate cross-border, and therefore,
it was necessary to conduct a fresh assessment for compliance with regulations.
The timetable for the creation of this new centre should have included sufficient
time for Stonebridge to understand the implications of this significant change and
develop the necessary procedural controls.
4.64. The TCF dashboard for August 2011 pointed out that there was “aggression” in the
timetable set for the migration which was planned for November 2011. The Legal
department was notified of the impending migration in September 2011.
Stonebridge established a project team to implement the migration. The scope of
the responsibilities of this project team included ensuring procedures, training
material and scripts were in place before the operation went live. However, these
key documents were not approved by the Compliance department.
4.65. In August 2011, Internal Audit reported that Stonebridge’s outsourcing policies and
procedures were seriously deficient. Internal Audit noted that the relevant policy
did not properly highlight risks and controls. It also noted that procedures for the
due diligence process in respect of outsourcing were inadequate, including how the
process was signed off and controlled. The customer services approval process did
require that all customer communications be approved by Compliance prior to use.
Despite Internal Audit’s concerns and written advice from the Compliance
department drawing attention to the impossibility of achieving a compliant
operation in the time available, Stonebridge proceeded with the migration of the
customer services function, which took place on 21 November 2011.
4.66. A review of the customer services function by the Compliance department,
completed in February 2012, found that Stonebridge had not requested that
sufficiently robust procedures be put into place at the Customer services
outsourcing company to ensure customers were treated fairly and that customer
services activity was properly organised. It found that although the project had
‘gone live’ in November 2011, the procedures, training and scripting used by the
Customer services outsourcing company were still not approved as of February
2012, and were either not compliant with regulations or not sufficiently robust. In
relation to scripting, the review identified that the scripts for the Outsourcing
companies in the European Countries were not approved by the Compliance
department; either the English version had never been translated, or those
translations had not been provided to the Compliance department for approval.
Weaknesses in the training process
4.67. Stonebridge designed the training material which was used by the Outsourcing
companies. It was also directly involved in providing the training.
Training deficiencies at the Sales outsourcing company
4.68. There were a number of weaknesses in the design of the training process at the
Sales outsourcing company.
4.69. For this company, Stonebridge designed an extensive training programme.
However, some of the training encouraged poor selling techniques.
4.70. The training encouraged staff to use cancellation rights as a means of securing a
sale and encouraged staff not to ask certain questions which would have made the
sales more TCF compliant. For instance, the training material stated, “we will be
working on the assumption that the customer would like to cover all eligible
family”.
4.71. The Skilled Person found that although the training and competence scheme in
place at the Sales outsourcing company had most of the components that it would
expect to find, sales personnel were not provided with feedback on the quality of
the calls and the results of the call monitoring reviews. The testing on the use of
products, regulations and process was set at too basic a level and the training
material was not consistent with regulatory requirements and did not consider
good and poor customer outcomes.
Training deficiencies at the Customer services outsourcing company
4.72. The Customer services outsourcing company used its own training materials for the
first year of its operation. However, Stonebridge also did not adequately oversee
what training materials were in use by this outsourcing company. The Authority
considers that an insurer in this position is obliged under Principle 6 to review the
training materials to be used by its intermediaries and to satisfy itself of their
suitability, as well as taking reasonable steps to ensure that the training is being
undertaken to a satisfactory standard.
4.73. The Skilled Person found that the training procedure which was in place during the
Relevant Period for staff at the Customer services outsourcing company was too
basic and did not focus on TCF Outcomes. There was also a lack of formal training
given to the staff, which meant there were no training records to demonstrate the
competence of staff. Further, one-to-one feedback meetings with individual agents
put undue emphasis on retaining customers.
Weaknesses in Compliance
4.74. The Compliance department at Stonebridge operated under a governance
framework which specified how it would fulfil its duties in relation to monitoring
and assessing the adequacy and effectiveness of Stonebridge’s policies and
controls. The framework formed part of Stonebridge’s governance arrangements
and aimed to provide a second line of defence. The development of this Compliance
framework started before 2011, but was only completed in May 2012.
