In a highly regulated industry, is it still possible to operate an ‘unregulated’ insurance company? The answer surprisingly is, yes!
After a 15-month investigation by Inherent Risks, with consultations from insurance compliance lawyers, and evidence from Whistleblowers, we have uncovered a ‘Goldilocks’ formula that’s left even the Regulators baffled. A grey area that's ‘just right’ for exploitation.
In fact, this case has gone all the way to the top of UK Government.
In a rare move, Chancellor Rt. Hon Rachel Reeves announced on 14th November, a three-month industry consultation on the potential for a UK Captive Regulatory Regime. A move praised last week by London Market Group, Airmic (Association for Insurance & Risk) and Marsh McLennan.
As part of this industry consultation, a comprehensive Investigation Report, with associated evidence, has been submitted by Inherent Risks directly to UK Government as a Case Study of how the captive system can be, has been, and is being, exploited - through bad actors, cross jurisdictional blind spots and compliance failures.
At present, it's possible to follow a relatively simple, albeit costly, Five-Step Formula:
Incorporate an insurance company in Ireland.
Purchase shares of a Protected Cell Company (PCC) in Guernsey.
Subscribe 100% of the PCC share capital to the Irish company.
Secure reinsurance of the PCC from UK/EU Underwriters via a Broker.
Launch an online Quote & Bind domiciled in Ireland.
(This Five-Step Formula will be referenced throughout this Report due to its relevance.)
While from a legal and regulatory standpoint this Formula is technically allowed, as part of our investigation, it was found that this where a severe grey area can be exploited. And, by each jurisdictional Regulators’ admission(s), they were not aware that these current specific blind spots existed.
Firstly, consider that Ireland is Regulated by the Central Bank of Ireland (CBI), in Guernsey, by the Guernsey Financial Services Commission (GFSC), and in the UK, by the Financial Conduct Authority (FCA). None of which, as it turns out, share reporting systems. The only time they do is during an active investigation through a Multilateral Legal Agreement. For complex cases, these can take from 12 to 36-months to take legal action against offenders, and to make public announcements of their findings.
Secondly, consider that for the CBI, GFSC or FCA to trigger an investigation, they largely rely on other Regulated organisations or individuals to report their concerns. But, if the very rules that these Regulators have established, prevent other Regulated organisations from complete transparency across each reporting stage; then it makes this process dysfunctional and ripe for exploitation.
Jurisdictional Payment Restrictions
Following the Five-Step Formula above, ALL policies written by the Ireland insurance company, whether manually or online, MUST be reported, via the Broker, to Captive Managers in Guernsey, for the policies to be valid.
However, online payments from Stripe into Guernsey bank accounts are currently not supported. Therefore, insurance policies sold online in Ireland, go to a Stripe account registered in Ireland, attached to an Irish corporate bank account.
Brokers and Captive Managers operate on a considerable trust basis, trusting that ALL policies are being reported to them. Due to jurisdictional restrictions, and the fact that the PCC and the Insurance Company are two separate legal entities, neither the Broker or Captive Manager have access to the Stripe account in Ireland, nor the Irish business bank account(s).
Brokers and Captive Managers cannot audit what has not been reported to them. This also means it's extremely easy to pass a Captive Manager audit if the Insurer that's being audited controls the narrative.
There’s also the added complexity that the Insurer may provide carte blanche to a Brokerage they work closely with, allowing its Brokers to freely write policies and collect Premiums on their behalf. In effect, providing them an unauthorised Binder, without the knowledge of Cell Managers or Reinsurers, outside of their compliance, and out of reach of reporting practices. In effect, money could move freely between the Brokerage and the Insurer, from the UK to Ireland; in the blind spot of the Captive Manager, the FCA and GFSC. And the Reinsurer is left oblivious.
Bordereau Reporting Weaknesses
If policies are purposely withheld from Bordereau reporting by the Insurer, neither the Broker, Captive Managers or the Reinsurers have any way of knowing this. The Insurer in theory can misappropriate the Premiums, and technically the Policyholder was never really covered!
