Monday 17 December 2012

ABI update on Board Effectiveness - updates on Diversity and more

The ABI pushed out their Board Effectiveness update recently, which remains thematic rather than broad-brush, so I hoped to take something significant out of it, particularly around Board Diversity, which they have touched on before in a rather clunky manner, reflecting the uncertainty around the topic (specifically the gender element) last year when it was brought to the fore politically by Lord Davies report amongst other works

Diversity - apparently impossible
without symmetry...
 Staggeringly, the terms "Board Diversity" and "Gender Diversity" continue to be interweaved, which flies in the face of recommendations around "diversity of perspective" (p8, then reinforced by Chairs on p18), which of course needn't be constrained by gender any more than class, race, age or all-round Manx rugged handsomeness...maybe not the last one then :-(

That said, the statistics have clearly improved over the year on overall female Board representation, despite some recent high profile FTSE 100 CEO resignations leaving things at the Executive end somewhat less positive. Some benchmarks included on what "good" looks like in the context of disclosures and gender diversity policies, with M&S (what we're doing) and Vedanta (why we can't do it) representing opposite ends of the inclusivity spectrum while remaining concise. Good stuff on examples of gender diversity policies and affirmative action from p31-33 as well.

The ABI have also picked out the trend of using existing relationships with remuneration consultants/auditors to spin-off independent Board evaluation work to, and have recommended that it cease, and be replaced by something more independent (hmmmm, wafer thin market and lack of independence - sound familiar to anyone in IMAP?)

Monday 10 December 2012

Long Term Guarantees and Pillar 2 - back to the future?

Just like the popular floor filler from Chris Rea*, it looks like the individual countries would like to "Go their own way" when it comes to capital calculations for long term business, so reports Reuters.

Clearly the elephant in this particular room of different products in different countries is "why wait 10 years to table this", on the basis that retirement products in Europe haven't changed seismically in the genesis period of Solvency II? A cynic might say that the conflicting market/product representatives each thought they would emerge victorious after the lobbying rounds (hence didn't ask for carve-outs at outset), only to find an economic crisis and the threat of an EU-wide 'lost decade' was the backdrop to negotiations.

To see a political move from the French Finance minister to attempt to outflank EIOPA's LTG assessment is pretty poor form, but is at least in keeping with DG Faull's letter to Sr. Bernadino, which did everything but tell him the desired answer to the LTG question, and I suppose the weight of public opinion if nothing else would suggest that discouraging long term investment right now (even if the initial maths say that the capital price is right) is politically naive and a shade obtuse economically.

This parting of the ways may certainly be the case for the balance sheet question, but oddly seems to also be rearing around early adoption of Pillar 2, where the Dutch are looking pretty keen while at the same time the Irish have stated that they will wait for the crowd.
*PS Shame on anyone who, with their Solvency II hats on, thought I might be talking about the "Road to Hell"!

Governance Matters at ILAG - Co-operation between control functions under Solvency II

Been a bit quiet on the Blog front - not because my country and I are licking our wounds after being opened up by HMRC like a Manx kipper, but because I had been asked to chip in with my two cents at an event hosted by the Investments and Life Assurance Group in London. It was an exceptionally well run event, with some interesting takes on the participation of Risk, Actuarial and Internal Audit functions in meeting not only the Directive requirements, but also the expectations of wider stakeholders and indeed policyholders.

My particular focus was on Control Function interaction, the inevitable areas of crossover and emerging skill gaps, and I also touched on some benchmarking papers as well.

My transcript is below and, conveniently enough, reads like a Blog Post. If you would like the slides with the script/hyperlinks embedded, either register with ILAG or drop me a line at allan@governance-matters.co.uk and I will send them on for the bargain price of...free!

