FARRER & Co : Briefings archive

On 16^th January this year, the FSA handed down its largest financial penalty to date for the mis-selling of so-called payment protection insurance ("PPI"), the £1,085,000 fine it imposed on HFC Bank Limited ("HFC"), which since 2003 has been a subsidiary of the High Street bank HSBC. In this article, Martin Day considers the HFC disciplinary case in more detail.

Commenting on the HFC decision, Teresa Fritz, a researcher at the consumers' organisation Which? is reported as saying:

"The cases involving PPI are one of the worst mis-selling scandals … we've only seen the tip of the iceberg".

Indeed, recently Which? has also released research revealing that a wide range of other types of insurance cover are still regularly mis-sold. Some of them, such as identity fraud cover, commonly sold with credit card services, and sometimes even as part of a household policy, are also largely unnecessary, since the banks or other card providers are already liable to indemnify the victims of such fraud.

In the HFC case, bonuses paid to the company's sales force, were worth up to 25 per cent of their salaries heavily influencing the amount of PPI cover they sold, so it was not difficult to foresee the risk of policy mis-selling in such circumstances. Sadly, as Margaret Cole, the FSA's director of enforcement noted, HFC's failings are likely to have had a "significant" impact on many of its customers' finances, operating as it did, largely in the sub-prime market.

The FSA issued HFC with a Decision Notice on 11^th January 2008 which notified HFC pursuant to section 206 of "FSMA" that it had decided to impose a financial penalty of £1,085,000 on HFC. The penalty was in respect of breaches of Principles 3 and 9 of the FSA's Principles for Businesses ("the Principles") and its associated rules between 14^th January 2005 and 28^th May 2007 in relation to HFC's sales of PPI policies.

HFC agreed to settle the case at any early stage in the FSA's investigation and therefore qualified for a 30 per cent reduction in penalty, pursuant to the FSA's executive settlement procedures. (Were it not for this discount, the FSA would have imposed a financial penalty of £1,500,000 on HFC.) Indeed, the FSA's Final Notice, agreed with the firm, contains the hallmarks of a heavily lawyered document. It is one of those that make you well aware that the regulator was furious but not clear precisely what it was upset about. The FSA stressed in September 2007, however, that subsequent PPI penalties were going up as an attempt at deterrence. Essentially, the PPI industry seems to have taken the view however that the profits justify the rule-breaking; this fine by the FSA is an attempt to reverse that trend.

HFC has also agreed not to refer the matter to the Financial Services and Markets Tribunal.

The breaches of the FSA's Principles and rules in relation to its sale of PPI policies on which the FSA relied in this case were:

· HFC's failure to take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to rely upon its judgement (Principle 9); and

· HFC's failure to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems (Principle 3).

In particular, the following failings in respect of HFC's procedures for dealing with its customers and its other systems and controls were identified by the FSA:

· HFC's sales staff were not required to gather, and take into account, sufficient information about customers' personal circumstances and objectives when making sales. HFC's processes did not therefore take adequate steps to ensure that its personal recommendations were suitable;

· HFC did not provide its customers with information that adequately set out their demands and needs nor did it explain why it was recommending a PPI policy. Nor did HFC require its advisers to identify those of the customer's demands and needs which would not be met by the product;

· HFC did not have any effective systems to train and monitor its staff. In particular, it failed to ensure that its procedures for monitoring sales staff effectively identified and investigated potentially unsuitable sales;

· Management information provided to HFC's senior management was not sufficient to enable it to identify problems with the sale of PPI policies. Where management information did indicate particular issues, HFC failed to take appropriate action; and

· HFC's records were not sufficient to demonstrate that its sales were suitable.

These failings not only resulted in an unacceptable risk of unsuitable sales but also demonstrated failure by HFC to treat its customers fairly.

· HFC is a large firm which sold approximately 163,000 PPI policies over the relevant period (of which 124,000 were single premium policies) from a network of 235 branches across the UK;

· the financial impact on customers of unsuitable advice regarding the purchase of PPI was likely to be significant. HFC's customer base consisted largely of customers with credit ratings which resulted in them having only limited access to consumer finance and included customers with impaired, short or incomplete credit histories. HFC only sold single premium policies in connection with its (predominantly) fixed term, unsecured lending. (In a sample of sales reviewed by the FSA, the average cost (including interest) of a single premium policy (with life cover) was approximately £2,100 (£1,200 excluding interest), adding some 40 per cent on average (23 per cent excluding interest) to the loan to be repaid; and

· the problems in HFC's sales processes were identified by the FSA, and not by HFC's own systems and procedures. The failings arose against a background of a series of high profile communications from the FSA highlighting the need for firms to ensure their PPI sales processes were meeting FSA requirements, and a letter from the FSA to HFC in May 2006 detailing some of the FSA's specific concerns in relation to HFC's own sales of PPI.

