Automobile Insurance Market Conduct Assessment Report. Part 1: Statutory Accident Benefits Schedule Part 2: Rating and Underwriting Process

Automobile Insurance Market Conduct Assessment Report Part 1: Statutory Accident Benefits Schedule Part 2: Rating and Underwriting Process Phase 2 2013 Financial Services Commission of Ontario Market Regulation Branch

Table of Contents EXECUTIVE SUMMARY... 2 1. BACKGROUND... 3 2. FSCO S REVIEW... 4 3. RISK RATING LEVELS... 6 PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS)... 8 4. SCOPE OF SABS REVIEW... 8 5. SUMMARY OF OBSERVATIONS... 9 6. OBSERVATIONS ABOUT SABS COMPLIANCE... 21 PART 2 RATING AND UNDERWRITING PROCESS (RUP)... 23 7. SCOPE OF RUP REVIEW... 23 8. SUMMARY OF OBSERVATIONS... 24 9. OBSERVATIONS ABOUT RUP COMPLIANCE... 34 GENERAL CONCLUSIONS... 23 Page 1

Executive Summary The Financial Services Commission of Ontario (FSCO) is a regulatory agency of the Ministry of Finance which regulates Ontario insurance companies. Part of FSCO s mandate is to enhance consumer confidence in the insurance sector. FSCO works to ensure companies are treating insurance claimants fairly by complying with the Statutory Accident Benefits Schedule (SABS), a regulation under the Insurance Act. In addition, FSCO evaluates the market conduct of all automobile insurance companies in Ontario on their rating and underwriting process (RUP), as part of a compliance risk assessment in the auto insurance sector. FSCO applies a risk based approach to regulate the market conduct of companies. FSCO plans to send a market conduct assessment questionnaire to the majority of automobile insurers in Ontario in four phases over a span of four years. The project started in 2012 (Phase One) where approximately 65% of the Ontario private passenger automobile (PPA) market share was covered. FSCO sent an updated questionnaire for Phase Two, which comprised of two parts (Part A SABS and Part B RUP). Responses were received from 42 companies which represented approximately 25% of the Ontario PPA market share. A targeted and risk-based approach was used to select 16 of these companies for on-site examinations (representing approximately 21% of the market share) to verify responses provided in the questionnaire. Key findings and recommendations from both sections are provided in this report. Key findings in the SABS section include: insurers need to enhance their governance practices/processes to address identified risks particularly with respect to management monitoring and reporting as well as fraud management. Given that the SABS portion of the questionnaire covered 65% of Ontario PPA market share in Phase One and 25% in Phase Two, the aggregate results to date indicate that the industry is at a low risk of non-compliance, although there is room for improvement in certain areas. The RUP portion of the questionnaire covered 25% of Ontario PPA market share in Phase Two. About 20% of the companies were rated as having a medium-high risk of non-compliance. This indicates that some improvement is still required for insurers to enhance their governance practices/processes to address identified risks particularly with respect to the rate change process and implementation controls, independent reviews, and identification of/and process over rating errors. But, on average, rating and underwriting practices in the marketplace fall under a medium-low risk of non-compliance. Phase Two results demonstrate that the questionnaire continues to be a useful and an efficient tool. Not only did it identify individual companies with a higher risk of non-compliance, it provided assurance that most companies have sufficient policies and procedures in place over their SABS claims handling operations as well as their rating and underwriting operations, which ensures sound governance and business practices that comply with regulatory requirements and serves to mitigate risks. Page 2

1. BACKGROUND FSCO is responsible for regulating the market conduct of insurance companies doing business in Ontario. Specifically, the legislation prescribes the rules of conduct for automobile insurance businesses in Ontario with regard to claims handling and rating and underwriting changes. Statutory Accident Benefits Schedule (SABS) Assessments Prior to 2004, FSCO employed transactional review audits to ensure that insurance companies were in compliance with the SABS. However, these audits only allowed FSCO to review a limited number of randomly selected claim files handled by a company. Thus, FSCO took steps after 2004 to address the limitations of the transaction audit approach by implementing a risk-based approach that examined and rated the quality of a company s governance and internal control systems over its entire SABS claim handling operations. Consultations and discussions were held with industry representatives and a self-assessment questionnaire was developed called: The SABS Risk-Based Market Conduct Assessment Questionnaire to assess a company s governance over its SABS claims handling operations. This questionnaire was first sent to all licensed automobile insurance companies in Ontario in 2005; and since then, FSCO has gradually increased its oversight of the market conduct activities of automobile insurers. This has resulted in an expanded scope of risk-based supervision which now includes: Annual filings of attestations by automobile insurers for SABS claims, which started in 2011; Requiring the majority of auto insurance companies to complete the SABS questionnaire at least once over a four-year period, which started in 2012; and On-site examinations of SABS claims handling and compliance activities by insurance companies, which started in 2012. The scope of the SABS review consisted of six key governance areas as well as an assessment of the outcomes from the September 1, 2010 automobile insurance reforms. The overall SABS risk ratings for Phase Two companies were fairly consistent with that observed in Phase One; therefore, the aggregate results to date which covers 90% of Ontario PPA market share indicates that the industry is compliant for the most part. However, there remains room for improvement. In addition to consulting with industry stakeholders, it is important to note that, with each phase, FSCO reviews legislative changes and emerging industry trends and makes changes to both the attestation and questionnaire. The intention is to be relevant, current; and where possible, identify areas which may affect the public and the marketplace. Rating and Underwriting Process (RUP) Assessment In May 2007, FSCO sent all automobile insurance companies in Ontario a market conduct questionnaire on implementing approved auto insurance rates, risk classification systems and underwriting rules. It was part of FSCO s continued assessment of compliance risk in the auto insurance sector, after the initial assessment of insurer practices which was conducted in 2005. Page 3

