Thursday, 18 December 2014

Delegated Acts in the clear - like we ever doubted it...

The last attempt to delay the inevitable has finally run its course - the Green Party-led resolution to throw the Delegated Acts back onto the 'to-do' list was given a thorough shoeing yesterday at the EU Parliament's Plenaty session, with the 189 votes in support slightly outweighed by the 512 against it (p9 here). I haven't seen Greens get wiped off the table that aggressively since I tried to feed runner beans to my toddler...

The news was gently broken by Catherine Stihler, the new rapporteur, yesterday - refreshingly, the parliamentarians were focused on the impact of policyholder security, rather than how beholden they should be to EIOPA's mathematics, and after their back street horror-show of a website upgrade this week, perhaps the less we rely on their efforts the better!

For some UK-specific giggles, you will be delighted to know that the ex-City boy gin magnet Nigel Farage and his UKIP government-in-waiting all voted with the Green Party on this matter (p68 here).

I won't bore myself with the legislative procedure from this point, but given ECON, and now Parliament as a whole, don't have a problem with the Delegated Acts as they stand (and the three month whingeing period expires on January 9th 2015), we can all go back to work...

Thursday, 11 December 2014

Solvency II Delegated Acts - Grinched by EU Parliament?

Short and sweet - the expected promenade facile of the Delegated Acts through the EU Parliament and EU Council, which looked certain up to a few days ago (p16 here and here), has apparently come to a shuddering halt due to the intervention of Parliament.
Grinch - coincidentally Green?
This document published on the Parliament's website today appears to have made the timeline-followers worst nightmares come true, namely that an additional 3 months of delay on the Delegated Act sign-off may prevent some of the "...from 1st April 2015" approvals from being written into law by, well, the 1st April 2015!

As yet I have seen or heard nothing on the matter in the mainstream media, but given how annoyed Sven Giegold appeared to be when the Acts were tabled, it shouldn't be too much of a surprise that some flabby parliamentary procedure exists that allows for the (presumably positive) opinion of ECON to be overriden when it came to clearing the document through Parliament's main hall.

Naturally, Herr Giegold's name is on the front cover of the motion, but I can't seem to establish whether an additional 3 month delay is a fait accompli, given my lack of knowledge on Parliamentary procedure. I believe the Greens alone certainly constitute "...a political group or at least 40 Members", so they certainly have enough bulk to put this on the table at next week's Plenary (Wednesday by the looks of it), but I imagine having enough pals to table this resolution is not the same as having enough to pass it!

More to follow I hope, given how sparsely populated my legislative contact book is...

Thursday, 27 November 2014

PRA Pillar 3 Working Group - testing commences

Bit of activity on the Pillar 3 front, with the PRA's industry working group publishing minutes from their 'recent' meeting (i.e. 2 months ago).

Rather than another bleat about late delivery in contravention of their Terms of Reference (bottom of last page!), let's enjoy the content for what it is, which is incredibly useful.

Data Collection and xBRL
A few basics were formally tabled, such as the PRA completing their vendor selection for a data collection system, and a note that the xBRL process chosen across the EU has "some commonality". Of particular interest is the commencement of a testing sub-group which has been charged with assisting the PRA in getting their technology up and running with sample data, and that work is apparently ongoing as we speak.

They have planned to allow selected submittors to dry-run their facilities in Q1 2015, before opening it up to all other firms obliged to submit material in the preparatory phase in Q2. Not sure how much lag this set-up allows, so let's hope they get happy before Christmas!

External Audit and Pillar 3
Another sore point has been the potential inclusion, on a short or long-term basis, of external auditors in the preparation and delivery of Pillar 3 reporting (raised on the Solvency II Wire last month). The PRA opine that external audit requirement guidelines "...are not scheduled to be included" in the forthcoming ITS, and that EIOPA has not decided when to issue public consultation on the matter, though they will at some point.

Clearly the PRA have ambitions to continue their existing requirements for the external audit of regulatory submissions, as evidenced by their preparatory phase approach to gaining comfort on Solvency II Balance Sheet components of all IM applicants and larger SF firms, which will pad out a few partner's wallets at the Big 4 (though perhaps for the right reasons).

Lobbying and questions
Effectively told the attendees to direct more questions to EIOPA rather than them, and in particular to wait for EIOPA's second set of ITS, due any day now. On the basis that ITS will (probably) be accepted by the Commission as delivered, the PRA are reminding firms that this is effectively the only window for the industry to bleat.

Board sign-off of QRTs
A huge bugbear across the industry was the implication, reinforced through the PRA's Pillar 3 Q&A document (Q20, last page), that June 2015 would see piles of QRT material tabled at Board meetings across the UK for them to formally approve. They confirmed at this meeting that the Board "...may choose to delegate aspects of the process for operational reasons" - CFO sign-offs all round!

Asset Data, and interaction between Asset Managers and Insurers
A slightly odd, but very relevant point was raised regarding Insurers interacting with their asset managers to ensure they get the right quantity and level of granularity in their asset data to populate the QRTs. The PRA are naturally concerned about this, given the shortening timeframe, and given that the asset management industry themselves appear to be making some voluntary efforts, it feels like the insurers have some work to do.

Approved Persons in UK under Solvency II - "SIMF-ly The Best"?

The UK prudential and conduct supervisors doubled-up this week with a barrage of paperwork regarding "Fit and Proper" assessment of senior staff members in Insurers under Solvency II.

This was already acknowledged as an area where intelligent copy-out wouldn't quite cut the mustard for UK plc, so no doubt the Compliance functions of insurance entities have been looking forward to these publications appearing. Given the light touch on the topic in the Directive (Art.42) and Delegated Acts (Art.273), this is very much welcome gristle.

Evidently "Proper" - but "Fit" enough?

While the maintream media has cranked out some comment already on both the FCA (here) and PRA approach (here, here and here), they are naturally broad with their brushes. I thought I would cut it up into my much more insular world of "what does it mean for Key Functions under Solvency II".



