The burden of compliance in the insurance market has reached unsustainable levels. For Lloyd’s Managing Agents in particular, and the thousands of Coverholders they oversee globally, the complexities of third-party risk management (TPRM) have become overwhelming. Some Coverholders spend more than half their time on compliance activities, representing a major missed opportunity to optimise revenue generation and innovation. In this article, we explain how streamlining compliance and collaborating on TPRM across the industry can overcome these challenges and stimulate renewed growth.
Introduction
As it balances tradition with innovation, the insurance market confronts a range of regulatory, economic and technological pressures in 2025 and beyond. Regulatory compliance remains a defining challenge, with evolving frameworks and increased scrutiny from authorities like the FCA and PRA bringing the issue into sharp focus.
For the intricate insurance ecosystem, managing third-party risk is critical to maintaining compliance and protecting complex supply chains. But current third-party risk management involves laborious questionnaire-based, box-ticking exercises that devour time and resources. The extensive web of insurance market relationships creates duplication and inefficiency in the TPRM process. It impacts the focus on revenue generation and innovation, and imposes a significant burden on all parties.
Urgent need for compliance re-think
There is now market-wide recognition that compliance activities must be simplified and standardised to reduce administrative overheads and unlock growth opportunities. Addressing these inefficiencies is essential if markets like Lloyd’s of London are to adapt to future challenges, and maintain their prestigious role.
To help enhance the efficiency of Coverholder onboarding and oversight, while bringing consistency to compliance standards among Managing Agents, Lloyd’s of London and the Lloyd’s Market Association (LMA) have created The Delegated Authority Streamlined Compliance initiative. This initiative seeks to implement a core set of compliance assessments for Coverholders and defines how information is collected and shared. It aims to establish clear roles and responsibilities as well as to automate and streamline TPRM processes.
This is an important step in the right direction, but fundamental problems remain with traditional approaches to TPRM.
Why traditional TPRM is inefficient and ineffective
Traditional TPRM programmes still rely on static, point-in-time spreadsheet-style assessments, which are burdensome to complete, time-consuming to administer and difficult to review. They are usually completed at the onboarding stage and due to their intensive nature, they are repeated annually at best, meaning they can quickly become out of date.
TPRM activity is largely conducted in silos. Each organisation carries out its own assessments, and there is little standardisation with regard to the framework utilised. It means third parties, such as Coverholders, receive numerous and differing assessments to complete. This results in duplicating effort and diverting resources away from revenue-generating activity.
While these manual questionnaire-based assessments provide a snapshot of the compliance standards of a third party at a point in time, they can’t be easily scaled. A manual TPRM process also provides little to no visibility into extended supply chain dependencies, e.g. Nth parties and subcontractors. Yet these often invisible dependencies can pose a similar and potentially greater risk to the insurance market and its participants.
Current TPRM processes also do not enable regular contact to be established between compliance teams of organisations and those at the third parties they seek to assess. If an incident did occur, this lack of established relationship results in the absence of clear communication channels. With traditional TPRM, there is no mechanism for alerting supply chain participants to the nth degree to an incident, and for coordinating the response.
TPRM challenges for the insurance market
For the insurance market, outdated TPRM practices present significant operational resilience and financial risks, due to the highly interconnected relationships between Insurers, Managing Agents, Delegated Authorities, Coverholders and suppliers. An incident impacting any one of these entities could have widespread implications for the whole market.
In particular - Lloyds Managing Agents have thousands of Coverholders, spread worldwide. Adequately assessing and managing risk across all of these third parties is essential to demonstrate compliance and integral to the marketplace. But Delegated Authority teams already struggle to carry out the onerous TPRM re-assessments they are expected to conduct.
TPRM’s persistent challenge remains its inability to continuously monitor any changes in the compliance of third parties and the lack of a commonly accepted standard for risk assessments. This creates problems when attempting to share the TPRM burden between organisations, as the lack of like-for-like assessment criteria makes it impossible for organisations to work together on assessing shared third parties.
A new approach to TPRM
A new, “social network” approach to TPRM offers a solution to these legacy challenges and limitations. A platform that functions as both, an assessment tool and a collaboration network that brings together compliance assessment teams with their third party counterparts, helps to facilitate better collaboration, continuous communication and streamlined compliance.
Meanwhile, with all third parties on the platform completing the same standardised assessment framework — optimised for the Insurance market — this enables a “complete once, share with many” approach, which significantly reduces the resource commitment for all parties. Third parties, such as Coverholders, simply need to complete one single, comprehensive risk assessment, which can then be shared with all their connected Managing Agents, Delegated Authorities and other participants directly on the platform. This also improves overall risk scrutiny, since different compliance teams will be monitoring the same information.
A social network approach also facilitates enhanced sector-wide collaboration and coordination, for example between different Insurers, Managing Agents and Delegated Authorities. With all parties collaborating on the same platform, market-wide communication is simplified, improved, and coordinating responses to incidents becomes much more effective. By building trusted communities within the Insurance sector, compliance across the market is enhanced and regulators assured. This is all achieved with far less time and resource, and significantly less duplication of effort. With new operational resilience regulations from the FCA and PRA putting a strong emphasis on industry-wide collaboration, this social network approach to TPRM goes a long way towards meeting these requirements, and enhancing sectoral operational resilience.
Moreover, by collaborating in a trusted environment, the Insurance ecosystem can also collectively map their shared supply chain dependencies anonymously, far beyond their immediate third parties, into 4th parties and beyond. By providing such enhanced visibility, participants can identify where risks are concentrated, along with potential single points of failure in the wider network of dependencies – enabling these to be addressed proactively and collaboratively.
Crucially, a social network approach facilitates continuous risk monitoring, as opposed to point-in-time assessments, automatically notifying users when any of the controls of their third parties have changed. It streamlines regulatory reporting and ensures risk intelligence is always accurate and up to date.
Compliance covered – growth unlocked
The insurance market is at a crossroads. At a time when compliance activities are stifling innovation and absorbing valuable resources, the industry needs to find new solutions to manage risk across an increasingly complex marketplace with multiple intricately connected parties.
New social network approaches to TPRM, as championed by Risk Ledger, present a much-needed opportunity to improve efficiency, save time and free up resources while significantly strengthening compliance. Releasing resources offers the chance to unlock growth in the sector, enabling Coverholders to devote more time and expertise to generating revenue, innovating and identifying new market opportunities.
Ben Francis is the Insurance Lead at TPRM provider Risk Ledger, and for nearly a decade has been serving cyber technologies to the Insurance and Financial Services sectors within London and globally. He provides expertise into supply chain assurance, and due to his unique position, he has gained a deep understanding of the challenges that the market faces. Supporting all organisations within the insurance value chain, ranging from (Re)insurers, MGAs, Brokers and of course Delegated Authority teams, Ben provides insights into the ever evolving regulatory landscape and risk management.
trans.png)
.png)
.png)
.png)
.png)
.png)
.png)
