Developments: Legislation

Published 19 September 2017

Automated and Electric Vehicles Bill
The eagerly anticipated Modern Transport Bill announced in the Queen’s Speech in May 2016 finally appeared in February this year, re-badged as the Vehicle Technology and Aviation Bill. That Bill did not make its way through Parliament owing to the snap general election in June. However, the new Government was quick to rekindle the draft legislation insofar as it relates to the development of automated vehicle technologies (AVT) in the guise of the Automated and Electric Vehicles Bill, introduced in the Queen’s Speech in June 2017.

The content of the Bill was informed by a recent consultation issued by the Department for Transport’s Centre for Connected & Autonomous Vehicles, as part of the Government’s ‘Pathway to Driverless Cars’ initiative. This introduced the incremental regulatory changes necessary to enable the development of both Advanced Driver Assistance Systems (ADAS) and AVT in a safe and proportionate manner. The Government is alive to the huge potential gains that the development of AVT can deliver for the UK economy and does not want over-regulation to stifle innovation or entrepreneurialism.

The main purpose of the legislation insofar as it relates to AVT is to provide a suitable insurance framework to cover the liability for vehicles operating in automated mode. For the protection of innocent victims and to provide a swift route to compensation, the Government opted for a ‘single policy’ model, placing an absolute duty on the motor insurer to deal with any third-party claims in the first instance, including any claims from the disengaged driver. In turn, there would be statutory provision for motor insurers to pursue a recovery from the original equipment manufacturer or any other party responsible for the vehicle’s automated systems. It is envisaged that the supply chain may be complicated, involving both hardware and software providers. The Government hopes that motor insurers will work closely with vehicle manufacturers to ensure efficient processes are in place to manage recoveries, such as the sharing of post-collision data from the vehicle’s operating system.

Civil Liability Bill
One of the main strands of whiplash reform is the proposed introduction of a tariff for soft tissue injury claims from minor road traffic accidents, in place of general damages assessed by the courts.

Originally set out in Part 5 of the Prisons and Courts Bill (which did not progress through Parliament prior to the general election), the proposals should be expected to have a significant impact on the cost of claims following road traffic accidents and are predicted by the Government to save £35 on the average motor premium. It is certainly to be hoped that the definition of whiplash in the new Bill will be wider and clearer than the original version in the Prisons and Courts Bill, so that it is more in line with the Government’s consultation response. The Bill may also present a vehicle which can be used to reform the basis on which the discount rate is set.

The Bill also includes a ban on pre-med offers in whiplash claims (ie offers to settle personal injury claims before receipt of a medical report), with the intention of reducing the frequency of fraudulent injury claims.

Courts Bill
Announced in the Queen’s Speech on 21 June, this Bill replaces in part the Prisons and Courts Bill, which had failed to progress through Parliament before the general election. Intended to reform the court system, the Bill proposes the introduction of online guilty pleas to less serious criminal offences and the modernisation of civil court procedures and technology as championed by the Briggs Review.

Criminal Finances Act 2017
This Act, which received Royal Assent on 27 April 2017, introduces significant changes to tackle money laundering and corruption, recover the proceeds of crime and counter terrorist financing.

Modelled on the Bribery Act 2010, corporations and partnerships will commit a strict liability offence if they fail to prevent facilitation of UK tax or foreign tax evasion offences by an employee, agent or service provider in the course of their employment or association. These offences will come into force on 30 September 2017.

It is a defence if the corporation can prove that, when

the tax evasion offence was committed, it had in place reasonable prevention procedures or alternatively that it was not reasonable for prevention procedures to be in place. Government guidance on ‘reasonable prevention procedures’ is expected shortly.

The Act also introduces Unexplained Wealth Orders (requiring those suspected of serious criminal activity to explain their wealth), provides legal protection for the sharing of information between regulated companies, extends disclosure orders to include investigations into money laundering and terrorist financing and extends the period granted to law enforcement agencies to investigate suspicious transactions.

These strict liability offences may give rise to liability on the part of directors in the event a company elects to pursue its board for failing to implement adequate procedures and, for example, the company’s reputation is affected by such sanctions. It is also possible that the company might try to recover any fine levied from its directors. Whilst the company would have to distinguish its position from Safeway v Twigger (where the company was not allowed to pass on its fine for breach of competition law to its directors), this might be possible with a strict liability fine. Any of these possibilities might lead to exposure for D&O insurers.