PRA Consultation Paper
  • The regulatory framework for individuals will be called the Senior Insurance Managers Regime (SIMR), and will come into force from 1st Jan 2016. 
  • The CP is targeted at ensuring fitness and propriety of individuals running an insurer, or performing a Key Function.
  • NED's have been left out of this paper, as there is a wealth of comment already provided on a separate joint FCA/PRA consultation from the Banking industry.
  • That said "...the regime for insurers should not be identical to the regime for banks". 
  • While Controlled Functions continues to exist as a PRA term, it will be interchangeable with the term Senior Insurance Management Functions ("SIMFs"), which I have used below.
Going into detail, we find the following;
  • CEO, CFO, CRO and Head of Internal Audit are all SIMFs, with Chief Actuary, WP Actuary and a couple of Lloyds-specific roles also lined up.
  • Some Group-specific SIMFs also created.
  • Any Solvency II "Key Function" holders who are not SIMFs will simply be assessed within the business, with the PRA having right to overturn. I thought this would include the Head of Compliance, but they are picked up by the FCA (below). Not sure who else could be Key Function but not a SIMF, unless some SIMF role-holders don't plan to also do a day job.
  • List of new Core Responsibilities provided which need to be allocated to one or more SIMFs (2.21). These include the old chestnuts of remuneration policy and "culture" in its broadest sense, as well as performance of ORSA.
  • A form will follow which needs to be completed by firms for all prospective SIMFs and Key Function holders containing "relevant information" on them - I suspect this will be a LinkedIn cut-and-paste job.
  • Obligation to make and maintain a "Governance Map" listing the positions and key functions which run the firm, the allocation of management responsibilities (including the new ones in 2.21 presumably) and relevant reporting lines. Oddly, the PRA think "...there will be some costs in compiling and maintaining the Governance Map", when it feels like a lazy Thursday morning for Company Secretarial to me...
  • Some reinforcement of Conduct standards for SIMFs and Key Function holders, with Key Function holders having an additional policyholder protection-related standard added to their armoury.
  • Emphasise that Fit and Proper needs to be assessed on an ongoing basis, as opposed to periodically, which effectively gives the regulator a get-out-of-jail when a bad apple SIMF mismanages a firm (i.e. "why didn't you pick it up internally first?").
  • Solvency II brings in a legal requirement for firms to satisfy themselves of a candidate's fitness and propriety before sending applications to the PRA. They therefore plan to assess whether firms recruitment processes are "appropriately rigorous", which feels like a step into the un-assessable (if that is even a word).
Proposed Supervisory Statements are appended to their document covering the assessment of fitness and propriety, and the application of new conduct standards. From those I would highlight;
  • "The norm" is for single individuals to perform SIMFs
  • That firms may add to the list of conventional Key Functions using a bullet-point checklist
  • Firms can "...freely decise how to organise each function in practice"
FCA Consultation Paper
  • The existing Approved Persons Regime will be adapted to fit Solvency II and PRA/EIOPA requirements, as well as existing application forms.
  • "Pre-approval" will therefore still exist in 2016.
  • While the PRA pick up approval of most Key Functions under Solvency II, the FCA keep hold of the approval of Compliance Function heads, which don't feature in the SIMF list.
  • Give themselves some leeway to impose approval and conduct obligations on "certain other functions" in insurers
  • Appear to be combing over conduct-related rules from their work with the banking industry
Frankly, the amount of crossover between prudential and conduct regulators, existing and new rulebooks, and banking and insurance industries, makes this particular topic an awkward read, which is why I don't work in Compliance!

Levity aside, the outcome of these consultation papers will have a significant effect on insurers existing onboarding and approval processes, content of executive job specifications, and indeed the fundamental operacy of governance systems, given the level of prescription involved. Now would be a good time to start briefing!

Tuesday, 4 November 2014

EIOPA's Implementing Technical Standards on Internal Model Approval - ready to "submit"?

EIOPA have kicked into life at the end of October like Freddy Krueger on laughing gas, releasing a swarm of consultation papers and summaries. While the releases on Colleges of Supervisors or the calculation of the risk-free interest rate will be of interest to some, my own interest was in a subset of their draft Implementing Technical Standards on Solvency II Approval Processes

I have tried to cover the distinction between ITS and the other weaponry in the hands of EIOPA and legislators here. The aggregated feedback received by EIOPA on the suite of Solvency II approvals covered by ITS is neatly summarised in this doc, with EIOPA adding dollops of proportionality into the summary, to effectively remind supervisors not to treat the applications of giants and pygmys with the same vigour. Given the audience reaction to the UK regulator's industry event a couple of weeks ago, I think 'proportionality' may need to become the PRA's middle name (though it probably works better as its first name...)

Clearly, two big moans have been common threads in the responses received, and both have been rebuffed. The concept of supervisory requests for supplementary information "stopping the clock" on one's approval window has been retained, while the idea of "no answer in 6 months equals approval" has been firmly rejected.
Internal Model approval
- "Easy, Easy"
Of more interest to me than the other approvals covered by the consultation is the Big Daddy himself, Internal Model Approvals. From a UK perspective I have covered this in multiple posts previously (here, here, here and here for a start) , and was interested to see if any more whistles and bells had been added to what is already an area causing serious fatigue within the UK's potential applicants, not to mention a few dozen corpses from the c.100 interested parties back in 2011 (slide 4 here).

I thought the following was worth highlighting;
  • Given that the Delegated Acts are already loaded with granular Documentation requirements for IM applications (articles 243 & 244), the ITS insists on a few more pieces! Having cross-referenced between the DAs and the ITS, I reckon the items listed in Article 3 d, h, j, p, q and r are all new requirements, though none would be a stretch to produce.
  • Expectations that your model has been in use prior to application (Art 2 (3 a ii)), and is integrated into your current system of governance (Act 2 (c)) - perhaps this is the effort which firms with capital add-ons will be compelled to do in 2016 & 2017 in advance of model applications?
  • Results of your "last" Validation Process must be submitted in a Model application (Art 2 (m)) - again, suggests there will need to be a year's worth of "live" modelling in advance of making an application
  • The supervisors have 30 days to assess the "completeness" of an application - this feels weirdly generous, given those 30 days count towards the overall 6-month assessment window (provided the application is complete).
  • Despite the PRA's firm assertion on Oct 17th (slide 8) that conditional approval for Model applications is not available, Articles 3 (8) and 5 (4 b) both suggest otherwise, namely that proposed "adjustments" or "terms and conditions" can be accounted for in their decision. 
  • As much prominence being given to Model Change process and Model Change policy as the initial Model Application process - applications can actually be rejected on the strength of the change policy (Art 5 (2)). Despite that, the articles designated for these areas (Arts 7 & 8) are relatively straightforward.
There is no real reason why these ITS for IM approval won't sail through at the Commission, so best to prepare accordingly. However, UK applicants with 2016 modelling ambitions will of course need to wait further for EIOPA's Common Application Package before they can finalise this montagne de papier.

Monday, 20 October 2014

PRA's Countdown to Solvency II Implementation Event - When I Need U(SPs)

PRA Implementation countdown
- "Feel like dancing" now?
So along with the entire UK Solvency II sticky-beak brigade, I had the unbridled pleasure of attending the PRA's 'Leo Sayer' on Friday, confidently titled Countdown to Implementation, despite going on to list a range of matters which have probably given both Internal Model and Standard Formula firms plenty of enthusiasm to try and turn the clock backwards rapidly!

