If your binder is up for renewal or a managing agent has just put a coverholder audit on your calendar, the difference between a clean report and a list of findings is almost always preparation — not capability. After running and reviewing dozens of Lloyd's coverholder audits, the same gaps come up again and again. None of them are hard to close if you know what's coming.

This article walks through the ten findings I see most often in Lloyd's coverholder audits, what evidence the auditor will actually ask for, and a short pre-audit checklist you can run two or three weeks before fieldwork starts.

What a Lloyd's coverholder audit is really testing

A managing agent uses a coverholder audit to satisfy itself that the binding authority is being operated in line with the contract, Lloyd's minimum standards, and the agent's own oversight policy. Auditors are not there to catch you out — they are there to evidence to the agent's board and to Lloyd's that delegated authority is well controlled. That framing matters: the auditor wants to leave with a packed evidence file, not a long finding list. Your job is to make that easy.

The ten findings that come up most often

1. Binder authority breaches that nobody flagged

Premium written outside the geographic, class, limit or sub-limit authority granted in the binder. Almost always caused by an underwriting system that doesn't hard-stop breaches, plus a peer-review process that has quietly fallen away. Pull a random sample of 25–30 risks before the auditor arrives and walk each one against the contract schedule — you will find the breaches before they do.

2. Bordereaux that don't reconcile to the bank account

Premium and claims bordereaux that don't tie to cash received, cash paid or the policy administration system. Reconciling bordereaux on a monthly cadence — with a named owner, a documented procedure, and a signed-off variance log — is one of the highest-leverage controls a coverholder can run. Auditors will ask for the last 12 reconciliations.

3. Complaints handling that doesn't match FCA DISP

Complaints recorded in an inbox, not a register; eight-week final response letters missing; root-cause analysis absent. The fix is a single complaints register, a documented procedure aligned to DISP, and a quarterly trend pack going to the board.

4. Conflicts of interest with no contemporaneous record

Conflicts that staff knew about but never logged. Auditors expect a live conflicts register, a documented escalation route, and evidence that conflicts are reviewed at least annually at board level.

5. Sanctions and financial crime screening gaps

Screening at on-boarding only, no ongoing re-screening, no audit trail of hits dispositioned. A weekly delta-screen against a current sanctions list with documented adjudication closes this almost entirely.

6. Outsourcing without a written agreement or oversight

Claims handling, IT, policy admin or marketing functions outsourced without a written agreement, exit plan, or MI back to the coverholder. Lloyd's minimum standards on outsourcing are explicit; the auditor will ask for the agreement, the latest service review, and evidence of oversight.

7. Underwriting peer review that exists on paper only

A peer-review policy with no evidence trail. Solve this by capturing peer review in the underwriting system itself — name of reviewer, date, outcome, any conditions — and producing a monthly MI pack showing coverage.

8. Premium and claims trust money not segregated correctly

Client money rules under CASS 5 are a common finding, especially after a system migration or a change of broker. A documented CASS resolution pack, current CASS 5 procedures, and the last three monthly client money calculations should be in the auditor's pre-read pack.

9. Data security and access controls below the standard

Joiners/movers/leavers process undocumented, MFA not enforced, no periodic access review. Lloyd's expects evidence the coverholder is managing cyber risk to a reasonable standard — your IT supplier can usually produce this in a day.

10. Management information that doesn't drive any decisions

Auditors look for evidence that the MGA's board actually uses MI — loss ratio movements challenged, exception reports actioned, growth outside plan questioned. A board pack with no minuted challenge is a finding waiting to happen.

A two-week pre-audit checklist

  • Pull and reconcile the last 12 months of premium and claims bordereaux to the bank and to your policy admin system.
  • Sample 25 risks against the contract schedule for authority compliance.
  • Refresh the complaints register, conflicts register, and gift & entertainment register; close anything open.
  • Run a current sanctions screen across the active book and document adjudication of any hits.
  • Confirm CASS 5 calculation and reconciliation for the last three months.
  • Pull the joiners/movers/leavers log for 12 months and reconcile to system access.
  • Refresh outsourcing register and pull the latest service review for each material supplier.
  • Re-paper any peer-review evidence into a single auditor-friendly export.
  • Produce a board pack index showing where each Lloyd's minimum standard has been minuted.
  • Brief every person the auditor will interview — what's on their desk, where the evidence lives, who they escalate to.

What good looks like on the day

A clean coverholder audit is a project, not a panic. The coverholders that come out best treat the audit as a six-week project with a named owner, a shared evidence drive that mirrors the auditor's request list, and a daily 15-minute stand-up during fieldwork. The work is not glamorous, but it changes the auditor's experience completely — and it changes the report they write.

If you'd like a second pair of eyes on your readiness — or if a managing agent has asked for an independent coverholder audit and you need it run cleanly — JanthanaK runs both pre-audit reviews and independent Lloyd's coverholder audits. Get in touch for a 30-minute scoping call.