Friday, 29 March 2013

EIOPA Preparatory Guidance - ORSA (or 'forward looking assessment of risks')

Forward-looking assessment of the undertakings own risks (based on ORSA principles) (plus explanatory text)

The ORSA preparatory guidelines* are not a massive burden for anyone busy rolling eggs down hills at the moment, coming in at 34 pages containing 25 guidelines, as well as 29 pages of explanatory text. In this instance, it is probably disappointing to any underprepared supervisors and insurers in that they may have preferred more!

More pointedly, the materials add little to what was already in existence from EIOPA in July 2012, and certainly will required little in the way of adaption in the UK's instance, who are already in a similar headspace and have been advising accordingly.

Of course the world and her husband have piped up with their opinion on what ORSA should cover and how it should be administered and documented (this post has a decent sweep at capturing most of them), so opinion on this matter is something we are not short on.

For me the headline points are:
  • ORSAs (well, 'overall solvency needs assessments', but let's be serious!) expected from 2014
  • Internal Models should be used by anyone in pre-application
  • Likely that most standard formula firms will have to qualitatively assess deviations between SF and their own Risk Profile at this time
  • Expectation of an internal ORSA report and a ORSA supervisory report
  • Records of the assessment expected to be documented and kept which must be "appropriate" - no prescription of what that means
  • ORSAs to be performed at least annually
The following points are either new, or worthy of reiteration for anyone whose preparations on this front are less than certain - for ease of reference I have used 'ORSA' where EIOPA use 'forward looking assessment of risk', and as with the other preparatory guidance papers I have looked at, I will assume there will be blanket application as written, with no dissent from industry or NCAs:

Guideline 3
  • Overall Solvency Needs assessments will be expected from 2014 (i.e compliance with Article 45.1)
  • Minimum of 80% of the market must also assess whether they would comply with the Articles 45 (b) and (c) from 2014 - regardless of any Pillar 1 uncertainty.
  • Internal Models expected to be used in ORSAs if a company is in model approval pre-application
  • IF the standard formula is 'provided' by 2014, expectation that SF firms will assess deviation between the SF assumptions and their own Risk Profile - this excludes anyone outside of the magic 80% catchment figure mentioned above.
Guideline 6 - Documentation generated by ORSAs must include:
  • An ORSA Policy
  • An ORSA Record
  • An Internal ORSA Report
  • AN ORSA Supervisory Report
Guideline 7 - The ORSA Policy must include
  • Description of component ORSA processes and procedures
  • Consideration of the linkages between Risk Profile, Risk Tolerances and Overall Solvency Needs (OSN)
As well as information on
  • frequency on stress tests, scenario analyses and reverse stress tests; 
  • data quality standards; and 
  • the frequency of the assessment, justified in relation to Risk Profile, volatility of OSN relative to capital position, timing (from calendar perspective I guess) and circumstances for ad-hoc assessments
Guideline 8 - ORSA Record
  • Firms expected to "appropriately evidence" the assessment - no prescription as to what that means (logs, working papers, meeting minutes, e-mails)
Guideline 9 - Internal ORSA Report
  • AMSB must communicate results to "all relevant staff" post-approval, which includes the ORSA results and conclusions
Guideline 10 - ORSA Supervisory Report
  • 2 weeks after concluding ORSA, ORSA supervisory report must be submitted, which must include;
  • Quantitative and qualitative results, and conclusions drawn
  • Methods and main assumptions
  • Comparison between Own Funds, SCR and OSN
Guideline 11
  • Must quantitatively estimate the impact of different valuation bases (if used) when assessing OSN
Guideline 12
  • OSN must be quantified, supplemented by a qualitative description of all material risks
  • Expectation that these items are all stress/scenario tested
Guideline 17ORSA output to be used at least for;
  • Capital Management
  • Business Planning
  • Product Development
Guideline 18
  • ORSA to be performed at least annually

* So let's end with something fundamental, EIOPA - it is NOT useful to replace 'ORSA', as an acronym or indeed in full, with the expression "Forward-looking assessment of risk (based on ORSA principles)" 5 years down the road - I'm sure there is a rationale, just as sure as I am not going to like it (even the GCAE agree with me, going with 'ORSA-like')!

Thursday, 28 March 2013

EIOPA Preparatory Guidelines - System of Governance

Consultation on System of Governance preparatory guidance (plus explanatory text)

For a topic which has felt like a given for a number of years (certainly in UK and Ireland where we already ask a lot in this area), the System of Governance preparatory guidance is still 40 pages, comprising of 57 guidelines, accompanied by 60 pages of explanatory text.