Paul Fisher, Julian Adams' replacement as Executive Director of Insurance at the PRA, kicked off with a set of Solvency II vox-pops;

  • Solvency II is the "main game in town"
  • "The end is in sight"
  • The PRA are "not gold-plating the Directive"

A nice bit of reassurance at kick-off time then - unfortunately, the clarity which was to follow from the technical specialists on a range of topics was probably not what everyone wanted to hear, given the tone of some of the audience questioning that followed! In particular (and with everything in full quotation marks below having been said by a PRA rep on the day);

  • That the PRA will "have to prioritise" if everyone in the IMAP queue for 'from 2016' approval drops their applications in at the end of June, and that applicants should be "striving to submit" sooner. Suggests to me that the smaller firms in IMAP may get bumped to squeeze in the big boys.
  • The reinforcement of Mark Carney's message from the other week that they will have no problem refusing permission to use models, though this was couched by Fisher in the more appropriate context of failure to meet any of the TSIMs simply "cannot be allowed".
  • That, although over 90% of the UK industry was down for using Standard Formula, the PRA will be equally aggressive when challenging their preparedness as they will for IM firms.

I didn't hang around for the afternoon sessions as I had a hot date with BA, so pull whatever you can out of the Other Approvals and Regulatory Reporting slideshows. However, I would draw attention to the following from the earlier sessions:

Implementation and Policy overview

  • The Old Lady of Threadneedle Street protested through multiple speakers about how they recognise that bank and insurance internal models are different, and how Insurance Supervision is now "embedded into the Bank" - I would assume to justify the credit crunch-influenced aggression now being taken by the PRA on assessing capital models (visible from Adams's speech around the time of BOE/FSA merger right through to Bailey's speech at Mansion House on Thursday night).
  • An interesting slide 3 about how much more work Solvency II will generate for the PRA from go-live!
  • Referred to FLAOR only once before switching to ORSA, suggesting that this disposable acronym is as much of a pain in the neck for the supervisor as it is for firms!
  • Highlight what "Good" and "Bad" ORSAs have contained to-date. Clearly some firms are box-ticking, leaving an unusable report which is only skin-deep compliant as output. They were particularly scathing on Stress and Scenario Testing efforts, and implored that Reports should not be written for the PRA's benefit (though naturally must cover what the DAs and EIOPA have already set out).
  • A nice piece was discussed around the expected depth of director-level knowledge of their internal models. Andrew Bulley made a useful distinction between "conceptual" and "technical" knowledge, where your dithering 80 year-old INED from the fishing industry might not be expected to understand correlation matrices, but should probably know their significance, and alternatives to them.
  • For model applications to date, far too big ("encyclopedic" in cases), with too much process description, and not enough on assumptions and expert judgements.
  • That it is a firm's responsibility to "ensure compliance" with the Delegated Acts, and given their lessening proximity to the legislators, the PRA flag in advance that they will not be able to give "concrete advice" to firms in future.

Standard Formula

A particularly good ground-setter, given the dearth of work published previously on Standard Formula firms and the PRA's expectations. Calendar included on the slide pack, which will be of massive use to your PM/PMO staff!

  • PRA will review ALL firms ahead of 2016 for SF appropriateness - "priority" firms assessed by Q1 2015, everyone else by end of 2015.
  • While SF SCR is apparently close to current ICG numbers for GENERAL insurers in the UK, it is noticeably larger in LIFE firms 
  • PRA is "not promoting" SF ahead of internal models
  • Vigorously directed all attendees to EIOPA's Underlying Assumptions of SF Paper - expectation that some firms won't read it, and just expect SF plus any add-ons?
  • Very vocal on the "significance of the deviation" between SF SCR and one's own Risk Profile - as we know, the Delegated Acts quantify what 'significant' is in the context of capital add-ons
  • An expectation that ORSAs will be used in the assessment of SF appropriateness - qualitative for sure, possibly quant elements as well?
  • Range of examples of where significant divergences are being found, by Risk Category, and by Life vs General Insurer.
  • A lot of emphasis on Capital Add-ons being used "only as a temporary measure", which will ultimately allow firms to PIM/IM or de-risk. They are however "patient and realistic" on how quickly that change can be done, so it sounds on the face of it like 2016 and 2017 will be targeted for Capital Add-on elimination.
  • In the following session on models, a piece came up on Capital Add-ons, where the PRA confirmed that their process for handling these in future is "still developing", though they expect them to be "a lot, lot rarer" than the existing regime of ICG.

Internal Models

Calendar also provided for IM firms (slide 4), showing how tight their schedule is, and explaining why they threw the earlier curveball about all firms expecting to drop their applications in on 30th June 2015. They also touched on the following:

  • Highlighting weak areas identified to-date such as over-optimistic (new?) business plans being used in capital calculations; ENIDs; omission of certain "Key Risks", and suspiciously low correlations
  • That Use Test is "fundamentally important", and is an opportunity for firms to "put their money where their mouth is". They do not expect to see either end of the use spectrum i.e. no use, or blind use!
  • Too much technical actuarial validation seen. Usefully suggested that validation questions may be better posed as "where might this model be inadequate", rather than "why is it OK".
  • Confirmed that the PRA's SAT has now been replaced by EIOPA's CAT, which won't arrive until the back end of this year - surprisingly, no-one laughed when they said this "might create some work" for existing IMAP programmes!
  • Importantly, they stressed that their powers are to Approve or Reject applications, with no "conditional" powers whatsoever. Attendees were therefore encouraged to delay applications which were thought to be unlikely to succeed, both now and in future.
Though they instinctively feel like they could have been supplied sooner, the clarifications provided in the presentations I witnesses will be hugely welcome by programme directors and PM's alike. I would venture a guess that they will be less welcome by executive committees, who may have hoped for more flexibility on the risk quantification front post-2016.

Wednesday, 15 October 2014

PRA on Solvency II Approvals - One in the "IMAP"

The PRA today released a consultation paper on applying for Solvency II approvals (with the checklists for firms thinking of applying here), covering such juicy topics  as;
  • Matching adjustments
  • Ancilliary own funds
  • USPs
  • Group shenanighans (single ORSA for Groups, and excluding entities from Groups)
  • SFCR dispensations
And of course the big man on campus - Internal Model Approval.


I had covered on here back in March that EIOPA intened to bring in a common internal model application package (press release here), whilst also noting that while EIOPA "expected" NCAs to accept and use it, it was not compulsory.
IMAP - waste not want not
With the UK being the largest Internal Model application handler by some distance, the stupendous amount of money, management time and administrative effort which had been injected into the IMAP Process since 2011, there was at least a theoretical possibility that the PRA might say "no thanks", and ask its applicants to continue as they were, albeit with an Excel template amended to reflect the Directive and Delegated Acts as they currently stand

Therefore the rather vicious tearing of hair and gnarling of teeth coming from the UK today is the sound of 60-odd internal model applicants finding out that 3 years of IMAP work is now redundant! Section 2.11 of today's CP states;
EIOPA is expected to publish an internal model application template which the PRA will require all firms to use for their formal internal model applications.
...[firms] will be expected to transpose data onto the new EIOPA template when they make their formal application. The PRA will not be updating the SAT to align with EIOPA's application template
Perhaps I am being a touch harsh to call IMAP efforts to-date "redundant". The UK will naturally have dominated EIOPA discussions around what a template should contain, and how it should be structured to assess applications with maximum efficiency, as they have had the Chair of the Internal Model Committee since 2009!

