This is part one of my review of the draft Code of Conduct for Insurance Brokers. In each part, I focus on a couple of issues and provide my comments and suggestions for revision. I will be publishing these in the run-up to the deadline for providing feedback to the IA on 28 May 2019. Closer to the deadline, I will be putting them all together into one document which will form the feedback that Harrison & Co will be giving to the IA.
If you want to receive these publications by email as they are published, please let me know in the comment section below or email me on will.harrison@harrisonco.org.
I would be grateful for any comments on the draft Code of Conduct or on my analysis. You can leave a comment below or email me on will.harrison@harrisonco.org.
Introduction
On 28 March 2019, in anticipation of it taking over the regulation of insurance intermediaries in mid-2019, the Insurance Authority of Hong Kong (IA) published a consultation paper on its draft code of conduct for licensed insurance brokers (Code of Conduct). The deadline for providing feedback is 28 May 2019.
Currently, Hong Kong insurance brokers are regulated under a long-standing self-regulatory regime by one of the self-regulatory organisations (principally, the Hong Kong Confederation of Insurance Brokers (HKCIB) and the Professional Insurance Brokers Association (PIBA)).
From mid-2019, licensed insurance brokers will be regulated by the IA under the amended Insurance Ordinance (Cap 41) (Ordinance). The rules and regulations promulgated by the HKCIB and PIBA will fall away, as will the current “Minimum Requirements for Insurance Brokers“. New statutory conduct requirements will be imposed by new sections 90 and 92 of the Ordinance. In addition, new section 95 will empower the IA to issues codes of conduct “for giving guidance relating to the practices and standards…ordinarily expected” from licensed insurance brokers. It is under this provision that the IA proposes to issue the Code of Conduct.
Issues discussed in this part
In this part of my analysis of the draft Code of Conduct, I discuss:
A. The uncertainty and problems created by the Code of Conduct overlapping and, arguably, overreaching the statutory conduct requirements of the Ordinance (by, in particular, attempting to introduce a duty of utmost good faith that is not found in the Ordinance); and
B. A problematic self-reporting obligation for regulatory breaches by brokers.
A. Overlap and overreach
The operative part of the Code of Conduct is set out with a series of eight “General Principles” which are then fleshed out with more detailed “standards and practices”. There is also a section on “Controls and Procedures” for licensed insurance brokers.
The “General Principles” in the Code of Conduct are similar to, but not the same as, the statutory conduct obligations in the new section 90 of the Ordinance (“Conduct requirements for licensed insurance intermediaries”). As such, they overlap and potentially conflict with such statutory rules.
Under section 95, the IA is empowered to issues codes of conduct relating to “the practices and standards” which intermediaries are expected to follow in carrying on regulated activities. However, the IA is not empowered to extend the statutory conduct requirements beyond those legislated in the Ordinance. They should set “practices and standards”, not seek to re-state the statutory duties or to introduce additional obligations.
By way of example:
General Principle 1 in the Code of Conduct states: “A licensed insurance broker should be trustworthy and act honestly, ethically, with integrity and in utmost good faith”
Section 90(a) of the Ordinance states : “when carrying on a regulated activity, a licensed insurance intermediary must act honestly, fairly, in the best interests of the policy holder concerned or the potential policy holder concerned, and with integrity.”
It is immediately apparent that these two statements cover substantially the same ground. It is not, however, clear why the IA has chosen to set out a series of conduct principles when the Ordinance already does so (and with identical consequences for their breach). The Code of Conduct is intended to given guidance by setting the standards and practices that licensed insurance brokers should adhere to in order to comply with the statutory requirements. The result is, in my view, unnecessarily confusing for in-house legal teams and compliance managers.
However, of greater concern is the purported introduction of a duty of “utmost good faith” by way of the Code of Conduct. The commentary in the Consultation Paper notes that this is a duty well known to the insurance industry. This is true. However, it emerged as a response to the unique position of insurer and insured. It is most pertinent in the context of pre-contract disclosure obligations of the insured. However, it also applies to post-contract matters and to insurers – the most common instance being where an insurer is defending an action where both the insurer’s and insured’s interests are at issue.
However, an insurance broker already owes fiduciary duties to its client (i.e. to act in its best interests, no undisclosed conflict, no secret profit etc.) and a duty of care with regard to its work. It is hard to see what a duty of utmost good faith would add to this, other than confusion. This is particularly so as a broker already owes something akin to a duty of utmost good faith to the insurer by reason of section 19 of the Marine Insurance Ordinance (Cap. 329). In short, a duty of utmost good faith seems entirely otiose and inapt to a broker/client relationship.
More importantly, the IA does not have the power to legislate by way of a code of conduct. This would, in my view, be accordingly vulnerable to challenge by way of judicial review.
B. Problematic self-reporting provision for regulatory breaches
The Code of Conduct is, in part, based upon the Securities and Futures Commission’s “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission” (SFC Code). One such section of the Code of Conduct that is based on the SFC Code is Part D “Controls and Procedures for Licensed Insurance Brokers”.
This provides in paragraph 4 of the section “Controls and Procedures” that a broker should have proper controls and procedures to ensure the reporting of certain “incidents” to the IA as soon as reasonably practicable. However, the reporting requirement has a confusing “double-materiality” test for what regulatory breaches should be reported:
- It must be “material to its business“; and
- “including without limitation, the following: (i) a material breach of requirements under the Ordinance, or any rules, regulations, codes, guidelines or regulatory instruments, administered or issued by the IA, by the broking company, or its licensed technical representatives (broker)…”
The phrase “material to its business” would generally be taken to mean “financially” material (indeed, the other examples of reportable incidents address bankruptcy, winding up, criminal charges, disciplinary action by regulators other than the IA). However, the formulation appears to assume that for a broker, a material breach of regulatory requirements would necessarily be “material to its business”“. This may not be the case. It may be financially irrelevant. It seems likely that a broker may (reasonably) assume that, in the absence of additional guidance, a regulatory breach would only be considered “material” if it is financially material to its business. In any event, it is unclear.
The IA really should clarify the circumstances in which it expects brokers to self-report regulatory breaches. It needs to clarify that is meant by “material to its business” and how this interacts with a “material breach“, and what the latter means. In this respect, the IA could easily provide guidance at to what ordinarily would be considered a material breach (see, for example, similar guidance given by ASIC in Australia https://asic.gov.au/regulatory-resources/financial-services/breach-reporting-by-afs-licensees/). It is apparent from the circulars issued by the SFC that its (simpler) self-reporting obligation has not been universally followed by market participants. It may be assumed that insurance brokers – not to date familar with self-reporting obligations – will likewise struggle to comply with a “materially” more complex and confusing version of the self-reporting provision.
A further point of confusion is that the reporting obligation is not, actually, a reporting obligation at all. It is a requirement to have proper controls and procedures to ensure that relevant incidents are reported. The obligation relates to controls and procedures, not to the actual reporting. It begs the question of whether a failure to report a material incident by a fully compliant broker would necessarily be a breach of this provision. This is, again, an unnecessarily convoluted way of achieving a desired outcome (by way of comparison the SFC Code simply imposes a self-reporting duty).
In short, I believe the IA needs to state more clearly what it wants licensed insurance brokers to do and when it wants them to do it.
Will Harrison
Copyright note: This post may be reproduced and shared provided that it is credited to Harrison & Co Legal Consulting and a link to this post is also prominently displayed.