REG Reviews

REG Reviews – October 2022

1st October 2022

Welcome to the October edition of REG Reviews!

In September we saw the FCA seek to expand their scope of regulation, self-driving cars to be closer than we thought,
and cyber attacks shaking the security landscape!

Read these articles and many more, along with our usual updates from REG and the insurance sector.

Industry News​

REGULATORY

Software Houses Face Regulatory Oversight

Software houses could face regulatory oversight, as The Bank of England, Prudential Regulation Authority and Financial Conduct Authority set out plans to oversee “critical third parties” (CTPs) in the financial services sector. 

The government has included legislative proposals in the Financial Services and Markets Bill to allow the supervisory authorities control to oversee the resilience of services that CTPs provide to the UK financial sector, after the regulators voiced their concerns over the impact disruption to CTPs could have to firms’ financial stability. 

The FCA’s Chief Executive, Nikhil Rathi, stated; “In an increasingly digital world, financial businesses are more dependent on a small number of third-party providers. That can bring significant benefits, but also comes with resilience risk.”

“We want an open discussion about how we should use new powers Parliament is giving us to oversee the services these third parties provide to the financial sector and reduce the risk of major disruption, which could cause harm to consumers and markets.” 

Broker reliance on software houses is notorious. Andy Fairchild, former Broker Network boss echoed the need for greater oversight of software houses, describing the inclusion of software houses as a “natural extension”. Fairchild stated that regulation would provide longer-term benefits of stability, priorities and focus and extend the protection to consumers.

The regulators insist regulations are needed to protect the financial stability of regulated financial services firms and financial market infrastructure. The Bank of England’s Financial Policy Committee highlighted that disruption to small number of CTPs could result in financial instability for the latter, due to reliance these firms have on certain services from CTPs. 

Potential measures have therefore been published, outlining how the supervisory authorities could oversee CTPs. These include: 

  • A framework for identifying potential CTPs, which would inform the supervisory authorities’ recommendations for formal designation by HM Treasury. 
  • Minimum resilience standards, which would apply to the services that designated CTPs provide to firms and FMIs. 
  • A framework for testing the resilience of material services that CTPs provide to firms and FMIs using a range of tools, including but not limited to scenario testing, participation in sector-wide exercises, cyber resilience testing, and skilled persons reviews of CTPs. 


Watchdog unveiled that although tighter scrutiny would be imposed on CTPs from the regulators, the rules would only ensue supervisory authorities to oversee the systemic risks arising from CTPs’ provided services to FMIs. FMIs would still be responsible to manage risks from contracts with third parties.
 

Commenting on proposed measures, Deputy Governor and CEO of PRA, Sam Woods said; “It is vital that the firms we regulate can rely on services provided to them by third parties, particularly where those third parties have become critical parts of the system. Today’s paper sets out our thinking on how we can ensure the right levels of resilience for those services – we would welcome views from anyone taking an interest in this area.” 

In dispute of these regulations, Toby MacLachlan, Managing Director of Ignite Insurance Systems, insisted that these proposals already set out to do all of the things the Bill is proposing to enforce. MacLachlan continued to argue that the regulation considered to be implemented may only result in another barrier in the way of new technology reaching brokers and their customers. 

TECHNOLOGY

The Insurance Museum Launches with Fire Exhibition

The Insurance Museum launched its first online exhibition this month entitled Fire! Risk and Revelations, detailing the history of fire insurance, which was initiated as a result of the Great Fire of London four hundred years ago. The date of the museum’s exhibition was chosen in order to coincide with the date of the Fire (2nd to 6th September 1666). The event was also designed to support the creation of the virtual version of the museum, bringing the exhibition to life online. 

Reg Brown, the creator of the museum commented on its creation; “I am both delighted and excited that the Insurance Museum has been able to adapt and continue progress through the pandemic, and that the patience and hard work of trustees, Jonathan Squirrell and the team to OB Brand Consultancy, and Howard Benge has finally produced something tangible to show for their efforts.”

”We are all aware of the difficulty employers are experiencing in their efforts to attract talent to our profession. It’s been a constant theme throughout my career. I sincerely hope that Fire! Risk and Revelations will be the start of our efforts to do something about that.” 

The exhibition had four fire galleries, with each telling the story of fire insurance from its beginning, to the development of fire brigades’ insurance, all the way through to 1929. Howard Benge, the museum’s Director, exclaimed; “Fire Insurance is a great story for the Insurance Museum to share. In Britain it sprang out of the Great Fire of London as a business opportunity. It also offers the chance to show people how insurance underpins society today, as well as in the past”. 

