2/2 M80/July 2025 Underwriting practice

Introduction
In the first chapter we discovered that the role of the underwriter is influenced in many ways
Chapter 2

by the UK regulatory regime, which places a requirement on insurers to ensure that their
employees adhere to certain codes of conduct and operating standards.
In this chapter we will consider the financial demands of operating a business by taking a
look at the role of capital and its impact on the underwriter. We will also look at significant
legislation that creates further challenges to the way an underwriter is permitted to operate.

Key terms
This chapter introduces the following terms and concepts:

Capital Discrimination law Motor Insurers’

Bureau (MIB)

A Capital and solvency requirements

In this section we will consider the relationship between an insurer's requirement for capital
and the underwriting function. Principle 4 of the Principles for Businesses (PRIN) states that
a firm must maintain adequate financial resources.

Refer to
Refer back to Impact on the underwriting function on page 1/11

A1 What is capital?
All businesses, from a small corner shop to a major insurer, need to have assets available to
satisfy their liabilities, such as their debts. These assets may, for example, be investments,
such as shares in companies, bonds, property, machinery, materials or be cash on deposit
with a bank.
To get those assets the business needs money. This could come from, for example, the
owner’s own savings, from loans or by issuing shares in the company. The money raised in
this way is called capital. Some may be set aside, perhaps in long-term investments, and
kept as a buffer against poor trading conditions. The rest, referred to as working capital, is
used for acquisition and running costs. It can be used to buy equipment and raw materials,
pay employees, fund the manufacture and distribution of the products, as well as to pay
interest on loans.
Profit should be made. Profit is the excess of sales and other income over expenses. Some
of this may be distributed as dividends to investors or owners. The rest can be put back into
the business, thus increasing the available working capital and strengthening the long-term
or ‘buffer’ capital. The capital can be used to fund, for example, the development of products,
sales campaigns and new projects. It can also be viewed as a further safety margin to be
called on if the firm experiences unexpected trading losses.
All businesses must be able to match their liabilities with their assets to be considered
‘viable’. An insurer does not actually manufacture goods but accepts the transfer of risk from
others. Its product, therefore, is the bearing of risk and the fulfilment of the liabilities under
its contracts when called on. In order to fulfil those liabilities the insurer needs assets and
capital in the same way as any other business.
However, for insurers the liabilities are inherently less certain, since they relate to the future
possibility of accidents or other calamities happening. The dimension of trust and confidence
in the financial integrity of the companies with whom they place their risk is both intangible
and important to the customers. Insurance customers expect their claims to be paid and so
expect insurers to make sure that they have sufficient assets available to pay them.
Chapter 2 Commercial and legislative factors 2/3

This means two things:

1. insurers need to estimate their liabilities and future income as accurately as possible to
be able to ensure that they will not fail to fulfil their liabilities; and

Chapter 2
2. because it is inherently difficult to do this, insurers need to have a cushion of assets over
and above those anticipated liabilities. The level of that cushion of extra assets is an
issue to which insurers must give a great deal of thought.
Therefore, to ensure they have sufficient assets available, all insurers will analyse their risks
in as exhaustive a way as possible. This is not just good business practice – it is also a
requirement placed on insurers by the PRA. The PRA has rules around the levels of capital
needed and we will consider the context of those rules in the next section.
Much depends on the type of risk that the insurer is bearing and the level of certainty it has
about that risk. This influences the amount of reserves insurers hold to support their various
lines of business.
Since insurers are in the business of paying money to their claimants, the assets set aside
for that purpose need to be in a readily available form. Principally, insurers need to hold
enough cash to pay claims as they arise. Control of cash flow is important for this reason.

A2 Statutory requirements for capital

All UK insurers must meet a minimum capital requirement (MCR). This is the higher of
two amounts:
• a base capital requirement; and
• an amount that has to be calculated from the volume and type of business. This is the
general insurance capital requirement (GICR).
The MCR requirement is found in the FCA's Handbook in the GENPRU Sourcebook. All
UK-regulated insurers must legally have capital at least as large as their MCR.
The threshold conditions for authorisation state that a UK insurer must have capital
resources that are 'adequate having regard to the size and nature of its business'. Therefore,
UK insurers must have a capital resources requirement (CRR). The CRR is the greater
of the MCR and a risk-based calculation that results in a higher enhanced capital
requirement (ECR).
The PRA requires insurers to carry out regular assessments on what they think their own
capital should be. This is known as the individual capital assessment (ICA). Once the
PRA is in possession of a firm's ECR and ICA calculations, it will decide whether it agrees
with the firm. If it does not, it may provide its own view: the individual capital guidance
(ICG). Calculating the ICA encourages management to take responsibility for the needs of its
own business, rather than relying on externally imposed standards.
The detailed calculations needed to arrive at the CRR are outside the scope of this course.
To give an indication of what is needed, regulators have traditionally required that a buffer of
15-20% of premiums be held, although insurers usually hold at least 40%. The requirements
reflect the different risk levels of the various lines of business. For example, for liability
accounts an additional 50% over and above other classes is included in the calculations.
The Solvency requirements for UK firms are based on the EU's Solvency II Directive.
Solvency II
The Solvency II Directive covers the capital requirements of EU-based insurers. It
established harmonised risk-based insurance regulation across the EU. It was implemented
by Member States (including the UK) on 1 January 2016. The PRA regulated UK insurers in
accordance with the Directive.
The key objectives of Solvency II are to:
• improve consumer protection by ensuring a uniform and enhanced level of policyholder
protection across the EU;
• modernise regulatory supervision by shifting focus to evaluating insurers' risk profiles and
the quality of their risk management and governance systems;
• deepen EU market integration by harmonising supervisory regimes; and
• increase the international competitiveness of EU insurers.
 2/4 M80/July 2025 Underwriting practice

Solvency II in the UK after Brexit

Following Brexit, the Financial Services and Markets Act 2023 was enacted to put into
effect a new 'smarter regulatory framework'. It built on the existing approach to regulation,
Chapter 2

which gives the FCA and PRA broad powers to make rules. The Act revoked the Solvency II
Directive and the Insurance Distribution Directive. The PRA and FCA used their rule-making
powers to bring the Directives' provisions into their rules.
Solvency II was tailored to the whole of the EU insurance sector, but the UK insurance
sector differs in several important ways. As a result, the PRA took the opportunity to make
changes to the provisions of Solvency II to produce Solvency UK. Its aim was to make
the market more competitive and dynamic, while continuing to support policyholder security
and financial stability. The phased implementation of these changes was completed on 31
December 2024.
Differences between Solvency II and Solvency UK
The key changes made to Solvency II during the transition to Solvency UK include:

Change to application thresholds Solvency UK applies to firms with gross written premium of £25m or more
and mobilisation regime (increased from €5m). The mobilisation regime allows a lower minimum capital
requirement for a period for new insurers.

