Friday 28 September 2012

KPMG on Solvency II - Progress in an uncertain world?

Handy survey from KPMG pushed around today touching on technical practices of UK Life firms (35 responded to the survey, so a decent enough sample). Appreciating the irony of the title in the same week as the rumour mill on an extension of Solvency II go-live to 2015 went into overdrive, the content is still valid on the benchmarking front, so worth a comb through.

Of particular interest I noted;
  • IMAP remains top priority for those in the application process, though KPMG highlight that firms are closely reviewing the advantages of the IM versus standard formula due to FSA fussiness, implementation costs snowballing and less-than-attractive results coming out of the model (i.e the fabled 20% reduction guess-timates are perhaps out of reach!). Some comfort there for anyone struggling with the same issues.
  • Documentation second priority for IMAP and non-IMAP firms - concerning at this stage, bearing in mind the FSA will have had plenty of opportunity to feed back on the big ticket items. If the industry still doesn't have a handle on regulatory requirements (or it does, but is not meeting them!), then perhaps it's a good job there is an extra year in the offing! 87% of the IMAP respondents said IM documentation specifically is causing challenges.
  • Pillar 3 also high on priority lists - might we expect that to slip back on the agenda with the extra year? Particularly around software solutions, which may have previously been the only way for some laggards to populate QRTs etc within the proposed timeframes, some may decide to do something a little more ad-hoc for 2013 rather than full dry-running. Two-thirds of respondents note that turnaround time is a concern, and unsurprisingly 'achieving sign off' is a concern of around half, with the tight timescales naturally impacting on the likelihood of getting an executive to confidently put pen to paper.
  • Only a third of respondents have dry-run their ORSAs - feels instinctively light, with those yet to run spread across the next 5 quarters. Natural areas of concern are later highlighted in this area, with ability (or lack of) to project across the business planning period, and plugging the ORSA process into the BAU strategic decision making process troubling around half of respondents. Bearing in mind only a third of respondents have performed any on-to-one training (with group training/workshops seemingly the preferred route), they may find that one will facilitate the other!
Some other noteworthy points;
  • Only 80% think Solvency II will "significantly" impact the wider business - struggle to see how it could not frankly, but appreciate their are non-IMAP firms in the mix here
  • Disturbingly large number of IMAP candidates appear to be behind the curve on P&L Attribution and Validation - interesting to know on the latter whether that is in respect of their internal findings or the FSA's view.
  • Two-thirds of IMAP candidates using external assistance for validation - wonder how long that gravy train stays on the tracks with a shift to 2015?
  • 20% don't have TPs in their IM scope - is that a bit chancey at this stage? I thought the FSA view on scope was a bit more onerous than some applicants may wish for.
  • Datawarehousing seemingly moving towards being the preferred route to meet Pillar 3 obligations where an existing solution has not already been implemented prior to Solvency II
Good intelligence for both IMAP and Non-IMAP firms, and should provide some programme managers with crumbs of comfort when they see what's eating their counterparts right now.

Wednesday 19 September 2012

Deloitte on "How to conduct the ORSA" - facts and apocrypha

While our pals at the FSA, EIOPA, the CRO Forum, 3 of the Big 4 (here, here and here), the Little 3 (here, here and here), the IRM,  the Irish SoA, and even the guys in the stars and stripes have deemed to recommend to all and sundry what ingredients will make a good ORSA, Deloitte have chipped in this week with a 50-page whopper that tells us everyone else was wrong and they are right...

...well OK, not quite! Deloitte's release about this "important yet enigmatic" area, which seems to have a mainland Europe-flavour to it, works its way through EIOPA's reformulated opinion on L3 ORSA guidance released in July, summarising what changed between the Nov 2011 and July 2012 versions. I of course managed this feat two months ago, but I couldn't quite pad it to 50 pages! They then embellish a section-by-section analysis of the two documents with some charming apocryphal tales of what "many companies" or "the industry" are struggling with currently (i.e. their clients' problems!).