________________________________________________________________________________


So back in my former life of BAU busy-ness, my interests in Control Function optimisation were generally led by budget (or lack of it), in particular;
     Professional standards – were there enough bodies, and were they sufficiently skilled or motivated, to perform the fundamentals required (bearing in mind corporate governance code reforms both in the UK (2010 changes BTW, not 2012’s!) and Ireland meant that some system of governance work had to jump the Solvency II queue regardless)
     Proportionality – would the lack of definition around the proportionality principle (Lloyds take a stab on p2) lead to companies being woefully underprepared once the national regulators inevitably bared their teeth post-2009. The impact of misinterpreting Article 41.2 genuinely put the fear in me!
     Multiple roles per person/outsourcing – Whilst some common sense calls were made at the smaller end by merging Risk and Compliance functions, the more operationally substantial calls around merging risk and actuarial functions, outsourcing internal audit/compliance advisory services and recently the march towards outsourcing independent model validation and data quality assessments all posed questions.
Of course, having now worked with one of the biggest, my natural curiosities are not piqued by the unavailability of resource and budget, more by the complexity of wading through the reams of opinion and material that large budgets generate! In particular, I have been monitoring;
     The ability to get bang for buck out of programme spend, with most Tier 1 firms having comfortable broken 3 figures despite, from a Pillar 2 perspective at least, having something akin to “textbook” governance systems at outset
     Whether the “Consultant writes/BAU implements” will be proven to be a successful method of preparing for Solvency II, or whether the plethora of Pillar 2 material outputs will, once unsupported by its transient authors, die a little death
     Control functions in Groups, and perceptions of which countries’ governance is considered superior/inferior in the world of supervisory colleges
But you lucky guys in the UK already have a decent amount of written word around what your control functions are up to, with GENPRU, INSPRU, SYSC, SUP and the Corporate Governance Code all building cases for functional remits and appropriate governance structures
     So we know our friendly actuarial function will be knocking out the sums which end up in our pricing and reserving worlds, produce the EV and capital calcs that (hopefully) keep the wolf from the door, thus quantifying any risks which lend themselves to being quantified, and all the while self-policing the suite of models, methodologies and assumptions that aid them in doing so…
     We know our compliance function will be focused on monitoring and assessing the effectiveness of an entity to comply with prevailing laws and regulations, at a micro and macro level…
     We know our beloved IA function will be assessing the effectiveness of risk management, internal controls and governance processes…
However, the one rather raggedy looking function out of the existing set up is my one, the humble Risk function! While SYSC21 has beefed up the significance of Risk in the prevailing regs, the other SYSC tasks attributed make it feel a bit powder puff functionally by comparison.
In fact, both Risk and Compliance don’t especially feel enormously catered for in the prevailing set up as opposed to Actuarial and IA – not sure whether this is due to the consistency of their development as professions dwelling in the more certain lines either side of the second or not, but it’s certainly my feel as an outsider looking in…
…but thanks to Sol II (or at least the veiled threat of its implementation before I retire), we are now looking at control functions in reasonably neat packages complete with instructions!
One of the biggest problems that I’m sure all present have easily surmounted over the last couple of years is the ambiguities in the language of the Directive and Implementing Measures.
As a man who is married to a wonderful French woman, I am used to following instructions, but of course we are frequently confronted with flowery language such as “covers”, “advises”, “provides an opinion”, “liaises”, which is a consultant’s dream come true, but doesn’t help BAU demarcate and co-operate with any great certainty.
That said, the long and short of it ends with;
Risk
Risk come out with a pretty wide-ranging remit which mostly sits in the FSA’s Dream Function world of advisory, co-ordination, challenge and monitoring, though its ability to monitor “the general risk profile” is clearly reliant on the Actuarial function. Not assuming all present are part of IMAP, but the big ownership piece comes of course with the Risk function taking on responsibility for compliance with the internal model requirements on its design, implementation, testing, validation, documentation and weakness and limitation reporting. Clearly a massive undertaking and, certainly at the small/medium end, not one that can be naturally chalked off with an existing compliment of staff.
Actuarial
Actuarial function requirements include requiring knowledge of actuarial and financial maths but leaving an “other standards” clause in to help out the less well-policed countries! They do also however get some wriggle room on responsibility where it would otherwise be assumed (at least by me!), and so ”co-ordinate” TP calcs, “express opinions” on reinsurance arrangements and the underwriting policy, or “contribute to” implementation of the risk management system.
Compliance
Compliance are not burdened with a laundry list of tasks as such, however to advise the AMSB on compliance with Solvency II is a pretty unenviable one (particularly now!). Perhaps the biggest challenge looking at the remit impartially is the depth and breadth of coverage that the function will need to provide, not just on Level 1, 2 and 3 and SOLPRU, but also be able to challenge the adequacy of the vastly expanded internal policy suite
Internal Audit
IA get the unimaginable luxury of having a relatively unchanged remit, particularly in this neck of the woods where risk-based internal auditing and planning is de rigeur.
Outsourcing
The aggression in the wording around the Outsourcing requirements suggests that the days of outsourcing control functions being a “write a cheque, then dusting-of-the-hands” job are at an end!