Relaxation of third country Overseas (re)insurers operating UK branches no longer need to:
branch capital requirements
• calculate and report branch capital requirements;
• establish and report a branch risk margin;
• hold assets in the UK to cover the branch solvency capital requirement.

Reporting The reporting burden on firms is reduced. For example, firms no longer need to
provide the regular supervisory report, certain reporting templates are gone and
the use of reporting waivers is expanded.

Changes to internal model There is a more principle-based approach to the assessment, approval and
approvals and capital add-ons ongoing monitoring of internal models.

The Matching Adjustment This allows life insurers to take credit upfront for part of the expected
investment returns on assets used to match the cash flows of certain long-term
liabilities. There is more investment flexibility under Solvency UK.

Simplification of the Transitional There is a simplified default method for calculating the TMTP, that addresses
Measure on Technical resource costs and improves consistency.
Provisions (TMTP)

On the Web
More on this can be found here: [Link]/2N1LOa8.

A3 The relationship between capital requirements and the

underwriting function
The underwriter is mainly concerned with the terms on which they will accept risks and
the premium required. The main aim is to ensure that the business written makes a
profit. However, a key concern is exactly how much profit. A UK insurer must have
capital resources that are ‘adequate having regard to the size and nature of its business’.
Essentially, the riskier the business, the greater the need for capital. This means that the
return on the premium needed to write it is higher.
Individual claims in different classes of business have different certainty of outcome.
Compare property insurance to liability, for example. With property insurance the loss can
be ascertained relatively quickly and repairs or restoration carried out in a more certain and
efficient environment. Liability claims, however, tend to have a less certain outcome, both in
value and time taken to settle. In addition, a small but significant minority of liability claims
can be particularly expensive compared to the average. This is referred to as volatility. It
means that levels of assets relative to premium income needed to support different lines of
business varies.
A business class, such as liability, therefore, needs a greater allocation of capital as security
for the business. Some individual claim amounts are substantial and many take some time to
Chapter 2 Commercial and legislative factors 2/5

be settled. This means that substantial reserves need to be maintained over a relatively long
period. Firms look to take advantage of the investment opportunity this affords.
Can the insurer rely on these investment returns to supplement the return expected to

Chapter 2
be made on the premium?
A balance has to be struck here. Relying on potential investment returns on assets held
in reserves could influence an underwriter to set inappropriate premiums. It may lead
them to believe that they can afford to set a premium that achieves a low level of return,
break even or even a loss situation. The plan is that the subsequent addition of the
investment return on those premiums will bring their trading position into profit. This may be
a satisfactory approach – until the value of the investment return is not what was anticipated!
At which point it will doubtless be seen to have been a mistake and foolhardy. Downturns in
investments can occur without warning and trading losses may result.

Activity
Discuss with senior managers how the investment return is viewed within your own
organisation.
Hints:
• Are underwriters aware of the extent to which they are expected to set premiums in
anticipation of claims, i.e. to write business at a premium level which should achieve an
underwriting profit?
• Is there a mechanism to regularly inform the underwriting staff of results by account,
underwriting area or other factors, subject to commercial sensitivity of course?

Question 2.1
An insurer writes various general insurance portfolios. Below are the assets used
to back an employers’ liability and a household account and their respective annual
premium income.
The insurer’s investors/owners wish to see a minimum return of 10% on their capital.
What is the % return (profit) on premium needed in each case in order to ensure a
return of 10% on the assets?

Employers' liability Household

Assets used £200m £50m

Premium income £50m £100m

A4 Management of capital
Insurers need to manage their finances and capital effectively. The main issue is not having
too much money, but how that money is employed. How an insurer manages and protects
its capital is increasingly recognised as vital to its long-term success and profitability and is a
core indicator of its strength and reliability.
An insurer must have a clear understanding of:
• how much capital it has at any point in time;
• how much capital it needs to support its targeted volumes and types of business;
• how much capital it needs to meet both current and future regulatory capital
requirements; and
• what it plans to do in the event of having:
– too much capital for its planned business volumes, or
– too little capital for its plans.
An insurer might be viewed as having too much capital if it has no clear plan to use it for
development or growth. This may be because the opportunities for development or growth
are limited; existing markets may already be penetrated as far as is possible and further
growth may simply bring business that is too high a risk to sustain a viable return. In these
cases, it is not unknown for the insurer to return capital to investors.
 2/6 M80/July 2025 Underwriting practice

An insurer may be viewed as having too little capital if it is unable to take advantage
of opportunities. It may not be able to write the volume of business that is available or it
may have to buy more reinsurance in order to maintain the ability (typically referred to as
Chapter 2

‘capacity’) to take on the level of risk that customers and intermediaries expect it to. Too little
capital will attract the attention of the PRA and may compromise its ability to raise more at a
reasonable cost.
The underwriter’s ability to write business is affected if there is too little capital. There
may need to be limitations on authority to accept business, as well as reinsurance or co-
insurance arranged at fairly low levels of risk. Too little capital may also create difficulties
in maintaining credibility with intermediaries and end clients, who expect efficient risk
acceptance decisions that the firm may not always be able to provide.

B Contract certainty
It is important for all parties to a contract that the terms are clear and unambiguous. Failure
to achieve this contract certainty creates risks on all sides.

Problems for • they will not know exactly what their exposure is under the contracts they enter
underwriters: into; so
• claims reserving and pricing will be less accurate; so
• they will be unable to allocate capital correctly.

Problems for brokers: they have a potential liability for errors and omissions when wordings are unclear or
have not been issued.