A couple of things immediately grabbed at me when going through the guidance (again anticipating a conservative approach of the supervisors rolling over and applying all content as is)
  • That the Risk Management Policy (regardless of how one structures the component elements) is expected to contain procedure-level information about the management of each major risk category - this sounds hopelessly disproportionate, and almost impossible for supervisors to reasonably get through;
  • That it is "expected" that large or complex firms separate their four key control functions, and that others at the small/medium end may ultimately find it easier to do so than consider the range of controls/maintenance of independence required to have combined functions;
  • That an expectation that insurers' systems of governance require regular independent review, with the AMSB only retaining the ability to choose the performer;
  • That insurers will be expected to formally identify/analyse/report on Operational Risk Events
  • That EIOPA bottled out of defining Risk Appetite and Risk Tolerance, leaving national supervisors and insurers to fight it out amongst themselves.
Ultimately, the document reads like a checklist which practitioners or full-timers can run through against the suite of documentation no doubt already in existence which, if based on CEIOPS/EIOPA final advice and/or the Commission's Draft Level 2 measures, won't be miles away as it stands. On that premise, I've only listed elements which jump out for me.


Guideline 3
  • Evidence should be collected of the AMSB "proactively" seeking information from committees/key functions
Guideline 5
  • No more detail than an expectation that the AMSB "appropriately implements" their key functions - in the explanatory text, it goes on to say that larger companies will be "expected" to fully separate Risk/Actuarial/Compliance/IA, with a series of measures expected to preserve functional independence if smaller companies choose to combine some.
Guideline 7
  • Expectation that both AMSB decisions, and how information generated from the Risk Management System (RMS) influences them, is "appropriately documented" - compulsion for Board Decision Logs?
Guideline 8
  • Regular System of Governance reviews appear to be expected, which are documented and reported back to the AMSB - the AMSB retains the right to choose who performs it 
Guideline 9 - All policies must include:
  • Goal of policy
  • Tasks to be performed and by whom (person or role, unlike for validation, where person/s was specified)
  • Associated processes and reporting procedures
  • Obligations of affected operational teams to inform control functions of "relevant facts" at all times
Guideline 10
  • Contingency plans are expected for areas which are "especially vulnerable" - this pushes outside of what one would consider a conventional contingency plan for operational emergencies.


Guideline 11
  • Must have a Fit and Proper persons policy
  • It must be equally applicable to both hired staff and outsourced functions


Guideline 15 - AMSB is "ultimately responsible" for:
  • RMS effectiveness
  • Setting Risk Appetite and Risk Tolerance Limits
  • Approving Risk Management strategies and policies
Guideline 16 - Risk Management Policy must cover at least
  • Risk categories used and measurement methods
  • How each category/grouping of risks is managed
  • Risk tolerance limits for all categories in line with Risk Appetite
  • Linkage of both SCR and ORSA to risk tolerance limits
  • Frequency and content of regular stress tests, and circumstances for additional testing
In addition, the associated guidelines touch on the risk categories within one's Risk Management Policy. There is an expectation for pretty much every category that procedure-level information is included in the policy documents themselves, as well as hard limits, which is unlikely to be the case as it stands.

Guideline 18 - Insurance Risk Policy
  • Expected to cover types of acceptable insurance risks, how premiums will cover claims/expenses, as well as how product design accounts for investment restrictions and formal risk mitigation techniques
Guideline 19 - Op Risk Policy
  • Expectation that Operation Risk Events will be formally identified/analysed/reported in insurers, and that a system for collecting and monitoring them should be in place.
  • Operational Risk Scenarios should be developed and used, based on failures of key persons/processes/systems and external events
Guideline 23 - Investment Risk Policy
  • Buzzphrase introduced of managing the level of "security, quality, liquidity, profitability and availability" of one's asset portfolio


Guideline 32
  • Concept of a "medium term capital management plan" introduced which covers; planned capital issuances, maturities and distribution policies - not sure how that works for mutuals, but I can see what they're fishing for


Guideline 33
  • "All personnel [should be] aware of their role in the Internal Control system
  • The Internal Control system should be "commensurate to the risks arising from the activities and processed to be controlled" - this line should hopefully avoid overkill


Guideline 36
  • The Internal Audit policy should include the procedure for informing supervisors [of whistleblowing-level wrongdoing I guess]


Guideline 44
  • "Material"deviations of Best Estimate Liabilities should be back-tested for by the Actuarial function, reported on, and remedial changes proposed
Guideline 46
  • The Actuarial function is expected to "contribute to" specifying the risk coverage in the internal model, as well as the dependency structure - this feels like areas where, even in larger insurers, the function probably already leads, so will they be asked to take a step back?