There is an implication in the CP though that the transposition between the two "templates" will not be as seamless as I had imagined back in March, so I suspect that internal model applicants will need to go back to the market looking for expensive IMAP cajolers in the not too distant future. A shame for UK plc, who will rightly feel they have spent a lifetime's money on this topic already.
 

Tuesday, 14 October 2014

Solvency II Delegated Acts - Commission publish, world shrugs

Delegated Acts - handle with care
On Friday, the European Commission  released a "provisional" version of Solvency II's Delegated Acts via their own website.

Given how long they have taken to arrive, they rather surprisingly aren't chiselled into pyramid slabs or written on parchment - less surprisingly, they feature very little in the way of changes since the July 2014 version, so for those who want to know why it has taken 3 years for these to officially emerge, the January 2014 version is a better contrast (I summarise some of the changes between 2011's starter document and the January version here).

There has been enough comment since Friday (here, here, here and here for a start) to highlight what has changed since the summer, and more importantly, what has driven those changes - namely, encouraging EU insurers to plough money into long-term infrastructure assets by making them cheaper from a capital perspective, thus solving the European Union's economic woes in one fell swoop!

Bear in mind the first scrounging letter from the Commission came to EIOPA over two years ago, reminding them of what a "...potentially powerful financing channel" European insurers could be, provided any necessary "...adjustment or reduction" was made to Solvency II's capital requirements.

Little wonder then that it has taken a while for them to ensure that Solvency II remains prudential, while simultaneously unlocking long-term capital pools, though it sounds like the empirical basis of EIOPA's earlier calibration attempts has been overriden to get there.

Is it likely to get through the baying mob in ECON? The insurance industry's Green Party sparring partner had already flagged his distaste at the capital discounts now being offered, as well as the due process applied to recalibrating them.

It remains to be seen whether it is controversial enough to delay the inevitable in early January, but given the Acts seem to have been received with customary ambivalence by most affected parties, this is probably 'job done'.

Monday, 13 October 2014

ORSA and Independent Review - Misunder-stud?

Independent review of ORSA
- banging the drum?
I listened in on a Solvency II readiness webcast a couple of weeks ago which pricked my ears like a low-budget high street beauty parlour. The specific theme was independent review of ORSA, and the broadcaster confidently included it in the list of "things we all need to do" in the Solvency II preparatory phase, both 2014 and 2015.

While most familiar with the topic would immediately cry "that got lobbied out in 2011", the speaker's argument was that, while EIOPA's Guidance no longer says firms should "independently" review its ORSA, it also doesn't not say it, therefore we must do it, and do it annually!

I would have chuckled and left it at that, but having read InsuranceERM's recent roundtable on preparations for Solvency II, the topic again reared its head, albeit in a more controlled manner, as a number of attendees explained how they have used Internal Audit (and dismissed the idea of using external firms) in reviewing their ORSA processes during the preparatory phase.

My problem is this - as an industry we were happy to, erm, relieve ourselves and moan when CEIOPS's first attempts at ORSA Guidance in 2010 included a guideline which compelled annual independent review of the ORSA Process (included in slide 32 of Mr Bernadino's pack here in Summer 2011, as I can't find the original CP anywhere).

This was lobbied-out by the time the re-badged EIOPA released their 2011 CP (here), and when their Final Report followed in June 2012, "independent review" was a distant memory.

Any compulsion to review the ORSA Process is now  covered only by EIOPA's System of Governance Guidelines (here), specifically Guideline 8 asking that a firm's SoG is regularly "internally reviewed on a regular basis" (5.11).

EIOPA continue in 5.11 that "...the review undertaken by the internal audit function on the system of governance as part of its responsibilities can provide input to this internal review" - i.e. this is not work considered to be performed automatically and exclusively by one's Internal Audit function.

In terms of frequency, EIOPA elaborate in section 4.26 of the Guidelines, namely that your AMSB, given your firm's nature, scale and complexity;
...determines the scope and frequency of the internal reviews of the system of governance
 So three things - no 'annual' requirement; AMSB's choice on frequency; and that this is internal review, not "independent", "external", or indeed any other word which gets me contracted past 2016!

Monday, 29 September 2014

CRO Forum's Principles on Operational Risk Measurement - "Quant touch this"...

Hammer Time?
Current efforts in Op Risk quantification
Despite practitioners efforts over the last few years, Operational Risk continues to live on starvation rations when it comes to considered quantification. Never treated as an alpha-topic by executives inside insurance institutions, it has been treated with similar indifference by legislators, culminating in the  "totally inadequate" take-a-percentage methodology for calculating Operational Risk capital in the Standard Formula.

Internal Modellers on the whole are not likely to be shaming that technique with their efforts either (basic summary of their problems here, while InsuranceERM cover struggles as a whole with a roundtable here). A paucity of operational risk event (and near miss) data within firms may be good news for ORIC as a vendor, but from a parameter and data uncertainty perspective, it leaves internal model operators and validators in an invidious position, particularly due to the quantum of insurers' capital likely to be involved (10%, give or take?).

It's not that the actuarial world hasn't taken a stab at it before (here), aren't fully aware of the data holes (here), or haven't used the word "Bayesian" in a sentence (here). However an activity which was "in its infancy" in the UK as far back as 2005, is surely now old enough to be working in the mines...

I was therefore happy to see the unprolific-yet-important CRO Forum bring a white paper to the table, Principles of Operational Risk Management and Measurement. It is an update to a 2009 version which takes into account Solvency II demands, as well as developing practice within insurers over the period, the suggestion being that 2009's efforts were a little too Banking Industry-influenced.

