Why Audits are not Tick Box Exercises in a World of Regulatory and Cyber Risk? - Pro Global

Why Audits are not Tick Box Exercises in a World of Regulatory and Cyber Risk?

Premium Audits Help Insurers Navigate Regulatory Compliance

Audit
Insights

July 11, 2024

Share this page

Audits have become more than just compliance checklists—they are essential tools for safeguarding a company’s future. This was the central theme of Pro Global’s recent seminar at Lloyd’s, titled “Safeguarding Your Future: Audit Insights, Regulatory Updates, and Cybersecurity.

Audit Semiar Speakers

The event brought together industry experts and leaders to discuss the latest trends and challenges in the auditing world, highlighting the increasing scrutiny of Third-Party Administrators (TPAs/DCAs) and the growing cyber threats facing the industry. With insights from Pro Global’s Audit Team and experts from Cyber Security Associates (CSA), attendees gained actionable strategies to navigate the complexities of regulatory requirements and cyber defense. Here are the key takeaways from this dynamic and informative session.

Regulatory Trends and Audit Findings: Increasing scrutiny of MGAs & TPAs

Robert Sherman, U.S. Head of Audit & Advisory at Pro Global, kick started the event by highlighting some significant regulatory trends in the region, : “The Property and Casualty (P&C) market in the U.S. is expected to grow by 7% in 2024, with a notable rise in the use of Managing General Agents (MGAs) and Third-Party Administrators (TPAs). As a result of this regulators are emphasising the importance of robust data documentation and underwriting guidelines; viewing MGAs as extensions of carriers.”

Key findings presented at the event by Robert, from Pro Global’s analysis of 200 U.S. audits, revealed that compliance, policy documentation, adherence to binding limits, and sanctions checking are areas needing attention. The audits showed an average of five findings per engagement, with 55% of these being high-priority issues. Compliance lapses, poor claims handling, and inadequate coverage analysis also emerged as significant risks, potentially leading to financial losses and regulatory penalties.

Similarly, he emphasised how an audit helps enhance overall risk management and governance policies, making businesses more resilient to unforeseen challenges while safeguarding their reputation. In addition, it ensures compliance with regulatory standards, reducing risks and building trust with stakeholders. Moreover, audits pinpoint and address conduct-related issues, promoting ethical practices and reinforcing the company’s integrity and transparency. By rigorously examining internal controls and operational processes, audits also mitigate financial risks, ensuring the reliability and accuracy of business operations.

The key takeaway for attendees was that regulators are increasingly scrutinising MGAs and TPAs/DCAs, and proactive audits are critical to ensuring ongoing compliance and best practice.

Cybersecurity Threats and Defense

Phil Cordey, Operations Director at CSA, then provided an in-depth overview of the evolving cyber threat landscape. He warned that ransomware incidents remain the top threat to businesses, with active criminal gangs targeting insurance companies and using collated information to infiltrate their third-party partners. These groups specialise in conducting sophisticated reconnaissance and penetration testing, making them formidable adversaries.

He stressed the importance of using comprehensive audits to tackle increasingly sophisticated attempts to hijack a company’s core systems and data: “AI is increasingly being used in both cyber-attacks and cyber defense, balancing an increase in attempted incidents with better monitoring and automation to prevent complete compromise of organisations’ IT systems. Data protection remains a critical concern, with inadvertent data leaks through services like ChatGPT posing significant risks, a breach that many companies are unaware and unprepared for.”

To mitigate these threats, Phil emphasised the importance of putting in place stringent security audit assessments, available to organisations using globally recognised frameworks like NIST – used by most, if not all, U.S. based companies – ISO 27001, the Centre for Internet Security, and the UK’s National Cyber Security Centre’s Cyber Assurance Framework & Cyber Essentials Frameworks.

Confirmation was provided that companies can obtain technical assurance of their security controls through Penetration Tests, Gap Analysis Assessments, or a combination of both using Cyber Due Diligence Assessments.

Phil added: “These are three important active steps that companies should undertake to cement and assure themselves they are on the right security journey in line with budget and strategic considerations.”

Canadian law and regulation

Elaine Collier, Senior Auditor (Canada), in her session, talked to the importance of Bill 96 and increased regulatory scrutiny:

“A year after Bill 96, known as Law 14, came into effect in June 2023, questions about its implementation continue to dominate discussions. The legislation, which enforces French as the official and common language of Québec, gave MGAs and contract writers a year to comply, though no audits have been conducted to ensure adherence.”

In response, Pro Global has developed a specific audit approach to evaluate compliance, finding that whilst some organisations already had French-language policies in place, others struggled with the requirement to issue French documents first, followed by English versions if requested.

A key recommendation for companies is to establish a clear policy on handling Bill 96 and effectively communicate this to staff. Eliane stressed that the “French First” rule remained untested in courts, adding to the regulatory uncertainty.

“Additionally, we observed instances where policies were issued in French but included English endorsements, highlighting the need for thorough audits to ensure full compliance. Another grey area involves handling policies written outside Québec or companies with both English and French names, which cover holders need to address carefully under binding authority agreements.”

Elaine also highlighted how regulatory scrutiny is intensifying in other provinces. Specifically, in Ontario, the Council of Registered Insurance Brokers of Ontario regulates MGAs, although licensing is not yet mandatory. However, the Financial Services Regulatory Authority of Ontario (FSRA) is beginning to focus on MGAs due to complaints, although its strategic plan primarily targets consumer business outcomes.

She concluded: “Despite this, the growing presence of MGAs in Canada, particularly within the Lloyd’s market, underscores the importance of regular audits to navigate these evolving regulatory landscapes.”

Integrating IT and Security

Kristy Lovegrove, Group Head of Technology at Pro Global, stressed the need to view IT as integral to business operations rather than simply a cost centre within the business; adding that effective data management and security were crucial for business continuity and risk management.

Kristy also highlighted the importance of defining security goals aligned with business objectives and ensuring compliance at all user levels within an organisation:

“As technology evolves, businesses must educate employees about new tools like ChatGPT while maintaining stringent security standards. The focus should be on continuous improvement in response to changing threats.

“The two core takeaways from a technology perspective from me would be that security must support the business in achieving its goals and objectives, but it must increase the value of the business.”

Conclusion

Pro Global’s event underscored the critical role audits play in ensuring robust regulatory compliance, effective use of AI and Big Data, and proactive cybersecurity measures. The key takeaway is clear: to safeguard their future against evolving threats, companies must conduct diligent audits that encompass IT, MGAs, and TPAs. This also requires integrating audit and business strategies that consistently enhance and test their processes.

As Kristy emphasised: “An audit is not a tick box exercise; it should be a journey of continuous improvement, as the threats to the business are constantly changing.”

Pro Global offers comprehensive audit and consultancy services to help businesses navigate these challenges, ensuring compliance with regulatory and corporate standards. Visit our Audit Services page to learn more.

Get in touch

To speak to the Pro Global team please feel free to reach out to us at:

Lysander PR

To contact our PR team directly please use the link below

More press releases

Pro Global TV

Library Resources