The insurance museum has stated that is hoping to raise £3 million every year, in order to fund the creation of a visitor centre, a documentary and work on educational outreach. 

CYBER

Insurance Intermediaries Battle Increasing Cyber Attacks

Insurance Age has reported an increase in cyber breaches for insurance intermediaries. A Freedom of Information (FOI) request issued by Insurance Age, revealed cyber breach incident reports to the Financial Conduct Authority increased from 12 in the financial year of 2020/21 to 15 in 2021/22. 

This rise is identified to be the first since the 2018/2019 financial year, where reported attacks equated 22. Although, the current annum’s figure is still below the latter, this uplift in targeted attacks is a worrying concern for insurance intermediaries and their security systems. 

Furthermore, watchdog’s report on cyber breaches for the overall insurance sector identified similar intelligence. The statistics, which included data from general insurers, aggregators and brokers, recorded 20 breaches; solidifying the FOI’s findings that insurance intermediaries are at the forefront of cyber-attacks. This is further supported by the number of confirmed high-profile cyber-attacks for general insurance brokers being reported to have risen dramatically over the past few years. 

In contrast, cyber incidents involving all regulated firms has been noted to be significantly decreasing. The FOI detailed cyber breaches aimed at regulated firms dropped from 153 in the previous year to 98 in the financial year of 2021/2022.

Want to know how to protect yourself and your business from cyber attacks? Read our blog. 

REG UPDATES

REG Hosts Future of Technology Networking Event

After a successful Networking Event in July involving a panel discussion on Young People in Insurance, REG Technologies returned with an insightful evening exploring the insurance market’s position on the Future of Technology. 

With a ripe selection of both REG customers and prospects in attendance, the event entailed a panel discussion with questions on the Future of Technology posed at REG’s three guest speakers. Panelist speakers included Paul Templar, CEO at VIPR, Peter Clarke, Managing Director at Insurercore and REG’s very own Head of Product, Sandra Simoes.

Insightful discussions were had around the insurance industry’s reluctant adoption of digitisation, what the sector needs to address, the barriers to accelerating digitisation in the insurance market, and as we look to the future, how can technology providers show the importance of tech solution adoption in the market.

As Jony Ive once quoted; “It’s very easy to be different, but difficult to be better.” Technology solutions need to cater to the needs of the insurance sector, to provide solutions that will help to accelerate their trade and growth in an ever-changing and continuously digitising world. 

If you would like to listen to the full discussion, watch now on REG’s youtube. To be informed of our next event, follow us on LinkedIn.

REGULATORY

CII Enforces Professional Competency Map for Insurance Businesses

The Chartered Insurance Institute has launched a competency framework designed to assess professional’s skill set and capabilities. The framework, coined ‘Professional Map’ has been designed for insurance and financial professionals to develop their career potential.

The Professional Map has been curated to address the two sectors, after CII recognised that although professionals in both industries share similar qualities and behavioural approaches, they require role-specific technical expertise. The financial and insurance sectors will have separate editions catered to each sector’s individual needs. 

Insurance Business reported that the framework “contains guidance that will help professionals self-assess their existing competencies, identify future career pathways, prepare for appraisals and development plans, and find relevant learning solutions to fill skills gaps.”

The map, whilst recognising current skills, also addresses qualities important for career progression, as identified by The Financial Services Skills Commission’s Future Skills Framework. 

200 technical and regulatory experts and practitioners, learning and development specialists and human resources professionals contributed to the development of the framework; their professional input also building on feedback obtained from insurance and personal finance professionals via the ‘Shaping the future together’ consultation. 

Chief Executive, Alan Vallance, commented; “The Professional Map will become the ‘golden thread’ in what the CII offers – providing a common set of competencies that will enable alignment between professional standards and lifelong learning – delivered through world-class learning content, qualifications and membership.”  

Skillsets of insurance and personal financial professionals are shifting, driven by the economy, automation and a change in consumers’ needs. As such, Vallance recognises professionals need to adapt and expand their professional competencies to “raise public trust in the profession.”

The Professional Map will also benefit employers, by employers exploiting the framework, to standardise job specifications, design competency-based interview questions and develop organisational skills development plans. Acting as a talent facilitator, the tool can better attract, develop and retain talent amongst the industry, in hopes to accelerate growth. 

TECHNOLOGY

Revival of Senior Care Market Amidst Technology Boost

After the heinous suffering the insurance senior care market experienced during and as a result of the pandemic, the market is now reviving. Fuelled by an elevated introduction of technology, the appearance of new entrants, and a reduction in previous high premiums, the sector has started to level out. 

