In this article, we outline the FMA’s stated desire to exercise its powers “broadly”[1] and learnings from recent enforcement actions in the insurance industry including the continued focus on fair dealing and self-reporting.
The FMA’s approach to ”credible deterrence”
The FMA’s statement of intent for 2020-2024 signals its intention to effect “credible deterrence”[2] It has recently clarified that credible deterrence is about “balance, proportion, precision and timeliness … we’re clear it cannot always be hammer time”.[3] Paul Gregory, the FMA Executive Director of Regulatory Response, has also acknowledged that credible deterrence may involve taking a course of action stronger than anticipated by the market. To support this focus on deterrence, the FMA has applied significant resource and capability to its enforcement function, and we can expect an uptick in enforcement generally.
The FMA has also signalled that there will be some changes in its enforcement approach. The key change is that the FMA says it will be thinking more broadly about what success looks like.[4] The FMA has indicated that it may be more willing to bring an action in order to clarify the law and provide certainty for markets and consumers. However, we expect that, for reputational reasons, the FMA will want to be on the winning side of any litigation more often than not, so this desire for legal clarity alone is unlikely to result in a significant up-tick in enforcement action.
The FMA has also said that it will take an outcomes-based approach (in its general supervision, but also regarding enforcement). The FMA’s Chief Executive, Samantha Barrass, has recently noted that “an outcomes-focused approach does not start at what the legislation says, or a rule book says, it starts with what is the right outcome for a strong sector that works well for all”. Therefore, the insurance industry should take note that contraventions involving harm to customers, or of significant relevance to the market, are likely be subject to enforcement action.
The insurance industry can also expect the FMA to continue to use its full enforcement toolkit which includes enforcement in the Courts as well as public warnings and enforceable undertakings.
Recent learnings from the Vero and Cigna Life enforcement actions
Cigna Life
Cigna Life Insurance New Zealand (Cigna) admitted to breaches of the fair dealing provisions in Part 2 of the Financial Markets Conduct Act 2013 (FMCA) in August 2022.
The breach involved Cigna charging for inflation benefits (indexation) to customers holding 52,363 policies between April 2014 and early 2019. Until early 2019, Cigna used a flat rate of indexation (as opposed to a rate set by the Consumer Price Index (CPI)), which was not consistent with what was required under the relevant policies.
The flat rate exceeded the CPI. Cigna communicated these changes to customers on an opt out basis, through annual notification letters.
Cigna Life received an order to pay a pecuniary penalty of NZD3.575 million in January this year.
Vero Insurance
In 2022, the FMA filed proceedings against Vero Insurance New Zealand Limited (Vero) for failing to apply multi-policy discounts, which led to 47,000 customers being overcharged approximately NZD8.7 million in premiums.
The FMA considers that Vero made false and/or misleading statements, contravening the fair dealing provisions in Part 2 of the FMCA, regarding invoices stating that customers were entitled to discounts. Vero failed to apply the discounts due to errors and deficiencies in its systems (which were designed by Vero).
Vero self-reported the issue in December 2019, by which time remediation was underway. However, further affected customers were later discovered by Vero. Vero has reimbursed NZD10.259 million in overcharges to affected customers.
The recent enforcement actions taken against Cigna and Vero indicate the FMA’s continued focus on compliance with the fair dealing provisions. However, the cause of the harm in the two cases differs. The Cigna case involved fair-dealing breaches stemming from decisions made by senior management, rather than systems and controls issues (as was the case in Vero).
Self-reporting
Both cases involved self-reporting of issues to the FMA through the conduct and culture review process. The FMA expects all regulated entities to self-report issues. Not doing so is an aggravating factor when setting pecuniary penalties.
The industry should be mindful that self-reporting does not cure the underlying breach. The FMA’s then Head of Enforcement Karen Chang discussed the issue of self-reporting in a speech in November 2021, stating that the FMA expects those it supervises to self-report issues promptly to the FMA. However, self-reporting cannot provide immunity from litigation, especially if the issues are significant, systemic or have led to customer harm. That said, self-reporting entities can expect to receive some credit for genuine self-reporting in relation to penalties for contravention. In the Cigna case, the FMA submitted that a lower discount of 30% (as opposed to the 35% discount that was applied) was warranted given Cigna’s level of cooperation was only that “expected of a responsible company”. However, the Court decided that Cigna’s prompt self-reporting, although it was expected of a responsible organisation, was worthy of recognition to appropriately incentivise responsible behaviour. For this reason, Cigna received in total a 35% discount – a discount of 5% was applied for Cigna’s self-reporting (a further 25% applied for cooperation and acceptance of responsibility, and 5% for this being Cigna’s first contravention of the FMCA).
In short, getting self-reporting right is critical. The FMA distinguishes promptly answering FMA requests for information from self-reporting. Self-reporting needs to be unprompted – where the FMA specifically requests information, this is not self-reporting. Paul Gregory, in his speech to the FSC conference in January 2023, described self-reporting in some cases as “the tip of a somewhat grimier iceberg”. Self-reporting of issues can reveal significant carelessness and misconduct which goes on undetected, or unchecked for a long time before reporting. In this case, it will not demonstrate a regulated entity’s responsible conduct – but rather, further conduct and culture issues in the organisation.
Remediation
While remediation is not a ‘cure all’ of the contravention, getting the remediation right is critical. Karen Chang, in her November 2021 speech, highlighted that remediation again demonstrates a regulated entity’s conduct: “Putting customers right is the bare minimum step we expect from entities – of course it wouldn’t be acceptable to benefit from misconduct, however inadvertent. We also take notice of how the remediation has unfolded – whether it was timely, well organised and communicated or whether there were delays and mistakes. Where an entity seriously struggles with the exercise, it doesn’t tend to reflect well on the robustness of their systems and governance.”
Both Cigna and Vero remediated the harm to customers. In the Cigna judgment, the Court found that Cigna’s comprehensive approach to remediation, including keeping the FMA regularly informed about the remediation, was a mitigating factor. This factor contributed to a 25% discount on the pecuniary penalty, which reflected Cigna’s full cooperation with the investigation, remediation and acceptance of responsibility. The judgment also stated that “a 30% discount is at the bottom end of the available range for these factors and a little more would not be out of range”. The penalty in Vero’s case has not yet been decided, however, the FMA expressed concern at whether the investigation and remediation of the problem was sufficient, which led to further remediation of unidentified errors.
Navigating the new regulatory environment
Regulatory scrutiny on the insurance industry is increasing, and regulated entities should prepare for a more combative FMA going forward. The recent enforcement cases demonstrate that responding to contraventions is critical. Insurers need to ensure that they have processes in place to identify and elevate issues through the appropriate governance channels. Further, in the event of a breach, insurers need to establish a coordinated response regarding investigation and self-reporting and remediation, that cements the insurer as a responsible entity, with strong systems and governance focused on conduct and consumer outcomes. Further, with the introduction of the Financial Markets (Conduct of Institutions) Act 2022, the FMA will hold an insurer’s licence to operate. Insurers should consider compliance as a critical risk, and adjust their risk tolerance accordingly.
Footnotes
[1] Regulatory Response Guidelines issued by the FMA in August 2016.
[2] Samantha Barrass Keynote speech at Financial Services Council Outlook, 25 January 2023.
[3] Paul Gregory speech at Financial Services Council Outlook, 25 January 2023.
[4] Paul Gregory speech at Financial Services Council Outlook, 25 January 2023.
This article was co-authored by Sarah Jones, a solicitor in our Financial Services team.