While this document might feel at outset like an idiot's guide to "quanting" operational risk (and bearing in mind the number of prospective standard formula applicants - 9 out of 10 in UK - one may be needed soon!), the document touches on a number of noteworthy technical matters, in particular;
  • The Definition section doesn't read well, but they have attempted to include outcomes other than monetary loss into the Op Risk definition, which from experience will improve discourse within firms. Are they attempting to squeeze strategic and reputational risks into this box though?
  • Nice coverage of Boundary Events, and encouraging firms to consider them in their management of Op Risk.
  • Very specific treatment of Risk Tolerance throughout, using it in preference to Risk Appetite. This is because it cannot be avoided, and so tolerance levels should be used to trigger "RAG"-type reporting up the chain. Nice work, and well justified, but I have certainly seen the expression "Zero Appetite" used for Op Risk, so no doubt this is not an industry standard perspective yet! (p5-6)
  • No problems with their coverage of tried and tested techniques - "Top Down", RCSA's & Loss Event analysis (p9-10)
  • Nice turn of phrase regarding emerging risks on p9 - "...assess the proximity of new risks to the organisation". It may need to include an attempt to quantify to be fully useful for ORSA purposes.
  • Concept of residual risk arrives quite late in the day, but isn't omitted. Important, given how much qualitative, or spuriously quantitative, material is being promoted as aiding this measurement work (p10)
  • Seem to accept at the bottom of p10 that Internal Modellers must do more than curve fit on internal Op Risk Event data - good news I guess.
  • Internal Model validation pressures on current Op Risk quantification practices flagged directly (p16 in particular)
  • Guidelines on embedding Op Risk monitoring processes highlight just how much work some practitioners are managing to cover (p11). Quite disheartening for those with smaller budgets.
Ther are a few points to make on section B around quantification:
  • Pretty scathing on Standard Formula relevance. (p14)
  • Scenario Analysis sold as something of a panacea to cure the ills of incomplete Op Risk Event data sets, but no mention of the biases which seem to permeate the creation of the scenarios, which is sadly a hostage to the invitee list. (p14)
  • Expand more on scenario analysis, bringing the "severe but plausible" terminology to the table (p15)
As well as the following generic comments;
  • Is risk measurement - "a tool for embedding risk culture in the organisation"? I would say so, particularly in the Op Risk arena, where decision makers will need to be involved at scenario-compilation time.
  • That said, they then go on to reference "senior management sign-off" of scenario work, which is somewhat contradictory!
  • Overweight in references to "culture" and "tone at the top", like most white papers these days (see the FRC's efforts from the other week). Playing with fire as a profession by shoehorning references to "culture" into everything.
  • A couple of horror-show schematics used on pages 7 and 8 - the Forum must know how much time risk professionals lose walking non-experts through things like this. They serve no purpose, and detract from surrounding text.
  • Attempt on p9 to solicit business for ORIC?
It was Professor Jagger who accurately prophesised "You can't always get what you Quant" - I'd say the Risk profession concurs, based on these very welcome principles.

Wednesday, 24 September 2014

KPMG on Pillar 3 and Public Disclosure - in or out?

Pillar 3 - rude awakening?
The operational reality of Solvency II Pillar 3 is seemingly about to deliver a ruder awakening than breakfast at Chubby Brown's. Whilst for example the UK's regulator has offered an element of flexibility in the content of the QRT reporting to be submitted during the Solvency II preparatory phase (Q21 here), Finance functions across the EU will be in an spreadsheet-fuelled scramble to deliver Solvency I, Solvency II and public reporting from now on in.

The lie of the land is not pretty as it stands. Evidently the PRA's crack team of Pillar 3 regulator and industry expets is tabling some sobering questions, given their recently revised Q&A, and both software solution providers (here) and asset data firms (here) continue to ebb and flow with their contributions to preparedness, depending on the pay-off. Some co-odination efforts have recently begun on asset data transference involving the larger EU players, but doesn't yet sound like the golden ticket for the teams charged with delivering Pillar 3 material.

Even EIOPA, the new custodians of the word ERRATA, are seemingly tied up with the less technologically developed EU members in an Excel-flavoured workaround to the xBRL question which, judging by the number of QRT template amendments already applied, has an air of inevitability about it.

It was therefore nice to see one of the Big 4 release results from this survey on how firms are preparing for Pillar 3 in the content of existing and future public disclosure requirements. Small sample (11 firms, all multinationals), and all evidently have existing plc-type disclosure requirements, but the topics and trends covered should inform anyone in the Pillar 3 space who has transitioning on their agendas.

Worthy of note:

  • Pre-Solvency II disclosure of quantitative material not favoured - not much to be gained I suppose
  • No-one planning to publish projected capital adequacy!
  • Responders in IMAP seemingly working on the basis that "Plan B" won't be required
  • Few likely to publish "internal views of capital" ( for this read "overall solvency needs" or "ORSA Capital") - analysts felt unlikely to be looking for it.
  • Most common differences between Pillar 1 and OSN used were treatment of contract boundaries and the risk-free rate, with the list of distinctions going into double figures
  • Some provisional plans for IFRS alignment on the balance sheet methodology front
  • Embedded Value about to be jettisoned as a reporting metric - analysts are of course devastated!

Who said accountancy was boring?

Monday, 22 September 2014

Central Bank of Ireland and ORSA - fancy a bunch of FLAORs?

So the Central Bank of Ireland went and knocked together an ORSA Reporting tool for the less complex end of the Irish Insurance industry, specifically the "low" and "medium-low" rated insurers. And to think I have spent 4 years railing at the consultancy and supervisory industries for catering for the big boys, while ignoring the immaterial...

2014 FLAORs
- a serious affair
The tool was released back in July, and while it (intelligently?) copy-pastes EIOPA's guidance and dissects most of those words into a set of obvious questions, there are some aspects which are very revealing in respect of where supervisory expectations for 2014's ORSA reporting and process development efforts perhaps are at the less material end of the industry.

They have evidently taken the approach that most large programmes will have used over the last 3 years, namely to deconstruct paragraphs in Directive/Delegated Acts/EIOPA Guidelines in an Excel spreadsheet, and pose them as questions. Not every firm's budgets would have stretched to accommodate even that level of analysis though, so I'm sure the CBoI's efforts have been warmly received to date.

For example, the following elements are very shocking to me, given our proximity to go-live;
  • No compulsion for ORSA Policy (and therefore process) to be documented and Board-approved in 2014 (2.3 and 2.4)
  • No expectation that the 2014 version assesses one's ability to continue past the 1 year horizon (4.8)
These elements are perhaps revealing as to supervisory planning for 2015 and beyond;
  • Asking when the Board approved the results and conclusions - likely to be hunting for evidence in minutes (2.2)
  • Asking which personnel/units have been briefed as to the ORSA results - is there a feeling that outside of EXCOM and control functions, the reports won't see the light of day? (3.4)
  • Highlight what they are really interested in, in the context of "overall solvency needs" quantification - risk measure, confidence level and time horizon, which feels proportionately light in focus given the detail in Article 262 of the Delegated Acts (4.1).
Some good elements include;
  • Uses of ORSA in decision-making process listed in 1.1 - some are directly lifted from EIOPA, but couple of other examples may help focus the mind (I would add that setting "risk limits" feel sloppy, given the legislation uses "risk tolerance limits")
  • Ask for a table to be populated with quantitative results for each risk category, but don't prescribe the category names, rather provide the legislative categories as examples - this is how it should be, especially for the smaller firms. (4.2)
  • No expectation that the "medium or long-term" capital is calculated at this point - the column provided is marked *OPTIONAL* (4.2) 
Whilst the data gleaned from the template they have provided may be a bit cumbersome, fair to say that CBoI's efforts will be welcomed by both the qualifying firms (as a pro-forma) and the larger firms as an INED guide.

