PRA Fines Third Country Branch for Internal Controls, Governance and Reporting Failures

The Prudential Regulation Authority ("PRA") has fined the London branch of a third country reinsurer (the "Branch") for failing to meet internal controls, governance and regulatory reporting requirements. 

According to the Final Notice, approximately 70% of its parent company’s global business was written in the UK by the Branch. The PRA stated that, prior to Brexit, the Branch operated in the UK under the European Union’s (“EU”) passporting regime, which allowed European Economic Area (“EEA”) authorized firms to provide services in the UK without separate PRA authorization. As such the Branch was permitted to offer reinsurance services to customers in the UK, without specific authorization from the PRA. Following the UK’s withdrawal from the EU, the passport was no longer available, and the Branch entered the UK’s Temporary Permissions Regime ("TPR") as a third country branch —a framework that allowed EEA firms to continue their UK operations temporarily while transitioning to full UK regulatory oversight.

The effect of the TPR was that the Branch was deemed to be authorized by the PRA and was able to continue operating in the UK within the scope of its previous passport for up to three years from 31 December 2020 to 31 December 2023. Once in the TPR, the PRA had the same powers in relation to the Branch as if the Branch had applied for, and been granted, permission to conduct reinsurance business in the UK. Consequently, from 31 December 2020, all relevant parts of the PRA Rulebook applied to the Branch, including the PRA Fundamental Rules and the Third Country Branches Rules. The PRA had written to firms in advance of the TPR to ensure they were operationally ready and understood the expectations placed on them.

Between 1 July 2021 to 31 October 2023 the PRA found that the Branch had breached the PRA Rulebook and the Fundamental Rules.

The PRA found that the Branch’s internal controls were inadequate, despite efforts to implement enhancements. The PRA found that internal audit identified areas where "risk mitigation was inadequate or lacking," which impacted the Branch’s ability to "organi[ze] and control its affairs responsibly and effectively." The PRA stated that several audit recommendations remained outstanding or partially implemented, including items rated "high risk" or "critical." The PRA highlighted issues such as poor "data quality," outdated or missing policies, and a business continuity plan that had not been finalized since first raised. The PRA also cited unresolved outsourcing concerns and the lack of due diligence and board-level reporting. The PRA further observed that the Branch failed to track audit recommendations specific to its UK operations.

The PRA determined that the Branch failed to meet its regulatory reporting obligations. The PRA stated that the Branch was subject to reporting requirements, including the submission of Regular Supervisory Reports ("RSR") and Quantitative Reporting Templates ("QRT"). The PRA found that the Branch failed to submit the two required reports and only provided one after being prompted. The PRA stated that the Branch did not have adequate systems or a governing body-approved policy to ensure timely and accurate submissions. The PRA observed that a comprehensive reporting procedure was not in place until well after the missed deadlines, and that the Branch’s reliance on a basic timetable was insufficient to ensure compliance.

The PRA also found that the Branch’s governance arrangements misaligned with PRA requirements, highlighting deficiencies in the proportionality of oversight and the effectiveness of the UK Branch Management Committee. The PRA stated that meetings of this Committee lacked formal documentation, terms of reference were delayed, and the management information provided was insufficiently tailored to the UK entity. The PRA also identified serious internal control weaknesses, including inadequate business continuity planning and gaps in outsourcing oversight. 

The PRA highlighted that the Branch launched a broad remediation initiative in response to regulatory concerns, with support from external advisers. As of 31 October 2023, the Branch entered into Supervised Run-Off ("SRO") and is winding down its UK operations.  The parent company continues operating in the EEA. A firm in the SRO can perform regulated activities for existing contracts but cannot write new business.

The PRA determined that the Branch violated Fundamental Rule 6, Rules 2.3 and 2.6 of the Conditions Governing Business part of the PRA Rulebook, and Rules 2.1 and 2.5 of the Reporting part of the PRA Rulebook.

As a result, the PRA fined the Branch £2,550,000 and reduced the penalty to £1,785,000 after applying a 30% discount for early settlement.