Problems for they will not be certain of their coverage, so will be unsure whether they are
policyholders: adequately protected should a loss occur.

The FCA is concerned about contract certainty. This is because it regulates broking and
underwriting businesses, and has an interest in policyholder service and protection issues.
To further the aim of achieving contract certainty, and avert possible regulatory intervention,
the insurance industry produced the Contract Certainty Code of Practice (the latest edition
was published in September 2018). It applies to general insurance contracts entered into by
an FCA-regulated insurer or arranged through an FCA-regulated intermediary.
Contract certainty is defined in the Contract Certainty Code of Practice as follows:
Contract certainty is achieved by the complete and final agreement of all terms
between the insured and insurer by the time that they enter into the contract, with
contract documentation provided promptly thereafter.
There are various principles and guidance contained within the Code around the formation
and performance of contracts.
The main points to note are:
• Principle A - When entering into the contract, the insurer and broker (where applicable)
must ensure that all terms are clear and unambiguous by the time the offer is made or
accepted. All terms must be clearly expressed, including any conditions or subjectivities
(e.g. action to be taken, such as the installation of specified security precautions).
• Principle B - After entering into the contract, documents must be given to the
policyholder promptly. ‘Promptly’ means within seven working days for consumers
and, for all other client classifications, within 30 calendar days. These timescales are
measured from the later of the following:
– the inception date of the contract;
– the date on which the insured and insurer enter into the contract; or
– where there is more than one participating insurer, the date on which the final insurer
enters into the contract.
• Principle G - The insurer and broker (where applicable) must resolve any issues around
the achievement of the contract certainty principles as soon as practicable and without
undue delay.
Chapter 2 Commercial and legislative factors 2/7

Be aware
A consumer is defined as any natural person who is acting for purposes which are
outside their trade, business or profession.

Chapter 2
Activity
Have a look at the Contract Certainty Code of Practice on the London Market Group's
website. What guidance is provided to firms regarding how they might assess whether
their contracts conform to Principle A? This states that all terms are to be clearly and
unambiguously expressed.

Activity
Note the following wording:
We have noted that part of the roof of the home is flat. The flat roof must be
inspected by a specialist every five years and any repairs recommended by the
specialist must be carried out.
Can you see any potential problems? Is this contract certain?
Within what timescale do the repairs need to be completed? What would the
consequences be if the policyholder fails to comply? What type of claim might be affected
by non-compliance?
Consider the following version:
We have noted that part of the roof of the home is flat. The flat roof must be
inspected by a specialist every five years and any repairs recommended by the
specialist must be carried out as soon as possible. If you fail to comply with this
condition we may not have to pay any claim for storm damage to the flat roof or any
other claim for water entering the home through the flat roof.
Is this version complete? Is there anything else you might wish to clarify as the
underwriter? For instance, would you specify that the specialist must be a flat-roof
specialist, or is ‘specialist’ sufficient?
Insurers employ specialist wording technicians with wide experience of a variety of
classes of insurance with the aim of ensuring that the wording conveys the exact amount
of cover the insurer intends to provide. This carries increased responsibility where terms
of the contract are individually negotiated.

Consider the importance of the policy wording in relation to the need for contract certainty.
In recent years, traditional policy wordings that were a mix of formal English and legal
terminology have been replaced by plain English versions. This is in response to demands
from consumer groups that insurers produce products that are easy for the public to
understand. This creates a challenge for the insurer, as words that precisely conveyed a
legal meaning cannot always be used. Therefore, the insurer must make every word count
when drafting a policy wording.

C Legislative influences
Legislation in the UK is derived from several sources. When the UK was a member of the EU
this led to a number of EU directives and regulations coming into UK law. In addition, a vast
amount of legislation is passed by Parliament on its own account. For example, during the
tenure of the last Labour Government between 1997 and 2010, it is believed that one law per
day was entered onto the statute book.
However, not all of this legislation affects the insurance industry directly. General insurance
is influenced by numerous statutes, which impact not only on the way an insurer conducts
its business, but also on the liabilities to third parties that it incurs, either under the Third
Parties (Rights against Insurers) Act 2010, or through its own policyholders.
A comprehensive review of all legislative influences is beyond the scope of this unit. We will,
however, outline some of the most significant legislation affecting underwriting practice, e.g.
data protection legislation, in the following sections.
 2/8 M80/July 2025 Underwriting practice

C1 Consumer Rights Act 2015

The Consumer Rights Act 2015, aimed to reform and simplify UK consumer law and make
it easier for consumers to understand their rights and the remedies available to them if
Chapter 2

things go wrong. The Act complements the EU Consumer Rights Directive, implemented
in the UK through the Consumer Contracts (Information, Cancellation and Additional
Charges) Regulations 2013.
The core terms of insurance contracts, such as exclusions, cannot be challenged on the
grounds of fairness. However, the Act does state that, if a contract term is not transparent or
prominent, it can be assessed for unfairness. A term is:
• transparent if it is expressed in plain and intelligible language; and
• prominent if it is brought to the consumer’s attention in such a way that an average
consumer would be aware of it.
The Act defines an average consumer as one who is ‘reasonably well informed, observant
and circumspect’.
To avoid challenges for unfairness, insurers need to make sure that significant terms in their
contracts with consumers, such as personal insurances, meet the rules on transparency and
are displayed prominently. If a contract term is deemed unfair it will not be binding; although
consumers are still within their rights to rely on a term if they wish to do so.
These rules cover both the consumer contract (the policy itself) and notices, such as renewal
invitations and customer promotions.

C2 Contracts (Rights of Third Parties) Act 1999

The legal concept of privity of contract means that a person can only enforce a contract if
they are a party to it. Consequently, even if a contract is made with the purpose of benefiting
someone who is not a party to it, that person (the ‘third party’) has no right to sue for breach
of contract.
The Contracts (Rights of Third Parties) Act 1999 reforms this rule and sets out the
circumstances in which a third party will have a right to enforce a term of the contract.
Broadly speaking, either the contract must make express provision for the enforcement or
the third party must be expressly identified in the contract by name, class or description.
The remedies allowed are those normally permitted (damages, injunction or specific
performance).

Be aware
In motor policies it is common for individuals other than the policyholder to be named (e.g.
as drivers) and for classes of persons to be identified (e.g. in certificate wordings).