Now the legislative ambiguities just mentioned leave ample room for control function bun-fighting due to the inevitable crossovers of skillsets for certain tasks and, perhaps most pointedly, who takes precedence in such instances.
ORSA
Probably the biggest area of convergence and potential toe-stepping-on is of course the ORSA space (covered here on the blog) which in the crossover context it is more about who performs which sub-processes, under whose authority, and who “holds the pen” when collating the record of the ORSA performance.
More by process of elimination than by legislative direction, ORSA oversight seems to sit at the door of Risk, a concession even made by the SAI over in Dublin whilst simultaneously illustrating how little they are required in the ORSA Process! Is this therefore real or nominal oversight, or even worse, a PMO-type record collection role.
One other crossover area comes from the removal of the requirement (after pre-consultation) of an independent assessment of the ORSA Process – whilst losing the compulsion should be welcomed on principle, is there a danger that the IA function, through risk-based planning, may under or over-Audit the ORSA space? Just a thought...
Risk IMMMR/Advisory/Challenge
The world of risk identification/measurement/management/monitoring/reporting also becomes one with potential for friction, through the merger of the worlds of the Risk function’s qualitative risk register-type approach and the actuarial function’s established risk quantification methods, into what ultimately comprises the “general risk profile” as per the Directive text – one of the Big 4 suggested that the P&L Attribution is, for actuaries, “the real risk profile” for example, and perhaps some of you concur!
Regardless, the twin horrors of agreeing with Actuarial quantification methodologies for hard-to-quantify risks, while fostering a dependence on them for measurement, monitoring and reporting facilities around financial and insurance risks suggests more of a one-sided dependence rather than “close co-operation” between the functions.
Compliance risk
This works similarly for the world of compliance risk identification/assessment, nominally in the remit of the Compliance function - are they being dragged somewhere nearer the first line if they are producing this work for the Risk function? Just feels a bit blurry…
Emerging Risk
For emerging risks, my main concern is the robustness of the top-down/emerging risk identification process filtering its way into some quantified element within the ORSA and/or internal model – Risk is chalked down for identifying and assessing emerging risks, but their ultimate measurement isn’t catered for.
For internal Modellers
And into the internal model space, the “close co-operation” between the Risk and Actuarial functions, at firms big and small, has the potential to cause all manner of difficulties, in pure process efficiency terms as well as the cost implications of IMAP failure,. One CRO referred to this as having to “solve the risk management team/actuarial team conflict” in a recent presentation on model governance! Clearly though there is quite a gap to bridge between how this governance worked under ICA and the demands of Solvency II.
Establishing an “independent” team for regular validation, regardless of headcount seems to be something of a holy grail, with a growing trend towards “bringing someone in”, if only for the comfort of benchmarking against one’s neighbours. This also helps a company stay in line with Mr Cardoni from the FSA’s call that “individuals performing the validation must possess the necessary skills, knowledge, expertise and experience”, but does little for self-sufficiency, as well as leaving the Risk function with the job of relationship manager during validation exercises.
The approaches available for the Risk function to discharge its other responsibilities around the internal model requirements, in particular around model design and implementation, of course crossover into terra firma for the actuarial function – would be interesting to know how any modelers in the room have approached this, as a cursory sign-off from Risk on a suite of model development and implementation paperwork doesn’t feel in keeping with the spirit of the regs, though an IRM survey from March suggested at least 11 IMAP applicants were doing something along these lines!
So even if Sol II doesn’t directly ask for enhanced skill sets, we in all functions can all see the iceberg coming if we don’t fix up and look sharp. As ever, the most fascinating movements are in the actuarial space as they meander over towards the risk in what is lined up to be the biggest land grab since Enclosure!
There is certainly plenty of encouragement, in a profession which one of its own was happy to recently decry is “trained to deal principally in numbers and statistics”, to branch out into Risk, with the CERA qualification – “the most comprehensive and rigorous demonstration of ERM expertise available” – perhaps leading the way. While the profession is quick enough to highlight the weaknesses and limitations of an Actuarial CRO, does this additional qualification do enough to bridge the gap?
Certainly the GCAE suggest in their work that professional education may need further enhancement especially in relation to risk management. Over in Ireland however, the SAI are taking it one step further in their Strategic Plan for the profession, going as far as looking to partner up with a university to develop a risk programme for anyone “who wants to skill up quickly in the area”. Can’t say I’m sure what the rush is, other than opportunity knocking!
On the Risk front, the IRM were very quick to respond to the FSA’s Dream Function presentation back in April 11 with a vigorous defence of the appropriateness of non-Actuarial heads-of-risk, noting that the two professions were “extremely complimentary while different”, whilst mockingly emphasizing that the very concept of CERA highlighted that “Core [actuarial] qualifications do not give sufficiently broad training”.
That said, while the IRM have focused attention on some big ticket items such as Risk Appetite and Risk Culture  over the last 18 months, is it fair to say that training or certification touching on capital measurement and management, modeling, financial and insurance risks and their strategic application would have been a welcome addition to the qualification roster (notwithstanding what is available elsewhere through GARP’s FRM designation)? I rather embarrassingly had to answer a question from a colleague the other day about “how did you get qualified for Solvency II” – I won’t tell you how I answered!
For IA, there is a brave new world for anyone with the chops to upskill or expand their horizons. While the ever-moving implementation date maybe postpones any programme assurance work that IA could have picked up on the run-in to go-live, there is clearly an expectation at the FSA that they will contribute to activity such as internal model validation and data quality assessments, though I’m not seeing anything in the world of training to aid them in doing this (hence the consultancies are doing so well out of it I suspect!).
Deloitte do present a nice picture of some of the additional skills that IA may fall short on, in particular a natural aversion to covering non-Operational risks, despite their relatively higher contribution to the risk profile of insurers. One other thing I had in mind, knowing the IA profession’s predeliction for COSO was changes in the world of Insurer ERM since the last refreshes of COSO’s ERM work, particularly COSO’s latest take on risk assessment – instinctively feels like there may be some catch-up work to do in the IA field, but may be wrong.
For the compliance guys, is it fair to say that you already have your work cut out swallowing Level 1, 2 and 3 paperwork as well as any handbook changes which will emerge at the end of the PRA/FCA divorce. Interested to know if anyone getting roped into other activities!
The last thing I was going to mention was that, in the absence of rapid upskilling, and the wind-down/mothballing of organisation’s Solvency II Programmes, has anyone worked out whose BAU budgets any outsourcing will come out of for the next couple of years?
Moving on to how people are doing on the functional operation and indeed co-operation front, there is a reasonable amount of intel and ideas out there, which you may have clocked on its way through, but maybe makes a bit more sense in aggregate.
Risk function effectiveness
As far as Risk function effectiveness goes, the IRM straw-polled their Solvency II SIG this year, and identified some worrying trends from a Sol II readiness perspective, in particular;
Only half have their CRO communicating directly with the Board on risk matters – breathes some life into the quote from Axa’s Life CRO that risk management is too important to leave to the risk management department”…
     Nearly half said risk papers are "noted with a short discussion" at Boards
     A number of risks were not covered by the respondees' risk functions – ALM and strategic risk in particular
     Over half felt they had overlap with either Actuarial or Compliance, and a quarter with IA
     As mentioned before, a decent number of risk functions are not directly delivering documentation, testing and validation of the internal model.
     Half said the process of implementing Solvency II affects their ability to become relevant to the Board
The IRM also very recently performed a survey (with a reduced quantum due to the subject) on Internal Model Governance trends, which highlighted that;
     Risk is “responsible” for IM governance (with no exceptions in the survey), but Actuarial are “involved”, but with no further details
     And many respondents feel “real decisions” continue to be made outside of IM Governance framework, in particular around stress testing, back testing, model change and expert judgement – makes one wonder if an Actuarial CRO could counter that governance leakage?
Risk appetite design and application
There was a paper released by our hosts this year which emphasized the differences in design and implementation of Risk Appetite Frameworks between Risk and Actuarial functions, noting that a quant heavy actuarial approach gets more traction and quicker! This doesn’t augur well for the new ORSA world of “everything must be quantified”, as it is the qualitative risks that need the most attention.
Reporting lines
The world of reporting lines remains a pretty hot topic, with KPMG putting out a decent paper which recommended, amongst other things, that the Actuarial function should consider a formal demarcation between risk taking and risk assessing/measuring actuaries, which would negate the trend of shoehorning capital actuaries through the Head of Risk, keeping them all reporting through the AFH. They also added that at least half of the respondees were not yet at their desired end-state regarding the basic new Actuarial function requirements around underwriting and reinsurance adequacy opinion provision.
IM Validation
In the model validation space, as early as the end of last year we saw KPMG reporting that half of the IM production staff were also involved in the validation process, emphasizing the practical difficulties in functional separation whilst in Programme mode – would love to see how those numbers have moved since. 
Having seen the FSA’s feedback in May on what had been observed at that point in time (in particular that independence from model development and being “sufficiently competent” went hand in hand), one can imagine that IA’s role in the activity will be marginalized in future at the ongoing expense of bringing in the Big Guns every year.
Things a Risk function could be doing
And finally, while I have touched repeatedly on activities which a Risk function may find cannibalized by their ravenous Actuarial counterparts, as well as responsibilities bestowed upon it that it may not be equipped to discharge, I have seen a few pieces around activities that the Risk function would probably love to be doing more of, given half a chance.
A recent piece by Accenture got my engine running, around the future of data analytics – I definitely feel that, with the appropriate informational power at their hands, the risk function can provide a massively enhanced IMMMR and advisory services at little additional cost (the main cost of course already being sunk into data  quality and data warehousing projects independent of the function)
One lovely piece, pitched in the context of why Equitable failed, reads like a list of things a CRO should be focused on, such as NED ambivalence and underperformance, or executive hubris, while a Towers Watson presentation on prepping for the future draws out the most practical big ticket activities such as superior understanding of model weaknesses and limitations and tail risk, rather than a more general clutch at the full bag of responsibilities bestowed on the function by Sol II.
A research piece from the CII (sadly no longer free!) compliments that, suggesting that a “balance between modeling and judgement” must be struck by Risk departments in order to breath relevance into a function that the author was outspokenly critical of in his research.