As with most things generated by the behemoths, it is a really useful piece of material despite on the face of it not adding anything new to the knowledge pool, so from an ORSA consultant's perspective, I've made the following notes;
  • Emphasises that supervisory intervention will come from lax ORSA processes, as opposed to ORSA Report content (which will drive the US approach)
  • Notes that, given the opportunity for the ORSA and the SCR calculations to to be conducted on different reference dates, that this may allow organisations to keep any existing strategic planning processes where they already are in the calendar, rather than unnecessarily shift them to, say, follow financial year-ends. The proviso of "no material change in the risk profile" may of course discourage that, if only due to the need to define "material"!
  • Some rather controversial free text around risk appetite ("intuitively simple" as a concept) and risk appetite frameworks ("very much a work in progress" at insurers) - appreciating progress is somewhat inconsistent across industries and the inter-body squabbling on the matter, I can imagine many practitioners would argue the opposite of both points - it's complex, but we're well on the way!
  • Highlights difficulties with performing obligatory entity-level ORSAs if risk appetite is expressed in regions/products/funds, which seem perfectly reasonable anchors for risk appetite statements on the face of it.
  • "Most organisations" defining AMSB as parent company Boards, plus entities if applicable - no evidence provided though.
  • "Many firms" struggling with the "cultural challenge" of getting Boards to drive ORSAs - this I found odd, as many ORSA processes will already be in place to a greater or lesser extent, and most would feature in their individual crystallised reporting form in a BAU board pack. They go on to suggest that getting AMSB input into stress and scenario testing is one way of evidencing ORSA "driving".
  • Comment that "In general, the ORSA guidelines were seen as too prescriptive" [my emphasis] - I generally recall the clamour from the industry over the last 3 years being that there isn't enough!
  • Common (unevidenced) theme identified that ORSA policies have tended to be signed off by Risk Committees, which may not satisfy the AMSB sign-off requirement
  • "Some organisations" electing to split out record of the ORSA Process from the ORSA Report to trim the document size - makes perfect sense, as there's no danger of the co-ordinating function not retaining those records for repeatability purposes.
Plenty of other clutter in there on risk quantification and capital management, but nothing controversial, just nice to read. Bon appetit...

Tuesday 18 September 2012

FSA - Data Review findings in context of IMAP

So I guess there was an inevitability that, with all of the resourcing around Solvency II programmes over the last couple of years being focused on filling the yawning corporate governance chasms within EU insurers with bald, handsome, impeccably mannered Pillar 2 consultants (well, one out of three ain't bad!), that some of the more mundane aspects of preparations would take a back seat.

Step forward Data Quality! With the considerable efforts expended by UK internal model applicants already on plugging their calculation kernels in, risk calibration, loss function fitting, correlations etc, the FSA's latest review findings take us right back to the starting point of SCR generation - data inputs - and they are not impressed.

The FSA began working on this topic with the industry as far back as this time last year, and are not scheduled to be finished with this thematic review until Q3 2013. Bizarrely, they note in the introduction to these review findings that their scoping tool released in July 2011 aimed to help assess compliance with both Level 1 and draft Level 2, which wasn't released to the industry (i.e. leaked) until late October - quel chance mes amis?

Splitting hairs on timings aside, just reading the five section headings of their review work would be enough to reduce many BAU staff to a quivering wreck ("Implementation of the Data Policy"? What, today?), so I wasn't expecting a glowing report. That said, the quality of data which ultimately results in today's technical provisions, capital requirements etc is seemingly fit enough for purpose, so a full-on hatchet job would be a poor reflection on both the industry and the regulator.

Assuming a 2014 go-live date (looking unlikely as of 9pm GMT today!), the areas of major concern for insurers, based on these preliminary findings, would be;
  • Difficulty in assigning data ownership - there will be enough Pontius Pilates in the BAU world who will happily wash their hands of data ownership until the cows come home. Programmes will need to be extremely forceful in assigning ownership and ensuring it sticks
  • Inability to articulate "accurate", "complete" and "appropriate" - this should have been an easy win, so I'm surprised that it is seemingly an issue. Realistically, should we expect the business to take ownership of data sources when we cannot define what is and isn't acceptable output from them? 
  • Data Dictionary/Data Directory confusion - a suite of pretty scathing findings in this field, suggesting both over-simplicity and over-complexity has been found in the workings of Data teams.
  • Spreadsheet controls and non-compliance with end user computing policies - onerous expectations on the face of it (paragraphs 4.41 and 4.42), which will be a shock to both programme budgets as well as end-users.

Some other interesting points made in the review include;
  • Firms either using their Risk Committees, or a bespoke "data steering" committee as their data governance body - pretty sure the Risk Committees won't fancy this as long-term work.
  • A number of suggestions as to what areas are not currently being consistently addressed when assessing materiality (p11-12)
  • Some very useful comment around data classification methods (p13)
  • Suggestion that, as I expected, the techniques applied to assessing the quality of data provided by third parties is not robust enough - industry-wide consensus on how to interrogate your outsourcing parties would be useful in this respect.
  • A rather strange comment around poorly designed/controlled data warehouses - I can only assume they have seen one or more horror stories on their travels, as the warehouse is surely the way to go!
Any smart cookies who haven't got going on Phase II with the FSA at this juncture should be stripping this down line-by-line. For those of you outside of the UK, you may want to cross your fingers that your friendly national regulator doesn't use this approach as a yardstick...

USA and ORSA - Let's do it baby!

Promising sounds from across the pond, as the NAIC make some definitive movements (detail here and here) towards the inclusion of Own Risk and Solvency Assessments as part of their regulatory reporting package - difficult to find the exact paperwork, but the summary of what was tabled by the ORSA subgroup at their August jamboree is here, while a statement to cover their adoption of the Risk Management and Own Risk and Solvency Assessment model act is available here.

