Challenges Outsourcing to Managing Agents | FTI Consulting (2024)

Insurance carriers enter agency relationships with non-affiliated third parties. These agents or intermediaries include Program Administrators (PAs), Managing General Agents (MGAs) or Managing General Underwriters (MGUs). While these third parties (hereafter referred to as MGAs) may receive underwriting submissions, issue insurance quotes and policies, collect premiums, perform statutory reporting and/or process claims, they usually take on no underwriting risk.¹ MGAs are used by carriers to assume business in exchange for a percentage of the premium written.

At times because of the abuse of some of their roles and responsibilities with regard to underwriting policies and control and remittance of carrier funds, MGAs are sometimes viewed negatively because of the actions of a few that have resulted in misappropriation of funds² and/or writing unprofitable business to increase commissions. Most MGAs take their responsibilities very seriously and perform their essential agency roles in a highly professional manner.

In this first of two articles we identify some specific issues that arise in the MGA relationship and how they can be mitigated. The second article will address risks that insurance carriers face when outsourcing to a Third-Party Administrator (TPA).

Risk that the MGA will Deviate from the Underwriting Guidelines

Underwriting Authority Guidelines serve as the backbone to an insurer’s book of business by setting specific parameters to which they define the MGA’s ability to accept, modify, or reject a prospective insured. Establishing clear Guidelines and assuring they are consistently followed should be a top priority. A large risk would be if the MGA bound the Carrier to risks that were outside of their authority (i.e., limits, territories, lines of business, classes of business). The Carrier could face significant reputational and financial repercussions if the MGA does not follow the Guidelines. For example, the MGA could have written in excess of reinsurance, leaving the Carrier exposed and un-reinsured for a portion or all this business. Other deviations from the Guidelines could lead to financial repercussions in the form of fines by the state Department of Insurance.

Fortunately, there are ways to mitigate the risk of the MGA writing business outside the guidelines. This includes setting up strict controls such as monitoring the limits, territories, and written premiums through monthly production bordereaux or risk reports, performing periodic Technical Underwriting Inspections, and requesting live access to the MGA Underwriting Administration System to perform spot checks of accounts written between periodic inspections.

Risk of Improperly Reporting of Underwriting Production Reports to the Carrier

The proper reporting of the MGA’s Underwriting Production plays a pivotal role in maintaining a functional and profitable business model between the MGA and the Carrier. Due to its severity, the Carrier typically establishes a monthly deadline for all underwriting results to be reported and in the format preferred and requested by the Carrier. Any deviations from this timeline, including but not limited to irregular frequencies of reporting, incomplete and/or inaccurate data, receiving summary data, data reported in a format other than the requested, or consistently missed deadlines, runs the risk that the Carrier may experience operational difficulties when handling the Program’s claims, recording written premium, setting up a premium receivable, or any other production-dependent task. Further, the Carrier faces the risk of maintaining an incomplete and inaccurate population of production.

As an example, if a policy/transaction is not reported, the Carrier would not set up a receivable and thus have production underreported and underpaid. To mitigate these risks, the Carrier can enforce the monthly reporting of underwriting production to be performed via a data feed between the MGA and the Carrier’s system, at a specific date, based upon when the production was bound and/or issued. Further, the data should be on a transactional level, whereby, all premiums, endorsem*nts, cancellations, and/or claims are clearly identified and exhibited. The production reports should then be reconciled to the prior month’s reports and applicable accounting files to identify any discrepancies.

Another way to mitigate this risk is to periodically request inception-to-date reports and compare control totals or detail policy level data between the data sources.

Risk of Improper Payment of Production Premiums to the Carrier

The typical Agreement between the MGA and the insurer requires payments to be made at regular monthly intervals; e.g., 30 or 45 days after the month ending in which the business was written. The Agreements allow for premium to be remitted on a written or collected basis. In instances when premium is to be remitted on a written basis the MGA is required to remit premium whether it has been collected or not. In these instances, the credit risk is maintained by the MGA. In instances when premium is to be remitted on a collected basis the MGA is not required to remit premium until it has been collected. In these instances, the credit risk and the risk that timely payment is not received is borne by the Carrier.

The Carrier can mitigate these risks by ensuring the Agreement requires remittance on a written basis. In addition, if the Carrier applies cash on a policy-by-policy basis it would allow the Carrier to identify all policies that have not been paid in full. In instances where the Carrier is unable to apply cash on a policy-by-policy basis, a monthly reconciliation can be performed to compare total premium remitted to total production, or a desk or field inspection can be carried out to perform this function analytically for all policies written.

Risks of the Financial Solvency of the MGA

Prior to an appointment of an MGA the Carrier should perform appropriate due diligence to assure the MGA’s financial viability, sufficiency of operations and reputation of the MGA principals.

To assist in monitoring the financial solvency of the MGA, the Carrier should require the MGA to produce year-end, Audited Financial Statements on a yearly basis, as well as quarterly internal financial statements.

Further, the Carrier can require the MGA to maintain specific Errors & Omissions (E&O) and Fidelity coverage that will limit the financial burden on the insurer in the event the MGA becomes insolvent. Other ways to mitigate the risks are to obtain a personnel guarantee from the principals of the MGA or to hold collateral, either as a Letter of Credit or a commission hold back.