Sunday 2 December 2012

Omnibus II - back to June 2013

Inevitably, the spectre of reality has successfully haunted the facade of optimism until it requires a change of underwear - the Omnibus II Plenary has been shifted out to June 2013 over the weekend. After last year's rather ambivalent stretching of the scheduled Plenary date once the summer holidays/change of presidency approached, this looks like it possibly has more legs next year (why talk Omnibus II when the weather is so nice!)

This certainly gives the beleaguered industry a bit of breathing space to perform whatever data collection is required during the LTG impact study/QIS6 at the same time as standard financial year-end pressures start to pile up for the largest lobbyists - strangely still haven't seen anything definitive on EIOPA's mandate for the study yet, the scope of which appears to have been harder to pin down that one would expect (the FSA's Insurance Standing Group indicating one source of discontent from their September minutes

The coincidence of this being announced at the same time as news of Mr Van Hulle's impending retirement broke is a funny old one, but as Peter Skinner's decision not to run for re-election is also referenced in that article, maybe this changing of these battle-fatigued protagonists over the next 12-18 months may encourage all sides to stop tip-toeing through the tulips.

PS Early retirement? Anyone would think they're trying to get their annuities bought prior to go-live before Solvency II wipes 20% off!

Thursday 22 November 2012

KPMG's Solvency II Readiness Survey for CEE - the flaw in EIOPA's plan?

So KPMG released this little gem in the same time period as Solvency II preparedness became something of a moot point!

Drawing in responses from 84 people, with around three-quarters EU-based and 70% under £100m in GWP, the questions were posed in Q2 2012, so with Omnibus II missing the last plenary before summer holidays, the writing was already on the wall - despite that, KPMG reckon most respondees would have been working to a 2014 go-live date. It expands on their 2010 work in this area, where 44% or respondents hadn't got started on their Solvency II projects, so progress on that front would be considered a good start!

I gleaned the following from it;
  • 31% not expecting to be "Solvency II compliant" before 2014 - one problem that's gone away then!
  • Almost half do not have a risk management function in line with the Directive, with smaller companies the main culprits
  • Only 19% (down from 40% in 2010) will be using IM or PIM for SCR calculation. Attributed to the realities of building them as well as Groups rethinking their IMAP strategies over the last few years.
  • 62% of companies not even planning an ORSA dry run until 2013 at the earliest, with 14% not planning for one at all as it stands.
  • Only 14% electing to use more than 3 years as their "business planning period" for ORSA - two thirds settling for 3 years - supports the anecdotal trend of 3-5 years as par for the course
  • 20% reported that their internal models allow for multiple year calculations to project for the ORSA - not sure if that is stochastic or deterministic though, didn't think any of the kernel technologies out there could do multi-year projections
  • Half of companies have 50% or less of the data required to populate their QRTs
  • Extraordinary perceptions on staffing requirements for both project and BAU, which even KPMG are drawn into calling "excessively pessimistic and indeed unrealistic" - it may be led in some respects by subsidiaries using shared Group services, but is still shocking in its naivety.
  • Three quarters would like "more interpretation" from their regulator on Level 1 and 2 texts - not sure what there is to "interpret", so maybe its the Pillar 2 and 3 elements that they are struggling with (the other stats here would certainly lend weight to that).
  • More than half of model applicants strugglinbg with Validation, highlights assumption setting and expert judgement as problem areas (no surprises there)
  • 70% looking to define "new roles and responsibilities" around Data Governance - as referenced in my earlier post, not convinced that will end happily. Over a quarter don't plan to compile their data dictionaries until mid-2013.
  • Only a third looking to do full SCR calculations quarterly, and over 50% look like they will struggle to generate the SCR calculation faster than 8 weeks.
  • 20% have a dedicated Solvency II team - explaining a lot of the shortfalls in preparedness relative to Western Europe, but given the delays and uncertainty, a financially astute move.
What should worry EIOPA is the results around control function preparedness, or lack of it. If Sr Bernadino thinks that the low hanging fruit of Pillar 2 is ripe for picking before 2016, a quick review of those stats would suggest that a decent number of the 27 countries are in no such state.