I have touched on the movement of the US towards production of ORSAs in earlier blog posts, including recently on the preparedness of firms to meet ORSA reporting requirements,

From another earlier post, I can see the 15 volunteer company pilot which was mooted at the start of the year ultimately became 13 companies by the conclusion of the pilot (no word on who started, but couldn't be bothered finishing!). According to the Clearwater information, only 8 participants ORSA Reports were considered "complete", this despite the NAIC providing an ORSA Manual from which to work from.

Is this ratio of incompleteness indicative of what the 27 EU national regulators are likely to encounter in 2014, or is the lack of prescriptive guidance at Level 1 and Level 2 handy in this regard (i.e. ORSA Supervisory Reports will be "passed" regardless of quality, and regulatory arbitrage is back on the agenda).

Either way, Clearwater also note that 2015 is looking like the most likely time for imposition of ORSA reporting, so the guys will still have time to borrow from our experiences, as we can from theirs - suggested improvements  from the NAIC's sub-group to the participants (none of which would hurt anyone in the ORSA space over here!) include;
  • Include a summary of “significant changes” from prior year
  • Provide additional detail regarding risk managers and compensation
  • Include additional stress testing, specifically for liquidity
 Looking forward to the sub-group's next report, the approach over there appears to be relatively easy to follow and well led, which I guess it can afford to be if it isn't masquerading as something other than a filing requirement... 

Tuesday 11 September 2012

Did we learn from Equitable Life? Professor says "No"...

A cracking thought paper was released this week by Professor Roberts from Kings College regarding the lessons one could reasonably have learned from British mutual Equitable Life's demise in early 2000s, and more importantly, did UK plc actually learn them! (simple timeline of recent events here for our non GB readers, but anyone whose website starts with a banner exclaiming "recreating value for policyholders" has clearly had a lean few years!)

This document works nicely as an aide-memoire for anyone working in a financial services risk function as to what one should be wary of in the day-job. Professor Roberts ties in some of the most recent work in this space (leaning heavily on the Cass Business School/AIRMIC Roads to Ruin research and its conclusions in particular), and comes to the inevitable conclusion that lessons are well publicised, but never learned.

My main concern as a risk specialist is that certain recurring themes in the failure of financial services firms appear to remain outside of the Risk function's control or indeed influence, notably;
  • Hubris of Senior/Chief executives - Almost every example of failure in insurance and banking referenced in Prof. Roberts paper includes a flukey, unchallenged CEO who got bolder as circumstance rather than skill kept their businesses growing. I had flagged a couple of articles in a post last year touching on what makes an executive tick, and since then I have seen psychopathy and leadership (as opposed to cherubic faces!) examined further in a popular mainstream book. The legitimate concern here of course is that CROs are seemingly no nearer to being guaranteed seats at the top table, let alone a veto to keep the most dominant executives in check, regardless of their loud voices, when necessary.
  • Poor quality governance from Non-Executive Director level - Risk functions simply must have the NEDs performing at their optimum in order to provide acceptable services to their employers. While the "old school tie" approach to recruiting NEDs may take a generation to phase out entirely (to be replaced by an army of Fembots, so Viviane Reding would have us think), Risk functions are left with tottering old fee-sweepers as their key route to early intervention. The more visceral approaches to documenting risk appetite/tolerance/preference now being supported by corporate governance codes and vocational/professional bodies may make it easier to raise concerns with NEDs in future (probably as it will be colour coded and in Excel...), but until they are actually prepared to risk their comfortable semi-retirement with some probing questions in the C-suite itself, should Risk functions ever think they can overcome such a void?
  • Failure of regulation - Should Risk functions be banking on the (inevitable?) failure of the nascent regulatory environment, and reserve for subsequent claims/compensation if one or a number of products are "too" successful, thus providing the necessary quantum of dissatisfied customers for the regulator to act? I would have laughed this suggestion out of the room until a year ago, since when the FSA have made retrospective calls on interest rate swaps, PPI, and TLPs, all of which would have been presented as "compliant" products in the Boardroom.
For the Solvency II fans, it also notes on page 11-12 that Equitable Life featured in the research which grew up to be Solvency II! Maybe we did learn something after all - if we smash up the affordability of long-term guaranteed products, we can all go unit-linked and never have to worry about another Equitable...

Monday 10 September 2012

Clear Path Analysis - Solvency II "The Global Dimension"

This piece of research from the guys at Clear Path Analysis (sign up required) has been in the offing for a while, and as I covered their last impressive release on this blog (and I don't have a life :-( ), I've been looking forward to it...