· in June 2007, HFC engaged an independent firm of reporting accountants to review the PPI sales process in place at that time. HFC is now in the process of implementing the changes to its sales process recommended by the accountants;

· HFC's senior management demonstrates a willingness to cooperate with the FSA's investigation; and

· following discussions with the FSA, HFC committed to implement a robust remedial action plan, overseen by the third party accountants, involving a programme of customer contact and, if appropriate, steps to ensure that its customers are not disadvantaged.

HFC had been authorised by the FSA in respect of a number of regulated functions since 1^st December 2001 and was authorised to advise on and arrange non-investment insurance contracts since 14^th January 2005. Its branch business is as a provider of unsecured loans. It has a secondary focus on general insurance business, mostly through the sale of PPI policies. The FSA regulates HFC's general insurance business but not its lending activity, which is outside the scope of FSMA regulation. (The FSA's investigation has focused solely on sales made by HFC's branch network.)

HFC sold PPI policies through its branch network when arranging personal loans for customers. It offered a bundled policy which provided cover for accident, sickness and involuntary unemployment. It also offered a life policy which could be purchased for joint or single lives. The life policy was sold on its own or in conjunction with the bundled accident, sickness and involuntary unemployment policy.

HFC also sold single premium PPI policies with unsecured loans and a limited amount of regular premium PPI policies with other types of loan. The sales process for regular premium PPI policies was substantially the same as that for single premium PPI policies.

In the event that a customer claimed against the PPI policy, any benefits due were directly payable to HFC to cover the customer's loan repayments.

A full refund was given if the customer cancelled its policy within 30 days of the start of the policy. Only a partial (i.e. less than pro rata) refund was given if the policy was cancelled after that period.[1]

HFC also offered critical illness and personal accident insurance cover. Those policies provided more limited cover than PPI and at a lower cost. Benefits under these policies were paid to the customer, rather than to HFC.

PPI cover was sold in conjunction with 75 per cent of all loans made by HFC's branch network in the relevant period. Out of all PPI policies sold, 86 per cent of policies covered life, accident, sickness and involuntary unemployment, 6 per cent accident, sickness and involuntary unemployment, and 8 per cent provided life cover alone.

HFC sold PPI on an advised basis. It received leads from retailers who had arranged credit with HFC for customers in respect of their retail purchases. These customers' credit arrangements were typically nearing the end of an interest free period. HFC sales staff then contacted some of these customers to discuss further loans or the refinancing of their existing loans.

If the customer was interested in a new loan, an appointment was then made for the customer to visit the HFC branch. At that meeting the sales adviser would discuss the loan, PPI cover and other insurance options with the customer and then make his recommendations.

During the relevant period the FSA had highlighted to firms the importance of having in place robust systems and controls and treating customers fairly when selling PPI policies and has highlighted various areas where firms were not complying with the FSA's requirements. These concerns have been expressed in reports published by the FSA, individual feedback to firms, a "Dear CEO" letter and in enforcement actions.

In November 2005 the FSA published the results of the first phase of its thematic work on PPI and wrote a "Dear CEO" letter to the industry outlining the findings of the thematic project and highlighting a number of key areas where firms were not treating their customers fairly. This letter stressed that if a firm gives advice it should review how the suitability assessment is made to ensure the adviser fully assesses the customer's needs for PPI cover. In particular, it noted that many customers arranging loans (particularly those with impaired credit ratings) are likely to be cost-sensitive or need flexibility in terms of the PPI contract (or often both), and it stressed that these factors must be taken into account when assessing the suitability of a policy. The letter also explained that if a firm makes advised sales, it should review the information it provides to customers and make sure it sets out clearly why the firm has concluded that the customer needs PPI cover and why the firm is recommending the PPI policy. The FSA sent a follow up letter to firms, including HFC, in May 2006, in which it stressed that firms needed to improve their suitability assessments because they appeared to be making significant assumptions in their approach to judging suitability.

A second phase of the PPI themed work was reported on by the FSA in October 2006. The FSA highlighted in that report some key areas of widespread concern. These included the FSA's concern that some firms were still failing to establish that the PPI policies they recommended were suitable because they were not collecting sufficient information from their customers.

In July 2006, between the first two phases of the FSA's thematic work on PPI, the FSA visited HFC and identified a number of concerns relating to the firm's sale of PPI cover.

"A firm must take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to reply upon its judgement."

In considering the standards required under this Principle, the FSA also considered the specific requirements set out in the Insurance: Conduct of Business ("ICOB") part of its Handbook and as a result of the matters listed below considered that HFC had breached Principle 9 of the FSA's Principles for Businesses as well as ICOB 4.3.1R, 4.3.2R, 4.3.5R, 4.3.6R and 4.4.1R.

