Charles Maddocks says FSA rules are prescriptive but only in certain areas, which leaves a lot of freedom to interpret the other rules

In its pre-conference, headline-grabbing letter to Tony Blair, Biba bemoaned the "disproportionate (financial) impact of regulation on small insurance brokers" and stated: "This new research makes it clear to the government that regulation should be proportionate."

I maintain it already is. The FSA is very strict in areas that impact its statutory objectives. Two examples are client money and capital adequacy (market confidence) and conduct of business (consumer protection). As the rules stand, you stray from them at your peril.

The FSA is to review the effectiveness of its activities in the general insurance arena in 2006. We may even see some relaxation of these rules as a result. Handling client money is a different kettle of fish. The regulator has just announced a further 200 visits to check on whether we're any better at this. Don't hold your breath for relaxation here.

But elsewhere in the handbook we have greater freedom. Here we can rely on proportionality to make our lives easier.

To quote the FSA: "The restrictions we impose on the industry must be proportionate to the benefits that are expected to result from those restrictions."

The best examples of how to make this work for us are in the wide ranging area of senior management arrangements systems and controls (SYSC). This governs most of what we do and SYSC 3.1.1R states

"A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business."

And the guidance that follows says:

"The nature and extent of the systems and controls, which a firm needs to maintain upon a variety of factors." These include:

  • The nature, scale and complexity of its business
  • The diversity of its operations, including geographical diversity
  • The volume and size of its transactions
  • The degree of risk associated with each area of its operation.
  • So my message is don't put in more time and effort than you need. In other words: "No Rolls Royce solutions for Mini problems."

    Take monthly management meetings as an example. These are new to many where management has been more ad-hoc in the past. But evidence of the control being exercised by management is now required. So no large company solutions are needed.

    The agenda can be limited to half a dozen key areas that impact your business most. Aim for a single sheet of A4.

    Areas that should be covered:

  • Finance including capital adequacy and client money
  • Performance against the plan
  • Sales and marketing
  • Regulation
  • HR
  • IT
  • Customer service (including complaints).
  • The minutes can follow the same format. You don't have to detail everything discussed. A list of action points, their owners and a deadline works very well.

    Exception reporting - It's not necessary to go into reams of explanation if the end result is satisfactory. For example: "Client money reconciliation carried out and excess of resources over requirement transferred out on the same day." Only go into detail for areas that are an issue.

    Business planning - this is a prime example of cutting your cloth. It all depends on the nature scale and complexity of the business. If it's a single operation then there's no need for a full MBA thesis. A simple SWOT analysis and financial targets based on a level of growth on last year may be quite sufficient. You know your business best. If change is on the horizon then take it into account in your planning.

    In your business continuity plan, don't plan for every eventuality.

    Use the FSA's own 'likelihood v impact' matrix to decide the five top risks and have contingency plans in place for them. The others don't represent a great risk. If either the likelihood or the impact of an unexpected event is low, then keep it under review - say six-monthly. If both likelihood and impact are low then it can safely be ignored.

    The biggest issues are likely to be in the first hours or days. And don't forget treating customers fairly - look after your customers' interests even in the midst of a business continuity event.

    Training and competence is another area we can apply proportionality. Big company schemes involving monthly one to ones, half yearly appraisals, pre-appraisal preparation forms for both manager and staff member belong just there - in a big company. A smaller firm can use what works for them.

    Remember your commitments to training and competence are:

  • Your employees are competent
  • They remain competent for the work they do
  • They are appropriately supervised
  • Their competence is regularly reviewed
  • The level of competence is appropriate to the nature of the business.
  • How to test the competence of existing staff is a question we're frequently asked. These can be accommodated in an annual interview and review of actual work completed.

    Remember the objective is to review the individual's competence to do their job using appropriate tests and objective assessments. If it is satisfactory, mark the appraisal form accordingly. If not, take the required action. It may be extra training, increased supervision or possibly a move to another job. Whatever it is, record it and the method of arriving at the conclusion. In this way commitments 1, 2, 4 and 5 should be satisfied.

    As I said above the FSA sets out strict rules in few instances - it prefers you to make the judgment of what meets its principles - both for businesses and for approved persons.

    So they will provide principles for each and expect you to interpret them to meet your firm's requirements.

    In the past regulators provided strict rules and regulations. If you followed them to the letter then you knew you were compliant.

    In our brave new world we are expected to provide the questions as well as the answers.

    But we can make this into a benefit with the right approach.

    Take a couple of examples:
    Principle for Businesses 3. "Management and control - a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems."

    Reasonable and adequate are judgment calls - in the absence of any specific rules or numbers then the judgment is yours. If you're happy with it then the FSA should be too and it would be up to it to prove otherwise.

    Approved Persons Principle 2. "An approved person must act with due skill, care and diligence in carrying out their controlled function."

    A frequent question to us is: "Surely we do this already?"

    And the answer is: "Yes but could you provide proof if required?"

    And the best proof? Proportionality, of course.

    What better examples than those given above under SYSC that you have used your skills, approached the problems and provided the solutions with care and applied them with diligence.

    Lord Hunt said in a recent opinion (Comment, 13 April) that we should be encouraged by the FSA's stated intention to continue moving away from prescriptive rules towards a principles-based approach.

    This suggests, he said, the regulator has confidence in the market's ability to interpret and act upon its overall expectations. In other words, the FSA seems to be sanctioning an increasing degree of self-regulation - and that must be positive.

    And it will be, for those with a positive approach to regulation and to making it work for them. IT

    ' Charles Maddocks is marketing manager with Insurance Compliance Services