Friday, 19 September 2014

FRC on Risk Management and Internal Control disclosure - insurers way ahead?

Muddy Waters
- public disclosure on Risk
The UK's Financial Reporting Council have released guidance on Risk Management, Internal Control and related reporting, just in time to help muddy the waters for UK insurers, who have no doubt finally got their risk, actuarial and compliance functions writing non-conflicting words with Solvency II preparation in mind!

Anyone who has written, peer-reviewed or socially read these sections of public reports (i.e. me, and any other geeks), will know they are normally;
  • Boiler-plate, and completely transferrable between industries, regardless of their disparate risk profiles
  • Aligned to the Strategy sections with a few anchor words, but otherwise divorced
  • Frequently unaligned with the ERM frameworks used internally - i.e. "this is what the City wants to read", not material on our actual risk profile!
Given that this is only guidance, and is further only directly relevant to LSE listed entities, readers may be inclined to take the content with a fistful of salt. There are a number of noteworthy aspects to this publication however which maybe show where the mindset of supervisory-types has got to in the eight or so years since the financial crisis commenced.

 I took the following general points from it;
  • Very little for listed insurers to be concerned about, if they have prepared adequately for ORSA and supervisory reporting (SFCR, RSR) - indeed, their reporting teams will be delighted with the amount of content crossover! Check out the (still not finalised) Delegated Acts of Solvency II in order to see why listed Insurers won't need to stretch to meet these.
  • Frequent references to "culture", as opposed to "risk culture". Checking the FSB's take on Risk Culture from April of this year, one can appreciate the FRC's desire to gemmy culture into these guidelines, if perhaps not the execution - one fears the "culture" words are likely to become a little weasely.
  • Multiple crossovers into ORSA language, in particular re-emphasising the importance of the alignment of risk management with business strategy.
  • Good work in section 4, bringing in the "IMMMR" concept from Solvency II, as well as assessment of current and emerging risks, and assessing exogenous and endogenous risks when doing so.
  • Recommend that risk assessments are performed at inherent and residual level, and that control effectiveness is also considered when arriving at one's final assessment
On the technical front, the following elements caught my eye
  • "Emerging principal risks" used as an expression - not sure if that stands up to scrutiny i.e. if something is emerging, can it be a "principal" anything? How would you measure it to gauge "principality"?
  • Reference to "high profile failures in risk management" in recent years, which feels a little finger-pointy - we could deconstruct every corporate failure to one of risk management failure
  • "Risk Appetite" put into inverted commas within the guidance, but not in the appendices - can't quite work out the aversion to definition given the FSB's work to date at the very least, but certainly EIOPA have similarly dodged it (p59), and looking at Appendix 1 of the Irish regulator's thought paper on Risk Appetite, one can see why!
  • "It is the role of management to implement and take day-to-day responsibility for board policies on risk management and internal control" - really? responsibility for their implementation, sure, but policy content?


Thursday, 4 September 2014

Solvency II Delegated Acts - whenever, wherever...

No sign of the Solvency II Delegated Acts sign-off as yet. The mighty ECON committee of the European Parliament have just about got their feet under the table after May's elections (and June, July and August's European summer holidays!), but despite meeting on the 3rd and 4th Sept, they don't appear to have discussed or even listed the matter as work in progress.

Wouldn't have felt such a big deal, given Gideon's summary on the topic back in early August, but the Mr Claffey and Co. at Milliman appear to have picked up on a potential sore point for the unit-linked boys, which might jack-up the Operational Risk SCR for anyone in standard formula world (which would cover a good number of pure unit-linked businesses I expect).

I've had a look around for the July version of the Delegated Acts, but they have yet to be leaked* as publicly as the January version - I would recommend anyone in the unit linked world gives this a once over, particularly if you still pay fat commission cheques!





* How about I shut my mouth - not only has the wonderful Petter Svensson (Sweden's foremost independent consultant) made it available on his own site, the Romanian Regulator has done similarly. Fill your boots...

Monday, 18 August 2014

ORSA - Institute of Risk Management special interest group

Of course while I spent the last couple of months topping up my tan in, errrrr, the Isle of Man, some of the guys in the UK and further afield have been building up an endeavour-flavoured sweat on some of the more malleable elements of Solvency II preparation.

Raining 'Mann' - Glorious Manx summer
The IRM as ever have kept the ball rolling, in particular hosting an ORSA session last month. While you can pick your way through the guest speaker presentations for ideas and comfort (one company specific, one consultant generic, and one which S&ST/RST fans might like as a sense check), I was much more interested in the attendee survey.

A whopping 34 replies came in, via which the attendees have delivered a reasonable ORSA landscape mock-up, which may help some of you get matters shuffled in your priority lists, given where your peers claim to be.

I noted in particular;
  • ORSA Process overwhelmingly run by the Risk functions (over 90%)
  • Just over half going for annual frequency, the rest (who responded) naturally more frequent - doesn't instinctively feel representative, but not all of the smaller firms would send someone down to this!
  • Around two-thirds have their "Reports" at 50 pages or less - if we assume that by "report" we mean Supervisory as well as Internal, the PRA won't be too chuffed with that given their comments at the December industry seminar.
  • Only a third have submitted draft ORSA Reports to the PRA and received feedback
  • Coverage of emerging risk appears to be an area which not only do respondees think is lacking, but has received critical feedback from the PRA
That half have used external consultants in their ORSA work to-date is certainly no surprise. I'd be worried if that consultancy had more than a year's dust on it though, so think hard before you start submitting your 2014 gear!

FTSE Insurers and Solvency II costs - quick round up

So I'm back to work after a well earned pit stop back home. I'll start with a summary of all goings-on in the Solvency II world over the summer using the following complex schematic...


Solvency II implementation costs to insurers, having experienced feast and famine over the last 2 years, will be firmly back on the bean counters' agendas now the finish line is in sight. In the past I had mopped up the 2013 financial year end here, the 2013 interims here, and 2012's full year here, so there is plenty of numbers out there for those interested.

I've therefore taken a quick look at some of the UK interim reports out over the last couple of weeks, just to see what costs/lobbying elements are included. It has been pretty dry going, which may reflect analyst fatigue on the matter more than insurer ambivalence, but I'd flag the following;

Aviva
- Costs which are "mostly" Solvency II at £41m for the half year
- No substantive comments on current legislative position

RSA
- Costs of £14m for the half year, against £20m for all of last year
- Amusingly classify Solvency II expense as "One-off non-operating costs"!