EIOPA preparatory guidelines - pre-application for Internal Models

Consultation on Pre-application for internal models guidance  (plus explanatory text)

As staggering as it is frightening, and perhaps indicative of the diversity of approaches currently on parade across the Union, the pre-application for IMs preparatory guidance is 60 pages, comprising of 72 guidelines, accompanied by a whopping 144 pages of explanatory text. This accompanies the existing 82 pages of L3 guidance on the matter released by then-CEIOPS in 2010! A sub-group of EIOPA's IRSG has been assigned to deal with the nitty gritty of this element of the preparatory guidelines.

On first read, this feels massively influenced by the UK's activities to date, and indeed anyone working in that space will recognise FSA pawprints all over the granular details contained within. This is fair I suppose - the InsuranceERM models map has the UK down for around 1/3rd of models currently in 'pre-application' across the continent.

Therefore bearing in mind the UK approach is already pretty well established, I have highlighted below areas which either diverge from what is currently being exercised on the ground, or which clarify (at least for me!) areas which were previously ripe for controversy or disproportionate/inconsistent application. Where it is common sense or continuez tout doit, I have ignored it.

Most importantly, I am reading it as a fait accompli - bearing in mind the short window of time between consultation end and period commencement, EIOPA's recent past on consultation responses (i.e. 'thanks but no thanks') and the UK's evident participation in the bulking of these guidelines, I don't see much room for lobbying swathes of this away, nor for the PRA to "explain" rather than "comply"!

Guideline 3
  • As well as nature, scale and complexity, "design, scope and qualitative aspects" of the IM should be considered when allowing for proportionality 
Guideline 4
  • Any model changes pre-application look like they will be pored over by NCAs, including the associated change approval process 

Guideline 5 - Model Change Policy
  • Policy should, as well as SCR-related changes, include changes to: system of governance (around model change); compliance with Use Test requirements; appropriateness of technical specifications and changes in Risk Profile
Guideline 6
  • Approach to classifying "major" changes is expected to be objective
  • Must also take into account specificities of the company (so benchmarking percentage changes against your neighbours may not be that useful) 
Guideline 7
  • Aggregated change triggers must be considered, not just isolated changes
  • Offsetting positives and negatives won't be acceptable to avoid a "major change" trigger!
Guideline 8
  • Major/minor changes must be determined at Group and entity level

Guideline 9
  • "No complete and detailed list of specific [model] uses" will be supplied by NCAs.
Guideline 11
  • Granularity of the Risk Management System will need to match the IM in terms of categorisation
  • The "structure of decision making fora" will be assessed in ensuring the IM fits to the business - extraordinary!
  • Records expected to be available to show how IM outputs are designed
Guideline 12
  • Assessment of training, seminars, workshops, meetings and direct interviews "should be considered" in pre-application
Guideline 13
  • Will need to "ensure [IM] will be used" during pre-application, as opposed to "use it"
  • Expectation that, if other tools are used in decision making, IM is improved having assessed inconsistencies against said tools
Guideline 14
  • Evidence of prospective support and retrospective verification of decision making would be advisable for candidates
Guideline 15
  • Must document where model is not aligned to the decision ultimately made

Guideline 19

  • "Materiality" in the context of assumptions will need to be both qualitatively and quantitatively assessed - should generate some healthy Risk/Actuarial function debate!
Guideline 20
  • A validated and documented process for assumption setting and expert judgement will be required
  • Sign-off on assumptions will need "sufficient seniority", up to and including AMSB
Guideline 21
  • A formal and documented feedback should be maintained between assumption setters and users
Guideline 22
  • On the transparency of assumption setting, point 1.64 here effectively asks for an Assumptions Register, as well as dictating what it expects to see in it.
Guideline 23
  • Process mapping of some kind expected for the validation of assumption setting
  • Independent assumption review is also expected - doesn't dictate whether this should be internal/external, but it will keep someone in clover no doubt.

