Thursday 22 November 2012

KPMG's Solvency II Readiness Survey for CEE - the flaw in EIOPA's plan?

So KPMG released this little gem in the same time period as Solvency II preparedness became something of a moot point!

Drawing in responses from 84 people, with around three-quarters EU-based and 70% under £100m in GWP, the questions were posed in Q2 2012, so with Omnibus II missing the last plenary before summer holidays, the writing was already on the wall - despite that, KPMG reckon most respondees would have been working to a 2014 go-live date. It expands on their 2010 work in this area, where 44% or respondents hadn't got started on their Solvency II projects, so progress on that front would be considered a good start!

I gleaned the following from it;
  • 31% not expecting to be "Solvency II compliant" before 2014 - one problem that's gone away then!
  • Almost half do not have a risk management function in line with the Directive, with smaller companies the main culprits
  • Only 19% (down from 40% in 2010) will be using IM or PIM for SCR calculation. Attributed to the realities of building them as well as Groups rethinking their IMAP strategies over the last few years.
  • 62% of companies not even planning an ORSA dry run until 2013 at the earliest, with 14% not planning for one at all as it stands.
  • Only 14% electing to use more than 3 years as their "business planning period" for ORSA - two thirds settling for 3 years - supports the anecdotal trend of 3-5 years as par for the course
  • 20% reported that their internal models allow for multiple year calculations to project for the ORSA - not sure if that is stochastic or deterministic though, didn't think any of the kernel technologies out there could do multi-year projections
  • Half of companies have 50% or less of the data required to populate their QRTs
  • Extraordinary perceptions on staffing requirements for both project and BAU, which even KPMG are drawn into calling "excessively pessimistic and indeed unrealistic" - it may be led in some respects by subsidiaries using shared Group services, but is still shocking in its naivety.
  • Three quarters would like "more interpretation" from their regulator on Level 1 and 2 texts - not sure what there is to "interpret", so maybe its the Pillar 2 and 3 elements that they are struggling with (the other stats here would certainly lend weight to that).
  • More than half of model applicants strugglinbg with Validation, highlights assumption setting and expert judgement as problem areas (no surprises there)
  • 70% looking to define "new roles and responsibilities" around Data Governance - as referenced in my earlier post, not convinced that will end happily. Over a quarter don't plan to compile their data dictionaries until mid-2013.
  • Only a third looking to do full SCR calculations quarterly, and over 50% look like they will struggle to generate the SCR calculation faster than 8 weeks.
  • 20% have a dedicated Solvency II team - explaining a lot of the shortfalls in preparedness relative to Western Europe, but given the delays and uncertainty, a financially astute move.
What should worry EIOPA is the results around control function preparedness, or lack of it. If Sr Bernadino thinks that the low hanging fruit of Pillar 2 is ripe for picking before 2016, a quick review of those stats would suggest that a decent number of the 27 countries are in no such state.

Accenture study on Risk Analytics - lessons for Insurance Industry

Decent piece of benchmarking from Accenture on the current usage of risk analytics as well as drivers for the future. 450 mostly c-suite level respondees from across industries (40% insurers), but the findings are targeted specifically at the Insurance industry. Interestingly, respondees leaned towards incomplete data sets, rather than a lack of data or technological capability, as the main constraint.

While it touches on a number of areas of interest for Use Test specialists, it also covers Stress and Scenario Testing (13% of Life and 21% of P&C insurers reporting that they "rarely" or "never" use stress testing in decision making), and Reporting (which suggests the main driver for reporting improvements is regulatory rather than voluntary, due to regulators "...[increasing] their focus on the quality and frequency of reporting"). Internal Modelling also gets a mention, with almost 80% of respondents saying they already use, or are planning to use, an internal model for capital adequacy requirements.

Data Governance  of course gets decent treatment here. Only 69% of insurers polled currently have a Data Policy, but 41% have a data quality department, which feels alarmingly high, particularly when drawn against Accenture's comment that "...many firms have insufficient rigor who owns data, who sets it up and who manages it". The FSA concurred with that in their preliminary Data Quality Review findings back in September, and I'm not at all convinced that a DQ department will help in this respect (i.e. BAU absolve themselves of responsibility for their data sets!)

The Accenture crew use the "Leaders" and "Laggards" analogy throughout, so benchmark away and find out which one you are!