Vice President of Business Development, Jason Zuccari, at Hamilton Insurance Agency said; “Obviously, during the beginning and in the height of the pandemic, we saw a lot of carriers reining back, being a lot more conservative, or just not writing anything at all. But as things have been loosening up, the carriers have gotten back to business as usual.”

“There’s still a few carriers that don’t write in a senior space anymore, but then others that have been out for years are getting back in.” 

Since the pandemic the insurance senior care market has been in a volatile period. But since the investment boost into technology, the sector has been able to overcome these challenges and become more responsive and competitive to ensure reformation.  

Technological advancements amongst the industry, as reported by The Insurance Journal, include: 

  • Wearables track a resident’s physical condition, heart rate, stress levels and sleep patterns. 
  • Virtual assistants help senior living staffs with day-to-day tasks like reminders for appointments, medications and meals and answer questions for seniors. 
  • GPS devices track residents’ location to prevent elopements. 
  • Telehealth services provide video consultations, remote patient monitoring and secure messaging. 
  • Alexa-like voice activated devices let families and caregivers remotely check in on seniors. 
  • Machines accurately dispense medications. 
  • Caregivers use data from electronic incident reports to optimise care and safety plans. 
  • Telehealth services provide quick access to medical teams. 


However, these technological advancements do not ensure consistent revival. The industry’s labour shortage also poses a major risk to the sector and without an increase in worker attractiveness, the sector still risks not ever recovering fully.
“COVID really threw a big curve ball to this industry. I think people are fatigued. I think the stress got to people,” quoted Zuccari.

“Workers and labourers are leaving the industry completely; it’s the stress, the intensity, and the responsibility is hard.” 

The materialisation of an ‘opportunistic’ market has also vastly contributed to the industry’s revival, as professional entrants have begun to occupy large spaces. Risk Placement Services’ (RPS) Healthcare Practice Leader, James McNitt, commented that the model the sector now reflects is “a combination of just new parent companies that are entering the space or carriers that exited in the past and are more satisfied with the rate adequacy of the marketplace today.” 

The influx of new entrants and many medical professional liability insurers changing the way they underwrite long-term care facilities has also proceeded an increase in policy attractiveness. This is coupled with a reduction in premiums, which has majorly influenced the substantial revival of the industry. The RPS noted that after experiencing increase rates of 12% to 15% for several years, many long-term facility premiums are now flat on renewal rate to appease policyholders. Moreover, some MPL insurers have begun offering two-year rate guarantees to long-term care facilities, to further revive the sector. 

Overall, these vital improvements to a once suffering market do ensue an increased confidence that the senior care market is on the right track to recovery, and with the assistance of technology, investment, and consumer confidence, it is only expected to further improve. 

CYBER

Uber Hit with Major Cyber Attack

Uber reported a cyber security breach on Thursday 15th September, after hackers gained access to an employee’s account, who unknowingly clicked on a link sent to them by the hacker. 

Uber has stated that the hackers bought the employee’s credentials off of the dark web and after they had entered the employees account, they hacked a number of tools, like Slack and other employee accounts. While Uber has security systems in place to protect employee login details, the employee, an EXT contractor, accepted a verification code from the hacker which granted them access.  

Uber has accused the hacking group Lapsus$ of being responsible for the attack, a group which has also been responsible for breaching a number of other large companies including Samsung, Microsoft and Cisco. Lapsus$ sent a company-wide message on slack and “reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.”   

A number of internal software tools that had to be taken down in response to the breach, were back up and running the next day and Uber notified law enforcement who are currently investigating the issue. The FBI suspect that a British teenager, who is just 16, and leader of the Lapsus$ crime group, is the prime suspect after being named by online hacker forums. Uber says it responded quickly to the breach and undertook a number of precautions including identifying and blocking the employee accounts that were breached, asking for password resets, warning its employees to avoid using slack and for employees to re-authenticate when they accessed their accounts again, as well as enhancing its monitoring in case any further “suspicious activity” occurred.  

While the attacker apparently had access to most Uber systems, fortunately, no leaks of personal data have been reported. “First and foremost, we’ve not seen that the attacker accessed the production (i.e public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info or trip history,” Uber said. “We also encrypt credit card information and personal health data, offering a further layer of protection.” 

This is in contrast to Uber’s last cyber security breach in 2016, when 57 million Uber users’ information was compromised. This landed Uber with a $150 million fine for attempting to cover up the hacking and initiated criminal proceedings against its Chief Security Officer at the time. 