4.75. Throughout the Relevant Period, the Compliance department at Stonebridge was
under-resourced. All of its staff members were physically based in the UK and did
not visit either the European Offices or the Outsourcing companies in Germany or
Italy as part of their Compliance monitoring reviews. As a result, because the
European Offices did not have their own Compliance teams, it meant that Germany
and Italy were not subject to any Compliance monitoring reviews in the Relevant
Period. Instead, the Compliance department focused its efforts on the European
Offices and the Outsourcing companies in France and Spain.
Weaknesses in the quality assurance process
4.76. All sales were subject to two levels of quality assurance procedures. During the
Relevant Period, the quality assurance process for sales made by the Sales
outsourcing company and post-sales cancellations by the Customer outsourcing
company comprised the following key steps:
a) The Sales outsourcing company reviewed each one of the sales calls before the
policy documentation was issued to customers. This process was set out in a
manual designed by Stonebridge;
b) From November 2011 to May 2012, the Customer services outsourcing company
used its own quality assurance manual. From May 2012, Stonebridge
implemented a quality assurance manual for the Customer services outsourcing
company to follow. This manual was similar in design to the one that
Stonebridge put in place for the quality assurance of sales calls; and
c) In addition, Stonebridge conducted a second level review of the sales and post
sales cancellation calls that had been subjected to a quality assurance process
by the Outsourcing companies. This review was known as ‘congruence testing’.
This was to ensure the Outsourcing companies were carrying out the
assessments consistently and accurately to Stonebridge’s standards.
Deficiencies in the quality assurance process
4.77. The second level quality assurance process at Stonebridge had the following key
a) The process did not provide for any analysis to determine the reasons why calls
at the Sales outsourcing company and the Customer services outsourcing
company were failing quality assurance. There was no mechanism in place to
feed back the results of the quality assurance process which would have helped
improve the sales process;
b) The staff carrying out quality assurance of the French sales calls did not listen to
the entire telephone calls before grading them. Instead, they concluded their
assessments after only listening to the first five minutes of the sales calls. This
increased the risk of the quality assurance process not identifying all of the
unsuitable sales. Further, the Spanish office did not record the results of any of
its quality assurance testing. Consequently, the Compliance department in the
UK was unable to validate these results; and
c) Due to lack of oversight provided by Stonebridge over the Customer services
outsourcing company, for a large part of the Relevant Period, no quality
assurance was carried out in relation to post-sales cancellation calls.
4.78. The first level quality assurance process in place at the Sales outsourcing company
and the Customer services outsourcing company in the UK had the following
deficiencies:
a) The process did not require sales calls to be assessed against all areas of the
Authority’s regulatory requirements. For instance, the process did not take into
account whether customers were getting the right products and service when
assessing the quality of the calls; and
b) The new quality assurance process implemented in May 2012 for the post-sales
cancellation process stipulated that the customer services personnel were
provided feedback on a minimum of one call per week. However, the phone calls
on which customer services personnel were given feedback did not necessarily
have to be of poor quality. The process did not require feedback on all calls that
showed a poor customer outcome.
4.79. Stonebridge failed to identify these deficiencies in the first level quality assurance
process either as part of its initial due diligence process prescribed by its
outsourcing policy or through its monitoring of the Sales outsourcing company and
the Customer services outsourcing company.
Results of the Skilled Person’s review
4.80. The Skilled Person compared the results of Stonebridge’s second level quality
assurance process to the findings of its own review. It found that in relation to
80% of the Sales Calls (24 out of 30 calls) in Period 1 and 75% of the Sales Calls
(18 out of 24 calls) in Period 2, Stonebridge’s second level quality assurance
review did not identify any of the matters that the Skilled Person found. In the
remaining calls, Stonebridge’s second level quality assurance process only partially
identified the relevant findings.
4.81. In relation to post sales cancellation calls, the Skilled Person found that in respect
of 100% of the Sales Calls (11 out of 11 calls) in Period 1 and 89% of the Sales
Calls (17 out of 19 calls) in Period 2, Stonebridge’s second level quality assurance
review did not identify any of the relevant findings of the Skilled Person.