Being that reporting by the Insurer to the Broker is monthly and/or quarterly, the Insurer can be sure that no claim has occurred for the duration of that policy; leaving the Insurer free and clear of any liability, ‘safe’ in the knowledge that they can count the Premium as profit. Neither the Broker, the Captive Manager or the Reinsurer are aware the policy was ever issued, and the Consumer is unaware that in effect they are being scammed.
Let's not forget, Captive Cell fees are determined by Gross Written Premiums (GWP). The less Premium that the Insurer reports to the Captive Manager, the less fees the Insurer is required to pay. But, to reiterate, if a Policy is not reported to the Broker/Captive Manager, then the Policy itself is never actually valid!
It is estimated that hundreds of frontline journalists, humanitarians and even war crimes investigators have deployed to conflict zones around the world, with a Policy, that if Brokers, Captive Managers and Reinsurers were aware had not been reported, would not have been valid.
Financial Forensic Investigations
This is where the Multilateral Legal Agreement between the CBI, GFSC and FCA (and law enforcement) comes into play, enabling them to legally request all financial records from Stripe, corporate and personal bank accounts (old and new), and to collect other associated evidence.
At this point, a thorough financial forensic investigation will audit all payments received into the insurer’s bank account(s), then match line-by-line to each Policy issued/sold, including confirmation of which Policies have in fact been reported to Brokers, Captive Managers and Reinsurers. Typically at this point, personal bank accounts of shareholders will also be scrutinised.
If/when wrongdoing is proven, Regulators will then hand the case to relevant law enforcement agencies, which in this scenario, could be conceived as multiple crimes across multiple jurisdictions, resulting in pending charges in Ireland, Guernsey and the United Kingdom.
One Lloyd’s Compliance Officer described it as, “A colossal loophole that charlatans can exploit. An epic regulatory and compliance failure at all levels… Exactly the kind of situation that Guernsey has tried to avoid and will no doubt cause great embarrassment to all who have fallen victim to unscrupulous bad actors.”
Bad Actors
While the Five-Step Formula is theoretical and achievable, this joint investigation has largely focussed on one company and two individuals.
One of the the owners of the Irish insurance company was simultaneously employed by a Lloyd’s Broker, in a massive conflict of interest, and over three-years, allegedly misappropriated close to £1 million from the Brokerage to the benefit of his own insurance company.
As a result of an internal investigation, the Broker in question was terminated from his employment with the Brokerage in 2023, and soon announced himself publicly as the Chief Underwriting Officer of his own Insurance company, despite not having the qualifications or experience to be in such a role. This does not appear to have been questioned by the industry at large.
Instead of the Lloyd’s Brokerage reporting this individual to Lloyd’s and the FCA, they chose to protect their reputation and signed a Non-Disclosure Agreement (NDA), with conditions. These conditions we are informed have since been breached by the former Broker, leading to the Brokerage breaking the NDA and speaking out.
Even more astonishing is that according to two sources, the same Broker was allegedly terminated from employment at another Brokerage prior to this for alleged misappropriation of funds and making false statements. And again, this Brokerage chose to sign an NDA with the individual to protect their own reputation and liabilities.
The same individual also admitted via a WhatsApp message to fraudulently redirecting owed broker fees from the Lloyd’s brokerage, to his own account, for personal gain, further admitting to using the funds to take his family on vacation. In addition, he asked processing staff via email for policies to be withheld from Bordereau reporting, citing that his company needed the premiums to pay outstanding debts.
Another owner of the Irish insurance company and PCC was simultaneously employed by a global Insurtech company in a Partnerships role, and used the PCC to facilitate Insurtech business for major global travel and airline brands. This was done without the knowledge of the Insurtech company owners, and exposed the Insurtech to substantial conflicts of interest. He went to great lengths to mask his ownership of the PCC and Insurance company, including registering shares in his spouses name, requesting via WhatsApp that his ownership of the company be kept secret, and denying his involvement in the company when asked by Insurtech owners and staff.
