Skip to main content

General insurance

Risk management to the test

Back to Regulatory Outlook 2025

Retail conduct will dominate the regulatory agenda for the UK general insurance (GI) sector this year. The Financial Conduct Authority (FCA) has intensified efforts to enforce the Consumer Duty (the Duty) and put pressure on the GI retail sector to address long-standing concerns around product oversight, governance, good customer outcomes and value.

The FCA’s market study on premium finance, its various reviews on the motor insurance sector (claims handling and motor business model) and the potential wider implications from the supreme courts ruling on motor finance could also open insurers up to challenge and review of previous common practices in their personal lines business. There is also a growing concern from prudential regulators around the commercial GI sector’s financial resilience to emerging risks. Heightened geopolitical, cyber and climate-related risks will make improving overall exposure management capabilities paramount for commercial GI firms, whilst maintaining strong underwriting discipline.

Risk management can help firms address these challenges. The true test for GI firms this year will be whether their risk function can be increasingly business, tech and digital savvy and their overall risk management capability can respond effectively to a rapidly evolving risk landscape, while strengthening the processes for improving and monitoring customer outcomes. Being able to rely on robust data will be key to demonstrate progress to supervisors and also to gain commercial advantage in a highly competitive market. Equally, GI firms are increasingly aware of the intrinsic value of their data and a risk-intelligent culture to gain a competitive edge in a highly competitive market.
 

Conduct regulation: raising the bar
 

UK retail GI firms have experienced intense supervisory scrutiny under the Duty (see Figure 1). We expect this trend to continue into 2025, both in the UK and some EU countries.

Figure 1: increasing FCA scrutiny of insurers

Source: Deloitte, FCA and UK Government website1

The quality of outcomes monitoring (especially for vulnerable customers) has proved particularly challenging. There is a clear gap between the FCA’s expectations on evidencing Duty compliance and firms’ capabilities to do so.2 Developing a robust Duty data framework will play a significant part in addressing this. Insurers need to review their current outcomes monitoring frameworks to identify and address weaknesses – whether relating to data granularity, metrics, or interpretation. Firms should demonstrate to the FCA that they have effective measures in place to identify issues and the means to take decisive action to improve customer outcomes where required.

Many insurers have been running Duty programmes for two years or more - by now at significant cost. Now is the time to consider what actions are needed to move towards a sustainable compliance framework. Our view is that harnessing technology, including Artificial Intelligence (AI), where suitable and coordinating efforts across the market are essential to meet the enhanced consumer protection requirements under the Duty. In the near future we expect to see the emergence of AI agents to monitor and anticipate areas of customer harm and take early action based on scenarios where products and services do not perform as expected.

Last autumn the FCA launched its premium finance market study on home and motor insurance products.3 This coincided with a larger review of motor insurance business models and the Government’s initiative to set up a taskforce to consider how to tackle motor insurance premium inflation. In addition, commission-related practices are under the spotlight following the Court of Appeal's ruling in October 2024 on motor finance discretionary commission arrangements. The Supreme Court is now hearing an appeal against the Court of Appeal’s judgment.4 The judgement could raise questions over the fairness of commission practices beyond motor finance and prompt a wider review of other practices. Ahead of the Supreme Court ruling later in 2025, insurers should assess their exposure and consider reviewing their processes to mitigate risks.

There is also growing interest from international regulators on consumer protection issues. Monitoring consumer risk and increasing levels of consumer protection will be a key focus area for the International Association of Insurance Supervisors (IAIS)5 over the next four years and its recent consultation on the fair treatment for diverse consumers emphasises the importance it is placing on protecting those that may be in vulnerable circumstances.6 Last year, the Central Bank of Ireland (CBI) consulted on a review of its Consumer Protection Code,7 with a focus on outcomes and the customers’ best interest rule, effectively moving closer to the spirit of the Duty regime in the UK. Meanwhile, the European Insurance and Occupational Pensions Authority (EIOPA) continues to focus on value for money issues and inconsistency of compliance with the Insurance Distribution Directive’s (IDD) Product Oversight and Governance rules.8 If we have learnt anything from implementing the Duty in the UK, it is that EU insurers will benefit from considering whether their current conduct data frameworks are fit for purpose to provide evidence of outcomes and in particular the treatment of those in vulnerable circumstances.