Equality Act 2010 (Gender Pay Gap Information) Regulations 2017
These Regulations apply to private and voluntary-sector organisations with 250 or more employees and require them to publish data on their gender pay gaps. From 6 April 2017 employers will be required to publish the following four types of figures annually on their own website and upload them to a government website:

• gender pay gap (mean and median averages)
• gender bonus gap (mean and median averages)
• proportion of men and women receiving bonuses
• proportion of men and women in each quartile of the organisation’s pay structure.

The figures must be calculated using a specific reference date, called the ‘snapshot date’. The snapshot date each year is 31 March for public sector organisations and 5 April for businesses and charities. Organisations must publish within a year of the snapshot date. To help employers, the government Equalities Office and ACAS have produced guidance on managing gender pay reporting in the private and voluntary sectors.

European Union (Withdrawal) Bill
The aim of this Bill, one of the eight separate Brexit Bills in the Government’s legislative programme (the others being on Customs, Trade, Immigration, Fisheries, Agriculture, Nuclear Safeguards and International Sanctions) is to ensure, wherever possible, that the same laws apply on the day after the UK leaves the EU as before. The Brexit Bills have been described as potentially one of the largest legislative projects ever undertaken in the UK. This Bill is to:

• repeal the European Communities Act 1972, which gives effect in UK law to EU treaties
• replicate the common UK frameworks created by EU law, and maintain the scope of devolved decision-making power immediately after Brexit
• provide a wide (and potentially controversial) power to use secondary legislation to correct the statute book to rectify problems occurring as a consequence of leaving the EU. The Government estimates that 800 to 1,000 statutory instruments will be required.

Apart from EU law being relevant to all businesses, the majority of UK insurance regulation derives from the EU. Andrew Bailey, Chief Executive of the FCA, has previously stated that he does not expect there to be a bonfire of regulation post Brexit.

Financial Guidance and Claims Bill
This Bill has two important parts. Part 1 creates a new single body to provide free, impartial financial advice to the public – replacing the Money Advice Service, the Pensions Advisory Service and Pension Wise. The aim is to simplify the services that people can use to assist them with a range of money, pension and debt-related decisions. The objective is that a single body will result in greater use of the service and better decisions by consumers.

Part 2 of the Bill includes proposals to strengthen the regulation of claims management companies (CMCs) by transferring responsibility for such regulation to the Financial Conduct Authority (FCA), an important part of the Government’s measures to reduce the cost of whiplash claims and prevent the presentation of fraudulent claims. This will include the application of the FCA’s Senior Managers regime, which will for the first time impose regulatory control on those who own and run CMCs. The provisions for the transfer of regulatory powers to the FCA also specifically introduce powers to cap CMC charges; the power is available for all types of claim, although the Bill only requires the FCA to do so (at least initially) in claims involving financial products and services. Much of the detail will be set out in secondary legislation, which we expect to be outlined before the Bill has passed through Parliament this autumn.

General Data Protection Regulation
The General Data Protection Regulation (GDPR) will apply from 25 May 2018. As an EU Regulation it has direct binding effect in all EU member states. It will be implemented in the UK with UK-specific derogations in the new Data Protection Bill, which was announced in the Queen’s speech.

As a reminder, the GDPR:

• applies to processing carried out by organisations established within the EU
• applies to organisations outside the EU that offer goods or services to individuals in the EU or monitor behaviour of individuals who are located in the EU, for example online monitoring
• changes the risk profile of data protection compliance as potential fines increase considerably (€20 million or 4% of annual worldwide turnover)
• introduces a new principle of accountability, requiring organisations to be able to demonstrate compliance with the law.

The GDPR intends to make Europe fit for the digital age. Certain provisions are clearly designed with the likes of social media organisations in mind. However, this leads to practical changes for other industries, including the data rich insurance sector. DAC Beachcroft has been working with insurance industry bodies to lobby both the Government and the Information Commissioner’s Office to take account of the specific complexities of the insurance sector when drafting our local law and guidance.

We are also working with the Lloyd’s Market Association and other industry bodies to produce an insurance sector privacy notice which will set out much of the information required by the Regulation. This should help insurance sector businesses comply with the GDPR privacy notice requirements, even when they have no direct contact with the individual. More information about this can be found on the LMA website.