Standard Life
- "...expect [their] capital position to remain strong following implementation"
- No reference to costs

Prudential
- Implementation costs (broken out into p10 of this IFRS supplement) of £11m for half year, versus £13m for the comparable half-year, and £29m for all of 2013
- "...preparations are well advanced"
- Backwards in coming forwards over the likelihood of model approval and valuation assumptions (p17)
- Domicile change still left dangling (p24)

Old Mutual
- "...well positioned" for Solvency II, though "...continue to experience a degree of uncertainty"
- Nothing on costs

Legal and General
- "...expect the final outcome on Solvency II to result in a lower Group Solevncy Capital ratio" than existing EC. They stress in their accompanying presentation and in Nigel Wilson's speech that their existing EC is not Solvency II capital!
- Indication on  p17 of the Analyst presentation notes where L&G and the ABI have potentially fallen out (hence their recent divorce)
- Nothing on costs

Wednesday, 2 April 2014

EIOPA's Implementing Technical Standards on Approval Processes - Cut and Paste?

EIOPA have at last commenced their work on "Level 2.5" regulation in the Solvency II world, and with it being something of a trip into the unknown (only their sister body ESMA world appear to have performed a similar exercise to-date), their consultation papers will no doubt be getting torn apart like a parking ticket by Insurers and NCAs alike.

Open until the end of June with a view to presenting this particular batch to the European Commission for endorsement by the end of October, the ITS cover how the following approvals should be applied for and administered, with definitions and rationale provided in this cover note.
  • Use of Matching Adjustment
  • Use of Internal Model, "Major" changes to that model, and changes to the Model Change Policy (phew!)
  • Use of a Group Internal Model
  • Use of Undertaking-Specific Parameters (USPs)
  • Use of Ancilliary Own Funds for SCR
  • Use of Special Purpose Vehicles for risk transference

For this post, I wanted to concentrate on the Internal Model-themed ITS (emboldened), specifically things which introduce something new to the table (i.e. not already in the thoughts of UK firms/regulators through the Directive, Delegated Acts, Preparatory Guidance or indeed the existing IMAP structure in the UK).

Therefore in the interests of recyclability, UK firms will be delighted by the requirements within this particular ITS - you will recognise the text as part of the Self-Assessment Template "tabs" which you would have been populating as part of IMAP over the last 2 years!

That text was of course co-opted from the Draft Implementing Measures from October 2011 (specifically Article 203 IM1 for the application requirements, IM2-IM8 for the model change and administrative process elements). These articles had disappeared from the latest version of the Delegated Acts, only to find its way into this ITS almost verbatim.

Elements which therefore show noteworthy change from that old text (other than semantics) include

  • The addition of a requirement for a (year-end 2014?) P&L Attribution to be submitted as part of the application.
  • Withdrawal of some of the ceremony around applying for a change to the Model Change Policy, which was a little more elaborate in the October '11 text (AMSB explanation and justification text, 6 month turnaround time for NCAs to make a ruling).
  • The same for an application for a Model Change itself, now seemingly less formal
  • Giving room for terms and conditions and transitional plans to be factored in to an NCA's decision on model approval
  • That more detail should be published on the NCA's website regarding the approval (namely that the scope of the IM should be disclosed, as well as risk categories and business units covered, which feels a touch commercially sensitive to me!)

I'm guessing this isn't the only ITS which is going to use this approach (i.e. ripping text directly out of the Oct 2011 Draft Implementing Measures where it has been seemingly jettisoned), so a bit of cross checking might help you second guess what is going to appear in the rest of the ITS!

Now I'm off to have a look at the others...


Monday, 31 March 2014

EIOPA's "Common Application Package" for Internal Model Applications - UK back to the drawing board?

The release of an EIOPA Opinion today may very well raise the heckles of the UK Insurance Industry, regarding a move towards a "Common Application Package" to be used across Europe for assessing internal model applications. This appears on the face of it to be disjoined from the internal model-related ITS already scheduled in EIOPA's calendar (p12) over the next couple of months.

Their "package", to be published after consultation with the National Competent Authorities themselves, will comprise of;

  •  Instructions 
  •  A self-assessment 
  •  Background Information 
  •  An inventory of internal documentation 
  •  An explanatory document 

Worth remembering at outset;


That said, a combination of EIOPA's desire for convergence, and the recently released and revised Delegated Acts may have a particularly destructive effect on existing IMAP efforts within the Solvency II Programmes of UK insurers. I have therefore had a deeper trawl through the Delegated Acts in order find out what the practical implication of any changes in the redrafted Delegated Acts might be.

As anyone who has worked in the UK IMAP space will (un)happily tell you;
  • The PRA's approach to assessing internal model applications (inherited from its predecessor) involves deconstructing Solvency II Directive and Delegated Act text into sentences, and in some cases sentence fragments. This created over 300 "requirements".
  • Those are transferred into a spreadsheet list, within which firms are asked to list evidence of their ability to address each item (or why the requirement is not relevant).
  • That spreadsheet list is housed on an Excel workbook known as the SAT Template, which contains various other worksheets, all of which require manual population of some kind.
  • A fully populated SAT Template is required by the PRA for IMAP participants, along with some ancilliary documents (listed here), supplemented by any further documentation which the legislation or EIOPA deem is compulsory.
It's not a tick-box exercise though...

The recent versions of the Delegated Acts which have been creeping around are therefore of some significance to this work. Over the last couple of years, firms will have populated a SAT Template which contained deconstructed sentences from the Solvency II Directive pre-Omnibus II, and the Delegated Act text from November 2011, both of which have now been superseded (without being too presumptuous!).

How do the changes affect the contents of firm's existing IMAP templates, and indeed does it matter? Well, it goes without saying that the SAT Template will need to be amended and reissued by the PRA, regardless of what EIOPA produce. The question for UK firms, having spent considerable money and resource on populating the template in 2011/2012, is whether or not to start from scratch, now that time is something of a luxury, and the end-game is more definitive.

With 2013 being something of a write-off for both Solvency II programmes and the PRA's IMAP campaign (although the costs suggest otherwise!), it is likely that existing SAT templates, crammed with bespoke explanatory text and document references, have either gathered dust for a month or twelve, or received only minimal maintenance.

To see exactly how much of those early efforts will be salvageable, I have taken a look at the Delegated Act articles from January 2014* regarding the Tests and Standards for Internal Model Approval (or 'TSIM', after the acronym allocated to these articles by the draughtsmen), and compared it against the November 2011 version of the same text, and found some significant changes in form and substance, which may render some of your earlier SAT population efforts chocolate-fireguard useful.

The 24 original TSIMs, once deconstructed, respresent over 200 (almost two-thirds) of the "requirements" listed within the SAT template, so any changes in them could massively impact the recyclability of existing content.

