Lloyd’s requires managing agents and delegated authorities to have an anti-financial crime framework in place for all areas of financial crime they are exposed to which should be considered during the onboarding process of the delegated authority. The framework should include:
Requirements
Governance
An appropriate and documented governance structure to manage financial crime. This should include a policy stating the firm’s risk appetite and commitments to manage financial crime as well as a framework to prevent financial crime. The framework should assign appropriate senior manager oversight and dedicated financial crime resource. Internal reporting processes should be documented.
Risk Assessment
Managing agents should perform a financial crime risk assessment of the delegated authority and the business to be written or administered. It should be completed on an ongoing basis, and as a minimum prior to the engagement of the delegated authority.
The risk assessment will determine the level and nature of controls that the managing agent and the delegated authority should implement to oversee the business to be written and or administered. The risk assessment should include the consideration of risk factors such as:
| Types of risk | Governance |
| Customer risk | The type and financial sophistication of the (re)insureds. |
| Geographical risk | The location of the (re)insureds and their operations. |
| Class of business risk | The type of (re)insurance product and the class of business, noting some classes of business and types of product can have a heightened financial crime risk, either due to the focus of regulation (e.g. trade sanctions) or the product itself e.g. marine cargo. |
| Distribution risk | The role and competency of any intermediaries in the distribution chain. |
| Transactional risk | The frequency and complexity of transactions associated with the business to be written e.g. non-standard transactions or a high volume of transactions such as additional or return premiums. |
The residual risk associated with delegated authority arrangements may vary if a managing agent is acting in a lead or follow capacity and whether that impacts on a managing agent’s oversight of the delegated authority and or being able to perform its own due diligence. Regardless of the practical implications, managing agents, whether lead or follow, should be satisfied that their regulatory responsibilities are being met noting that liability cannot be delegated.
Policies and Procedures
Delegated authorities should have written financial crime policies and/or procedures in place which align to applicable legal and regulatory obligations and detail the roles and responsibilities of staff and senior management for the management of financial crime, including the consequences of non-compliance with the policy and / or procedures.
The policy and/or procedures should detail how the delegated authority seeks to mitigate financial crime risk, such as through:
- (Re)insured onboarding due diligence;
- Financial crime screening (including the extent and frequency of sanctions screening); and
- Guidance on identifying, reporting and escalating suspicious transactions (both internally and externally).
The policy and / or procedures should be subject to an appropriate review cycle, including when material changes impacting financial crime exposure and delegated business arise.
Due Diligence
All firms should use risk based due diligence processes to manage their financial crime risk. Those processes may vary according to the nature of the financial crime risk and the information that is available.
Common best practice include:
- carrying out customer due diligence (CDD) to identify and verify the identity of the customer and where appropriate the beneficial owner of the customer at the commencement of a business relationship or during the relationship if there are significant changes to the profile of the customer.
- CDD for transactions that exceed certain financial thresholds.
Enhanced due diligence may be required for higher risk situations such as transactions with high risk countries, complex transactions or dealing with politically exposed persons.
Regardless, CDD is expected for any transactions where there are suspicions of financial crime and prior to the payment of a claim.
Record keeping of the due diligence steps taken and ongoing monitoring of clients is also expected.
View due diligence processes specific to sanctions riskTraining
Delegated authorities should implement a training programme for all staff on key areas of financial crime, such as sanctions, AML, ABC, fraud and facilitation of tax evasion. Where any specific risk exposure is noted, training should also extend to market abuse.
The frequency and the level of training required for staff will be informed by the financial crime risk assessment, and Lloyd’s would expect that staff in more exposed areas to financial crime, such as underwriters, claims handlers, senior management and individuals involved in the processing of financial transactions receive more frequent or bespoke financial crime training.
The training provided to staff should highlight legislative and regulatory requirements applicable to both the delegated authority and the managing agent, particularly where the delegated authority and the managing agent operate in different jurisdictions.
The training should also outline potential red flags, and how staff should report and escalate issues identified to senior management, the managing agent and/or applicable regulators or government agencies as may be required.
Managing agents should consider the above points and the training provided under any delegated authorities they control, with the audit process (see below) allowing an opportunity to obtain a deeper understanding of the adequacy of this control.
Audit
Managing agent audits of delegated authorities are a key control to understand whether financial crime risks and controls are being appropriately managed by the delegated authority.
The scope and the frequency of the audit should be informed by the financial crime risk assessment, and the level of inherent and residual financial crime exposure to the delegated authority and the managing agent.
Findings and recommendations should be appropriately addressed by the managing agent and the delegated authority, with any actions followed up to completion and in a timely manner.
Monitoring and Reporting
Delegated authorities should have monitoring and reporting processes in place to manage the risk of exposure to financial crime.
It is expected that delegated authorities will appoint a designated person within their company to receive, consider and report to the appropriate authorities, as required, and to escalate in a timely manner to managing agents any issues identified, including suspicions identified by company employees.
Those processes should be documented in procedures and also include the requirement to record any decision and rationale by appropriate persons not to make a suspicious activity report.
Managing agents need to determine, and ensure they receive, the level of MI under each delegated authority needed to manage the financial crime risk appropriately.
Contractual wording
Managing agents should ensure that the contract of delegation (e.g. binding authority, coverholder appointment agreement, delegated claims authority agreement) includes appropriate contractual provisions setting out the responsibility of the delegated authority to comply with applicable financial crime laws and regulations.
The market-standard agreements, such as those issued by the LMA contain contractual provisions which meet Lloyd’s expectations relating to the contract of delegation.
Visit the Lloyd’s Wordings Repository for further information(Re)insurance policies
For (re)insurance policies written by the coverholder, Lloyd’s recommends that an appropriate sanctions limitation clause is included within the policy issued by the coverholder to the insured. The decision to include a sanctions limitation clause will be informed by the managing agent’s financial crime risk assessment of the business to be written and the financial crime controls that the coverholder has in place. Model sanctions wordings are held on the Lloyd’s Wording Repository.