Accenture study on Risk Analytics - lessons for Insurance Industry

Decent piece of benchmarking from Accenture on the current usage of risk analytics as well as drivers for the future. 450 mostly c-suite level respondees from across industries (40% insurers), but the findings are targeted specifically at the Insurance industry. Interestingly, respondees leaned towards incomplete data sets, rather than a lack of data or technological capability, as the main constraint.

While it touches on a number of areas of interest for Use Test specialists, it also covers Stress and Scenario Testing (13% of Life and 21% of P&C insurers reporting that they "rarely" or "never" use stress testing in decision making), and Reporting (which suggests the main driver for reporting improvements is regulatory rather than voluntary, due to regulators "...[increasing] their focus on the quality and frequency of reporting"). Internal Modelling also gets a mention, with almost 80% of respondents saying they already use, or are planning to use, an internal model for capital adequacy requirements.

Data Governance  of course gets decent treatment here. Only 69% of insurers polled currently have a Data Policy, but 41% have a data quality department, which feels alarmingly high, particularly when drawn against Accenture's comment that "...many firms have insufficient rigor who owns data, who sets it up and who manages it". The FSA concurred with that in their preliminary Data Quality Review findings back in September, and I'm not at all convinced that a DQ department will help in this respect (i.e. BAU absolve themselves of responsibility for their data sets!)

The Accenture crew use the "Leaders" and "Laggards" analogy throughout, so benchmark away and find out which one you are!

Wednesday 21 November 2012

EIOPA Conference in Frankfurt - "The authenticity of hopelessness"

"What do we want?" - "SOLVENCY II"
"When do we want it?" - "WHENEVER!"

...or so goes the leitmotif of today's EIOPA conference in Frankfurt, attended by the great and good from EIOPA, the Commission and various regulatory/lobbying bodies - ably tweeted by DIMA and Mr Varnell.

Sr. Bernadino's early morning speech covers the IORP issue as well as pure Solvency II, and tells us;
  • Politicial institutions should commit to Solvency II
  • All need to agree on "sound and prudent regime" for valuing long-term guarantees - EIOPA hoping to receive a clear mandate "as soon as possible", which is not promising for outcome delivery to a March 2013 plenary session!
  • Regardless of how long we stretch out to for full go-live ("not earlier than 2016" is his indication in the speech, rather than a fait accompli), EIOPA will look to co-ordinate early implementation of Pillar 2 and Pillar 3 elements based on their existing powers. Not certain if that means "existing" anticipates including or excluding the Omnibus II changes though.
Interestingly, on the same day our pals at Bloomberg produced this tidy summary of piecemeal introduction of elements of Pillars 2 and 3 which touches on some of the elements from my blog post the other week - particularly like Oliver Bate's "Balkanisation" comment!

Since Bernadino's speech the tweetosphere has been full of comment from the Montalvos/Van Hulles/Creedons etc around the practicalities of Pillar 1 parallel running, leading or following IAIS developments in insurance regulation, and ORSA - get stuck in on the #EIOPA2012 hashtag!

Tuesday 6 November 2012

Solvency II compliance ahead of "Go-Live" date - over to you, regulators

Judging by the rather resigned tones around the achievability of Solvency II "go-live" by 2014 (CBoI recently joining the FSA) and 2015 (here and here), there appears to be a growing swell of support for implementing some of the less wobbly bits sooner rather than later.

While it's unlikely that there will be more spurious adoptions than a Madonna safari trip, it is interesting to see what we can point at to-date;

UK - ICA+ regime, which lends itself, subject to the quality of the ICA-to-SCR reconciliation, to implementation from as early as year-end 2013, though one suspects 2014 is a safer bet.

Germany - Cheeky bit of Pillar II, judging by Bafin's (indirectly quoted) comments on Reuters today, although what "some risk controls" actually means is another thing!

Ireland - via the sterling work on PRISM, fitness and probity and corporate governance, it's hard to argue where they are not already Pillar II Solvency II-equivalent (at least in word, if not in deed!)

France - reference to compulsory submissions to the ACP in XBRL by Q1 2014 at the bottom of this doc, apparently confirmed at a recent soiree.

So we could very well have 3 Pillar coverage by 2014, just randomly spread out over multiple countries...

Any more for any more?

Monday 5 November 2012

Legal and General - Counting the cost of Solvency II

Spotted by his Lordship John Walton this morning, L&G  appear to have broken the mould by dropping some substantive Solvency II comment into their Q3 IMS, notably that they have booked £129m of costs in project spend.

They also go on to plead unhappiness on the inability of the rules as they stand to encourage the provision of long-term capital to the wider economy, echoing DG Faull's rollocking letter to Sr Bernadino the other week on longer-duration debt instrument capital costs, though are clearly only interested in UK investment opportunities as opposed to loading up on fruity Eurozone government debt (good on you!).

Of course the Solvency II preparation costs of most of the big-boys have been covered on this blog before, and £129m feels suitably light for a UK-focused business in comparison to some of its more complicated competitors. That said, with the FSA offering some hope of a transition to "ICA+" rather than dual running ICA and IM SCR for the next x years, how much leverage does this sort of investment buy a firm down at Canary Wharf when it comes to meeting the transitional criteria?