Also due to come into force on 25 May 2018 is the e-Privacy Regulation, which updates the current e-Privacy Directive. If the draft remains as it is, the key change for insurance businesses is that they will no longer be able to use a ‘soft opt in’ for electronic marketing to individuals who have asked for a quote. In addition, e-marketing to individual email addresses and corporate email addresses must be treated the same.

General Product Safety Directive
For several years, the Directive’s days have been numbered: the EU Product Safety and Market Surveillance Package reforms were announced to improve traceability and tighten up the existing regime. But the reforms have remained deadlocked. With Brexit looming, do these reforms still matter for the UK?

Currently the new reforms will remove the distinction between consumer and non-consumer products. Traceability along the supply chain will be increased.

There are no guarantees the new reform will be in force come Brexit. So the conversion of EU law into UK law may not include these new reforms. This would leave the UK out of step with the rest of the EU. Pressure from exporters may not be enough to secure limited parliamentary time. Equally there are no guarantees that the EU will finalise these reforms any time soon.

Insurance Act 2015
On 4 May 2017, the Enterprise Act 2016 introduced sections 13A and 16A into the Insurance Act 2015. The provisions introduce into every contract of insurance (including reinsurance) entered into from that date an implied term requiring the insurer to pay sums due within a reasonable time. Failure to do so entitles the insured to remedies including damages.

What amounts to a ‘reasonable time’ to pay a claim will vary depending on the circumstances. The Act expressly recognises the need for a reasonable time to investigate and assess the claim and also includes a non-exhaustive list of matters that may be taken into account, including the type of insurance, size and complexity of the claim and factors outside insurers’ control.

There is also a defence where the insurer can show that there were reasonable grounds for disputing the validity or value of the claim.

The Act permits contracting out in non-consumer insurance contracts (where the breach is not deliberate or reckless), provided that the transparency requirements are satisfied.

A limitation period of one year from the date that insurers pay all sums due on the underlying insurance claim has been added as section 5A of the Limitation Act 1980.

Insurers are likely to face claims for late payment straight away, with policyholders tagging them on to most coverage disputes to improve their negotiating strategy. Insurers must therefore ensure that their claims handling procedures are late payment-enabled and know what late payment provisions are in their own policies and those related to them.

As part of the same set of reforms, the draft Insurable Interest Bill remains in consultation. Following consultation papers in 2008, 2011 and 2015, the Law Commission’s subsequent consultation on a draft Bill closed in May 2016. Given that this remains a contentious topic and the difficulties in agreeing a way forward, any future reform is now likely to focus only on life policies, where there remains a clearer appetite for clarification. At the time of writing, a consultation on a further revised Bill is awaited. Such a specific Bill might be suitable to be put before Parliament under the special procedure for uncontroversial Law Commission Bills. However, whether time can be found for such a Bill to be enacted remains to be seen.

Insurance Block Exemption Regulation
The EU block exemption from competition law covering certain forms of co-operation between insurers came to an end on 31 March 2017. As a result, insurers (like any other firms) will need to self-assess agreements and other forms of co-operation between them, to ensure they are compatible with competition law.

The main practical implications are that joint compilations and studies of risks by insurers will need to be considered in light of the general competition law guidance on the permissible exchange of information between competitors (which has been available since 2011 in the Horizontal Guidelines on co-operation between competitors); and co-operation between insurers when insuring risks jointly in co-insurance and co-reinsurance pools will need selfassessment on a case-by-case basis. In some cases, where risks are so large that no insurer could insure them alone outside a pool, insurers would not actually be competitors and so competition law would not apply. In other cases, pools may need more careful assessment: in situations where insurers have combined market shares of less than 20% the 2011 Horizontal Guidelines suggest scenarios where competition concerns are unlikely to arise.

Insurance Distribution Directive
This Directive is to be implemented on 23 February 2018. It is a minimum harmonisation directive, meaning that member states can set higher standards provided there is no conflict with the Directive.

Key changes include mandatory pre-contractual disclosure in respect of non-life products in a standardised form using an Insurance Product Information Document (IPID). Distributors will also need to disclose remuneration. For intermediaries this means disclosure of the nature and source of any remuneration and, where a fee is paid, the amount of the fee, in addition to any post contractual payments. For insurers, this means disclosure of the nature of remuneration received by employees.