Insurers are unwilling to extend their liability to third parties who are not party to the contract.
Therefore, because it is permitted to contract out of the Act, there is now a standard general
exclusion in policies stating that its terms do not apply.

C3 Data Protection legislation

In this section we are going to consider the two main pieces of UK legislation that apply to
data protection.
'Data protection legislation' is a generic term for the UK General Data Protection
Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). They both govern
the processing of personal data in the UK.
DPA 2018 mirrors much of what is contained in the UK GDPR and makes some
modifications. For example, parts of the UK GDPR do not apply to processing by law
enforcement authorities. In addition, from age 13 parental consent is not needed to process
data online.
Who does the legislation apply to?
It applies to all persons in the UK who process personal data other than for domestic
purposes. It gives data subjects rights and places obligations on data controllers and
data processors.
Chapter 2 Commercial and legislative factors 2/9

For example, both controllers and processors are required to ensure that their data
processing is secure. Significant fines have been imposed for security breaches, and there
have been a number of out of court settlements of claims for damages from affected data

Chapter 2
subjects who have banded together to obtain group litigation orders.
What information does the legislation apply to?
It applies to personal data. This is any information from which a living individual can
be identified, either directly or indirectly. The information is not limited to names and
identification numbers or to photographs or addresses. A large shoe size may be someone's
personal data if there is an individual in an organisation known to have big feet. An IP
address may be personal data.
It is important to remember that information may become personal data if a person becomes
identifiable when data is combined with other information that subsequently comes into the
possession of an organisation. Personal data that has been effectively anonymised is no
longer personal data and falls outside the data protection legislation. It is well known that
the legislation governs the processing of electronic data (known as automated processing).
It is less well known that it also governs the processing of personal data in a manual filing
system. For example, the failure to shred documents may be a data security breach in some
circumstances. Leaving a file in a taxi is a well-known example of a security breach.
Sensitive personal data
The legislation creates special categories of personal data so as to provide additional
safeguards for sensitive information. The categories are:
• race or ethnic origin;
• political opinions;
• religious or philosophical beliefs;
• trade union membership;
• genetic data;
• biometrics (where used for ID purposes);
• health information;
• information about sex life; and
• sexual orientation.

Data Protection Principles

Personal data must be processed in accordance with the seven Data Protection
Principles. They are:
1. Lawfulness, fairness and transparency.
• There must be a lawful basis for processing personal data. Any unlawfulness,
whether it is a breach of the data protection legislation or not, will be a breach of
this principle.
• Data should be processed fairly which means it should be processed in ways that
people would reasonably expect.
• Organisations must be clear, open and honest with individuals about the personal
data they are processing and why and how they are doing it. This may be achieved
with the publication of a privacy notice.
2. Purpose limitation. Data should not be processed for reasons other than those
for which the information was obtained in the first place. For example, personal
information provided when a person registers with an online retailer should not be
provided to third parties without the person's consent.
3. Data minimisation. Organisations must use the minimum amount of data required
to fulfil their purposes. They must process no more information than they need. For
example, is a date of birth really necessary?
 2/10 M80/July 2025 Underwriting practice

4. Accuracy. Data should be accurate and kept up to date. This includes granular detail
such as addresses.
5. Storage limitation. Information must be kept no longer than is necessary to achieve
Chapter 2

its purpose. For example, is there a justification for keeping an entire file for six years?
Can some sections of it be destroyed before then?
6. Integrity and confidentiality. Organisations must ensure that they have appropriate
security measures in place to protect the data they hold.
7. Accountability. Organisations must take responsibility for what they do with personal
data and how they comply with the other principles. They should keep records to
demonstrate compliance. Providing accessible information to individuals about the use
of their personal information is a key element of compliance; most organisations do this
via a Privacy Notice, which can usually be found on their website.

Lawful processing
The processing of personal data is unlawful unless one of the legal bases set out in the
legislation applies. This means that organisations need to identify a legal basis for the
processing.
1. Consent
Consent must be freely given, specific, informed, and an unambiguous indication of the
individual's wishes. It must be quite distinct from other terms and conditions; it must be
given for an identified purpose; and there must be some form of positive opt-in. It cannot
be inferred from silence, pre-ticked boxes or inactivity. Organisations need to make it
as simple for people to withdraw consent as it was to give it. It is advisable to find an
alternative legal basis where possible.
2. Contract
The processing is necessary to give effect to a contract with an individual, or because
they have asked the organisation to take specific steps before entering a contract.
3. Legal obligation
The processing is necessary for a firm to comply with the law (other than contractual
obligations).
4. Vital interests
The processing is necessary to protect someone's life. This basis is limited in scope and
generally only applies to matters of life or death.
5. Public task
Public authorities rely on this basis where they need to process personal data 'in the
exercise of official authority' or perform a task in the public interest. Organisations in the
private sector may also rely on this basis where they are exercising official authority or
carrying out tasks in the public interest.
6. Legitimate interests
The processing is necessary for an organisation's legitimate interests or the legitimate
interests of a third party, unless there is a good reason to protect the individual's personal
data which overrides those legitimate interests.
Legitimate interests may be commercial interests and businesses often rely on this basis.
If they do, they must identify the legitimate interest and ensure they are processing the
personal data for that purpose. They must also check that the processing is necessary to
achieve that purpose.
Finally, it is important to carry out a balancing test to assess whether the interests of the
individual and their right to privacy override the legitimate interests of the organisation.
Rights
Individuals have the following legal rights under the legislation:
Chapter 2 Commercial and legislative factors 2/11

Right to be informed • Individuals have the right to be informed about the collection and use of
their personal data.
• The information provided must include the purposes for processing the

Chapter 2
personal data, the retention period and who it will be shared with.
• Information must be provided to individuals at the time the personal data is
collected from them.

Right of access • Individuals have the right to find out if an organisation is using or storing
their personal data.
• They also have a right to receive a copy of their personal information.
• They can exercise this right by submitting a subject access request (SAR).
An SAR can be made verbally or in writing.
• A company should respond to a SAR within one month; it can take an
additional two months if the request is complex.
• This right corresponds to the transparency principle which organisations
are required to adopt.