To enhance its risk-based governance approach, in conjunction with the SABS questionnaire, the 2013 RUP questionnaire was updated from 2007. Industry consultations were held with FSCO s Rating and Underwriting Technical Advisory Committee (RUTAC) and the RUP questionnaire was deployed in 2013. The scope of the market conduct questionnaire includes the rating and underwriting processes, and the approved rate verification process. The revised questionnaire for Phase Two was launched on March 15, 2013. The scope of the RUP review consisted of seven key governance areas including random samples of policies to validate that only approved rates are being applied at the transactional level. Since there was no RUP questionnaire in Phase One, we cannot compare the RUP risk ratings on an aggregate basis at the end of Phase Two. That being said, results to date indicate certain improvements are necessary to rating and underwriting practices within the industry and controls need to be enhanced to mitigate identified risks. 2. FSCO S REVIEW FSCO began conducting its review in four phases over a four year cycle, with 2012 representing Phase One and 2013 representing Phase Two. In each of these phases, there were three stages within the process: Stage One - Attestation The 2011 Ontario Budget outlined the government s commitment to address auto insurance abuse and fraud, which increases costs and leads to higher premiums. The government also stated its intention to take immediate steps to reduce abuse and fraud, including the introduction of a requirement that insurers attest annually to the effectiveness of their SABS controls. The annual attestation process reinforced the need for automobile insurers to confirm that their company has SABS cost controls in place to address fraud and abuse and that these are effective, regularly reviewed, and treat legitimate claimants fairly and in accordance with the law. The attestation must be signed by the President, the CEO or the most senior officer responsible for the insurer s operations in Ontario. After consulting with stakeholders in early 2013, FSCO updated the annual attestation process for all automobile insurers in Ontario. The objective is to continue promoting and encouraging good governance, identify areas for improvement, and increased direct supervision in a risk-based manner in accordance with recent automobile reforms. Stage Two Questionnaire After receiving the 2012 attestations, FSCO held further stakeholder consultations in early 2013. The update to the questionnaire focused on requesting additional information on the SABS controls, particularly around fraud management and the escalation of potential fraudulent or suspicious claims (together with the outcomes of such claims). Page 4

The updated questionnaire was sent out in March 2013 to 36 automobile insurers across the province on a random, and (in some cases) on a targeted selection basis. FSCO also received responses from six additional companies as part of group insurance filings. These 42 companies represented approximately 25 % of the Ontario private passenger automobile (PPA) market share, as measured by private passenger auto written premiums. Questionnaire Completion 25% 10% 65% Phase 1-34 companies representing 65% of the Ontario Private Passenger Automobile (PPA) marketplace Phase 2-42 companies representing 25% of the Ontario PPA marketplace Remaining marketshare The targeted companies were selected through a risk-based approach using market conduct data including: market share, the number of SABS or RUP related complaints, the number of mediations, and assigned risk ratings from prior SABS reviews. All insurers were required to return the completed questionnaire electronically by April 30, 2013. Over a four-year cycle, the majority of automobile insurers in Ontario are required to complete the questionnaire at least once. Stage Three Risk Assessments and On-Site Examinations FSCO s Senior Compliance Officers (SCOs) conducted desk reviews of all completed questionnaires, including a risk assessment summary for each company. Preliminary risk rating levels were assigned to each of the 42 companies based on the desk reviews. FSCO used the results of the desk reviews and other market conduct data to select a sample of 16 companies for on-site examinations (which excludes one Farm Mutual Insurer) to confirm that it could rely on each company s responses to the questionnaire and to review best practices. The selected sample examined in Phase Two represented approximately 21 % of the market share. Page 5