Guideline 26
  • Methodological consistency to be validated

Guideline 37
  • Point 1.105 seems to confirm P&L attribution by risk driver is required
Guideline 39
  • P&L attribution must be used at least annually in the decision making process
Guideline 40
  • P&L attribution to be used in the validation process (specifically, old ones to be compared against  experience

Guideline 41 - Validation Policy to contain at least
  • Process, methods and tools, and their purposes
  • Frequency of validation for each part of the IM, and triggers for ad-hoc validation
  • Persons (not roles) responsible for each task
  • Procedure to be followed where reliability of IM is questioned, and ensuing decision making process
Guideline 42
  • Shies away from touching Internal Model scope when talking of validation scope - great move!
Guideline 43
  • Evidence of sensitivity testing expected when determining materiality
Guideline 44
  • Must document known limitations of validation process, as well as circumstances where the process falls over
  • May even be asked to quantify the degree of uncertainty!
Guideline 45
  • A documented escalation path would be advised
Guideline 46
  • Risk Management function will be pressured, as the function with overall responsibility, to ensure all tasks are completed (if not directly performing them) - new skill set?
Guideline 47
  • Evidence of how the RM function ensures that the validation process remains independent of IM design and ops should be collected/enhanced
Guideline 49
  • A process will be expected to ensure the choice of validation tools used considers; complexity, nature, independence and knowledge of participants - feel this could be tricky for the smaller IMAP guys without leading to additional spend on consultants
Guideline 50
  • Must be able to document the appropriateness of the validation tools used accounting for; materiality of IM part, granularity of the data being tested, purpose of the task and the expected outcome

Guideline 53
  • Expectation of a "...clear referencing system [for IM documentation] which should be used in a documentation inventory"
Guideline 55
  • An overall summary of IM shortcomings, "consolidated into a single document" will be expected
  • This needs to cover at least; Risks not modelled, limitations in modelling, sources of uncertainty in results, data deficiencies, external models/data, IT limitations and governance limitations.
Guideline 56
  • Potential suggestion that there should be more than one level of IM documentation to suit other audiences/uses - IM for Dummies anyone?
Guideline 57
  • End-to-end User Manual expected which an Independent Knowledgeable Third Party could operate
Guideline 58
  • Stress that a single document containing all model outputs (as Use Test evidence) is not required - acceptable as single docs

Guideline 60
  • Expectation that external data sets will be sense-checked against "other relevant sources"
Guideline 61
  • Understanding of external models must extend to technical and operational aspects, as well as assumptions
Guideline 64
  • "Material" assumptions of external models must be validated
  • In point 1.163, any potential for cherry-picking features/options of external models is constrained

Wednesday, 27 March 2013

EIOPA consultation on "Solvency II Preparation Guidelines" - Wham!

In between Mickey Mouse cartoons today, my young lad said "EIOPA just don't publish enough consultations about Solvency II, I hope we see some more soon" - well wait no further son, this year's motherload has just arrived!

EIOPA Guidelines - supervisors have
been 'hanging on like a yo-yo'
What was mooted back in December as EIOPA's interim measures, intended to make sure that impatient  individual national supervisors didn't 'plan on going solo' have been released today for public consumption and comments, covering the 4 areas "fundamental to ensure effective preparation for Solvency II".

The consultation is open until June 19th, but the guidelines once finalised will apply from Jan 1st 2014.

EIOPA will apply them proportionally to the national supervisors, who in turn are asked to "...regard the burden on small and medium sized undertakings" when incorporating these guidelines into national regulatory landscape. May be the first acknowledgement of disproportionately burdening SMEs I have seen from EIOPA!

Those 4 areas are:
  1. System of Governance (L2 final advice here)
  2. Forward-looking assessment of Risk/ORSA (issues paper here)
  3. Submission of information to national authorities (L2 advice here)
  4. Pre-application for internal models (L3 guidance here)
I'll pick these off as separate posts and link them back to this page, so sers toi in the meantime and happy reading!

InsuranceERM round table on Solvency II and Capital Management

Nice freebie from the InsuranceERM guys, covering a CRO/ERM Head roundtable touching on economic capital, internal models and Solvency II - the first of this double header is here. With representation from from all sides and sizes of the insurance industry spectrum, the views tabled should be useful for most practitioners in this space, even if some of it is not exactly new news.

They are relatively benign on controversial areas such as industry cost, and even positive when talking of Solvency II having provided an incentive to improve both risk and model governance in the here-and-now, regardless of the necessity from a pure compliance perspective.