Wednesday 21 November 2012

EIOPA Conference in Frankfurt - "The authenticity of hopelessness"

"What do we want?" - "SOLVENCY II"
"When do we want it?" - "WHENEVER!"

...or so goes the leitmotif of today's EIOPA conference in Frankfurt, attended by the great and good from EIOPA, the Commission and various regulatory/lobbying bodies - ably tweeted by DIMA and Mr Varnell.

Sr. Bernadino's early morning speech covers the IORP issue as well as pure Solvency II, and tells us;
  • Politicial institutions should commit to Solvency II
  • All need to agree on "sound and prudent regime" for valuing long-term guarantees - EIOPA hoping to receive a clear mandate "as soon as possible", which is not promising for outcome delivery to a March 2013 plenary session!
  • Regardless of how long we stretch out to for full go-live ("not earlier than 2016" is his indication in the speech, rather than a fait accompli), EIOPA will look to co-ordinate early implementation of Pillar 2 and Pillar 3 elements based on their existing powers. Not certain if that means "existing" anticipates including or excluding the Omnibus II changes though.
Interestingly, on the same day our pals at Bloomberg produced this tidy summary of piecemeal introduction of elements of Pillars 2 and 3 which touches on some of the elements from my blog post the other week - particularly like Oliver Bate's "Balkanisation" comment!

Since Bernadino's speech the tweetosphere has been full of comment from the Montalvos/Van Hulles/Creedons etc around the practicalities of Pillar 1 parallel running, leading or following IAIS developments in insurance regulation, and ORSA - get stuck in on the #EIOPA2012 hashtag!

Tuesday 6 November 2012

Solvency II compliance ahead of "Go-Live" date - over to you, regulators

Judging by the rather resigned tones around the achievability of Solvency II "go-live" by 2014 (CBoI recently joining the FSA) and 2015 (here and here), there appears to be a growing swell of support for implementing some of the less wobbly bits sooner rather than later.

While it's unlikely that there will be more spurious adoptions than a Madonna safari trip, it is interesting to see what we can point at to-date;

UK - ICA+ regime, which lends itself, subject to the quality of the ICA-to-SCR reconciliation, to implementation from as early as year-end 2013, though one suspects 2014 is a safer bet.

Germany - Cheeky bit of Pillar II, judging by Bafin's (indirectly quoted) comments on Reuters today, although what "some risk controls" actually means is another thing!

Ireland - via the sterling work on PRISM, fitness and probity and corporate governance, it's hard to argue where they are not already Pillar II Solvency II-equivalent (at least in word, if not in deed!)

France - reference to compulsory submissions to the ACP in XBRL by Q1 2014 at the bottom of this doc, apparently confirmed at a recent soiree.

So we could very well have 3 Pillar coverage by 2014, just randomly spread out over multiple countries...

Any more for any more?

Monday 5 November 2012

Legal and General - Counting the cost of Solvency II

Spotted by his Lordship John Walton this morning, L&G  appear to have broken the mould by dropping some substantive Solvency II comment into their Q3 IMS, notably that they have booked £129m of costs in project spend.

They also go on to plead unhappiness on the inability of the rules as they stand to encourage the provision of long-term capital to the wider economy, echoing DG Faull's rollocking letter to Sr Bernadino the other week on longer-duration debt instrument capital costs, though are clearly only interested in UK investment opportunities as opposed to loading up on fruity Eurozone government debt (good on you!).

Of course the Solvency II preparation costs of most of the big-boys have been covered on this blog before, and £129m feels suitably light for a UK-focused business in comparison to some of its more complicated competitors. That said, with the FSA offering some hope of a transition to "ICA+" rather than dual running ICA and IM SCR for the next x years, how much leverage does this sort of investment buy a firm down at Canary Wharf when it comes to meeting the transitional criteria?

Look forward to seeing a bit more of these disclosures over the next week or so now we are in IMS season, but not counting on it!

Institute of Risk Management on Risk Culture - ABCs, Double S's and mercenaries

So I figured it might be worth seeing how the other half were living by reading something that didn't start with "Solvency II" and end with "indefinite delay"!

The IRM are endeavouring to produce white papers on some of the less tangible elements of a risk practitioner's day job, which one would hope contribute to more consistency in practitioner approaches and ultimately more credence in the concept of risk professionalism (indeed, their work around defending pure risk professionalism as a career, as opposed to loading risk functions with cross-over actuaries, was very much required in early 2011).