REG Reviews

REG hosts a Macmillan Coffee Morning

On the 30th of September, REG hosted a coffee morning to help raise awareness for Macmillan Cancer Support. An impressive array of cakes, doughnuts and other baked goods were brought in and baked by the REG Technologies team, which were shared and enjoyed with a nice hot brew by everyone in the office.

Macmillan is one of Britains largest charities, that focuses on providing service, information and and financial support to those affected by cancer. It also helps provide research on the social, emotional and practical impact that cancer can have. Macmillan Cancer Support has been encouraging people to host their Coffee Mornings since 1990 and have raised over £290 million from them. The original idea aimed to get people to donate the cost of a cup of coffee to Macmillan cancer support, and in 2022 over 234 public Macmillan coffee mornings were hosted.

At REG, we truly value opportunities like this to raise awareness for such a great cause. Take a look at some of the fantastic treats that the team enjoyed sharing below!

If you would like to make a personal donation to Macmillan Cancer Support , please donate here.

Untitled design

REGULATORY

The Rising Threat of Underinsurance

Businesses are at risk of underinsurance according to modelling at Aviva, with policyholders now more exposed to it than ever. Chris Andrews, Director of Risk Management Solutions at Aviva, has warned how today’s challenges of the current cost-of-living crisis, war in Ukraine, as well as the after-effects of Brexit and COVID-19, all could be increasing the risk of underinsurance, as these uncertain conditions mean that businesses’ insurance coverage isn’t reflecting their changing needs. These challenges have resulted in rising inflation, increases in energy prices and supply chain difficulties, causing fluctuation in prices and increasing the time it takes for goods and materials to arrive. 

According to Aviva, whilst the amount of underinsurance hasn’t really changed – 78% in 2019 compared with 76% in 2022 – the average increase required is higher now. In 2019, the average sum insured required an uplift of 40%, the figure is 53% in 2022. Aviva’s modelling estimated that 50% of UK businesses are underinsured to some extent, and 40% of policies with buildings have at least one premise suspected to be underinsured by 20%. 

The British Insurance Brokers’ Association has published a guide advising companies on how to tackle underinsurance, which Biba committed to highlighting the dangers of in its 2022 manifesto at the start of the year, given much of the issue has been exacerbated in recent years. “We are always highlighting the issue of underinsurance with our clients, especially around renewal,” says Josh Bedford, Client Director at Konsileo. “Cover must be regularly reviewed to ensure sums insured are accurate. If you’re not adequately insured, it’s not worth being insured.” 

In many cases, it can be difficult to know exactly how much to be covered for with ever-evolving circumstances. Chris Andrews advised that formal valuations should be regularly undertaken in order to evaluate and set indemnity and maximum indemnity periods. He also recommended reading ‘Business Interruption: Rebuilding Period and Rebuilding Valuation’ Loss Prevention Standard’.  

However, there are some positives, as the message does seem to be spreading and companies are reacting to it. Aston Lark has already run more than 1,000 valuations for its clients and Barrett Corp & Harrington has also seen a significant uptick in the number of surveys. Back in 2019, it undertook 4,199 surveys, but this year, it has already exceeded this figure, conducting 4,813 surveys by the end of July. 

TECHNOLOGY

Self-driving Cars Could Hit Roads Next Year

Self-driving cars could be set to hit our roads as early as next year as a result of the government’s pledge to ‘revolutionise travel’ by 2025. This revelation comes after the UK Transport Secretary announced a £100m investment to ‘boost the rollout of autonomous vehicles on the country’s roads’.

Although under current laws, fully driverless cars are illegal on UK roads, some vehicles with self-driving features could be on the motorways by 2023, as autonomous features are being developed by car makers to accelerate the introduction of autonomous cars onto the roads. These features have already been tested on bus services in Scotland, as part of trialling programmes to integrate autonomy into transportation services across the UK. 

Under current pledges, fully automated vehicles will not be allowed on UK roads until 2025. A full introduction of self-driving cars will therefore not rollout for another 3 years, but vehicles that can drive themselves on motorways could be available to purchase within the next year. The holding of a valid driving license would be needed.  

The government outlines that “cars, coaches and lorries, with self-driving features could be operating on motorways in the next year…and legislative plans will allow for the safe wider rollout of self-driving vehicles by 2025”.  