Between the two, the following noteworthy views were tabled;

On Solvency II

  • "...has to be considered now if, not necessarily when"
  • "...from a non-life risk and capital perspective, Solvency II just does not work" - citing reserve risk specifically as inherently flawed 
  • The UK's ICA+ regime "...pushes [Solvency II] back towards a more sensible view of capital"
On Internal Models
  • "The main issue with the models is spurious accuracy and detail masking big assumptions, which is possibly a systemic risk"
  • Regulators in some European countries think internal models are "unnecessarily complicated"
  • In response to the suggestion that internal modellers could be "gaming the system" to reduce capital requirements regardless of risk profile, Aviva's ERM head noted that the FSA have identified through their own research that the ICA regime appeared to have done just that back in 2004
  • It is "...inevitable that [the Bank of England wearing their PRA hat] is going to take a far more sceptical view of internal models", particularly where Internal Model SCR is lower than Standard Formula SCR
  • On Use Test, "...potentially 3 or 4 years before the model is truly bedded in"
On Ratings Agencies and their capital requirements to maintain target ratings
  • "...many people, especially in Bermuda, see ratings agencies as de facto regulators"
  • "...may take internal models less seriously in the short term" off the back of Solvency II
  • Ratings agencies capital requirements are "the worst common denominator" alongside SF SCR and IM SCR
I've personally been relatively well shielded from the extent of the discontent on the non-life side, but judging by the confidence intervals used by high profile insurers as their EC targets (frequently observed at 99.9-something/A or AA rating space), it's no surprise that ratings agency requirements are in many cases paramount - that business could potentially be dragging three or four capital measures to their respective Boards for the next 3 years (agency capital, IM SCR, ICA and SF SCR) is a grim prospect.

Perhaps of more immediate concern is the view that the FSA/PRA have the potential to be more cantankerous around internal models once they move into their new office - something to look forward to in 2013?

Wednesday, 20 March 2013

EIOPA's Montalvo on the Solvency II impasse - "more complex than it was originally foreseen"

EIOPA published a transcript of Carlos Montalvo, their Executive Director, speaking with Risk Universe magazine about the current state of play in the Solvency II/Omnibus II world. Always nice to hear from the horse's mouth, and he had a fair amount to say (with not all of it regurgitation!);

  • "The objective of Solvency II is not to reduce risks, but to allow companies to properly understand, price and manage the risks they face" - we frequently hear from the EU institutions on what the 'objective' of Solvency is, so I might do a clean-up post on this, particularly as the scare stories on the impact of the LTG assessment outcome on granny and grandad's pensions are increasing the prominence of the topic (the Advisory world being a prime example). 
  • "Solvency II is more complex than it was originally foreseen" - early contender for understatement of the year...
  • Credible timeline is "a must have".
  • Insurers should "make sure that Boards of firms keep considering Solvency II a priority" - after  4 years of phoney war, easier said than done SeƱor!
  • EIOPA's interim measures " excellent way for all parties to use the extra time of the delay as a way to be better prepared for implementation".
  • Internal Models are "a fundamental management toolkit" - quite the opposite take of the wonderful blog post from one of Willis's finest last week, writing that actuarial models "take combinations of assumptions and torture them to come to conclusions"!
  • "The ORSA Process must be owned by the company" - without any useful elaboration on what 'ownership' entails and how it should be documented from a system of governance perspective. I would add that the questioner's view that firms are still "struggling" with ORSA feels a touch dated, otherwise what has industry been spending its money on for the last 3 years
The standout comment on p4, for all the wrong reasons, is around the potential use of ORSA supervisory reports for the calculation of capital add-ons, stating "...if we would do so, it would be a one and done exercise". Can't work out if this is a misquote, mistranslation, or if I need a trip to the optician, but if there is any threat of ORSAs being used by national supervisors for this purpose, a direct, plain-English statement to that effect would be appreciated by all.

Reactions magazine - CRO Risk Forum - Solvency II and ERM opinion

I covered the last one of these releases from Reactions magazine this time last year on the basis that it had some good all round coverage of ERM and Solvency II from Europe's highest profile risk executives, and again they haven't disappointed.

This recent release again has a veritable Who's Who of European CROs providing their take on a range of matters, so is definitely worth your time. It covers most of today's hot topics, including SIFIs, ERM, Solvency II, ORSA (in US), Internal Modelling and Emerging Risk.