Look forward to seeing a bit more of these disclosures over the next week or so now we are in IMS season, but not counting on it!

Institute of Risk Management on Risk Culture - ABCs, Double S's and mercenaries

So I figured it might be worth seeing how the other half were living by reading something that didn't start with "Solvency II" and end with "indefinite delay"!

The IRM are endeavouring to produce white papers on some of the less tangible elements of a risk practitioner's day job, which one would hope contribute to more consistency in practitioner approaches and ultimately more credence in the concept of risk professionalism (indeed, their work around defending pure risk professionalism as a career, as opposed to loading risk functions with cross-over actuaries, was very much required in early 2011).

Having scrutinised their work on Risk Appetite in 2011 (lined up against some of the competing influencing bodies here), I figured it was only fair to take a punt at their new release on Risk Culture. It's fair to say that for politicians, regulators and fingers-caught-in-the-till employees, 'culture' or 'risk culture' appears to be a handy soundbite when explaining why they didn't fulfil their obligations to their stakeholders. The IRM are joined by Protiviti in producing this guidance, Protiviti themselves having delivered a survey based on UK insurers on this very topic in the summer, which was not shy about highlighting how little some organisations think of their Risk functions.

I've always felt that the 'culture' comfort blanket was one weasel word too many i.e. "there was a culture of greed" = "they were greedy ********", or "there was a culture of fear" = "scared of the gaffer", so I approached this doc with a pretty open mind, but tempered with a Manxman's natural scepticism. I found the following (sequentially);

What does a good risk culture look like?
  • Appears to have used examples of what a "bad" risk culture has recently led to, then flipped that on its head! Would have thought a clean slate approach is better for white papers, rather than reacting to zeitgeist incidents
  • Fair list of 10 criteria for anyone in the risk culture assessment space, though will always be a nightmare to codify/quantify.
  • The appearance of the dreaded "tone from the top" suggestion, which makes an appearance in the FRC's (p4), the FSA's and EIOPA's world (p10) - bearing in mind that the "top" is normally the problem when it comes to organisational catastrophe (Lehman, Northern Rock) as opposed to fat tail op risk loss events UBS/Credit Agricole/JP Morgan), I would be more inclined to call it "tone at the top".
What does risk culture mean?
  • I like the IRM's take on culture being "the repeated behaviour" of a group - very convincing definition in comparison to say the FSA in SYSC (p12), though the rest of the ABC approach is a tad woolly.
  • "Virtuous" versus "vicious" cycle sits nicely alongside this image of repetition, but nothing as such around how best to break a vicious one, either as a NED or a Head of Risk - perhaps that has been saved for the more extensive and expensive practitioner's guide!
Why is risk culture important?
  • Don't agree that risk culture affects the capability to take strategic decisions, rather it enhances or impairs the quality of those decisions. Immediately makes me think of ORSA, and how "playing" at it or "doing" it doesn't prevent strategic decisions from being made.
  • Also don't agree that "at worst" an inappropriate risk culture could lead to "serious reputational and financial damage" - I'm sure stockholders at Bear Stearns may say it can be a bit graver than that!
  • Nice emphasis on how risk culture can both stifle necessary risk-seeking behaviour at one extreme (smartly citing Eastman Kodak as a "too slow" corporate failure), as well as the more obvious "prison rules" which emerge from uncontrolled risk taking.
What can the board do?
  • Should they really ask themselves "what is the current risk culture"? If so, is that at a chinwag-type round table, or via some kind of evaluation survey issued by Risk function? Instinctively sounds like the kind of thing that would be squeezed into a Q1/Q3 board meeting at the point of a gun, which is as cynical as it is sad!
Understanding risk culture in an organisation
  • The meatier (i.e. costs money!) practitioner guide apparently contains some diagnostic tools to effectively indicate and track culture within an organisation. The flash we are given here reminds me of the psychometric testing for "what makes a great Risk Manager" that I looked at last year, but feels ultimately very high-end.
  • The "Double S" model is an intriguing addition to the mix, specifically the comment that low scores on either rating "create a barrier to the effective management of risk". Would love to see more of the research cited, as I've found that the odd mercenary firm can work wonders...
Changing a risk culture
  • Can a risk culture effectively be changed top-down without a change in personnel? Can't imagine an existing CEO being prepared to antagonise his board/exec team by declaring them culturally bankrupt unless he had carte blanche to do so, which is normally the case with regime change. I'm more inclined to think a decent CEO, partnered with Risk, could do it by stealth, rather than with a pricey change management programme which would inevitably rock a few boats.
  • "Risk culture is not a precise science" - does that make it an art?
10 questions a Board should ask itself
  • I would probably make it 11 questions, and frame the first one "Do we genuinely care about how culture impacts on our decision making, or only insofar as laws and regulations insist upon it?". If a Risk practitioner gets the answer to that directly from the Board/Exec, the other questions can be catered for with proportional vigour.
Thought provoking in the right ways, I guess it does what a good white-paper should - thanks to all concerned at the Institute.

Tuesday 30 October 2012

Aon Benfield's CRO guide to Solvency II - in case you're not ready yet...

For all those CROs who are about to get left holding the Solvency II baby three years early by their over-enthusiastic executive colleagues, Aon Benfield pulled together a CRO guide to Solvency II which aims to take the journey "from complexity to best practice". 10 out of 10 for ambition...