Risk Associated with Commingling of Carrier Trust Funds with Other Carrier or MGA Funds

Any time one company collects funds on behalf of another company, there are financial risks involved. When premium funds are collected by the MGA on the Carrier’s behalf, there is a potential risk that the MGA may commingle premium trust funds with their company operating funds or other insurer’s trust funds. The MGA may also deposit funds in a bank that is not FDIC insured or they may commingle all trust funds into one account. If the banking institution goes bankrupt and all premiums for multiple insurers and/or operating funds are deposited into a single bank account, the FDIC insurance is only $250,000 and there is a risk that the MGA’s carriers will have to share and prorate their recoveries from the FDIC payout.

To reduce these risks, the Carrier should stipulate in the Agreement that premium trust funds should have their own individual accounts and these accounts should be in a banking institution insured by the FDIC and approved by the NAIC. This would ensure that if the banking institution goes bankrupt, the insurer would not have to split the recovery with another carrier or the MGA itself; they would get their full balance from the FDIC if funds were below the insurance threshold. Additionally, if the Carrier has multiple companies with business being written, then consideration should be given to having multiple Premium Trust Accounts, one for each insurance company. This will allow the maximum potential FDIC insurance recoverable, up to $250,000 per company.

Risk of Insufficient Insurance Coverages for Carrier’s Benefit

One of the risks that is not always considered when hiring an MGA is the potential that the MGA does not have adequate E&O policy or Fidelity bond/Crime policy in good standing. The agreement between the insurer and MGA should include required minimum limits and appropriate deductibles on E&O and Fidelity/Crime policies as well as listing the insurer as an additional named insured in the event of a loss.

Mitigation of the risk includes requesting the E&O and Fidelity policies on a yearly basis and ensuring that the minimum limits and maximum deductibles are in place.

Risks Associated with Conflicts of Interest/Adverse Selection Amongst Multiple Carriers

Due to the nature of the MGA and Carrier business model, it is not unusual for MGAs to write business for multiple carriers. Typically, this does not cause a concern, unless the MGA writes business for multiple insurers that offer the same or similar programs. In this circ*mstance, the MGA may have a financial incentive to favor writing business for the Carrier that provides the more attractive commission rates, those who offer reimbursem*nt for various administration expenses, or are generally less strict in the contractual requirements. This behavior could lead to adverse selection of one carrier over the other.

To mitigate this risk, the insurer should ensure that the MGA has a defined plan to provide business to one carrier vs. another to take out as much subjectivity as possible. This can be done by territory, size of risk based upon a predetermined criterion or by alternating risks as the submissions are presented to the MGA. Adherence to this requirement can be further examined during an inspection.

Risk of not Having Proper Information Technology (IT) Security Controls in Place

The significant risks associated with data being compromised is more prevalent than ever before. Currently where data breaches and ransomware are on the rise, having good IT security protocols are required. MGAs should have best practice IT security protocols in place. Strong password requirements are the first line of defense. Educating employees about phishing schemes can help prevent data breaches and potential ransomware. Proper Segregation of Duties (SoD) process and controls assuring that no single person is able to perform incompatible roles is an important IT security control.

Carriers can mitigate many of the risks noted by having requirements in the MGA Agreement as well as examining the implementation of the key controls noted above during an inspection.

Risk Associated with Disaster Recovery Plan and Business Continuity Plan not Comprehensive to Protect the Carrier in the Event of a Disruption of Service

During Covid-19 when businesses were forced to work remotely, the importance of having a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP) became obvious. Were MGAs able to transact business effectively and efficiently? Was there a disruption in client service? Were the carriers able to manage the relationship? Continuing business operations and being able to report data is a critical risk associated with outsourcing business to MGAs. This would include having comprehensive data back-up plans, identification of alternative worksites as well as proper testing of restoration at regular intervals.

As guidance on the requirements of a DRP/BCP is not always included in the MGA Agreement, addressing it in some manner in the Agreement is recommended. As part of the annual review of the MGA, carriers should request a copy of the DRP/BCP.

Risk Associated Cash Handled by MGA

Overall controls and processes surrounding carrier cash is always a risk. This includes the process and controls by which premiums are deposited into an MGA-controlled bank account; who has access to the cash account as well as the ability to authorize check, wire transfers or ACH payments. In addition, processes should be in place to assure complete, accurate and timely preparation of bank reconciliations of carrier cash, whether is it maintained in a premium trust account or in the MGA’s operating account.

Having a lockbox or using a desktop application to deposit checks into the bank helps mitigate the risk of checks being lost or potentially misappropriated. Having proper segregation of duties in recording of payments, remitting payments and in preparing bank reconciliations are important controls over cash. In addition, one way a carrier can mitigate risks surrounding cash is to have a requirement in the Agreement whereby they are an authorized signer on a separate premium trust account which is used for all deposits.

Conclusion

Outsourcing to a third party can be risky but implementing appropriate mitigation can help reduce the risk. The mitigation starts with careful drafting of the MGA Agreement and continues through implementation of the regular monitoring of MGA activities. This monitoring should be supplemented by regular inspections of the MGA activities and controls in place.

In this first of two articles we identify some specific issues that arise in the MGA relationship and how they can be mitigated. The second article will address risks that insurance carriers face when outsourcing to a Third-Party Administrator (TPA).

• Implementing a Third-Party Risk Management Platform: Why So Complicated? Read FTI Journal