I've taken the following from it;

Hannover Re CRO
  • "...experiencing increasing requirements for internal model approval" - strange one this, as they have already converted to a Societas Europaea, potentially driven by a wish to escape a more onerous challenge in this respect from Bafin and the FSA - doesn't therefore sound like that tactic is of much use!
  • Their internal model is currently S&P ECM III-approved - detail on the significance of that available here for those not familiar with their methodology etc, but of course a positive review of an ECM will impact both S&P's assessment of a company's ERM framework, as well as the amount of capital required to sustain a particular rating.
  • The CRO uses the cost of the Risk Function against the capital savings from an approved model as a demonstration of the function's value - in the absence of a range of alternatives, I guess it's worth a shot.
  • As CRO, has a veto of decision making at executive committee level
  • Comments in a rather peeved manner that current draft Level 3 proposals insist upon separately staffed and operationally independent compliance, risk and actuarial functions (they appear to have everything balled up into a second line of defence 'risk control unit'  - bit confused by this, but I'm guessing he has seen something behind closed doors, and rightly doesn't appreciate EIOPA determining how a company should be departmentally structured.
  • The financial crisis "...has shown that the diversification of financial risks disappears in extreme situations"
Kiln CRO
  • "Every generation of activity since [Level 1] has produced ever increasing requirements for documentation"
  • "We are wallowing in paperwork"
  • As with Hannover Re, they cite S&P internal model approval positively against the developing EIOPA/national requirements - only 40 pages required to evidence a standard sufficient for S&P 'model approval'
  • They differentiate between Strategic Risk and Emerging Risk, with the latter seen positively as product development opportunities.

Thursday, 14 March 2013

FSA and cost of Solvency II in the UK - two tunnels or half a tunnel?

Andrew Bailey, incoming head of the PRA in the UK, was widely quoted yesterday as saying that the spiralling costs of Solvency II could ultimately cost "twice as much" as London's new £15bn choo-choo tunnel Crossrail. This was at a parliamentary select committee, which for non-UK readers is where second tier politicians jump on the latest bandwagons, so that fact that Solvency II is getting some air-time is telling in itself.

Not entirely certain what expenses are included in this £30bn mega-bill, but the number is surely as inconceivable as a 2014 start date unless we add FSA costs, industry costs and slap on some arbitrary figure for "additional capital the industry will probably need to hold" - which is of course what was contained in the Cost Benefit Analysis commissioned by the FSA published back in 2011. With much of that based on QIS5 standard formula results (but at least in the same ball park as £30bn), I guess we can swallow £30bn, albeit with a pint, rather than a pinch, of salt.

"But wait a second" keen readers of the FT cry, "this time last month a prominent CEO said the cost was supposed to be HALF that of Crossrail,". Has someone in the fact sheet-preparing department at the Wharf got their wires more crossed that a breakdancing electrician, and sold their boss a dud here? Has one of the journos at the Telegraph or FT misquoted someone? Either way, there's probably a salient lesson in there somewhere around looking before you leap, it just remains to be seen who's left with the proverbial, errr, mucky shoes.

Incidentally, the full text from a separate questionnaire which the UK Parliament's Treasury Select Committee asked Mr Bailey to respond to is available here - this is separate to the interrogation transcript where the "twice as much" quote was obtained from, but contains some insight into where prudential regulation is going as of next month when the PRA take the reigns, including some good news on the regulatory levy front;

"For the next year, we intend to levy just £0.1mn [for Solvency II]. The difference [from last year's £15m] reflects cut backs that we have applied to Solvency 2 preparation costs. Although it is hard to be sure of the final cost of Solvency 2 preparations given the uncertainty on timing and substance, I expect the overall cost to be considerably lower than previously estimated. This will be a saving for insurers."

However, when one reads that, in his own words, the new head of Prudential regulation in the UK is " comparison new to insurance, but [he takes] it very seriously", you truly hope if the £30bn faux pas is attributable to him, that it can be put right - with all the Solvency II scaremongering and doom-mongering, we could probably use a little realism-mongering...

Wednesday, 13 March 2013

AKG - Solvency II perspectives from the financial advisory industry

In the absence of materials pointed towards the sector, AKG have released a Solvency II guide for financial advisers (sign-up required, but worth it), which provides a refreshing angle change from the usual bureaucrats vs lobbyists vs politicians chatter flooding the trade presses.