It leans heavily towards General Insurers/Reinsurers (indeed it reads like a reinsurance sales brochure in many parts!), but nevertheless contains a suite of very useful content for anyone in the Risk space, as well as attempting to shatter a few myths. I took the following from it;
  • Steady early bits on capital planning and common questions a CRO should be posing in that space
  • On page 5, an excellent table comparing standard formula against internal modelling by risk driver, in particular emphasising why internal modelling may be more appropriate, rather than how much capital it could shave off. Being able to explain to the national regulator why one has neglected to apply the enhancements that internal modelling introduces to the accuracy of one's quantitative risk profile would be a smart thing for CROs to practice!
  • The undo some of that noble work by suggesting part of any IM feasibility study should include estimating the capital benefits!
  • Nice examples at the top of p6 of what mixes of business lend themselves to benefitting from an IM approach
  • Highlighting that domicile of firm continues to dictate feasibility of IMs for smaller firms (i.e some countries can't staff it!).
  • Recommend reviewing SF SCR factoring in the draft L2 asap. As was clear from the E&Y research I covered yesterday, many firms across the EU consider themselves to be advanced in the Pillar 1 space while disregarding draft L2. They highlight the Swiss experience as one where they struggled to authorise models for "Day 1" approval, and the Aon crowd propose some meaningful contingencies on p8
  • Useful analysis of capital drivers and optimisation strategies (p9-10)
  • Section on expert judgement validation (p15), touching on the Level 3 expectations, and in particular how a (non-Actuarial) CRO may struggle to adequately challenge certain judgement calls, such as selected data series or correlation matrices, without specialist advice. Very hard for smaller firms to obtain that, as most of their actuarial function will have probably contributed to the judgement!
  • Note that one of the key challenges for documenting the IM is getting the best-placed people (who are normally swimming in BAU) to pick up a pen and write!
  • Neat section on ORSA (p27-29), emphasising that SF firms with complex risk profiles may find they struggle to justify that approach when concluding the assessment. They go on to suggest that early experiences of ORSA Report/process documentation submissions have left CROs feeling that the regulatory approach is (Level 3?) tickbox as to content expectations.
  • Key challenges for CRO in briefing and educating senior colleagues for Solvency II-readiness are all fair, in particular the gap that could emerge if a CRO is not also an executive member.
  • The section on Risk Appetite is particularly useful for smaller non-IMAP firms, who may struggle to quantify their target measures - whether using Standard Deviations/volatility measures as suggested is a touch too simple depends on the business I guess.
  • The Pillar 3 section hits on the same issues I (and the FSA!)have picked up on earlier, such as end-user computing, inability to transition to BAU, data ownership issues etc.
I did take exception to a couple of bits in here, where the industry or indeed common sense appears to suggest otherwise;
  • The "fallacy" outlined on p5 that an IM enables a firm to hold less capital than an SF equivalent. The research I pointed to yesterday (p20) suggests across the EU that modellers are already "making it rain" with their capital savings
  • That the IM alternative for Op Risk is based on ORIC and individual loss event info. I'd certainly seen Milliman suggest that this approach is as flimsy as the SF approach, recommending options such as Bayesian networks to generate IM inputs.
  • Concerns that evidencing senior management model "use" could create a "value-destroying documentation burden". Is that what we call "minutes" these days!
  • Comments around the documentation delivery for the Internal Model Application Process becoming detached from the underlying processes referenced in those docs influencing BAU value-adding activity are perfectly valid, but no real solution is proposed.
  • The operation of the Model Change Policy features heavily (p19-21), as anyone in that space would expect. Again. little offered in the way of solutions, but I certainly would have expected more discussion on the "scope" of the model, which in my experience is a solid, liquid or gas depending on which control function you speak to, and I'm sure the FSA would agree!
PS All the best to you guys on the US East Coast, let's hope the worst has passed...

Monday 29 October 2012

Ernst and Young European Solvency II survey - the storm before the calm...

So Ernst and Young have decided to join the party with one of the more noble attempts to gather EU-wide industry opinion on progress towards Solvency II compliance, and kindly published those findings recently. Yes, I understand that this survey came out over a week ago, but I left my notes in the Isle of Man last Monday, and I'm not so enthusiastic that I fancied another turbo-prop into Ronaldsway Airport to 'go fetch'.

There was naturally plenty of media comment on its content (here, here and here for a start, but I'm sure you can do better), but bearing in mind it was released with a backdrop of 2015/2016 and the moveable feast that is UK IMAP, one could be forgiven for not caring less about the results that point to preparedness 'by 2014'. However, the E&Y guys obviously stayed up all night to do it, so I gave it the once-over and noted the following;

Sample - 160+ respondents from 19 countries, about as volumous as I have come across, though clearly weighted towards medium/large firms (€100m+ premium income per annum), and what we might call "old" Europe.

