Policyholder and Third Party Protection
May 2018 Delegated Authority Audits
Third party audits continue to be a major area of focus for the market. Most notably last year saw the launch of the new Audit Information Management System (AiMS), which coordinates Coverholder and TPA audits. There are also increasing expectations regarding audit quality. Given this rapidly changing area we thought it would be helpful to provide an update to bring together all current developments in respect of the coordination of Coverholder and TPA audits.
We plan to provide further updates going forward and we would therefore welcome any feedback or suggestions as to audit related issues you would find helpful to be covered.
Coverholder Audit Coordination Overview
Lloyd’s have been coordinating audits where a Coverholder has a two or more binding authority agreements with different Lead Managing Agents for the past three years and many of you will have already experienced the benefit of just one annual Lloyd’s audit rather than multiple audits in the same year.
The exciting development for 2018 is the introduction of AiMS which automates this process. This leads to economies of scale and a single audit and auditor for each Coverholder. In 2017, Lloyd’s coordinated a single recommendation letter on audits with more than four Managing Agent participants. Going forward, as part of the automation all Coverholders will receive just one letter for a coordinated audit rather than being contacted by each Managing Agent separately. Most Coverholders and brokers have reacted positively to this development, which consolidates recommendations made by all participants and agrees action on mutual recommendations.
Audit Information Management System (AiMS)
After 18 months of designing, building and testing from a variety of stakeholders, the new Audit Information Management System (AiMS) became available in July 2017 for the full audit cycle of both Coordinated Coverholder and (on a pilot basis) TPA audits for 2018 as well as solo audits for those Managing Agents wishing to use the system.
AiMS, is a system developed as a Target Operating Model (TOM) initiative to provide greater coordination and transparency around the planning, scoping and management of the Lloyd’s Coverholder audit process. The improvements in planning and scheduling enable the market to coordinate the auditor selection and the processing of the audit results through AiMS. The built-in system reminders and service level agreements will reduce the delays throughout the process and as a result of the improved turnaround; Coverholders will receive their audit recommendations in a timely manner. Improved reporting capabilities will provide greater transparency for all stakeholders and enable the market to manage the process and costs. By using data output further improvements in the system and audit process can be assessed.
Managing Agents and Auditors have been using the system for several months and access has now been provided to Brokers and Coverholders. Building a system for thousands of users is a complex challenge that is never going to match existing business models in their entirety. With this in mind we are grateful that users have been able to adapt some of their current procedures in order to streamline the process overall. Whilst every effort has been made to capture all requirements during the design and build stage, it is only when users begin to use the system in the live environment that functionality can be extensively tested.
AiMS is an internet based system, to which Coverholders have now been provided access via Lloyds.com. When you log into Lloyds.com and navigate to the ‘My Account’ section, AiMS will be listed under ‘Tools’. Once opened, a detailed User Guide is available via a dropdown menu that is accessed by clicking your user identification icon at the top right of the screen. We are also in the process of producing a training video which will be on lloyds.com in the near future
Following your audit, the auditor will ask you to confirm who you wish to respond to any recommendations. This will be someone in your organisation or one of your brokers. In addition to the recommendation letter which consolidates your recommendations for the audit, you will receive tasks from the system which you or your nominated broker should respond to in AiMS, the system will direct these responses to the relevant Managing Agent.
Scheduling for audits in 2019 will begin in July this year. As a Coverholder you will be able to use AiMS to block out busy times of the year and request that you are not audited during these periods. This is limited to 28 days per year.
New Risk Based Market Audit Scope
Managing Agents are already required to conduct extensive due diligence before appointing a Coverholder. However, it is often difficult to ascertain how policies and procedures work in practice and to properly test that these are operating effectively. Whilst this is particularly relevant to key operational and financial controls, it is also important to ensure that other areas, including underwriting, claims, IT and data security and compliance controls are reviewed and tested. In addition, audit helps Managing Agents demonstrate compliance for their regulatory responsibilities for outsourcing.
Following extensive consultation with the market during the last 18 months Lloyd’s and the LMA have worked together to review and update the standard market audit scope. This scope will be rolled out throughout the course of 2018.
Why is a new scope needed?
Lloyd’s have supported the 2014 Coverholder Audit Scope as the basis of audits since its implementation. However, since its introduction, changes in the regulatory environment and the needs of Managing Agents have resulted in a number of amendments and additions being introduced.
It has therefore been necessary to readdress the standard Market Scope and compile one that is risk based and focuses more on the review of the design and operational effectiveness of the controls in place.
What difference will stakeholders experience?
The 2018 scope focuses on the risks inherent in delegating underwriting and claims authority, and the controls that a Coverholder will have in place to mitigate these risks. There is also a greater emphasis on identifying controls and testing their effectiveness. The new scope should therefore drive better, more relevant and more insightful audits that are helpful to both managing agents and Coverholders.
The level of risk present will vary depending on a number of factors including the target customer, class of business, Coverholder size and complexity, and the regulatory environment where business is conducted. Focusing on the headline risks enables the appropriate level of control to be considered for each scenario, rather than adopting a “one size fits all” approach.
With the removal of some standardised due diligence checks, Coverholder auditors are required more than ever to be adequately trained and sufficiently experienced. They must be able to judge whether the controls in place adequately control each of the scope risks from both a design and operational effectiveness perspective. This will include testing these controls and ensuring the necessary reporting and escalation is in place to ensure that any issues identified are addressed.
From a Coverholder’s perspective, it is expected that there will be little change in the amount of time required during an audit. A competent auditor will already be asking questions along the lines of those contained within the new scope. The main benefit for the Coverholder will be the removal of the need to repeat much of the information provided during the due diligence process. However, it is noted that this may be offset by the need to provide some additional evidence of controls in operation.
You can view the new audit scope by visiting lmalloyds.com, Underwriting, Delegated Authority, Coverholder Audit Scope v1.1
Should you experience any difficulties navigating your way through the system or wish to provide us with feedback, please contact the Customer Centralised Services team by emailing AIMS@lloyds.com or calling our dedicated AiMS Helpdesk on 020 7327 5105.
Senior Manager Customer Centralised Services, Policy Holder Protection & Third Party Oversight Performance Management Directorate, Lloyd’s.
23 May 2018