Right to rectification • Individuals have the right to have inaccurate personal data rectified or
completed if it is incomplete.
• An individual can make a request for rectification verbally or in writing.
• A company has one month to respond.
• This right corresponds to the accuracy principle.

Right to erasure • Individuals have the right to have their personal data erased, also known as
'the right to be forgotten'.
• The right is not absolute and only applies in certain circumstances.
• An individual can make a request for erasure verbally or in writing.
• The organisation has one month to respond.

Right to restrict processing • Individuals have the right to request the restriction or suppression of their
personal data.
• When processing is restricted, an organisation is permitted to store the
personal data, but not use it.

Right to data portability • Individuals have the right to transfer personal data from the IT system
of one organisation directly to another in a safe and secure way – when
changing banks, for example.
• This right allows data subjects to use applications or services to find a
better deal.

Right to object • Individuals have the right to object to the processing of their personal data
in certain circumstances.
• They have an absolute right to stop their data being used for direct
marketing.
• Organisations may be able to continue processing personal data despite an
objection if they can establish a compelling reason for doing so.
• An individual can make an objection either verbally or in writing. There is
one calendar month to respond.

Rights in relation to • An individual has the right not to be subject to a decision based solely on
automated decision making automated processing, including profiling.
and profiling
• Processing is 'automated' where it is carried out without human intervention
and where it produces legal effects or significantly affects the individual.
• Individuals must be able to obtain human intervention, including an
explanation of the decision, and be able to challenge it.

Accountability and governance

Data controllers are required to demonstrate compliance with the data protection legislation.
They are required to have certain policies and procedures in place, including a risk register
where data breaches are entered.
Organisations need to maintain documentation to evidence their processing activities and
to implement appropriate security measures. Where personal data is sensitive or high risk
a data protection impact assessment will be advisable. They also need to ensure there are
written agreements in place between them and any processors they engage. Certain terms
are mandatory in these agreements. The appointment of a data protection officer may be
recommended.
 2/12 M80/July 2025 Underwriting practice

International data transfers

To ensure that the level of protection afforded to individuals by the UK GDPR is not
undermined, the data protection legislation governs the transfer of personal data from the
Chapter 2

UK outside the EU to third countries or international organisations.

Breach notification
Organisations must report data breaches to the Information Commissioner's Office (ICO)
where there is likely to be a risk to data subjects. If the risk is high, the data subjects must be
alerted to the breach.

Be aware
For the most serious data breaches, the ICO may levy fines of up to £17.5m or 4% of
annual global turnover if higher.

On the Web
ICO: [Link]

DPA gives individuals the right to ask an organisation not to hold or use information that
causes them substantial unwarranted damage or distress. They may also ask companies
to stop unwarranted direct marketing, whether by phone, post or email. Stronger legal
protection applies for more sensitive personal information, such as health, religious beliefs
and ethnic background.
Individuals may go to court to claim compensation for damage or distress caused by any
organisation if they have breached the DPA. Finally, it is possible to request the Information
Commissioner to assess whether any provision of the Act has been contravened.

Relevant

An
underwriter
must ensure
that any data
held is:

Disclosed
only to those
Accurate
authorised to
have it

As well as this, there should not be anything noted that will cause distress or damage.
This means, for example, that derogatory opinions should not be recorded. This could
happen inadvertently when comments are made on files whether they are computer or
paper records.
It applies to all persons in the UK who process data. It gives data subjects certain rights and
places obligations on data controllers and data processors.
Chapter 2 Commercial and legislative factors 2/13

Activity
Review the approach (taken by your own work area) in complying with the UK GDPR
and Data Protection Act. Note the areas of an underwriter's work that are affected. If

Chapter 2
necessary, make a point of discussing this with underwriters in your own company.
Hints:
• Do renewal review processes take account of the need to maintain data accurately and
only for as long as necessary?
• Are checks made to ensure that data is relevant and not excessive (for the purposes
specified)?

C4 Compulsory insurance
There is also legislation that requires the insurer to be authorised so that it can be
eligible to fulfil the relevant requirements of other legislation.
What legislation and what types of insurance are involved?
• Third party motor insurance is compulsory for every individual or business using motor
vehicles on a road – Road Traffic Act 1988.
• Public liability insurance is compulsory in respect of the ownership of dangerous
wild animals and/or dangerous dogs and when running horse-riding establishments
– Dangerous Wild Animals Act 1976, Dangerous Dogs Act 1991, Riding
Establishments Act 1970.
• Professions and businesses must have employers’ liability insurance where there are
employees – Employers’ Liability (Compulsory Insurance) Act 1969.
• Solicitors and insurance intermediaries must have professional indemnity insurance –
Solicitors (Amendment) Act 1974 and Financial Services and Markets Act 2000.
• Marine pollution liability insurance is compulsory via various international legislation and
conventions, as is liability insurance for operators of nuclear reactors – Energy Act 2004.
Making certain insurance compulsory is intended to ensure that innocent third parties injured
by the individual or organisation in question are able to get compensation. Many individuals
and, possibly, some organisations need to have the penalty effect that compulsory insurance
requirements introduce to induce them to buy the cover.

Consider this…
What are the underwriting implications when an individual or organisation buys insurance
simply to comply with the law?

Some legislation ensures that the third party is compensated despite the insurer having
the right to decline indemnity in normal circumstances. The insurer has the right to pursue
the policyholder for a counter indemnity but, in practice, the prospects of recovery are
very limited. Therefore, the underwriter must ensure that all relevant questions are asked
and properly pursued if missing or partial answers are given. This is increasingly important
since the passing of the Consumer Insurance (Disclosure and Representations) Act
2012 (CIDRA).
It should be recognised that compulsory insurance presents insurers with a ready-made
market and that products which satisfy the statutory requirements typically provide that
cover and much more. For example, the vast majority of private motorists choose wider
cover than that required by law. There is little doubt, however, that the compulsory element
helps ensure continuity of cover. Some policyholders might otherwise allow their insurance
to lapse, particularly in times of economic pressure, were it not for the threat of criminal
prosecution for breaking the law. Employers' liability and the other compulsory classes also
encourage businesses and individuals to insure, who might otherwise choose not to do so.