On-site Examination Selection 33% 21% 46% Phase 1-14 companies representing 46% of the Ontario PPA marketplace Phase 2-16 companies representing 21% of the Ontario PPA marketplace Remaining marketshare During the on-site examinations of the 16 companies, SCOs established whether the answers were supported by appropriate documentation. Risk ratings were assigned to each key governance area to arrive at an overall risk rating for the company. Each company then received the on-site examination results which contained a summary of the findings and corresponding recommendations. Companies were required to provide FSCO with timely responses on the steps they were taking to address the recommendations. 3. RISK RATING LEVELS FSCO designed the questionnaire to determine if the responding company has an appropriate corporate governance structure and internal controls to support this framework. This would include documented policies and procedures for appropriate governance over SABS claims, rating and risk classification systems, and compliance with legislative requirements. A company s risk of non-compliance with the requirements ranged from low risk to high risk and was defined as follows: Risk Level High Risk Medium-High Risk Medium-Low Risk Risk Rating Definition/Criteria The policies and procedures are inadequate and there are potential issues with statutory compliance. The written policies are adequate, the monitoring is inadequate and/or key procedures are not sufficiently documented. The written policies are adequate, the monitoring is fairly adequate and not all key procedures are documented. Page 6

Risk Level Low Risk Risk Rating Definition/Criteria There are well documented policies and procedures in place, adequate monitoring systems and strong board/senior official oversight. A desk review of the questionnaires included assigning a risk rating for each of the key governance areas. The risk ratings for all governance areas were then used to assign an overall preliminary risk rating to each of the 42 companies. However, Phase Two included 15 farm mutuals who were asked to complete the questionnaire. Since these farm mutuals represented less than 1% of the Ontario automobile market share, FSCO excluded their results from this report. The farm mutual results have been reported independently of this report. The preliminary risk rating for the remaining 27 companies are as follows: Phase 2 Risk Rating Levels Risk Level SABS Risk Rating RUP Risk Rating Aggregate Risk Rating (SABS and RUP) High Risk 0 0 0 Medium-High Risk 1 6 0 Medium-Low Risk 10 15 21 Low Risk 16 6 6 Total 27 27 27 The above Phase 2 aggregate risk ratings were developed based on an aggregate review of all key governance areas in both the SABS and RUP questionnaires. As with Phase One, SCOs conducted on-site examinations in Phase Two to assess the effectiveness of governance controls; and, where necessary, made recommendations for improvements or took regulatory action. This process will also determine if changes are needed to the 2013 attestation and subsequent questionnaires in Phases Three and Four. Questionnaire Phases Three and Four The last two stages of the project will follow suit with the annual attestation being sent to all insurers actively issuing automobile insurance in Ontario. This will be followed by an updated Questionnaire to the remaining companies, who have yet to receive it previously. Finally, a number of risk-based followup visits will be conducted to validate answers provided on the Questionnaires. Page 7

PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS) 4. SCOPE OF SABS REVIEW Consistent with FSCO s risk-based approach to regulation, the objectives were to: (a) (b) (c) Determine if FSCO can rely on insurer attestations and questionnaire responses; Assess compliance with the amended SABS and Unfair or Deceptive Acts or Practice (collectively referred to as SABS compliance controls ) Regulations; and recommend regulatory action when warranted; and Assess if there are acceptable SABS compliance and anti-fraud controls to measure the level of non-compliance with the SABS. FSCO selected a sample of 15 insurance companies for on-site examinations, based on the results of the desk reviews and other market conduct data. This included market share, number of SABS complaints, number of mediations, and the risk ratings from prior SABS examinations. Similar to Phase One, FSCO s objective in Phase Two was to visit companies rated as high risk (for both SABS and RUP) and select a further sample of companies that were rated as a medium-high/low risk or low risk. On an aggregate basis, no high risk companies were identified and the majority were medium-low risk. Most companies selected for on-site examinations were in the medium-low risk category. The examinations therefore took on a primary assurance assessment function, to ensure that FSCO could rely on the responses to the questionnaire and to observe best practices to assist in future on-site examinations. SCOs examined the offices of the sample companies and met with senior officials to review their responses to the questionnaire and corresponding supporting documentation. The examinations confirmed that the responses were for the most part completed accurately and that the risk rating levels assigned during the desk review stage were appropriate. Only a few changes to the responses resulted from observations and interviews during the examinations and these changes were made after discussions with the companies. This led to one company s preliminary risk rating to increase from medium-low to medium-high. SCOs also evaluated each company s governance over its SABS claims handling through five key governance areas assessed within the questionnaire: 1. Development, documentation and content of SABS claims handling policies and procedures; 2. Existence of other controls, monitoring and management reporting of SABS claims handling; 3. Fraud management including anti-fraud measures; 4. Reliance on any independent review; and 5. Management of any SABS claims handling functions outsourced to third parties. Moreover, FSCO assessed the level of development and the use of preferred healthcare networks (which was not part of the questionnaire). The SABS risk ratings for Phase Two (which indicates that most companies are low to medium-low risk) were consistent with that observed in Phase One. Given that the Page 8