Risk management: evolving to meet the challenge of new risks
 

The commercial GI market faces increasing prudential pressures, with new types of risks and variations of existing ones – including for example different types of climate risks, geopolitical and cyber underwriting risk. Improving overall risk management, modelling and data capture capabilities for these risks will alleviate regulatory concerns and give firms a commercial advantage as they will be better able to anticipate potential losses and tailor price and products accordingly.

The global cyber insurance market is expected to reach USD29 bn by 2027 – demonstrating an ever-growing demand due to the increasing prevalence of cyber risks for small and midsize enterprises (SMEs) in particular (see Figure 2). However, most cyber incidents remain uninsured. In fact, access to cyber insurance is a regulatory concern in the EU in particular, with EIOPA having recently collected views through a survey to improve its understanding of the availability and affordability of cyber insurance for SMEs.9

Figure 2: global cyber insurance market size from 2019 to 2023 and 2027 forecast in USD billion

Source Statista10

The story is similar when it comes to climate risk, with only 25% of the total losses caused by extreme weather- and climate-related events across Europe covered by insurance.11 Improving the ability to identify, anticipate and manage these risks (beyond simple exclusions) is therefore a commercial and regulatory imperative.

As a result of these forces, we are of the view that insurers need to maintain a strong risk and control framework including underwriting discipline and top-notch data capabilities if they are to make the most of the opportunities generated by the drive to narrow the insurance protection gap whilst demonstrating to their supervisor that they are capable on managing these risks.

Figure 3: catastrophe insurance protection gap scores in the EU – per country

Source: EIOPA -12 Technical information and EIOPA methodology available here

EU and UK regulators are acutely aware of insurers’ growing exposures and are increasingly carrying out industry-wide stress and scenario testing. For example, 32% of regulators that responded to an IAIS survey indicated that they are carrying out insurance stress tests focused on cyber risk.13 EIOPA tested 48 EU insurers’ exposure to geopolitical tensions last year in its EU-wide stress test and found that the overall European insurance industry is well capitalised.14 However, the stress test results indicated the importance of ample availability of liquid assets to meet the liquidity needs in the geopolitical scenario

UK insurers will experience ongoing pressure from the PRA to improve their risk management capabilities, including their ability to respond to adverse shocks (such as the crystallisation of geopolitical risks). When considering how to enhance their capabilities, firms should look ahead to the PRA’s dynamic general insurance stress test (DyGIST) in May 2026, which will be a significant change from previous iterations. We expect DyGIST to test how firms escalate issues up their governance chains, how they to adjust risk appetite in response to rapidly developing events and the feasibility of management actions in stressed market conditions. GI firms will also be able to learn some lessons from the Life Insurance Stress Test 2025 and may wish to reflect on feedback from previous stress tests (e.g. regarding board involvement and feasibility of management actions) in a “live” exercise. There are likely to be efficiencies for firms from anticipating the demands that DyGIST will place on them and including them in any enhancements they are making to their risk management capabilities in 2025. 


Conclusion
 

Looking ahead, GI firms will have some difficult choices to make around how to invest their time and resources to satisfy regulators while also addressing commercial challenges. In this vein, retail GI firms might want to think about investing in a longer-term and sustainable Duty framework, harnessing new technology and data capabilities. Similarly, commercial GI firms that want to take advantage of the opportunities in the changing risk landscape should work on improving models and stress testing capabilities as well as overall risk management frameworks. Enhancing capabilities in these areas will help insurers capture the opportunities the new risks will bring.