Solvency II and RDR -
"mess with me, you mess
with my whole family"
While Solvency II was clearly De Vito to RDR's Schwarzenegger over the last year and a half for the financial advisory industry (indeed all bar one of those surveyed by AKG's pollsters had been concentrating "exclusively" on RDR), there was at least some familiarity with the impact on product availability from the current impasse - Protection and Annuity rates, With Profits availability and Guarantee costs are all on the industry's radar.

While there was a couple of faux pas in the document (the official timeline is certainly not "established and managed by EIOPA", and as the world and her husband will tell you, the ORSA is not an annual report!), the document helps understand the concerns and needs of the distribution world at this uncertain time. I picked out the following;

  • That CROs will be more concerned about risks posed by external distributors and advisors in future
  • That advisers will likewise need assurance on product supplier risks, and that provider and product ratings from external sources "...will be crucial components in gaining this reassurance"
  • That the alignment of capital and risk "...will undoubtedly drive capital light products in future"
  • That the mainstream press hasn't yet "gone big" on Solvency II, but that advisers may get caught out when they do
  • That the advisory industry wants "...a guide [to Solvency II] to explain in an easy-to-understand, jargon-free manner" - over to you FCA!
  • There are concerns around the quantum and familiarity of products/providers once Solvency II goes live and we see new market entrants/consolidation
They conclude that "advisers should not panic about Solvency II and its implications". That has a whiff of Chamberlain about it to say the least, but the "panic" would be about convincing punters to pay more for guarantees or share the risks in insurance products in the near future, as opposed to the solvency adequacy of the providers themselves.

Preliminary full year results - Solvency II implementation costs and opinions

Now the UK preliminary full year results are starting to flow in, we can get more visibility on what was spent in last year's Solvency II phoney war. This is a topic I have covered for the last two years on this Blog (here touches on previous disclosures in particular) and bearing in mind most of the UK's Big Rigs are in the habit of disclosing the sums spent on preparation, it gives a good feel for where the implementation costs tally may finally get to.

So read on if you are interested in seeing if 2012, just like the popular 'Lovely Day' singer, was the year that the...errrr....Bill Withers (?)

Legal and General
  • "Delivered the core components" of Solvency II, though there remains "much uncertainty" - go figure!
  • £50m spent on Sol II and "other strategic projects" (no further split available) - this figure was £56m last year
  • Costs of £32m (£30m previous year) for Solvency II
  • Expect costs to fall by "around 50%" for the next two years
  • "Rephased our implementation project to minimise costs"
  • EC calibrated to 1-in-1,250 (S&P 'A' rated)
  • In the AR&A, they add that they "...remain at the forefront for internal model approval"
  • £76m spent on (predominantly) Solvency II in 2012, as opposed to £56m in 2011 - 2012 was of course the year that they dropped out of IMAP, so the spend dropped in the second half of the year
  • Original provision for Sol II released from MCEV this year was £34m!
  • Economic Capital coverage of 182%
  • £117m spent on Sol II specifically, against £96m last year
  • "Well placed" for ICAS+ review 
Standard Life
  • £112m spent on Sol II, RDR and other restructuring (no further split available) - was down as £59m specifically on Solvency II in 2011
  • Economic capital at risk managed to 99.93%, and currently at over 160%
  • "Given the delay to the Solvency II go-live date", focusing on embedding ORSA and internal model during 2013
  • No coverage of project spend - same as last year
  • £48m of Solvency II implementation costs in 2012 (£55m previous year)
  • "...expects to engage in the initial stage of the FSA's proposed Individual Capital Adequacy Standards Plus (ICAS+) regime"
  • Solvency II "may" provide a more risk-based capital framework, but "...we now know that it will not be implemented before December 31st 2015"
  • "Continue to evaluate [their] options, including consideration of the Group's domicile"
  • "...remain focused on preparing for implementation" despite uncertainty
And over to continental Europe;


  • "...adoption in 2014 is no longer guaranteed"
  • EC coverage of 199%, calibrated to 99.5% VaR over 1 year - was previously calibrated to 99.97%, and Solvency II is used as rationalisation for the y-o-y change
  • Rated 'strong' by S&P for ERM, and have had their internal model positively rated by them
  • "Will take advantage of the delay in the implementation of Solvency II" to industrialise balance sheet production and internal model processes