questionnaire covered 65% of Ontario private passenger automobile market share in Phase One and 25% in Phase Two, it appears that the industry is in compliance for the most part. 5. SUMMARY OF OBSERVATIONS Development and Content of Policy This section verified the existence, review for compliance, and approval of policies. The content of policy section covers: the claims handling process, SABS compliance controls, SABS cost, fraud and abuse controls, and performance benchmarks. Questionnaire Results A. Development of Policy All companies have documented SABS claims handling policies and procedures that are made readily available to all claims handling staff. Also, all companies have reviewed their policies and procedures for compliance with statutory requirements and Superintendent Guidelines. In terms of approval, all companies have their policies and procedures approved at the senior management level or higher. Some companies also had committees comprised of operational managers, directors and senior executives who developed and approved any changes to the policies and procedures. Furthermore, all companies review their SABS claims handling policies periodically and update them (if required), while taking into account results of complaints, information derived from the claims handling process, and feedback from employees and claimants. From a documentation perspective, the majority (approximately 96%) of these companies indicated that they have their reviews documented. B. Content of Policy 1 All companies have established policies and procedures, which: Address the SABS requirements by covering areas such as: confirming whether claimants have accident benefits coverage, establishing loss responsibility, identifying potential fraudulent or suspicious claims, ensuring appropriate set up of reserves, providing information and forms to claimants, establishing payment timelines, as well as outlining procedures for a claimant s appeal process; 1 Fraud management was one of the key areas of focus covered in the content of the policy section of the questionnaire. Considering its significance, the fraud management results have been carved out into a separate section below titled: Anti-Fraud Measures & Management. Page 9

Incorporate compliance controls in connection with the adjusting and handling of SABS claims and provisions for the prevention of any UDAPs (collectively referred to as SABS compliance controls ). These are established with respect to the Minor Injury Guideline (MIG), limits on assessment expenses and insurer examinations. Also, company policies address consistencies with the regulatory requirements for mediation, arbitration and disputes between insurers; Evaluate claims handling performance through internal performance benchmarks and standards; Protect personal information in accordance with Personal Information Protection and Electronic Documents Act (PIPEDA) requirements; Require formal training of staff, thereby ensuring handling of claims in accordance with the legislative requirements as well as maintain a process to advise and train staff on all pertinent changes to the SABS and UDAP; Include a complaint handling protocol, specifying escalation procedures and documentation of complaints. On-site Examination Results A. Development of Policy All companies examined have documented SABS claims handling policies as well as a process in place to ensure they are current and compliant with various regulatory requirements. This process primarily involves ongoing review of the Superintendent s Guidelines and FSCO bulletins to assess legislative changes and corresponding policy updates. However, FSCO noted that only half (approximately 47%) of the companies examined clearly documented their policy approvals and date of approvals, which was inconsistent with the above questionnaire results. B. Content of Policy In terms of the policy content, most (approximately 73%) of the companies examined have documented compliance controls within their SABS claims handling policies to address fraud and abuse, the MIG, limits on assessment expenses, insurer examinations, disputes between insurers, and explanation of claims denials. All companies examined have a SABS complaint handling protocol and all companies have formal training programs in place to help their staff in handling SABS claims as well as to advise them on legislative changes and new regulatory requirements/reforms. It was noted that communication with claims staff occurs via email and/or the company's intranet regarding all pertinent changes to SABS and UDAP. Page 10

Risks Identified There is an increased risk of non-compliance if companies claim handling policies do not explicitly document SABS regulatory compliance controls. SABS claims handling practices may not be consistent with current legal requirements if company policy updates and approvals are not clearly documented. Based on the above risks identified, this section has been rated as a medium-low risk of noncompliance. The results for this section in Phase Two are relatively consistent with Phase One results, where this section was rated as a low risk of non-compliance for claims-handling practices. This indicates (on an aggregate basis) that risks in the marketplace are being addressed through corporate policies. Development and Content of Policy Phase 1 Phase 2 Low Risk Medium- Low Risk Recommendations 1) In order to ensure compliance with regulatory requirements, FSCO highly recommends companies document SABS compliance controls within their policies and procedures. 2) As a best practice, FSCO recommends that companies make an added effort to document updates and amendments to their policies and procedures, with supporting records of review and approval dates. Other Controls, Monitoring and Management Reporting The questionnaire addressed: the monitoring of open and closed claim files, comparison of actual results with performance benchmarks, standards to evaluate and monitor the efficiency and effectiveness of claims handling, monitoring changes in the SABS from recent auto insurance reform, management reporting, and a process to take corrective action for non-compliance. Questionnaire Results All companies have performance benchmarks to evaluate staff efficiency in handling claims. These benchmarks comply with SABS and UDAP requirements at a minimum. A majority (approximately 96%) of these companies gather statistical information on claims handling for benchmark comparison. Most Page 11