Steps taken by Stonebridge to address the Authority’s Findings
4.82. Stonebridge has carried out a past business review of all of the sales conducted in
the UK by the Outsourcing companies during the Relevant Period and has
proactively commenced a similar exercise in relation to the Products sold in the UK
and the European Countries. Further, it will compensate any customers who have
suffered losses as a result of the failings identified in this Notice. The scope of this
past business review is significantly wider than that of the Skilled Person review
and includes all current policy holders.
4.83. Further, in response to the Authority’s concerns, Stonebridge has taken the
following proactive steps:
a) voluntarily ceased distribution of all Products in the UK and the European
Countries;
b) replaced its executive management team who had been in charge during the
Relevant Period;
c) comprehensively revised its governance structure, including implementing a new
committee structure, terms of reference and risk management framework;
d) undertaken a detailed review of all its existing product lines to reflect the
Authority’s current expectations on product governance, resulting in numerous
improvements in both product design and policy documentation;
e) revised its contractual arrangements with the Customer services outsourcing
company in order to strengthen the level of oversight to be provided in future;
and
f) implemented new company policies and procedure for the management of both
prudential and conduct risk.
5.
FAILINGS
5.1. The statutory and regulatory provisions referred to in this Final Notice are referred
to in Annex A.
5.2. The Authority considers that Stonebridge has breached Principle 6 (Customers’
interests) and Principle 3 (Management and Control).
Principle 6 - failure to ensure that the sales and post-sales cancellation
process considered the customer’s needs
5.3. Stonebridge breached Principle 6 in the UK by failing to pay due regard to the
interests of its customers and treat them fairly in its design of the sales process
and post-sales cancellation process which were implemented at the Sales
outsourcing company and the Customer services outsourcing company. In
particular:
a) Stonebridge designed call flows which were based on the assumption that a
customer with a family wanted the costlier family cover.
b) The call flows and scripts encouraged sales personnel at the Sales outsourcing
company to use the availability of cancellation rights to persuade customers to
purchase the Products. However, if customers later wished to cancel their
policies, the Customer services outsourcing company presented barriers to
cancellation in a significant proportion of cases by following call scripts and call
flows designed by Stonebridge. Stonebridge’s training process encouraged
customer services personnel to overcome customers’ objections and unduly
emphasised retaining customers rather than focusing on what was the right
outcome for them. As a result, customer services personnel refuted the
customers’ concerns and persuaded the customers to keep the policy or take out
a narrower and therefore less costly cover option. Some customers did not
succeed in cancelling policies despite several attempts.
Principle 3 – failure to implement adequate systems and controls and to
provide adequate oversight of the Outsourcing companies in relation to
the sales and post-sales cancellation processes
5.4. Stonebridge breached Principle 3 by failing to provide adequate oversight in the UK
in relation to the sales and post-sales cancellation processes at the Sales
outsourcing
company
and
the
Customer
services
outsourcing
company.
Stonebridge failed to identify and address the following weaknesses in the
implementation of these processes:
a) The Sales outsourcing company failed to provide information in a clear, fair and
balanced manner. The sales personnel failed to disclose adequate information at
the point of sale, including the exclusions and limitations of the Products. In
addition, the pace of the Sales Calls conducted by the Sales outsourcing
company was too fast to be adequately comprehensible;
b) Customers were not informed by the Sales outsourcing company of
Stonebridge’s identity at the beginning of the Sales Calls;
c) Customers were not informed by the Sales outsourcing company of the
implications of some payment options at the point of sale; and
d) If a customer was persuaded to take out a narrower and therefore less costly
policy to replace a cancelled product, personnel at the Customer services
outsourcing company did not provide adequate and comprehensible information
about the replacement policy which included information on exclusions and
limitations.
5.5. In addition, Stonebridge failed to take reasonable steps to ensure that sales calls
and post-sales cancellation calls at the Sales outsourcing company and the
Customer services outsourcing company were subject to adequate first level quality
assurance procedures. The second level quality assurance process did not analyse
the reasons why calls were failing quality assurance testing. Due to lack of
oversight provided by Stonebridge over the Customer services outsourcing
company, for a large part of the Relevant Period, no quality assurance was carried
out in relation to post sales cancellation calls.