Refer to
For the impact of CIDRA on the underwriting function see Consumer Insurance
(Disclosure and Representations) Act 2012 (CIDRA) on page 2/15
 2/14 M80/July 2025 Underwriting practice

We will now focus on two specific areas:

• employers' liability insurance; and
• motor insurance.
Chapter 2

This is to illustrate how this legislation influences insurers, both in terms of their capacity to
satisfy customers’ needs and their underwriting practices.
C4A Employers’ liability insurance
The purpose of compulsory employers' liability insurance is to make sure that there are
enough funds to compensate employees injured or made ill through their work. Without it,
such claims for compensation may be unaffordable, particularly for small employers.
The relevant legislation is Employers’ Liability (Compulsory Insurance) Act 1969 and
the Employers' Liability (Compulsory Insurance) Regulations [Link] require all
employers carrying on business in Great Britain to insure against their legal liability for injury
or disease caused to their employees in the course of their employment. Insurance must
be effected for any ‘relevant’ employee, which broadly means an employee who is ordinarily
resident in the UK. The Act also prevents employers’ liability insurers from relying on certain
policy conditions to avoid providing indemnity.
These include the following:
• any breach of the policy by the employer following the event giving rise to a claim, e.g.
failing to, or delaying, reporting an incident;
• any condition seeking to exclude liability where it arises from a lack of reasonable care by
the employer to protect the employee from injury or disease; and
• the employer failing to keep the records required by the insurer, e.g. relating to a premium
adjustment condition.
An insurers may require the policyholder to reimburse all sums it has paid out, which it would
not have been liable to pay but for the legislation.
C4B Motor insurance
The Road Traffic Act 1988 (RTA) and its ancillary regulations are complex and impose
several obligations on motor insurers. These not only involve administrative processes but
strongly influence the way in which insurers underwrite and price their business. Legislation
insists that insurers meet third-party liabilities, even when certain policy conditions are
breached (albeit with a right of recovery against the driver or policyholder). There are a
number of areas in which breaches can occur.

The condition
of the vehicle

The age or physical

Its engine condition of persons
capacity or value driving the vehicle

The time at
The number of
which, or the
persons that
areas in which, it
it carries
is used
Chapter 2 Commercial and legislative factors 2/15

Areas in which breaches could occur include:

• condition of the vehicle;
• age or physical condition of the person driving;

Chapter 2
• time at which, or the areas in which, it is used;
• number of people it is carrying; and
• engine capacity or value.
Avoiding a policy is also effectively banned, unless the insurer obtains a declaration from the
courts of its right to avoid on the ground of misrepresentation or non-disclosure. This option
is rarely exercised as it invariably results in the insurer incurring a similar liability under the
Domestic Regulations of the Motor Insurers’ Bureau (MIB).
C4C Motor Insurers’ Bureau (MIB)
Motor insurers can also find they have a mandatory liability due to their membership of the
Motor Insurers' Bureau (MIB). The MIB was set up by insurers in 1946, by agreement with
the Government, to provide a central fund to compensate victims of uninsured motorists. All
UK motor insurers must subscribe to the MIB as a condition of transacting business.
The MIB administers this central fund and handles claims of third parties with a right of
action. It also influences the conduct of insurers under the Domestic Regulations. These
Regulations, known as ‘Article 75’, require insurers to accept liability even where they would
not be liable under the RTA. These circumstances include where:
• the insurance has been obtained by fraud, misrepresentation or non-disclosure of
material facts;
• cover has been backdated; and
• the use of the vehicle is not covered by the policy.

Refer to
See The Insurance Act 2015 (IA 2015) on page 2/16

Activity
Refer to the MIB website ([Link]) for further details of its operation and the full
scope of the obligations placed on insurers by Article 75.

C5 Consumer Insurance (Disclosure and Representations)

Act 2012 (CIDRA)
The Consumer Insurance (Disclosure and Representations) Act (CIDRA) was introduced in
April 2013 and established the consumer’s duty to take reasonable care not to make
a misrepresentation. The implication for underwriters is that if they want to rely on
non-disclosure to repudiate a claim and/or avoid a policy, they must have asked specific
questions about those material facts. This switched the onus from customers needing to
volunteer required information to insurers needing to ask the right questions.
Where the insurer has been induced to enter into an insurance contract through
misrepresentation, the nature of the misrepresentation is the key element.
If the misrepresentation was honest and reasonable, the insurer must pay the claim. The
consumer is expected to exercise the standard of care of a reasonable consumer, taking
into account a range of factors including the type of insurance policy and the clarity of the
insurer’s question.
 2/16 M80/July 2025 Underwriting practice

CIDRA specifies the two qualifying forms of misrepresentation in section 5:

• If the misrepresentation was careless, the insurer has a compensatory remedy based
upon what it would have done had the consumer taken the care to answer the question
Chapter 2

accurately. In practice, this means:

– if the insurer would have applied an exclusion, it will not be required to meet any
claim falling within that exclusion, but would have to meet any claim not related to the
exclusion;
– if the insurer would have charged a higher premium, the value of the claim will be
reduced in ratio to the difference between the original and the increased premium; and
– if it would not have accepted the risk, it is entitled to avoid the contract, decline all
claims and refund the premium.
• If the misrepresentation was reckless or deliberate, the insurer is entitled to treat the
policy as void and decline all claims. It would also be entitled to keep the premium.
In each case, the insurer must be able to show that it would have acted differently had there
been no misrepresentation.

Consider this…
What effect do you think CIDRA might have on the way in which an underwriter operates
in terms of:
• question sets;
• proposal forms;
• statements of fact;
• default answers to questions online;
• policy documentation;
• statements of disclosure; and
• underwriting guides?