(approximately 81%) of the companies have their results within its established benchmarks while the remainder (approximately 19%) of the companies have a few areas that require corrective actions. All companies have established a process to monitor closed or outstanding SABS claims to ensure they are being adjusted in accordance with statutory requirements. Also, all companies use this process to monitor adjusters caseloads, the length of time SABS claims are open, along with arbitration and court decisions. Moreover, the majority (approximately 96%) of the companies have indicated they monitor Health Claims for Auto Insurance (HCAI) reports in evaluating their performance. With regards to efficient handling of SABS claims, all companies have established standards relating to verifying costs incurred by the claimant, monitoring the number of files that can be capably handled by an adjuster and turnover of staff adjusters. However, not all (approximately 74%) companies have established standards relating to experience and training required by SABS adjusters. All companies indicated having a process to monitor the effectiveness of SABS claims handling policies as well as modifications to compliance monitoring systems as a result of new SABS requirements introduced through regulatory change or the issuance of Superintendent Guidelines or FSCO Bulletins. These companies use many of the specified tools to assess the quality of its SABS claims handling policies such as past results, employee feedback, arbitration decisions and mediation outcomes, consumer complaints, and customer satisfaction surveys. A majority (approximately 96%) of the companies indicated having processes for preparing SABS monitoring reports, communicating results to senior management level or higher on an annual or more frequent basis, as well as taking corrective action for non-compliance. However, FSCO observed that management monitoring and reporting on the impact of recent automobile reforms was not adequate. In particular, while most of the companies monitor and assess the impact of the Minor Injury Guideline (MIG) approximately 81%,fewer companies monitor the limit on assessment expenses (approximately 74%). In addition, only some of the companies prepare monitoring reports on disputes between insurers (approximately 37%). Furthermore, FSCO observed a wide range with regards to the percentage of open claims that fall within the MIG. Year-over-year percentages reflect positive trending, whereby an increasing number of claims are falling within the MIG. For years 2010 (0% to 45.2%), 2011 (2.5% to 78%), and 2012 (6% to 87.6%). The wide range is something that requires further investigation. From a cost savings management perspective, most (approximately 70%) of the companies monitor the outcomes from key aspects of the automobile reforms effective September 1, 2010. Page 12

On-site Examination Results Most (approximately 73%) examined companies monitor and report on compliance with specific SABS requirements such as timelines, MIG, insurer examinations, disputes between insurers, and explanation of claim denials. Furthermore, a few (approximately 36%) of these companies monitor and report on compliance with respect to assessment expenses. This observation is consistent with the questionnaire results on monitoring and reporting on compliance of assessment expenses. Most (approximately 80%) examined companies utilized monthly management reports to monitor SABS thresholds and timelines while all companies examined have established benchmarks for claims handling practices that correspond and comply with the SABS and UDAP requirements as a minimum. The majority (approximately 93%) of these companies have demonstrated a practice of compiling statistical information on actual results which is compared to the performance benchmarks as a tool to evaluate the efficiency of SABS claims handling practices. All companies examined have senior claims managers that review monthly management reports as well as benchmarking comparative analysis. These results are communicated to respective team leads and/or supervisors, as well as their claims handling staff for necessary remedial action plans. From a cost savings management perspective, the on-site examinations validated FSCO s observations from the questionnaire results. FSCO noted that most (approximately 73%) of the companies examined had monitored, documented and quantified the benefits resulting from the 2010 auto reforms and the associated savings at the operational level, such as monitoring accident benefit loss cost per vehicle pre and post reform. Page 13

Companies that monitor for cost savings (approximately 73%) have tracked trends since the auto reforms using quarterly accident benefit reports, scorecards, and claims performance reports that include cost savings measures. Claim development and accident benefit loss cost per vehicle have trended positively for these companies that monitor such costs pre and post reform. In addition to cost savings management practices, FSCO noted that most (approximately 87%) of companies examined track and monitor new claims falling within the MIG. Risks Identified There is an increased risk of non-compliance if companies do not monitor and report on compliance with SABS requirements in particular, timelines, MIG, insurer examinations, disputes between insurers, explanation of claim denials, and assessment expenses. By companies not monitoring the key aspects and impact of auto reforms, there is a risk that the resulting benefits from reforms cannot be adequately determined. Lack of established standards in terms of experience and training required by SABS adjusters could lead to inefficiencies, as well as inconsistencies in handling SABS claims. Based on the above risks identified, this section has been rated as a medium-high risk of non-compliance. The results for this section in Phase Two are worse than Phase One results, where this section was rated as low risk, indicating that on an aggregate basis there are increased risks of non-compliance in the marketplace that are not necessarily being satisfactorily addressed. Other Controls, Monitoring and Management Reporting Phase 1 Phase 2 Low Risk Medium- High Risk Recommendations 1) FSCO highly recommends that all companies monitor and report on specific SABS compliance requirements particularly with respect to timelines, the MIG, insurer examinations, explanation of claim denials, assessment expenses, and disputes between insurers. 2) In view of the wide range of MIG trends noted above, it would be prudent for companies to review their claims classification practices under the MIG to ensure that claims are being handled appropriately. 3) It is recommended that insurers monitor, document and quantify the outcomes of the key aspects of automobile reforms in their management reports. 4) FSCO also recommends that companies establish standards relating to experience and training required by SABS adjusters, which would support the efficient and consistent handling of SABS claim files. Anti-Fraud Measures & Management Page 14