5.6. Stonebridge breached Principle 3 by failing to take reasonable steps to implement
adequate systems and controls in relation to its outsourcing arrangements to
ensure that the sales and post-sales cancellations of the Products in the UK and
each
of the
European
Countries
complied with the relevant regulatory
requirements. In particular, Stonebridge failed to:
a) ensure that its Board and Executive Committees provided effective oversight of
the Outsourcing companies. These executive bodies also failed to ensure that
issues brought to their attention were rectified on a timely basis. Further, the
Committee responsible for setting remuneration did not adequately consider
customer-specific risks when determining employee incentive schemes;
b) obtain adequate and effective management information from the Outsourcing
companies to enable it to address risks affecting its customers. The
management information obtained by Stonebridge was incomplete, unclear, and
did not effectively assess the extent of risks facing customers;
c) implement adequate systems and controls before the customer services function
was outsourced to a new provider. Stonebridge pursued an aggressive timetable
for outsourcing these services without ensuring that proper procedures and
documents were in place at the time the operation went live. Stonebridge failed
to ensure a smooth transition of its operations from its existing arrangements to
the new Customer services outsourcing company. Stonebridge ignored written
advice from the Compliance department which stated that the operation would
not be compliant at the time of going live. Stonebridge did not fully analyse and
address the implications of its new outsourcing arrangement; and as a result
was unable to meet its regulatory obligations. In addition, there was a lack of
urgency in rectifying outstanding issues to meet the regulatory requirements;
and
d) resource adequately its Compliance department to enable it to establish and
monitor systems and controls in Stonebridge’s European Offices and the
Outsourcing companies in the European Countries to an adequate standard and
did not take reasonable steps to address this. Stonebridge’s systems failed to
detect subsequent changes to call scripts by one of the Outsourcing companies
in the European Countries after the Compliance department had approved them.
6.
SANCTION
6.1. The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority
applies a five-step framework to determine the appropriate level of financial
penalty. DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms.
Step 1: disgorgement
6.2. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify
this.
6.3. DEPP 6.5A.1G(2) states that where a firm agrees to carry out a redress programme
to compensate those who have suffered loss as a result of the breach, or where the
Authority decides to impose a redress programme, the Authority will take this into
consideration. In such cases the final penalty might not include a disgorgement
element, or the disgorgement element might be reduced.
6.4. Stonebridge has agreed to carry out a past business review, with the assistance of
an independent third party, in relation to its sales of the Products to customers
who purchased them during the Relevant Period. Following this review,
Stonebridge has agreed that it will compensate customers for any losses they
suffered as a result of the failings identified in this Notice. In these circumstances,
no disgorgement applies.
6.5. Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.6. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breach may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.7. The Authority considers that the revenue generated by Stonebridge from the sales
of the Products in the UK and the European Countries during the Relevant Period is
indicative of the potential harm caused by its breach. This comprises of the
revenue accrued by Stonebridge from the sales of these Products during the period
of the breach, as opposed to the total revenue recognised from contracts entered
into or influenced by misconduct during the period of the breach. The Authority
considers Stonebridge’s relevant revenue for this period to be £93,822,092.
6.8. In deciding on the percentage of the relevant revenue that forms the basis of the
Step 2 figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.9. In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be considered
‘level 4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
a)
The breaches caused a significant risk of loss to Stonebridge’s customers. At
the end of 2012, Stonebridge had 558,000 customers of which approximately
half were based in the UK and the remainder were based in the European
Countries. Since a lack of regard for customers’ interests was inherent in the
business model throughout the Relevant Period, there is a risk that a
significant proportion of these sales were unsuitable for the customers, who
might have consequently suffered loss; and
b) The weaknesses in Stonebridge’s systems and controls in relation to sales and
post-sales cancellation process were serious and systemic. As a result,
Stonebridge was unable to monitor and assess whether customers were being
treated fairly.
6.10. DEPP 6.5A.2(12) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers it relevant that most of Stonebridge’s breaches were
committed negligently although in relation to the transfer of customer services
operation to the Customer services outsourcing company, the Authority considers
that the breaches were reckless.
6.11. DEPP 6.5A.2(6) lists factors which relate to the impact of the breach. Of these, the
Authority considers relevant the fact that Stonebridge identified its target market
as being persons who typically were in the middle-to-low income bracket and did
not have college degree or professional qualification.