HM Treasury has published its consultation on changes to the scope of regulation of insurance intermediaries in the UK. It proposes excluding from regulation introducers who do no more than pass details of potential insureds to insurers or other intermediaries. This should reduce the regulatory and contractual burden on insurers and intermediaries who, to date, may have appointed such introducers as introducer appointed representatives.

The Financial Conduct Authority is also consulting on changes to its rules to implement the Directive. Concerns around the changes have focused on the breadth of the new ‘customer’s best interest rule’, and whether an IPID will be needed for commercial as well as retail clients. There are also questions as to whether UK insurers will be able to implement all of the necessary changes by 23 February 2018.

Markets in Financial Instruments Directive II
The revised Markets in Financial Instruments Directive (MiFID II) will take effect from 3 January 2018.

The Markets in Financial Instruments Directive (MiFID I), implemented in 2007, established the current regulatory framework for investment services and activities. In response to the financial crisis and to strengthen investor protection and financial market transparency, MiFID I was reviewed and revised. MiFID II comprises a new Directive and Regulation.

Although MiFID II, like its predecessor, does not apply to insurers, the Financial Conduct Authority (FCA) may apply certain conduct of business rules implementing MiFID II to insurance-based investments and personal pensions (on the basis that these products are often substitutable for MiFID investment products). The Financial Services Authority took this approach at the time of MiFID I.

The FCA’s and PRA’s main policy statements on MiFID II were published in March, April and July. At the time of writing, the FCA has also published a sixth consultation paper on some further changes and it intends to publish final rules by November 2017.

Modern Slavery Act 2015
This Act came into force on 29 October 2015 and is aimed at tackling the global problem of slavery and human trafficking. In particular, section 54 requires commercial organisations with an annual turnover greater than £36 million to publish a slavery and human trafficking (SHT) statement each year, setting out the steps (if any) they have taken to ensure that slavery and human trafficking is not taking place in their business and supply chain.

The requirement applies to insurers, brokers and many of their insureds. In particular, the increasingly globalised way in which the insurance industry operates means that supply chains are becoming longer and more complex. In particular, the use of outsourced call centres and of claims handling arrangements, often in developing countries, may involve using low-paid and/or temporary workers.

It is not the non-compliance with the Act itself that will cause problems. Indeed, an organisation can meet its obligations by publishing an SHT statement to state that it is taking no steps. It is the risk of adverse publicity and reputational damage that is expected to motivate organisations to comply with not just the letter but the spirit of the Act.

4th Money Laundering Directive
This Directive seeks to give effect to the updated standards set by the Financial Action Task Force. It introduces a number of new requirements on relevant businesses and changes to some of the obligations under the 3rd Money Laundering Directive.

In the UK, it has been implemented through the Money Laundering and Transfer of Funds (Information on the Payer) Regulations 2017. These Regulations replace the Money Laundering Regulations 2007 and came into force on 26 June 2017.

As with the Money Laundering Regulations 2007, general insurance is out of scope, but long-term insurance business is included. Life insurance policies for which the premium is low are identified as lower risk, as are certain pension products.

Under the Directive there is a wider definition of politically exposed persons (no longer limited to persons outside the UK). Simplified due diligence will no longer be automatically available for certain types of customer. Instead firms must use a risk-based approach.

Following terrorist attacks in the EU, and the leak of the ‘Panama Papers’, member states agreed to revisit some areas of the Directive to further strengthen transparency and counter-terrorist provisions. These amendments have not yet been agreed.

The Government has also announced the establishment of a new body, the Office for Professional Body Anti-Money Laundering Supervision (OPBAS). There are 25 different organisations that supervise sectors at risk of being used to facilitate money laundering and terrorist financing. The aim of OPBAS is to try to improve the overall standards of supervision and ensure supervisors and law enforcement work together more effectively.

Network and Information Security Directive
This Directive, commonly known as the Cyber Security Directive, came into force on 8 August 2016 and member states have until 9 May 2018 to transpose it into their national laws.

The first EU-wide legislation on cyber security aims to prepare member states for cyber incidents and boost cyber security and resilience. Member states must adopt domestic laws with effective sanctions for non-compliance. These will apply to ‘essential service operators’ (ie, energy, transport, health, water and financial sectors) and ‘digital service providers’ (ie, cloud computing service providers, online market places and search engines).

Member states are also required to create a computer security incident response team so EU nations can manage cross-border security incidents, and set up a unified strategic co-operation group to facilitate cross-border co-operation through the exchange of information.

