Re/insurer failed to ’embed a strong or effective risk culture within the business’, finds UK regulator

The Prudential Regulation Authority (PRA) has imposed a financial penalty on MS Amlin Underwriting Limited (MSAUL) of £10m for failing to comply with its regulatory obligations relating to its governance and oversight of underwriting, underwriting controls, management information, data quality, and risk management strategies and systems.

These failings took place in the period between 1 September 2014 and 31 December 2019.

Sam Woods, deputy governor for Prudential Regulation and chief executive officer of the PRA, said: “It is vital that firms have in place appropriate governance, oversight and risk management controls, and that firms remediate issues identified by the PRA in a full and timely manner.

”The penalty reflects the seriousness of MSAUL’s failure to meet the expected standards in this case, and should deter similar conduct by other firms.”

From September 2014, in parallel with its growth strategy, MSAUL organised its underwriting business into three strategic business units, each of which underwrote business on MSAUL’s behalf.

During the relevant period the PRA noted its concerns regarding the risks this, and prevailing market conditions, presented. There were various issues in relation to a number of MSAUL’s systems, controls and processes and MSAUL failed to address these issues in an effective and timely manner during the relevant period. 

The investigation found that MSAUL had failed to:

  • embed a strong or effective risk culture within the business;
  • clearly delineate responsibilities between the first and second lines of defence;
  • put in place appropriate and/or effective risk mitigation strategies; 
  • establish an effective system of governance underpinned by an adequate and transparent organisational structure that allowed for effective challenge, management and decision making;  
  • ensure management information was adequate, consistently available and appropriate so as to inform the MSAUL Board’s discussions and form a reliable basis for decisions; 
  • operate an adequate data repository system and consistent data quality controls; and 
  • embed sufficiently effective controls over underwriting.

As a result of these failings, the PRA has found that MSAUL breached Fundamental Rule 5 of the PRA Rulebook, requiring firms to have effective risk strategies and risk management systems; and Fundamental Rule 6 of the PRA Rulebook, requiring firms to organise and control their affairs responsibly and effectively. 

MSAUL agreed to resolve this matter and therefore qualified for a 30% reduction in the fine imposed by the PRA. Without this discount, the fine imposed by the PRA would have been £13.85m.