6.12. Taking all of these factors into account, the Authority considers the seriousness of
the breach to be level 4 and so the Step 2 figure is 15% of £93,822,092.
6.13. Step 2 is therefore £14,073,314.
Step 3: mitigating and aggravating factors
6.14. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.15. The Authority considers that there are no factors that aggravate the breach.
6.16. The Authority considers that the following factors mitigate the breach:
a) Stonebridge has carried out a comprehensive redress programme, with the
assistance of an independent third party, in relation to all sales of the Products
during the Relevant Period. In addition, Stonebridge, following its own review
and assessment, has agreed to implement a past business review to include all
current customers and has agreed to compensate customers for any losses they
suffered as a result of the failings identified in this Notice. This review will
extend beyond the Relevant Period and has now commenced;
b) Stonebridge voluntarily ceased all new sales of all products in the UK and the
European Countries (although it continues to service its existing customers);
c) Stonebridge replaced the executive management team who had been in charge
during the Relevant Period;
d) Stonebridge comprehensively revised its governance structure and Operating
Board membership, including implementing a new committee structure, terms of
reference and risk management framework;
e) Stonebridge undertook a detailed review of all of its existing product lines to
reflect the Authority’s current expectations on product governance, resulting in
numerous improvements in both product design and policy documentation;
f) Stonebridge has revised its contractual arrangements with the Customer
services company in order to strengthen the level of oversight to be provided in
future; and
g) Stonebridge has implemented new company policies and procedures for the
management of both prudential and conduct risk.
6.17. Having taken into account these mitigating factors, the Authority considers that the
Step 2 figure should be decreased by 15%.
6.18. Step 3 is therefore £11,962,317.
Step 4: adjustment for deterrence
6.19. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.20. The Authority considers that the Step 3 figure of £11,962,317 represents a
sufficient deterrent to Stonebridge and others, and so has not increased the
penalty at Step 4.
6.21. Step 4 is therefore £11,962,317.
Step 5: settlement discount
6.22. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to be
imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement
of any benefit calculated at Step 1.
6.23. The Authority and Stonebridge reached agreement at Stage 1 and so a 30%
discount applies to the Step 4 figure.
6.24. Step 5 is therefore £8,373,600.
6.25. The Authority therefore imposes a total financial penalty of £8,373,600 on
Stonebridge for breaching Principles 6 (Customers’ interests) and 3 (Management
and control).
7.
PROCEDURAL MATTERS
Decision maker
7.1. The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
7.2. This Final Notice is given under, and in accordance with, section 390 of the Act.
Manner of and time for Payment
7.3. The financial penalty must be paid in full by Stonebridge to the Authority by no
later than 21 August 2014, 14 days from the date of the Final Notice.
If the financial penalty is not paid
7.4. If all or any of the financial penalty is outstanding on 22 August 2014, the
Authority may recover the outstanding amount as a debt owed by Stonebridge and
due to the Authority.
7.5. Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.6. The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.7. For more information concerning this matter generally, contact Matthew Hendin at
the Authority (direct line: 020 7066 0236 /fax: 020 7066 0237).
Financial Conduct Authority, Enforcement and Financial Crime Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.
RELEVANT STATUTORY PROVISIONS
1.1. The Authority’s operational objectives, set out in section 1B(3) of the Act, include
the consumer protection objective.
1.2. Section 206(1) of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act… it may impose on him a
penalty, in respect of the contravention, of such amount as it considers
appropriate."
2.
RELEVANT REGULATORY PROVISIONS
Principles for Businesses
2.1. The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers set out in the Act.
The relevant Principles are as follows.
2.2. Principle 3 (Management and control) provides:
“A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems”.
2.3. Principle 6 (Customers’ interests) provides:
“A firm must pay due regard to the interests of its customers and treat them
fairly”.
DEPP
2.4. Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act.
The Enforcement Guide
2.5. The Enforcement Guide sets out the Authority’s approach to exercising its main
enforcement powers under the Act.
2.6. Chapter 7 of the Enforcement Guide sets out the Authority’s approach to exercising
its power to impose a financial penalty.