Having scrutinised their work on Risk Appetite in 2011 (lined up against some of the competing influencing bodies here), I figured it was only fair to take a punt at their new release on Risk Culture. It's fair to say that for politicians, regulators and fingers-caught-in-the-till employees, 'culture' or 'risk culture' appears to be a handy soundbite when explaining why they didn't fulfil their obligations to their stakeholders. The IRM are joined by Protiviti in producing this guidance, Protiviti themselves having delivered a survey based on UK insurers on this very topic in the summer, which was not shy about highlighting how little some organisations think of their Risk functions.

I've always felt that the 'culture' comfort blanket was one weasel word too many i.e. "there was a culture of greed" = "they were greedy ********", or "there was a culture of fear" = "scared of the gaffer", so I approached this doc with a pretty open mind, but tempered with a Manxman's natural scepticism. I found the following (sequentially);

What does a good risk culture look like?
  • Appears to have used examples of what a "bad" risk culture has recently led to, then flipped that on its head! Would have thought a clean slate approach is better for white papers, rather than reacting to zeitgeist incidents
  • Fair list of 10 criteria for anyone in the risk culture assessment space, though will always be a nightmare to codify/quantify.
  • The appearance of the dreaded "tone from the top" suggestion, which makes an appearance in the FRC's (p4), the FSA's and EIOPA's world (p10) - bearing in mind that the "top" is normally the problem when it comes to organisational catastrophe (Lehman, Northern Rock) as opposed to fat tail op risk loss events UBS/Credit Agricole/JP Morgan), I would be more inclined to call it "tone at the top".
What does risk culture mean?
  • I like the IRM's take on culture being "the repeated behaviour" of a group - very convincing definition in comparison to say the FSA in SYSC (p12), though the rest of the ABC approach is a tad woolly.
  • "Virtuous" versus "vicious" cycle sits nicely alongside this image of repetition, but nothing as such around how best to break a vicious one, either as a NED or a Head of Risk - perhaps that has been saved for the more extensive and expensive practitioner's guide!
Why is risk culture important?
  • Don't agree that risk culture affects the capability to take strategic decisions, rather it enhances or impairs the quality of those decisions. Immediately makes me think of ORSA, and how "playing" at it or "doing" it doesn't prevent strategic decisions from being made.
  • Also don't agree that "at worst" an inappropriate risk culture could lead to "serious reputational and financial damage" - I'm sure stockholders at Bear Stearns may say it can be a bit graver than that!
  • Nice emphasis on how risk culture can both stifle necessary risk-seeking behaviour at one extreme (smartly citing Eastman Kodak as a "too slow" corporate failure), as well as the more obvious "prison rules" which emerge from uncontrolled risk taking.
What can the board do?
  • Should they really ask themselves "what is the current risk culture"? If so, is that at a chinwag-type round table, or via some kind of evaluation survey issued by Risk function? Instinctively sounds like the kind of thing that would be squeezed into a Q1/Q3 board meeting at the point of a gun, which is as cynical as it is sad!
Understanding risk culture in an organisation
  • The meatier (i.e. costs money!) practitioner guide apparently contains some diagnostic tools to effectively indicate and track culture within an organisation. The flash we are given here reminds me of the psychometric testing for "what makes a great Risk Manager" that I looked at last year, but feels ultimately very high-end.
  • The "Double S" model is an intriguing addition to the mix, specifically the comment that low scores on either rating "create a barrier to the effective management of risk". Would love to see more of the research cited, as I've found that the odd mercenary firm can work wonders...
Changing a risk culture
  • Can a risk culture effectively be changed top-down without a change in personnel? Can't imagine an existing CEO being prepared to antagonise his board/exec team by declaring them culturally bankrupt unless he had carte blanche to do so, which is normally the case with regime change. I'm more inclined to think a decent CEO, partnered with Risk, could do it by stealth, rather than with a pricey change management programme which would inevitably rock a few boats.
  • "Risk culture is not a precise science" - does that make it an art?
10 questions a Board should ask itself
  • I would probably make it 11 questions, and frame the first one "Do we genuinely care about how culture impacts on our decision making, or only insofar as laws and regulations insist upon it?". If a Risk practitioner gets the answer to that directly from the Board/Exec, the other questions can be catered for with proportional vigour.
Thought provoking in the right ways, I guess it does what a good white-paper should - thanks to all concerned at the Institute.