IMAP Changes - has EIOPA gone Gaga?
I found, of those 24;
  • 6 are unchanged verbatim
  • 2 have minor definitional tweaks, but are otherwise unchanged
  • 2 have been merged
  • 2 'new' articles have been introduced into the section, though neither are labelled "TSIM" at this point.
  • All others have been changed in at least form, and in the majority of cases, substance
IMAP candidate firms have therefore been left to contend with more awkward changes than a Lady Gaga concert in a broom cupboard...

Those which have received the most aggressive reworking include;
  • Article 225 TSIM 15 - Management Actions
  • Article 229 TSIM 18 - Model Validation Process
  • Article 230 TSIM 19 - Validation Tools
  • Article 232 TSIM 21 - Minimum content of the documentation
It is fair to say therefore that UK-centred internal model applicants may struggle to recycle their existing IMAP drafting efforts without re-engaging Business-As-Usual staff in a substantial way, and that is before we even get to what EIOPA may propose in the "common application package". It also remains to be seen how the other European countries react to the likely Anglicisation of internal model assessment.

If you need help with this on your Solvency II Programme, don't be afraid to get in touch at allan@governance-matters.co.uk


* Just for reassurance, the TSIM text doesn't change between the January 2014 and March 2014 versions, but unless someone published the March version online, you'll have to take my word for that!

Wednesday, 26 March 2014

Solvency II Delegated Acts available online (kind of...), plus EIOPA's plans for 2014/15

So let's start with something a bit unexpected - DRAFT DELEGATED ACTS! ONLINE!

I'm not sure who the leaky uploader is (appears to be a Spanish consultancy firm), but the document is very much online. Sadly, it is only the January 2014 version, which as you will see in the rest of the post, has just been superseded, but it definitely pairs up with the version currently doing the rounds, I promise!

I have managed to get a sneak preview of the latest version of this document (dated 14th March) which have seemingly managed to burst the banks of the tightly-knit circle of advisors, and are now no doubt winging their way to a Solvency II Programme Director near you! There are "tracked changes" on the March document now circulating, which only appears to cover changes since the emergence of the January document hyperlinked above.

Lord help anyone who wants to trace it back to the more familiar 2011 (unpublished) draft, you might as well draw a load of foxheads on sticks...

Insurance Europe were obviously part of the privileged few for the March revisions, hence they fired out this missive last week regarding all of the Pillar 1 technical areas which they feel (on behalf of the industry) remain deficient. There are no real surprises in their list - it is the same topics which have been on the whinge-list since EIOPA's LTGA last year, and indeed earlier in the case of the Currency Risk approach and Own Funds classification.

Following on from the draft Delegated Acts being made more widely available, there has been a reasonable amount of noise in the paid-for press (here, here and here for subscribers), as well as Insurance Europe's top man having a lobbying call published in the FT (here).

Being more of a Pillar 2 man myself, I thought I would check to see what, if anything, had been tweaked in my areas of interest. The impression given earlier this year was that little had changed outside of the Long-Term Guarantee elements, and that was certainly true if you compared the November 2011 and January 2014 documents.

However, having examined the amendments in the March 2014 version, I have found is that a few areas of governance (both SOG and Internal Model governance) which were previously untouched have actually received a fair bit of treatment, for example;
  • Changes to the requirements for internal audit function holders not to cover multiple control functions (this constraint has been removed). This is presumably to pacify the smaller firms across Europe who have a Risk/Compliance/Internal Audit multi-tasker, so textbook "three lines of defence" have taken a bath in the interests of proportionality.
  • The devil remains in the detail though, as the amended text allows someone to "carry out" more than the IA function, but seems to stop shy of them "taking responsibility" for other functions. Not sure how that will work in practice.
  • Changes in the IM Validation space, in particular the removal of the requirement for a "Validation Policy". Fair to say most firms in IMAP would have produced one of these at least a year ago now (plenty of industry references here, here, here (p8) and here for example!), and while still a document of merit, does a "validation policy" now constitute gold-plating?
  • Changes in the required Internal Model Documentation, targeting a much slimmer set of compulsory documents. This includes replacing a number of "policies" with "descriptions of...", which will no doubt be well received by those supervisors with multiple internal models to assess over the next 18 months!
  • The tiered timescales for submitting QRTs, SFCRs and RSRs have now moved into the Directive, via Omnibus II text (as opposed to haveing been deleted, which is what it looks like at first glance!)
  • A few of the other TSIM articles (Tests and Standards for Internal Model Approval) have been enhanced. "At least quarterly..." assessment of the IMs coverage of material risks is now specified, for example. Quite how the hard-coding of the regularity cramps your actuaries' style is another thing! 
I strongly suggest you all get back to work and check for yourselves!

Thursday, 20 March 2014

The PRA and Insurer Business Model Analysis - emerging risks into capital add-ons?

A rather revealing "topical article" was pushed out by our pals at the PRA this week, mouthwateringly titled "The role of business model analysis in the supervision of insurers".

I obviously threw my Woman's Weekly professional reading materials to one side in order to see how much juice there was in this particular fruit, and it is certainly worth a glance for anyone in the risk management game, if only for the idiot's guide to Life and General insurer business models it provides!

Ironically, in the Life Insurer case (where they have chosen 'non-standard annuities' as a paradigm-changing product offering), they weren't able to forecast yesterday's scuppering of the UK annuities market in its entirety in their business model analysis!

It actually reads as quite a good case study in how we should be conducting emerging risk assessment against one's prevailing strategy, walking through specific changes in the operating environments of Life and General Insurers driven by both exogenous and endogenous factors.

With the price comparison website example, it is a good example of how a strategic risk filters down into second order risks which require reconsideration. The annuity example shows how the impact of competitors can impact both existing new business streams and the risk profile of one's existing book.

There is evidently an enormous emphasis being paid in the regulator's BMA activity to those grim business school concepts no doubt already permeating your emerging risk assessment processes such as SWOT and PESTLE analysis, as well as what (in future) will be supplied under Solvency II, most notably Profit and Loss Attributions and ORSA supervisory reports. I'm sure we will see over the next couple of years how the PRA's demand for these very sensitive in-house outputs materialises into supervisory action!

What perhaps Risk and Capital Management functions should be particularly cautious of is the leitmotif of the PRA "responding pre-emptively" where they feel that profits are not aligned with the risks insurance firms are taking. The following quote is of particular concern, as I can't see how this and the ORSA supervisory report aren't sharing the same womb (my emphasis)!;
"...the results of a BMA exercise help to inform the PRA's expectations of a firm's financial and non-financial resources. For example, the PRA might raise capital requirements, or require a firm to improve its governance process, to address weaknesses identified by BMA"
Bearing in mind we are months away from the first glut of ORSA material being delivered to Moorgate's finest, is the industry about to fertilise an expensive new world of capital add-ons via supplementary business model disclosure?

I appreciate that it has been emphasised by the PRA (p8) that ORSAs, and their supervisory reports, simply cannot be used to set regulatory capital, but in the context of what is being stated by the BMA team here, would they really be ignored?