On the contrary, other self-driving vehicles that could be used for public transport and deliveries, expected on the roads by 2025, would not need drivers or passengers to hold a driving license, due the nature of the technology being able to operate the car for the entirety of the journey. Although, further research has been announced to look into the viability of this technology. 

Business Secretary, Kwasi Kwarteng, stated; “Self-driving vehicles have the potential to revolutionise people’s lives, particularly by helping those who have mobility issues or rely on public transport to access the jobs, local shops and vital services we all depend on.” 

“Most importantly, they’re expected to make our roads safer by reducing the dangers of driver error in road collisions.” 

The government commented that their vision to revolutionise UK transportation “enables the UK to take full advantage of the emerging market of self-driving vehicles – which could create up to 38,000 jobs and could be worth an estimated £42 billion.” 

£20 million, followed by a £40 million investment will be used to kick-start commercial self-driving services and enable businesses to grow and create jobs in the UK. £6 million will be invested into further market research and commercialisation of the technology. 

Transport Secretary Grant Shapps said; “We want the UK to be at the forefront of developing and using this fantastic technology, and that is why we are investing millions in vital research into safety and setting the legislation to ensure we gain the full benefits that this technology promises.” 

Safety is at the forefront of the government’s ambitions to revolutionise travel, and therefore laws and regulations surrounding the development and use of self-driving vehicles will be enforced ahead of the 2025 rollout and brought before parliament shortly. 

CYBER

Cyber Resilience Act Proposed to Reform Internet of Things

A new Cyber Resilience Act proposal was presented by the European Commission on Thursday 15th September 2022. The bill aims to address cyber security concerns on internet connected devices; ranging from ‘smart’ toys and fridges to security cameras.  

In effort to strengthen the Internet of Things (IoT) cyber security, the Cyber Resilience Act would mean products patented with a CE marking would need to meet a minimum level of cybersecurity checks, to protect the sector from unwanted security breaches and attacks. This means regardless of whether a product was made in the EU or not, manufacturers of digitally connected products would be obliged to meet the EU requirements.  

The digital space is currently vulnerable to such attacks, with sensitive devices such as cameras and mobile phone devices extremely susceptible to hacking. EU Internal Market Commissioner, Thierry Breton insisted; “We need to protect our IT area, our cyberspace and our internal market.”

In the interest of mobile phones, Commission Vice President, Margaritis Schinas, voiced her concerns of the weak security infrastructure surrounding these vulnerable appliances; “the cybersecurity parts of a product like this escape regulation. And this is what we’re coming to address.” 

Attached to the legislation is an annex, which discloses the categorisation for products; dependent on whether they are critical or not. It is speculated the critical product category will cover around 10 percent of the market. Products deemed as low-risk will need to be approved by the Commission that they meet specific security standards through companies own self-assessments. If a significant risk is identified, the manufacturer will have to undergo a third-party assessment or prove to a national authority they meet security standards. 

As part of the new law, The Commission also has the rights to call for product evaluation. This would ensue products would be subject to a recall if the EU’s Cybersecurity Agency ENISA identifies a product presents a ‘significant cybersecurity risk’.  

The new act provides a positive step in the right direction to further strengthen national security, as well as business and consumer welfare, by strengthening the protection of products currently volatile to vicious cyber-attacks and that provide a gateway into accessing a wealth of sensitive data. However, before a concrete law is imposed, the act is subject to reviewal by the European Parliament and EU Council.  

REG Reviews

REG Attends MGA Claimstech Conference

On Wednesday 28th September, REG Technologies representative, Victoria Slade, Head of Sales, attended the MGA Conference 2022, which saw I Love Claims work in association with the Managing General Agents’ Association, to provide an insightful day centred on Claimstech.

The conference, hosted at 155 Bishopsgate, London, had an excess of 400 individuals attend. Key people of influence from a wealth of different firms in the insurance market represented:

  • Insurers
  • Capacity Providers
  • MGAs
  • Reinsurers
  • Industry/professional bodies
  • Outsource Solution Providers
  • Supply Chain Partners
  • Digital & Data Solution Providers

Head of Sales, Victoria Slade, at REG Technologies stated how the event offered an array of interesting open panel discussions and insightful keynote speakers. Victoria noted how there was a specific focus on how technology can support some of the challenges in the MGA space, as well as the benefits of insourcing versus outsourcing.

Victoria reported that there was a particularly interesting panel discussion on the top 5 risks that are increasing fraud in 2022. One of which is the controls insurance companies have with respect to third party relationships, including suppliers and brokers.

REG would like to thank I Love Claims and the MGAA and everyone involved, for organising and hosting such an insightful event.