Bluefin Insurance Services Limited has been fined £4,023,800 by the FCA in relation to its systems and controls and communications with clients.
Bluefin is a major UK based insurance broker specialising in the small/medium sized enterprise market. It was owned by insurers AXA UK plc throughout the period under scrutiny by the FCA, namely 9 March 2011 to 31 December 2014 (the Relevant Period). Bluefin's clients expected it to make an impartial, expert assessment of insurance available in the market place and to recommend insurers accordingly. In this regard, Bluefin held itself as out being "truly independent". Whilst its website did disclose that it was owned by AXA, the FCA found that its preferential treatment of AXA (as summarised below) was not properly disclosed.
The FCA found that AXA's ownership of Bluefin generated an inherent conflict. This conflict, which Bluefin was obliged to manage through its systems and controls, was in fact exacerbated by the business model and targets Bluefin pursued in order to exploit its relationship with AXA. In particular:
- AXA and Bluefin agreed "synergy targets" for the amount of insurance that AXA would underwrite with Bluefin.
- Bluefin also agreed a soft target of seeking to generate £25m EBITDA with AXA and to place 25% of all Bluefin business with AXA. This aspirational target was widely communicated to staff at all levels within Bluefin.
- Bluefin brokers were put under pressure to put existing SME clients onto one of two "preferred facilities", one of which was with AXA. Brokers were not provided with adequate information to assess which of the two was better for their clients and (consequently) AXA was the preferred choice.
- For a period of three months in 2011, brokers were required to offer all Combined Commercial Insurance (covering all business risks in one policy) to AXA.
In addition, the FCA found that through a series of informal and formal communications, senior management encouraged brokers to place business with the "preferred facilities", especially AXA, rather than searching the market. Brokers were reminded of the targets (summarised above) and individuals and branches contributing to these were singled out for praise. Some members of senior management even had bonus structures directly linked to the volume of business placed with AXA.
In making its findings against Bluefin, the FCA stated that all insurance brokers must have, before placing any insurance: (1) a comprehensive written conflict of interest policy; (2) trained staff on how to manage conflicts fairly; and (3) a system of conflicts monitoring. Bluefin had taken some steps towards compliance, but the FCA found them to be inadequate paper exercises with no real impact on conduct. For example, staff were given only very basic and generic training on conflicts and not told how to handle a conflict arising from Bluefin's relationship with AXA.
Bluefin did operate a "three lines of defence" compliance model. This included file reviews by branch managers (at line 1), branch visits and reviews by compliance (at line 2) and internal audit (line 3). However, the FCA found major deficiencies in relation to the first and third lines of defence in particular. The inherent conflict with AXA was not specifically identified as an important area of focus. Issues in terms of addressing the conflict were raised by compliance as part of the second line of defence, but these warnings were not acted on by management. There was also found to be inadequate information flow between the lines (such as between 1 and 2), thereby hampering proper oversight and review.
As well as failures at the level of policy and systems, the brokers' transaction files during the Relevant Period did not always include either the commercial rationale for the transaction, or any details of how any conflicts had been managed. Bluefin brokers were encouraged to do this, but it was not mandatory. This prevented management from receiving information as to how the inherent conflict with AXA was actually being handled by the brokers.
Overall the FCA found that Bluefin had breached Principles 3 (management and control) and 7 (communications with clients) of the FCA's Principles for Businesses. In fixing the penalty, the FCA determined that the breach was level 3 (out of 5) on the scale of seriousness. Bluefin settled early and was entitled to the 30% stage 1 settlement discount. Had it not done so, the fine would have been £5,748,293.
There is much of interest in this Notice for those designing or reviewing systems and controls, especially in relation to conflicts generated by parent companies (or subsidiaries). Whilst the need to make such systems and controls more than just a paper exercise is common to all firms, Bluefin can be considered an extreme case in that the preference for AXA (and the resulting conflict) was inculcated into all aspects of the firm from the transaction level to the aspirational targets. In this sense, it is perhaps surprising that the FCA was content to treat it as a level 3 and not a level 4 matter. One factor behind this may be the absence of any specific finding as to customer loss.