· the suitability assessment: throughout the relevant period, HFC's documented procedures (including its process guides for sales advisers and training materials) and monitoring did not require adequate information to be collected and then properly used when recommending PPI cover. (These failings created an unacceptable risk that advisers might make unsuitable sales.) HFC failed, in particular, to require advisers to gather and analyse sufficient information about the following matters:

(These failings by HFC partially stemmed from an assumption that, provided the customer was eligible, PPI cover was suitable unless the customer indicated that he wished to use any alternative means he already had. HFC did not therefore put in place adequate systems and controls to gather and to analyse sufficiently information on its customers' personal circumstances and objectives.)

o did not explain the reasons for the personal recommendation for the PPI policy and why it was suitable; and

o did not record any demands and needs of the customer that the personal recommendation concerned did not meet (nor did HFC require that advisers communicate this in any other way).

(As a result of this failure customers could not see and review the rationale for the recommendation, nor check its accuracy nor give proper consideration to the recommendation and whether they wished to purchase the PPI cover.)

HFC's Compliance department's compliance monitoring reports did not contain sufficient detail to enable the Compliance team and/or HFC senior management to obtain a sufficient understanding of the risk of potentially unsuitable sales in its branches.

Indeed, even where the monitoring reports did highlight the risk that customers might not have been treated fairly (e.g. where it was unclear if a customer had existing cover when purchasing a PPI policy), there was no adequate system in place to ensure that such cases were investigated further and the customers remediated if appropriate.

During the relevant period senior management received insufficient management information either orally or in writing. In particular, where specific risks were identified by Compliance, there was no procedure by which HFC's senior management would be informed of these or how they were to be followed up (if at all) by its Compliance team.

Nor did HFC's senior management or its Compliance team receive or consider any claims information in respect of PPI. Consequently, whilst approximately 27 per cent of rejected claims were as a result of pre-existing medical conditions, neither HFC senior management nor the Compliance team investigated whether the rejections might have been as a result of potential deficiencies in the sales process.

"A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems."

(In considering the expected standards required under this Principle, the FSA also considered the specific requirements of the Senior Management Arrangements, Systems and Controls ("SYSC") and ICOB, parts of its Handbook.

By reason of the facts and matters referred to above under Principle 9, and the further matters noted below, the FSA considered that HFC had breached Principle 3 of the FSA's Principles for Businesses, as well as SYSC 3.2.6R; SYSC 3.2.20R and ICOB 4.4.7R.

The matters listed above illustrated a failure by HFC to take reasonable steps through its sales process and its procedures for training, manager oversight, compliance monitoring and management information to ensure the suitability of the advice given by its advisers. Consequently, HFC breached Principle 9 of the FSA's Principles for Businesses.

The design and form of HFC's principal risk management systems in relation to PPI, namely the mandated sales process, compliance monitoring and management information, also showed that HFC failed to take reasonable care to organise and control its affairs responsibly and effectively.

HFC's record-keeping was also found by the FSA to have been inadequate and in breach of Principle 3. Its failure to generate and retain proper records of all advice given to its customers, impacted on HFC's ability to monitor its sales force. This also prevented HFC from being able to review sales transactions quickly and effectively.

Moreover, during the relevant period, when an adviser entered information about a customer during the sales process, if that customer was an existing customer, any information previously contained on the system about him was then overwritten

As a consequence of these failings HFC was unable to demonstrate the suitability of its sales of PPI during the relevant period.

HFC derived considerable revenues through the sales of PPI policies through its branch network, both through profit from the sale of the PPI products and from giving customers a larger loan to pay for the single premium policy. Further, since the policies were underwritten by subsidiary companies of HFC, further group profits were derived from HFC's sales.

However, having regard to the seriousness of the breaches and the risk they posed to the FSA's statutory objectives of maintaining confidence in the financial system and securing the appropriate degree of protection for consumers, the FSA imposed the fine of £1,085,000 on HFC. Oddly, however, the FSA did not prevent HFC from selling PPI products until it retrained its sales force.

Seven other companies have been also fined by the FSA over problems with PPI. The sector is also being investigated by the Competition Commission, which is due to deliver a preliminary report in May 2008. The FSA is also continuing to investigate other companies' PPI sales, having noted that the cost of PPI insurance can vary by a factor of around three, i.e. policyholders can pay £300 or £1,000 for the same degree of protection.[2]

The FSA did not deem HFC's actions to have been deliberate or reckless. However, the firm does not appear to have understood fully the risks it was running and the extent to which it was unable to prove it had treated its customers fairly.

[1] In its evidence to the House of Commons Treasury Select Committee in November 2005, the FSA notes that around 20% of the firms offering PPI insurance that had then been visited by the FSA offered no refund at all on early cancellation of a PPI policy, yet over 70% of unsecured loans are repaid early. (Select Committee, Minutes of Evidence, 8 November 2005.)

[2] Sir Callum McCarthy, FSA Chairman, before the House of Commons Treasury Select Committee (Minutes of Evidence, 8 November 2005).