C6 The Insurance Act 2015 (IA 2015)

The Insurance Act 2015 (IA 2015), came into force in August 2016. It extends much of the
legislation set out in CIDRA to non-consumer (commercial) insurance contracts.
IA 2015 covers:
• the introduction of a duty of ‘fair presentation’;
• definitions of misrepresentation;
• amendments to breach of warranty and the abolition of basis of contract clauses;
• remedies for misrepresentation; and
• remedies for fraudulent claims.
C6A Disclosure: the ‘duty of fair presentation’
A key part of the IA 2015 concerns the duty of disclosure.
The Act provides that:
Before a contract of insurance is entered into, the insured must make to the
insurer a fair presentation of the risk.
It then goes on to elaborate that:
1. A fair presentation of the risk is one
a. which makes the disclosure required by subsection (4),
b. which makes that disclosure in a manner which would be reasonably clear
and accessible to a prudent insurer, and
c. in which every material representation as to a matter of fact is substantially
correct, and every material representation as to a matter of expectation or
belief is made in good faith.
Chapter 2 Commercial and legislative factors 2/17

2. The disclosure required is as follows, except as provided in subsection (5)

a. disclosure of every material circumstance which the insured knows or ought
to know, or

Chapter 2
b. failing that, disclosure which gives the insurer sufficient information to put
a prudent insurer on notice that it needs to make further enquiries for the
purpose of revealing those material circumstances.
3. In the absence of enquiry, subsection (4) does not require the insured to
disclose a circumstance if
a. it diminishes the risk,
b. the insurer knows it,
c. the insurer ought to know it – for example, a matter of ‘common notoriety’,
d. the insurer is presumed to know it – for example, information which
should be common knowledge to all underwriters for this particular class
of business, or
e. it is something as to which the insurer waives information.
The Act confirms what is material:
A circumstance or representation is material if it would influence the judgement of
a prudent insurer in determining whether to take the risk and, if so, on what terms.
C6B Remedies for breaching the duty of fair presentation
The IA 2015 provides a clear and proportionate response to a breach in the duty of fair
presentation:
1. The insurer has a remedy against the insured for a breach of the duty of fair
presentation only if the insurer shows that, but for the breach, the insurer:
a. would not have entered into the contract of insurance at all, or
b. would have done so only on different terms.
2. The remedies are set out in Schedule 1.
3. A breach for which the insurer has a remedy against the insured is referred to
in this Act as a ‘qualifying breach’.
4. A qualifying breach is either
a. deliberate or reckless, or
b. neither deliberate nor reckless.
5. A qualifying breach is deliberate and reckless if the insured:
a. knew that it was in breach of the duty of fair presentation, or
b. did not care whether or not it was in breach of that duty.
6. It is for the insurer to show that a qualifying breach was deliberate or reckless.

Activity
Compare these remedies to the provisions in CIDRA. You will see that they are broadly
similar.

If a qualifying breach was deliberate or reckless, the insurer

1. may avoid the contract and refuse all claims; and
2. need not return any of the premiums paid.
C6C Warranties
Prior to IA 2015, breach of warranty led to an automatic discharge of the insurance contract;
the insurer had no further liability under that contract. This was the case even if the warranty
breach had no relevance to the actual loss. The Act has removed this consequence. Instead
the insurer's liability is in effect suspended until the breach is remedied, rather than it
bringing the contract to an end.
 2/18 M80/July 2025 Underwriting practice

C6D Fraudulent claims

IA 2015 then goes on to deal with the remedies available to an insurer when faced with a
fraudulent claim from a policyholder.
Chapter 2

1. If the insured makes a fraudulent claim under a contract of insurance

a. the insurer is not liable to pay the claim,
b. the insurer may recover from the insured any sums paid by the insurer to
the insured in respect of the claim, and
c. in addition, the insurer may by notice to the insured treat the contract as
having been terminated with effect from the time of the fraudulent act.
2. If the insurer does treat the contract as having been terminated
a. it may refuse all liability to the insured under the contract in respect of a
relevant event occurring after the time of the fraudulent act, and
b. it need not return any of the premiums under the contract.
C6E Good faith
To tie up the final loose ends from the Marine Insurance Act, the Insurance Act 2015 has
abolished the ability of the insurer to terminate a policy as a result of a breach of the duty
of utmost good faith. As with the previous remedy for breach of warranty, this was not
considered a proportionate remedy.

Activity
Consider how the Insurance Act 2015 affects your company.

C7 Discrimination law
While legislation can help drive demand for insurance it can also impose constraints on how
it is underwritten.
Underwriting is, by definition, a selective process, involving an element of differentiation
between risks; insurers are generally free to decide which risks they wish to insure or decline
and the terms they require. It is for the customer to accept or decline those terms and seek
alternative arrangements in a competitive market.
Discrimination legislation covers individuals who have suffered unfair discrimination in
achieving employment and the provision of services such as insurance. The effect of this
legislation on underwriting practice is outlined in the following sections.
C7A Disability Discrimination Acts (DDA) 1995 and 2005
These Acts made it unlawful for insurers to unfairly discriminate against disabled people in
the provision of insurance services.
The 2005 Act introduced wider powers relating to professional and trade qualifications,
unjustifiable disability-related discrimination, victimisation and disability-related harassment.
The 1995 Act was repealed by the Equality Act 2010 but its provisions as they affect
insurance are effectively unchanged. Unusually, the Equality Act 2010 has not repealed the
DDA 2005.

Activity
Find out two classes of general insurance business where disability is a potential
underwriting consideration and two examples where insurers might take account of
individual circumstances in arriving at a decision on whether to apply special terms for
disabled customers.

C7B Equality Act 2010

The Equality Act 2010 has the objectives of harmonising discrimination law and
strengthening it to support progress on equality. It brought together a number of pre-existing
equality-related acts and regulations, including the Sex Discrimination Act 1975 and the
Disability Discrimination Act 1995.
Chapter 2 Commercial and legislative factors 2/19

It creates a number of protected characteristics:

• age;
• disability;

Chapter 2
• gender reassignment;
• pregnancy and maternity;
• marriage and civil partnership;
• sex or sexual orientation;
• race, religion or belief.

Race, religion
or belief

Sex or sexual
Age
orientation

The Equality
Act covers
these
Marriage and characteristics:
civil Disability
partnership

Pregnancy Gender
and maternity reassignment

The four principal types of discrimination are as follows:

Direct Occurs when someone is treated less favourably than another person because of a
discrimination protected characteristic they have or are thought to have (see 'perceptive discrimination'
below), or because they associate with someone who has a protected characteristic (see
'associative discrimination' below).

Associative This is direct discrimination against someone because they associate with another person
discrimination who possesses a protected characteristic.