There is certainly plenty in here to keep those of every persuasion entertained (with the sponsors as omnipresent as their funding permits!), but I've sectioned out highlights for my own benefit;

Foreword
  • Solvency II "...clearly a step in the right direction" - oddly, not followed by a punchline...
  • On the likelihood of Sol II remaining ahead of the IAIS approach to solvency regulation - "Asia no longer looks to the west for regulatory best practice", going on to cheekily recommend a cherry-picking approach
Barbara Ridpath - think tank CEO, on short-termism and regulation
  • Highlights one (widely acknowledged) consequence of Solvency II being a disincentive to invest in long term and/or non-Sovereign debt instruments, which is not in the mandate of the regulations, or indeed the regulators.
Roundtable on un-level playing fields between EU and non-EU insurers - includes Standard Life Sol II lead
  • Solvency II likely to weed out companies who can't handle the ongoing compliance cost from running EU operations
  • Large piece on Canadian equivalence (of particular importance to Standard Life of course) and the practicalities of equivalence being neither sought nor at this point offered for a non-EEA wing of a EEA HQd insurer.
  • Standard Life not happy with equivalence assessments running concurrently with IMAP, due (rightly) to the significance of a "yay" or a "nay" to the strategic thinking around non-EEA arms.
  • Suggestion that Asia is looking harder at the IAIS approach as opposed to Solvency II for future direction
Data and Risk Reporting Interview - Dan Wilkinson, ERM head at Liberty Syndicates
  • Increased formality around Data and Risk reporting, using both controls-focused and risk-focused approaches. Makes reference to a monthly management committee which takes reporting on data deficiency matters, which I have heard reference to on the circuit before, and certainly demonstrates that data inputs, whether for internal modelling or for strategic decision making, feature as a high priority, rather than taken as read.
  • Notes that his employer is moving risk reporting away from the 1-in-200 VaR to "...more foreseeable points in the distribution", which we definitely like to hear in the ORSA world!
  • Alludes to concerns around disclosing ORSA-related information to the outside world, which is an area yet to be adequately chewed over by regulators and industry quite yet, let alone ratings agencies, analysts etc
  • "Sensible amount of proportionality" should be adopted when deciding what should be disclosed - is that a contradiction in terms, an oxymoron, or some other expression I can't quite lift off of Google!
  • Sensibly stresses that an effective emerging risk policy should allow input and challenge at all levels of an organisation, when asked about internal models evolving with the risk profile of the business.
  • "...biggest deliverable is cultural" - i.e. stripping back your long-since-gone consultancy friends' technical documentation (where required) in order to make it more accessible and free BAU staff to use the new facilities, be it a spruced up RMF or a full Internal Model - appreciate I may be doing myself a disservice by highlighting it!
  • Didn't agree one bit with the comment that ORSA could "...inflate regulatory capital, based on rather speculative assumptions" - FSA have been pretty clear that ORSA has no bearing on required capital, appreciating the nuances around what they say and what actually transpires!
  • Also wasn't massively sold on the comment that the ORSA "...should bring together information that is used within the business to allow analysis of medium term trends", unless of course he was cut off mid-sentence!
"Challenges of Pillar III" roundtable, focused seemingly on getting asset managers to pull their fingers out! Includes a CRO from an Italian insurer
  • "Asset managers who are not willing or able to invest in appropriate data management and reporting systems will find it hard, if not impossible, to attract or retain insurance clients" - so there!
  • Suggestion that "parts of the industry will have to get up to speed on" underlying assets which they are currently invested in for the look-through basis - I suspect that there are plenty of horror-stories to emerge once some CIOs and CFOs get a proper butchers at what some of their collectives are actually invested in, particularly with the advent of outsourcing investment management or just administration over the last decade or so...
  • Note that ratings agency priorities over the near-term may focus more on differences between SF and IM-calculated SCRs and the impact of transitionals, rather than purely on SCR outcomes.
  • Note that "Solvency II is effectively a lead in this area [transparency]", so no pre-conditions should be expected from ratings agencies
  • Even bring up the old gripe that EEV/MCEV is still not understood well enough by agencies/analysts, so by implication there should be few worries about additional disclosures!
Considerations for Building a Diversified Investment Portfolio - Charles Pears from Insight Investment

Really accessible and well structured two-pager on portfolio diversification, of particular use to non-experts which covers
  • Rationale for insurance companies looking for low risk returns;
  • Risk drivers which make that difficult in today's environment, even if accepting minimal risk
  • Why companies may look to seek excess returns, and the constraints around that
  • Why decisions to accept more risk for enhanced rewards should be (but perhaps aren't always) knowledge based
  • Basic options for enhancing portfolio returns without breaking the bank from a capital perspective.
Interesting is wrapped up with a comment that "...we expect insurers who adopt a Liability Driven Investment approach will secure a meaningful competitive advantage" - hard sell perhaps, but the rationale for it is well documented here.