It will be interesting to see how Brexit impacts the future of this Directive in the UK. The UK’s withdrawal will take at least two years to complete so relevant UK companies will be subject to the rules for several months. After this, the UK will want to be at the centre of cyber resilience and no doubt it will be encouraged to remain part of this streamlined cyber security co-operation across member states.

Essential service operators and digital service operators are likely to be substantially affected by the Directive and both they and their insurers will need to confirm new procedures are in place to ensure compliance.

Packaged Retail and Insurance-based Investment Products Regulation
From 1 January 2018, firms advising on or selling packaged retail and insurance-based investment products must provide a key information document (KID) to retail investors, setting out key facts in a clear and understandable manner. The requirement to provide a KID was initially meant to come in at the end of 2016 but this was delayed by a year.

Policing and Crime Act 2017
In effect since 1 April 2017, Part 8 of the Act enhances the UK financial sanctions regime by introducing three major changes:

• It empowers the newly established Office of Financial Sanctions Implementation (OFSI) within HM Treasury to impose civil monetary penalties on companies and company directors and officers for breaking UK, EU and UN financial sanctions. If satisfied on a balance of probabilities that a person acted in breach of sanctions and knew or had reasonable cause to suspect they were in breach, OFSI may impose a penalty up to £1 million or 50% of the estimated value of the funds or resources subject to the breach (whichever is greater).
• It increases the maximum criminal penalty for breaching financial sanctions from two to seven years imprisonment for conviction on indictment.
• It expands the enforcement measures available by including breaches of financial sanctions in the list of offences to which deferred prosecution agreements and serious crime prevention orders apply.

OFSI guidance suggests that it will actively pursue breaches of financial sanctions. Companies should ensure their systems and controls are sufficient to identify and mitigate any sanctions risks. Penalties may be reduced where there has been voluntary disclosure of the breach and early co-operation.

These new provisions give rise to a number of potential exposures for directors and their insurers. While any fines imposed on directors are unlikely to be covered under D&O policies, cover may be available to defend any investigations or prosecutions, subject always to any conduct exclusion/ claw back.

Riot Compensation Regulations 2017
These Regulations, together with the Riot Compensation Act 2016, came into force on 6 April 2017. They clarify the operation of the Act, including that where two parties have a legal interest in the same property which could be the subject of a claim under the 2016 Act, they can each bring a claim. However, no one may make more than one claim in respect of the same postal address, except that an insurer can make claims for both contents and buildings insurance.

The Regulations adjust the definition of property to include items used in connection with a business carried on by the claimant and contained in motor vehicles or trailers.

The time limit for bringing a claim is 43 days from the date the riot ends or, for claimants whose insurers have refused their claim, 43 days from the decision of the insurer to refuse to pay the whole or part of the claim. Evidence in support should be received by the relevant authority within 91 days. Stolen property will be deemed lost if it has not been recovered before the date that the first payment of compensation is made. The value of the compensation will be calculated on the basis of the reasonable cost of repair or reinstatement, or the cost of replacement at current market value. Alternative accommodation is limited to a 132-day maximum period from the date on which a home is made uninhabitable.

Claims by insurers may be decreased or refused if the insured participated in the riot, contributed (even indirectly) to damage during the riot, or committed a criminal offence relating to the riot. Also, any degree of fraud in the insured claim may be used as grounds to refuse the insurer compensation.

A riot claims bureau has not been created in these Regulations, but separate regulations will be prepared ready to be laid before Parliament in the event of a riot.

Senior Managers and Certification Regime
The Senior Insurance Managers Regime came into force in 2016, replacing the approved persons regime for certain senior individuals within insurance companies. From 1 January 2016, Solvency II firms and groups have been required to have governance maps in place, setting out clearly the key functions at the firm and the relevant individuals responsible for these functions, along with their lines of accountability and responsibility both within that firm and to any wider group. Further changes came into effect in March and September last year.

A similar regime, the Senior Managers and Certification Regime (SM&CR) was put into place in 2016 for banks and some investment firms. The SM&CR is now being extended to all authorised firms (including insurance brokers). Significant changes are also being proposed for insurers. The new regime is expected to start from 2018.

The Prudential Regulation Authority and the Financial Conduct Authority (FCA) each published consultation papers on extending the regime in July 2017. The FCA also published a number of policy statements on the extension of the SM&CR in May, including one on how conduct rules will apply to non-executive directors in insurance firms.