Last Friday, the Hong Kong Insurance Authority published its Guideline on Cybersecurity (GL 20) for authorised insurers. GL 20 will take effect on 1 January 2020.
Cybersecurity is a global regulatory focus and a top priority area for the Insurance Authority, given the growing exposure to cyber risk as a result of increased digital connectivity.
In line with its continuing focus on fairness in pricing and customer value, the FCA has published a thematic review on the general insurance distribution chain (TR19/2). The review contains a clear warning to firms involved in the design and sale of general insurance products that they must do more to protect customers from harm.
That warning is further emphasised in its Dear CEO letter, which sets out expectations of general insurance firms and reminds them of their responsibilities under both the new rules introduced by the Insurance Distribution Directive (IDD) and the Senior Managers and Certification Regime (SMCR). Alongside the thematic review, the FCA has published proposed guidance (GC19/2) for insurance product manufacturers and distributors (including, for example, retail banks) to clarify its expectations in terms of product development and distribution approaches.
The FCA has indicated that it intends to conduct further supervisory activities in this area and will intervene using its full range of enforcement tools to ensure firms meet their regulatory obligations.
Our “at a glance” guide (which can be found here) provides a summary of the thematic review and guidance consultation, as well as the implications for insurance manufacturers and distributors. The deadline for responses to GC19/2 is 9 July 2019.
It is anticipated that in around mid-2019, the Insurance Authority (IA) will take over the regulation of insurance intermediaries from the three self-regulatory organisations (SROs). In preparation for the commencement of the new regime, the IA has launched several public consultations on guidelines and rules. For our full briefing on these developments, please click here.
Following President Trump’s decision on May 8, 2018 to withdraw the United States from the Joint Comprehensive Plan of Action (“JCPOA”), the US government announced that it would re-impose pre-JCPOA nuclear-related Iran sanctions (both primary and secondary) that were lifted under the JCPOA. As we reported previously, two “wind-down” periods—of 90 and 180 days respectively—commenced from the day of the announcement, during which non-US, non-Iranian companies were encouraged by the US government to withdraw from operations in Iran that would be affected by re-imposed sanctions. OFAC’s guidance discouraged non-US persons from engaging in new activity during the wind down periods, and stated that any such new activity may be a factor in connection with future enforcement action for actions taken after the wind-down period.
How far can a sanctions clause protect a party from having to perform their contractual obligations – and in the case of Iran-related sanctions concerns, how does this interact with the Blocking Regulation? In Mamancochet Mining Limited v Aegis Managing Agency Limited and Others EWHC 2643, the High Court held that, in order to avoid payment of a claim, insurers were required to show that payment would expose them to sanctions under US or EU law. A mere exposure to the risk of a sanction was not sufficient.
In this post, our Insurance Disputes team consider the implications of the decision. Continue reading
China is advancing its policies to open up its markets and attract more foreign investment. This year, the financial sector is one of the focus areas for liberalisation. On 11 April 2018, Yi Gang, the governor of People’s Bank of China announced a detailed timetable (Timetable) for certain liberalisation policies in respect of the financial sector. In this e-bulletin, we summarise the key aspects of the Timetable and some of the other related regulations which have been issued recently. Please click here to read our full briefing.
With effect from 26 June 2017, the independent Insurance Authority (IA) assumed its regulatory responsibilities and replaced the Office of the Commissioner of Insurance (OCI) in regulating insurers. The IA will be a much more powerful regulator than its predecessor, with enhanced authorisation and supervisory powers, as well as inspection, investigation and disciplinary powers over insurers.
A recent case provides a rare example of the criminal prosecution of an individual (in this case the former employee of an insurer) for breach of the Data Protection Act 1988 (DPA).
David Barlow Lewis was a former employee of the insurer LV. He offered an ex-colleague £3,000 a month to send him the details of customers involved in road accidents. She refused to do so, and Lewis was subsequently prosecuted at Bournemouth Magistrates’ Court for attempting to commit an offence under section 55 of the Data Protection Act 1998 . He had knowingly or recklessly attempted to obtain personal data without the data controller’s consent.
Now may be the time to review your cyber risk mitigation strategy and give serious consideration to whether the financial cost of cyber attacks could be transferred to insurers at a fair price.
Cyber security is amongst the leading risks for organisations around the globe. In the last few years most organisations have suffered cyber attacks of some sort and a series of notable breaches have received heavy media coverage and regulatory scrutiny. Breaches damage not only organisations but also their customers.
Geoff Maddock, partner
Email | Profile
tel: +44 20 7466 2067 mobile: +44 7785 255016
By Geoff Maddock, corporate insurance partner
Commission view on authorisation
In July 2015 a Commission official expressed a controversial view on when third country insurance firms need authorisation. This was at a fully minuted meeting of the “Expert Group on Banking, Payments and Insurance”. The Commission said that a third-country insurance firm may only insure risks located in an EEA member State through a branch authorised by the competent supervisory authority of that member state.
I believe this opinion is wrong. If indeed it were right it would have a damaging effect on the London and probably other insurance markets. I give my reasons below. Continue reading