Multiple Compliance Failures
Notwithstanding, one of the owners of the Irish insurance company was able to incorporate a company in Ireland, obtain approval by the CBI to operate as an insurance company, jointly purchase a PCC in Guernsey, and secure multiple Lloyd’s and Company Market reinsurance capacities in the UK and EU through making false statements, all without thorough due diligence and compliance checks being carried out by any entity.
One owner also registered his shares in entities in his spouses name, when in fact his spouse works for another insurer in Ireland, and as confirmed by the CBI, would also be classed as a considerable conflict of interest by his spouse if found to be true.
During this time, in an attempt to disguise his involvement, the individual held multiple Broker email addresses from UK and EU jurisdictions, and would email himself as a Broker, to himself as an Insurer. In-turn, he would then answer himself wearing either his Broker hat, or Insurer hat, or indeed, answer underwriters, clients and consumers from multiple aliases.
Both owners are reported by Reinsurers and Brokerages across the London market to have misled them and outright lie when questions were asked about the ownership of the Irish insurance company and the PCC.
Considerable expenses, including business travel, sales and marketing, advertising, entertainment and company administration costs were covered by funds allegedly misappropriated from the Lloyd’s Brokerage, and salaries were paid by both the Brokerage and the Insurtech.
No Honour Among Thieves
There was a third owner of the Irish insurance company and PCC, who perhaps unsurprisingly also worked for another insurance company which covered his salary. In 2023, it was found that for a substantial period of time, without the knowledge of the two other owners, he had been taking a considerable monthly fee from a client to his own benefit. When eventually confronted, this owner resigned from the company and handed his shares back, but did not return any of the fees he had taken to his own benefit.
Ironically, both other owners were also allegedly siphoning money for their own personal benefit on schemes they had introduced into the company, without the knowledge of each other. One owner did not have access to the Irish bank account, and had no real oversight as to what funds were being deposited or indeed where the funds were being distributed to. The other owner allegedly remained unaware of fees being taken between the Insurtech and the PCC, in a so-called ‘rathole’ (an account under another name/alias).
Whistleblowing Failures
Over the past 15-months, a total of eight Whistleblowers and sources have provided verifiable information and evidence, not only to Inherent Risks, but to the CBI, GFSC, FCA, Ombudsman, Lloyd’s, Garda, Guernsey Police and London City Police.
While it is not unusual for Regulatory bodies and law enforcement not to comment on ongoing investigations, it has been reported by each person that the Whistleblowing process has been exceptionally difficult, and has left many feeling hopeless and demotivated.
Whistleblowers have reported extremely difficult circumstances when trying to report their findings in particular to Reinsurance Underwriters and Captive Managers. Reinsurers for the most part, buried their head in the sand for over 10-months, even when evidence of wrongdoing was offered, and when the Insurer was writing policies which exposed the Reinsurer to unnecessary risks. Instead the Reinsurer cited that they were waiting for FCA outcomes before taking any action themselves. When Inherent Risks discussed this with Lloyd’s Compliance, they were dumbfounded that a Lloyd’s Underwriter would act with such negligence.
In turn, the Captive Manager largely waited for Reinsurers to take action, again this was despite being provided with substantial evidence. When Inherent Risks spoke to the GFSC, they couldn’t quite believe that a Guernsey Captive Manager had not taken significant action to prove or disprove allegations of wrongdoing.
While it is expected that significant action will be taken against the delinquents involved, it is noted that during extremely long investigative processes, these individuals are continuing to personally profit from outside investments and winning new business, launching new brands and products, employing innocent and unsuspecting staff, and acquiring industry awards.
In a report published just this week, the All-Party Parliamentary Group (APPG) has called into question the integrity of the FCA, which it says is “widely seen as incompetent” and goes on further to say that the FCA “acts in bad faith” and “its treatment of whistleblowers and their evidence is alarming.”
_ _ _
This Summary Report has been released ahead of forthcoming articles by investigative journalists where the companies and individuals will be named.