Questionnaire Results All companies indicated having claims handling policies, which include claims cost controls intended to address fraud and abuse in connection with the adjustment and handling of SABS claims and the provisions of the UDAP Regulation. Also, all companies have fraud identification and escalation procedures and a majority (approximately 96%) of these companies have established a Special Investigations Unit (SIU) to deal with suspected fraud or suspicious claims. Specifically relating to fraud identification, the majority (approximately 96%) of companies identified potential fraudulent or suspicious claims through fraud analysis techniques. Approximately 81% of these companies also resort to exceptions reporting for fraud identification purposes. Overall, most (approximately 89%) of the companies utilize automated fraud detection tools or special software programs to identify suspicious claims. Approximately 70% of the companies maintain statistics for potential fraudulent or suspicious claims. Furthermore, FSCO also observed a wide range of percentage of open and closed accident benefit claims that have been identified as potential fraudulent or suspicious for the 2012 accident year ranging from approximately 1% to 73%. Of the companies that maintain statistics, the percentage of the potential fraudulent or suspicious claims being escalated to SIU for the 2012 accident year ranged from approximately 10% to 100%. In addition, all companies have indicated they monitor HCAI reports. The majority (approximately 96%) of these companies also track and monitor the outcomes from potentially fraudulent or suspicious claim files. On-site Examination Results All companies examined have developed a process to identify potentially fraudulent or suspicious claims. Some of the common tools or techniques used to identify fraud include: analyzing HCAI data, establishing predetermined automated and manual fraud triggers (which identify when a file is to be escalated or referred to SIU), and identifying healthcare providers where fraud and/or abuse is suspected based on volumes, patterns, and trends. All companies examined have documented escalation procedures, including a procedural guideline on the escalation of files to SIU. These procedures form part of the companies overall policy framework and are made available to all claims staff. Also, all companies have a flagging process built into their respective claims systems for subsequent potential fraudulent or suspicious claims activity to be captured. All companies examined have adopted several approaches to reduce paying out fraudulent claims. Some common themes include: utilizing fraud detection services that provide industry wide information for fraud indicators, keeping up-to-date with Insurance Bureau of Canada (IBC) alerts as well as participating in an industry wide anti-fraud taskforce. With regards to fraud training, all companies examined require claims staff to attend fraud seminars and be provided with various training materials on an ongoing basis. Page 15

However, in terms of management monitoring of fraud statistics, FSCO noted that only half (approximately 53%) of the companies examined actually maintained periodic statistics for potentially fraudulent or suspicious claims identified. Furthermore, a few (approximately 25%) of these companies maintained continuity statistics and tracked claim files referred to SIU (from acceptance or rejection by SIU to final outcomes along with potential related cost savings). Risks Identified By not maintaining statistics for identified potential fraudulent or suspicious claims activity, there is an increased risk of fraud trends or systemic issues not being identified and addressed. Also, by not maintaining continuity statistics for files referred to SIU and related fraud outcomes, there is an increased risk of claim costs not being assessed accurately or inadequate resources allocated to address these potential fraudulent files. Based on the above risks identified, this section has been rated as a medium-high risk of non-compliance. The results for this section in Phase Two are worse than Phase One results, where this section (included within the development and content of policy section) was rated as low risk, indicating on an aggregate basis there are increased risks in the marketplace that fraud, abuse and over-utilization are not being fully addressed. Anti-Fraud Measures & Management Phase 1 Phase 2 Low Risk Medium- High Risk Recommendations 1) FSCO strongly recommends that companies maintain and regularly review statistics for potential fraudulent or suspicious claims to ensure appropriate indicators and resources are in place to identify such claims and to take appropriate action. In addition, companies should have a formalized process for exception reporting of potential fraudulent or suspicious claims as a best practice to maintain appropriate standards. Specifically, in light of the trends noted above, it would be prudent for companies to review their escalation procedures to ensure potential fraudulent or suspicious claims are handled appropriately and in a consistent and timely manner. 2) FSCO highly recommends that companies maintain fraud continuity schedules that track claim files identified as potentially fraudulent or suspicious; while explicitly demonstrating files referred to SIU through both automated and manual referral channels (including those accepted/rejected by SIU including explanations, along with final fraud determination outcomes and the associated cost savings). Page 16