Perceptive This is direct discrimination against an individual because others think they possess a
discrimination particular protected characteristic. It applies even if the person does not actually possess
that characteristic. The full guide provides an example of associative discrimination.

Indirect Indirect discrimination can occur when there is a condition, rule, policy or even practice
discrimination in a company that applies to everyone but particularly disadvantages people who share a
protected characteristic.

Be aware
The Equality Act 2010 banned age discrimination in goods and services. There is an
exception in the law for providing financial services such as bank accounts, loans,
insurance, credit cards, warranties, mortgages and investments. This means that financial
businesses can currently continue to use age as a factor in designing, pricing and
offering their products supported by statistical data. The Test-Achats ruling on gender
has, however, fuelled speculation about the long-term prospects of maintaining the status
quo and demonstrates the need for insurers to adapt to such changes in legislation. This
is discussed further in the next section.

On the Web
To find out more about this Act, visit: [Link]/guidance/equality-act-2010-guidance.
 2/20 M80/July 2025 Underwriting practice

C7C EU Gender Directive

Following a case brought by a Belgian consumer group, the European Court of Justice ruled
that insurers could no longer use gender as a premium calculation tool. This case, called the
Chapter 2

Test-Achats case, resulted in the Gender Directive, meaning that by 21 December 2012,
insurers had to use different pricing models. .

On the Web
A copy of the CJEU ruling is available at: [Link]/2F4as2m

The ruling affects:

Private
Motor Life Income
medical Annuities
insurance insurance protection
insurance

The net effect of this varied by class of business. For example, traditionally women received
lower annuity payments due to a longer life expectancy, but the Gender Directive stopped
this, meaning that women now get a higher pension income. On the other hand, women
traditionally were charged lower car insurance premiums than men. Again, this was no
longer the case following the Directive. Having said this, there is some evidence women
continue to enjoy cheaper car insurance due to a better claims history and less exposure to
high risk occupations.
On the subject of private car insurance, insurers now use other rating factors in place of
gender, for example technological solutions, such as vehicle telematics. Global Positioning
System (GPS) technology, a relatively simple and cost-effective device fitted within the host
vehicle, can be used to provide a host of information relevant to the calculation of an
insurance premium. This could offer the underwriter a range of rating factors, such as:
• the time of use;
• location of use;
• average speed;
• maximum speed;
• length of time driven per day/week/month/year; and
• mileage covered.
It may also be extended to include factors such as acceleration, ferocity of braking and
various other indicators of driving behaviour. Telematics-based car insurance is now offered
by a number of leading insurers.

Be aware
The Gender Directive was brought into UK law by an amendment to the Equality Act:
[Link]/uksi/2012/2992/pdfs/uksiem_20122992_en.pdf.

C7D Rehabilitation of Offenders Act 1974

The Rehabilitation of Offenders Act 1974 enables convicted persons to 'wipe the slate
clean' for the purpose of gaining employment, once a prescribed period has elapsed
since the date of the conviction, without further conviction. For other situations, including
insurance, the conviction becomes spent after the prescribed period and need not be
disclosed by the proposer, even though specifically requested by the insurer.
Note that there is nothing in the legislation to prevent an insurer from asking an open
question such as ‘have you ever been convicted of an offence?’ But if the conviction is
spent the proposer can legally give a negative answer. Furthermore, if a spent conviction is
disclosed the insurer must ignore it if it was spent at the time of disclosure. An offence is
committed if the insurer does not do this, as is wrongful disclosure to a third party.
Chapter 2 Commercial and legislative factors 2/21

This legislation, intended primarily to ease the position of those seeking employment, has
created a degree of uncertainty and constraint for insurers. It promises to continue to be
something of a moving target in regard to legal interpretation, posing challenges for insurers

Chapter 2
in terms of framing proposal questions and review procedures and ensuring appropriate and
updated training and competence for employees.
To help insurers deal with the implications of the Rehabilitation of Offenders Act 1974, the
ABI publishes its Good practice guide: Insurers’ approach to people with convictions and
related offences for home and motor insurance. This focuses on, amongst other things, the
need for transparent proposal questions and to make clear to customers the consequences
of any misrepresentation or non-disclosure of unspent criminal convictions.

On the Web
You can find this Good Practice Guide here:
[Link]/globalassets/files/publications/public/convictions-and-related-offences/
[Link].

C7E Legal Aid, Sentencing and Punishment of Offenders Act 2012

(LASPO)
Effective since April 2013, the Legal Aid, Sentencing and Punishment of Offenders Act
2012 (LASPO) is a wide-ranging piece of legislation. As a consequence, much of the content
is not relevant to those in insurance. However, there are several sections which are of
significance to insurers in general.
LASPO covers, inter alia (among other things):
• Changes to the Rehabilitation of Offenders Act 1974. The rehabilitation periods for certain
types of sentence have been changed; for example, previously a prison term exceeding
30 months could not be rehabilitated – the Act amends this to 48 months. A similar
change applies to some fines. In general, the time required before rehabilitation applies
has been reduced. This could affect the terms applied to motor insurance, for example.
• Attempts to curtail the costs associated with the ‘no win/no fee’ legal sector. Specifically,
the premium for an after the event (ATE) legal expenses policy and the associated
success fee can no longer be recovered from the defendant, although certain terms apply
where personal injury is involved.
LASPO also banned referral fees in an attempt to curtail credit hire costs.
Although the savings created by LASPO are impossible to quantify, what is certain is that
motor insurance premiums fell by around 10%–12% in the aftermath.

On the Web
In February 2019, the Ministry of Justice (MoJ) published a post-implementation review of
LASPO and found that legal aid was no longer available to many who need it and those
eligible found it hard to access.
A review on the future of criminal legal aid has since concluded – for more details see:
[Link]/government/consultations/response-to-independent-review-of-criminal-legal-
aid.
The MoJ is undertaking a similar review of civil legal aid, aimed at improving the long-term
sustainability of the civil legal aid provider base (over 35% of provider organisations have
left legal aid over the last ten years).
The Government published its latest report in January 2025 and this sets out the
options to improve the long-term sustainability of the civil legal aid system and the
challenges ahead.
You can find more about this review here: [Link]/guidance/civil-legal-aid-review.