Key considerations for general insurers:
 

  • Develop a robust Duty data framework, using technological solutions where available.
  • Revisit the risk and control framework and processes for stress and scenario testing, focusing on how stress test results interact with risk appetite, the feasibility of proposed management actions, and associated governance arrangements.
  • Enhance data gathering, aggregation, monitoring and modelling techniques, and ensure systems and reporting are up-to-date and adjusted for new risk types.
  • Assess impact of Motor Finance Supreme Court ruling on business practices and consider reviewing processes around commission disclosures to mitigate risks.

  1. FCA, Annual Report and Accounts 2023–24, April 2024, available at: https://www.fca.org.uk/publication/annual-reports/annual-report-2023-24.pdf#page=148 ; UK Government, Ministers bring together industry experts and consumer champions to tackle spiralling costs for drivers, available at: https://www.gov.uk/government/news/ministers-bring-together-industry-experts-and-consumer-champions-to-tackle-spiralling-costs-for-drivers
  2. FCA, Insurance multi-firm review of outcomes monitoring under the Consumer Duty, June 2024, available at: https://www.fca.org.uk/publications/multi-firm-reviews/insurance-multi-firm-review-outcomes-monitoring-under-consumer-duty
  3. FCA, MS24/2.1 Premium Finance Market Study, October 2024, available at: https://www.fca.org.uk/publications/market-studies/ms24-2-1-premium-finance
  4. Royal Courts of Justice, Case No: CA-2023-001453 Johnson v Firstrand Bank Limited (London Branch) T/A Motonovo Finance, October 2024, available at: https://www.judiciary.uk/wp-content/uploads/2024/10/Johnson-v-Firstrand-Bank-and-Hopcroft-v-Close-Brothers.pdf
  5. IAIS, Interim update on the IAIS Strategic Plan for 2025-2029, April 2024, available at: https://www.iaisweb.org/uploads/2024/04/SPFO-Public-webinar-slides.pdf
  6. IAIS, Public consultation of Application Paper on how to achieve fair treatment for diverse consumers, June 2024, available at: https://www.iaisweb.org/2024/06/public-consultation-of-application-paper-on-how-to-achieve-fair-treatment-for-diverse-consumers/
  7. CBI, Consumer Protection Code Review, March 2024, available at: https://www.centralbank.ie/regulation/consumer-protection/consumer-protection-codes-regulations/consumer-protection-code-review
  8. EIOPA, EIOPA launches survey on access to cyber insurance by SMEs, September 2023, available at: https://www.eiopa.europa.eu/eiopa-launches-survey-access-cyber-insurance-smes-2023-09-20_en
  9. EIOPA, EIOPA launches survey on access to cyber insurance by SMEs, September 2023, available at: https://www.eiopa.europa.eu/eiopa-launches-survey-access-cyber-insurance-smes-2023-09-20_en
  10. Statista, Global cyber insurance market size from 2019 to 2023, with forecast till 2027, November 2024, available at: https://www.statista.com/statistics/1190800/forecast-cyber-insurance-market-size/
  11. ECB, Policy options to reduce the climate insurance protection, April 2023, available at: https://www.ecb.europa.eu/pub/pdf/other/ecb.policyoptions_EIOPA~c0adae58b7.en.pdf
  12. EIOPA, Dashboard on insurance protection gap for natural catastrophes, November 2024, available at: https://www.eiopa.europa.eu/tools-and-data/dashboard-insurance-protection-gap-natural-catastrophes_en
  13. IAIS, Global Insurance Market Report (GIMAR) Special Topic Edition: Cyber, April 2023, available at: https://www.iaisweb.org/uploads/2023/04/GIMAR-2023-special-topic-edition-on-cyber.pdf
  14. EIOPA, Insurance stress test 2024, December 2024, available at: https://www.eiopa.europa.eu/insurance-stress-test-2024_en

Did you find this useful?

Thanks for your feedback