3) The reports should also consider potential cost savings identified on open and closed claim files. Furthermore, FSCO highly recommends company management monitor these reports on a regular basis. Independent Reviews Under this section, details of independent reviews conducted on the claims handling process, reporting of identified issues to management and corrective action plans were reviewed. Questionnaire Results All companies have indicated that they have some form of independent review over their claims handling process which is conducted at least on an annual basis. While results varied between companies, the questionnaire revealed that companies used internal auditors, external auditors, external consultants and/or supervisors to perform the reviews. However, it was noted that from the above companies that performed independent reviews, most (approximately 73%) of the companies incorporated SABS compliance controls as well as SABS cost, fraud and abuse controls within the scope of their independent reviews. From the companies that performed independent reviews, a majority (approximately 96%) of the companies ensured that results were reported to senior management or higher. The questionnaire indicated that all of the review recommendations had been implemented and subsequent follow-up reviews performed. On-site Examination Results All companies examined perform independent reviews. The majority (approximately 93%) of companies examined indicated they had a policy that required an annual audit process, however, only some (approximately 64%) actually conducted the required annual audit. FSCO also evaluated the scope of work performed by companies during their independent audits. Most (approximately 87%) of the companies examined included SABS compliance, fraud management, recent auto reforms as well as sampling of SABS claims files within the scope of their independent reviews. In terms of reporting the audit results from the independent reviews, it was noted that all companies reported their results to senior management (i.e. VP of Claims or Director of Accident Benefits). Also, for any significant issues reported, all companies examined indicated having a process around the creation and implementation of corrective action plans and subsequent monitoring. Page 17

Risks Identified There is an increased risk of non-compliance if the scope of independent review does not include: a review of SABS compliance controls along with SABS cost, fraud and abuse controls. Furthermore, there is also a risk of non-compliance if these independent reviews are not performed (at a minimum) on an annual basis. Based on the above risks identified, this section has been rated as a medium-low risk of noncompliance. The results for this section in Phase Two are relatively consistent with Phase One results, where this section was rated as low risk, indicating on an aggregate basis independent reviews reduce the risks of non-compliance in the marketplace. Independent Reviews Phase 1 Phase 2 Low Risk Medium- Low Risk Recommendations 1) FSCO recommends that the independent review process should include a review of SABS compliance controls as well as SABS cost, fraud and abuse controls to ensure companies are compliant with SABS requirements. Further, such reviews should be performed at least annually. Outsourcing This section covered outsourcing SABS claims handling to third parties, including contractual arrangements and monitoring for compliance with company policies. Questionnaire Results Approximately 70% of the companies outsource SABS claims handling or tasks to third parties. Of the companies that outsource, most (approximately 84%) retained full claims file responsibility and ownership, and outsourced on a limited task assignment basis. Examples of specific task assignments include: handling employee claims, and claims in non-staffed areas where an investigation, initial meeting, a statement or information gathering is required. Most (approximately 89%) of these companies that outsource, have their outsourced tasks or functions documented in a written agreement or contract. In addition, all of these companies require independent adjusters to follow the company s policies. Page 18

It was also noted that most (approximately 89%) of the companies that outsource, monitor the performance of the outsourced tasks or functions for compliance with the company s policies. However, only a few (approximately 24%) of these companies prepare a report on the quality of work performed by the third parties. Outsourcing has been historically categorized as a high risk function. However, for the most part, companies have mitigating controls in place (such as: documenting outsourced tasks within agreements or contracts as well as monitoring their performance). That being said, these controls can be further solidified by formally documenting and preparing consolidated reports on the outcomes of monitoring the quality of outsourced activities. On-site Examination Results Most (approximately 87%) of the companies examined on-site engage in related outsourcing activities. All of these companies that outsource use outsourcing on a limited task basis such as: initial investigation, statement taking, handling of employee claims, etc. The majority (approximately 92%) of these companies have their outsourced tasks or functions documented in a written agreement or contract that dictates the terms of compliance for performing the limited task assignments. Also, most (approximately 85%) of the companies that outsource, monitor the performance of outsourced activities to ensure consistency with the company s quality standards. Such monitoring is ensured through ongoing reviews by claims adjusters responsible for the file as well as subsequent management and independent reviews. Risks Identified In the absence of formal monitoring, consolidation and reporting of outsourced activities, there is an increased risk of non-compliance, negative performance trends or systemic issues not being identified with regards to consistent application of company policies and procedures and quality standards. Based on the above risks identified, this section has been rated as a medium-low risk of non-compliance. The results for this section in Phase Two are better than Phase One results, where this section was rated as medium risk, indicating on an aggregate basis the risks of non-compliance as a result of outsourcing in the marketplace are being addressed. Outsourcing Phase 1 Phase 2 Medium Risk Medium- Low Risk Page 19

