KPMG – Focus on operational impacts of the (inter)national restrictive measures in our insurance environment

Article written by KPMG as part of their sponsorship of ACA Insurance Days 2022

Economic sanctions and financial restrictive measures against third countries, entities, individuals, bodies or groups have been exacerbated in the preceding months.

The recent war in Ukraine has triggered the adoption of unprecedent restrictive measures from, amongst others, the European Commission and the United Nations.

Consequently, these latest sanctions packages have been enforced by local regulators and operators who have been required – on top of applying the sanctions – to assess the potential impacts of this war. In this exercise, operators had to strengthen their measures to identify the client or beneficiaries involved in any transactions or services, review their operational risks, analyze their counterparty risks, analyze if (insurance) commitments in terms of whether war risk in areas affected by conflict is excluded or not.

The most recent focus on sanctions has raised interesting questions: how do we manage broader sanction hits and how does that impact our operations? Are we – the operators – fit for purpose?

What shall we do if our filtering tool hits one of our customers or partners? What if a transaction of our customer contravenes a trade-based sanction? What if I’m insuring a yacht or a building belonging directly or indirectly to a targeted person?

Because yes, financial restrictive measures or economic sanctions present different faces. It can be assets or economic resources freeze or forbiddance to provide products or services without limitation. For ease of reading, we will call all of them ‘sanctions.

So far, we may say compliance monitoring programs of operators were quite limitative on this subject if not absent. We regularly read about financial crimes and/or ‘sanctions’ integrated in the global anti money-laundering (AML) and combat terrorism financing (CTF) procedures. And, as a caricature, these texts suggest simply the operator to filter the name of their customers (without specifying which one out of the policyholder, the insured person, the beneficiaries in case of death, the beneficial owner of the risk we’re insuring?) and report it to the Compliance Officer in charge.

Sanctions works though under different rules. To mention some differences towards the discipline of anti-money laundering and combat terrorism financing (hereinafter ‘AML/CTF’), it is rule-based (versus risk-based), reporting authorities are different, it is self-reacting, and some exceptions may apply.

To extend a bit about the rule-based principle, let’s remind ourselves that under the AML/CTF regulation your liability can be waived if you demonstrate that you did all you could to prevent money laundering or terrorism financing. This is not the case under sanctions regulation. Complying with sanctions represents an obligation of result which remains into force no matter what, no matter if we encounter technical issues or inefficiencies. Deficiencies of the filtering tool can’t justify a breach.

Lately we’ve seen an increasing demand for assistance in case of real hits. For these reasons, we underline here the important benefit operators may obtain, when treating this topic separately and accurately.

Sanctions impact the insurance distribution chain as well as the direct service for which the insurance contract has been subscribed.

On a life insurance perspective, it must be mentioned that the risks are on the persons and the underlying assets surrounding the life insurance contract. In effect, if the policyholder is a targeted person, this sanction may disseminate to the entire contract knowing that the life insurance should be frozen. Towards the policyholder, no redemption could be paid as well as any other insurance benefit. On the underlying assets of the life insurance, the situation may become more complex as these can be slightly different such as dedicated funds, collective funds, external funds, guaranteed funds or even specialized insurance funds (FAS). And what can be done – or not – by the asset managers of these assets will depend on a strict assessment. As well, this is without mentioning that some exceptions exist for a targeted person to benefit from some services notwithstanding the sanction itself. Do we know when to apply them?

On a non-life insurance context, quite the same rationale applies on the policyholders while this time no doubt if left on the insured risk.

Under the insurance distribution perspective, a sanction application should oblige the insurers to freeze the insurance commissions as well independently of the life or non-life insurance context. In effect, the distributor is paid for a service it offers to its clients such as insurance advisory. And if such client or insured risk is targeted, usually no means nor any services should be delivered to that person or insured risk! In the case the insurance distributor would operate under a ‘fee only’ modality, no invoice should be issued (and no bank should pay out the invoice either).

This impacts the identification process (herein after the ‘KYC’) as even if we’re only a non-life insurance operator, and therefore AML/CTF regulations wouldn’t apply except for some exceptions, under a sanction’s perspective, we still have to deep dive on your insured risks and KYC’s.

In addition, what should happen on co-ownership of insurance contracts such as two policyholders of which one is a targeted person? Who shall we report to? The Ministry of Economy or the Ministry of Finance?

All questions which too often remain still unanswered in the compliance procedures of the professionals. The questions don’t stop here unfortunately as some operators, benefitting from their own procedure on sanctions, often don’t test their system or filtering tools. This is where recently an operator has been sanctioned in France considering the filtering tool only took into consideration the exact orthographic match of the name of the individuals. This has been considered as too restrictive from the Autorité de contrôle prudentiel et de résolution for example.

Does our IT system allow us to freeze commissions pay out on single insurance contracts? Is there any transaction or trade tool monitoring in place to allow applying sanctions or do we track these manually?

On 29 April 2021, the French Autorité de contrôle prudentiel et de résolution (ACPR), sanctioned an insurer a fine of €2,5M as, amongst others, their filtering carried out by their filtering tool was based on exact match. This was too restrictive and could allow bypasses. We therefore need to increase filtering parameters and have trained resources to really deal with these matches. In their defense, the insurer was arguing that AML/CTF principles was risk based but there was a confusion and t their fundamentals were forgotten: sanctions are rule-based!

An IT issue is not an exemption to apply sanctions. Therefore your ‘sanctions’ regime should also make sure your business continuity plan works efficiently also. These are some of the learning lessons we must all leverage to comply with the Luxembourg law dated 19 December 2020 related to the implementation of the financial restrictive measures.

A deep knowledge of the topics to assess its impact on our business models and how to design an efficient sanctions framework is key to avoid liability and, at the end of the day, fight efficiently for a better world.

togetherforbetter @kpmgluxembourg #sanctions