General
  • 90% reckoned they could be compliant by 2015 (though E&Y say that is the date proposed by the EC, rather than to it)
  • High level of confidence around Pillar 1 and Pillar 2 preparedness, though shockingly two-thirds of respondents did not use the draft L2 rules when producing their balance sheet, which makes you wonder what constitutes "ready" in some countries! 
  • 80% not meeting Pillar 3 "requirements", with loose use of the expression "all requirements" for (as mentioned for Pillar 1, is this 'Level 1 plus draft Level 2', or 'Level 1 plus EIOPA advice'?). One of the worst affected areas is the development of a Disclosure Policy, which I find as understandable as I do sad.
  • Almost 70% have only met some of the data quality requirements - I'm sure the national regulators, in particular the FSA, would wince at that, even factoring in an extension.
  • Very interesting stat on the number of respondents developing Partial Internal Models (around half), with half of that number again looking for, what was at the time, "Day 1 approval". I wonder if the likely shift of "Day 1" to 2015 or 2016 allows these figures to flex, and if the national regulators are staffed to cope with it?
  • "Range of capital optimisation strategies" will be applied by the majority of respondents in 2013 - curious to know why firms would not optimise their capital deployment as a matter of course!
  • Larger organisations said to be tailing off expenditure during 2013 and have delivered compliance by mid-2014. Will an extension simply elongate existing expenditure plans or require fresh budget, and indeed how many times can one go 'back to the well' on this?
  • ORSA is by some distance the biggest laggard in the Pillar 2 space, with only 30% "mostly" meeting requirements as they stand. Can only imagine the question was asked before EIOPA came back on the L3 public consultation in June, as EIOPA were pretty clear on what to do next.
  • Some pretty flabby words on Data and IT readiness, but easy to get the general picture of "not very good" progress, particularly in the end-user computing space (three-quarters
E&Y angles
  • Clearly lobbying for recalibrating long-duration debt (p5)
  • Bit of scaremongering for smaller companies on their resource estimates (p6) - shake them down all you want, they just can't afford you!
  • Strange bit of touting done around a lack of formal assessment around the effectiveness of one's Risk Management System (p12) - don't believe this is compulsory, only that your Risk Management System is effective.
  • Also fishing hard for what was previously low hanging fruit around documentation, data governance and use test (p20).
Internal Model - specific
  • Two thirds of French and half of German internal model applicants not fishing for "Day 1" approval - not sure if this is due to BAFIN and the ACP playing hardball (already seen an instance of a modeller fleeing Germany), but an extension to 2016 puts them back in the game for "Day 1" surely.
  • Some expected discontent, though not in the majority, around the current SF risk calibrations (Op risk too low, underwriting and market too high). Even number found credit risk too high and too low, perhaps reflecting thought on long duration corporate debt and Eurozone government debt respectively.
  • Nearly 80% of respondents expect the IM SCR to be at least 10% lower than SF SCR.
Worth adding as a footnote that 14% of UK respondents thought they'll be ready for implementation "in the course of 2012" - without Level 2 kiddies, are you sure!

Monday 22 October 2012

FSA's Adams on Solvency II delay, IMAP and ICA - how long do you want lads?

It would appear that stabs in the dark on the Solvency II implementation date by senior insurance industry officials are like British buses - after the omerta-like silence of September, no fewer than three bigwigs have piped up in the last few days. First Sr. Bernadino decided to do his briefing via a Stateside publication, settling on 2016 as most probable, followed by Sr Montalvo who concurred (along with a great joke about his missus!).

While it didn't take a handsome Archaeology graduate to know that 2014 was ash, what the industry likes more than anything is cold, hard confirmation from their friendly national supervisor...

...which came today! Julian Adams gave a speech this morning ostensibly about the practical side of implementing the PRA's new approach after they get divorced from their FCA counterparts next year. Worth bulleting the big messages on IMAP;
  • Current timetable "completely unrealistic" after Plenary postponement confirmed last week
  • 2015 "...likely to prove very challenging"
  • FSA will agree a revised landing slot with IMAP participants (presumably just those who have yet to submit?), UP TO A MAXIMUM OF END DECEMBER 2015.
  • Will change this to match up with what comes out of Brussels if the two are divergent
  • For ICAS, "we will have to live with the current regime for longer than any of us expected"
  • The previously stated "aspiration" of potentially replacing ICA with internal model SCR will be formalised into a two step process. First, reconcile ICA with IM SCR (the easy bit!), then once the FSA are sufficiently happy, just produce IM SCR.
  • Retain discretion to apply ICG throughout the interim period
  • Benefits of this approach will therefore include much meatier pre-application evidence of use.
Hard to know where to go with this. Great news for anyone who remains on target for their original landing slots, as there is potentially some early-adopter capital benefits if they can abandon ICA. That said, the recent E&Y industry survey (which I will look at separately) suggested the Brits are mostly in a good spot for IMAP, so does extending the window negatively impact on the work already delivered? Certainly opens up a rather pricey Pandora's box around Validation activity which I'm sure many firms would have been delighted to have paid for one-time-only!

All in all, these public declarations will be welcomed by everyone who isn't writing a cheque for next year's IMAP activity...

Thursday 18 October 2012

Solvency II implementation delay - round up

"No news is good news" so goes the old motto, but in the case of this blog, "no news is new news"! After last week's sneaky peek at the options presented during trialogue discussions, the inevitable change of  EU Parliamentary Procedure file for Omnibus II was duly applied, and will now be discussed at the Plenary on March 28-31st 2013 (honest).

That wouldn't have ruled out either of the options on the table of the Trialogue parties at the moment, but they might struggle to squeeze in an impact study on LTGs and publish the findings between now and March, particularly after it was made publicly clear by one regulator that EIOPA were not going to start that work as scheduled. The EIOPA lads did push out the tech specs for balance sheet valuation today though, which should at least get the frog out of the box.
 
It would have been a push to complete the study and leave enough digestion-time by March-end even without a late kick-off, so our friend Sr Bernadino has happily corroborated the "Big 4" speculators and faceless "sources" promoting 2016 as the new "go-live" date by giving his own counsel to the Wall Street Journal (cited in this non-paywall article). His preference for 2015 is qualified with the probability that 2016 will prevail.
 
While thumbing my nose at the Reuters article above, it does make the link between postponement and the Commission's desire to immediately spur longer-term investment in a stagnating, rioting, semi-employed Eurozone (which is much easier without Solvency II's heavy embrace, particularly the calibration of capital requirements for long duration debt instruments which the document referenced in this post covers all too well).
 
However, for DG Faull to effectively command a recalibration of that element now the going is a bit better makes you wonder how many more cherries we are going to pick - un deux trois, nous irons aux bois...