Recommendations 1) FSCO recommends that companies formally monitor, consolidate, document and report on the performance monitoring results of the outsourced tasks or functions. This will ensure compliance with company policies and performance can be measured consistently against company standards. Healthcare Providers As this was not part of the SABS questionnaire, a risk assessment was not performed. This area was developed as a result of observations made during the on-site examination process. A majority (approximately 93%) of companies examined utilized their own healthcare provider networks. Considering that healthcare providers will be a key area going forward, FSCO gathered the following information during the on-site examinations. On-site Examination Results FSCO gathered information to assess: companies monitoring controls in place over healthcare providers, companies experience with their healthcare provider network, and controls around monitoring HCAI transactions. A majority (approximately 93%) of the companies have monitoring controls in place over healthcare providers. All of these companies monitor potentially fraudulent or suspicious activity relating to healthcare providers on a regular basis, utilizing information from various sources such as: claims adjusters, Insurance Bureau of Canada (IBC) alerts on clinics, and other claims tips. All companies send detailed invoices outlining all treatments to claimants who have used any healthcare providers that have been identified as potentially fraudulent or suspicious. As noted above, a majority (approximately 93%) of companies relied on their own healthcare provider network. However, only a few (approximately 36%) of these companies have performed independent reviews or limited reviews over the healthcare providers in their preferred network. All companies have indicated they review HCAI transactions to confirm the integrity of submitted claims as well as to identify any irregular activities. Risks Identified Lack of sufficient monitoring controls such as independent reviews over companies own healthcare provider networks could lead to an increased risk of non-compliance with underlying company policies and procedures as well as potential fraud or abuse. Page 20

Based on the above risks identified, this section has been rated as a medium-low risk of non-compliance. Given that this governance area was not reviewed in 2012, we are unable to comment on the changes between Phase One and Phase Two results. Healthcare Providers Phase 1 Phase 2 N/A Medium- Low Risk Recommendations 1) FSCO highly recommends companies perform independent audits on clinics within their own preferred healthcare provider network to ensure that these clinics comply with the company requirements and the SABS. 6. OBSERVATIONS ABOUT SABS COMPLIANCE The overall SABS risk ratings for Phase Two (2013) companies were fairly consistent with that observed in Phase One (2012). In Phase One, 88% of insurers were rated as low risk, while 96% of insurers in Phase Two were rated as low to medium-low risk. Given that the questionnaire covered 65% of Ontario Private Passenger Automobile (PPA) market share in Phase One and 25% in Phase Two, the aggregate results to date indicate that the industry is compliant for the most part. Although there is room for improvement in certain areas, FSCO is satisfied that there is a medium-low risk of non-compliance in the marketplace. Page 21

SABS Compliance Risk Rating Comparison 120 100 88% of insurers with a Low Risk Rating* 96% of insurers with a Medium-Low Risk Rating* 80 60 65% 40 20 25% 0 Phase 1 Phase 2 Insurers' risk rating (%) Ontario PPA Marketshare (%) *It should be noted that in 2012, it was a three part risk rating as opposed to a four part risk rating in 2013 Based on the aggregate results to date, most companies writing automobile insurance business in Ontario continue to have sufficient policies that ensure sound corporate governance and business practices over SABS claims handling which mitigate these risks. The risk-based self-assessment questionnaire on governance over SABS continues to be a useful tool to evaluate the risk of non-compliance and to identify areas for improvement. Conducting on-site examinations to verify processes and policies allows FSCO to identify key areas, like health care preferred providers, which was not have been part of the questionnaire process. The combination of both methods allows FSCO to obtain a higher level of assurance that automobile insurance companies are in compliance with the SABS. Page 22

PART 2 RATING AND UNDERWRITING PROCESS (RUP) 7. SCOPE OF RUP REVIEW The SCOs also evaluated each company s governance over its rating and underwriting processes by looking at seven key governance areas: 1. Development, documentation and content of RUP policies and procedures; 2. Rate change process and implementation controls; 3. Manual adjustments of rates and underwriting rules; 4. Reliance on any independent reviews; 5. Identification and handling of rating errors; 6. Monitoring of discrepancies between quoted and issued premiums; 7. Other controls, monitoring and management reporting of RUP activities. FSCO selected 15 companies for on-site examinations based on the results of the desk reviews and other market conduct data. As with Phase One, FSCO s objective in Phase Two was to visit companies rated as high risk (for both SABS and RUP) and select a further sample of companies that were rated as a medium high/low risk or low risk. On an aggregate basis, no high risk companies were identified and the majority were medium-low risk. Most companies selected for on-site examinations were in the medium-low risk category. The examinations therefore took on a primary assurance assessment function, to ensure that FSCO could rely on the responses to the questionnaire and to observe best practices to assist in future on-site examinations. SCOs examined the offices of the sample companies and met with senior officials to review their responses to the questionnaire and corresponding supporting documentation. The examinations confirmed that the responses were for the most part completed accurately and that the risk rating levels assigned during the desk review stage were appropriate. Only a few changes to the responses resulted from observations and interviews during the examinations. These changes were made after discussions with the companies and led to one company s preliminary risk rating increasing from medium-low to medium-high risk. Since there was no RUP questionnaire in Phase One, we cannot compare the RUP risk ratings for Phase Two with Phase One. Given that the questionnaire covered 25% of Ontario PPA market share in Phase Two and 22% of the companies were rated as medium-high risk, this indicates that some improvement is necessary to bring the industry into compliance or controls need to be put in place to mitigate identified risks. Page 23