  • "..some uncertainty remains" around Solvency II, and they are banking on "at least two further years" delay
  • Note that "...the risk that our Life primary insurers may not meet the capital requirements cannot yet be entirely excluded"
  • Confident that "new opportunities...will exceed the challenges"
  • Targeting 1.75 x 99.5% VaR over 1 year as their Economic Capital Target - this is a "...conservative approach, offering a high degree of security"
  • Currently hold 129% of that figure
  • Perhaps more significantly from an internal model perspective, hold 225% of 99.5% VaR over 1 year - if we considered that "conservative", I wonder what we might consider "liberal"?
  • Economic capital ratio (calibrated by their internal model to ultimately deliver the required SCR percentile) of 159%, unchanged y-o-y, despite a lot of positive capital management activity (p33)
  • Solvency I ratio is 150% (p31), up significantly on last year's 119%

Monday, 11 March 2013

Aon Risk Maturity Index Report 2013

With the potential for early implementation of Pillar 2 on the horizon for Europe's insurers, Aon's release of their latest research on Risk Maturity Index is perhaps a timely one, particularly for anyone in the small-to-midsize bracket who wants to get a feel for the proportionality of their current approach (and for UK IMAP candidates, whether it might fold under ICA+ questioning in the next two years!)

Their claim that that the Risk Management Index fills the current "void" which prevents interested parties from benchmarking their risk management frameworks against those of their peers, and indeed reaching recommendations on how to further enhance them has a whiff of bolshiness about it, but nevertheless, the output is valid for practitioners in all industries.

Fundamentals behind the research, conducted in conjunction with Wharton Business School, are;
  • Aon's "Risk Maturity Index" is an online self assessment of risk management practices.
  • It asks 125 questions regarding 40 "key components" of risk management - all tied in to the following 10 characteristics of risk maturity:
 1. Board Understanding & Commitment to Risk Management
 2. Executive Level Risk Management Stewardship
 3. Risk Communication
 4. Risk Culture: Engagement & Accountability
 5. Risk Identification
 6. Stakeholder Participation in Risk Management
 7. Risk Information & Decision Making Processes
 8. Integrating Risk Management & Human Capital Processes
 9. Risk Analysis & Quantification to Understand Risk & Demonstrate Value
10.Risk Management Focus on Value Creation
  • Allows for a ranking between 1-5 across various sub-cuts of the data collected, and an assessment in aggregate of each firms "risk maturity"
  • Data was then analysed against over 100 listed companies from 20 industries, geographically spread, to see if "risk maturity", or a lack of it, translated into anything measurable
  • Over 500 companies have responded to the survey since 2011, this being its second periodic summarisation (results from first one summarised here).
The headline news was that a correlation was identified between organisations with superior risk maturity and stock price volatility, with a reduction of up to 50% potentially up for grabs between the 'best' and the 'worst' - a particularly visceral way to "derive and demonstrate financial value from...risk management frameworks" which, let's face it, is a hard sell for the best of us!

I observed some more general points from the white paper, namely;
  • The insurance industry was third only to Aviation and Consumer Goods in the assessment of risk maturity - something to be learnt from these industries (in particular around Op Risk maturity in Aviation)?
  • Only 15% of respondents were rated at 4+ out of 5, or "operational/advanced" in Aon's terminology
  • Lower revenues seem to translate into lower risk maturity on the whole
  • Responses from CRO's resulted in the best aggregate maturity scores, while Internal Auditor/CFO responses resulted in the worst aggregates - expected biases nicely exhibited
Of particular note though were the three areas of common differentiation between higher and lower rated firms which are worthy of more attention than might otherwise come from reviewing average maturity scores. 

Awareness of the complexity of risk - more mature organisations are able to demonstrate:
  • Risk adjusted return expectations by business unit/department
  • Documented and applied assumptions in forecasts/projections
  • Supporting forecasting ranges with applicable historical data
Agreement on [risk] strategy and action - more mature organisations stabilise their performance by:
  • Re-evaluating risk management strategy based on experience
  • Reviewing and validating risk tolerances based on external conditions
  • Evaluating strategic decisions with reference to quantified risk tolerances
Alignment to execute [the risk strategy]
  • Communicating negative results and predictions (nicely tied into Risk Culture by Aon)
  • Developing cross-functional risk understanding, and how organisational activity relates to overall risk management strategy 
  • Incorporating risk/return approaches into strategy, in particular recognising up-side potential in decision making, rather than loss minimisation

These are particularly interesting findings for the EU insurance industry, who will be waddling into Live ORSA territory in the coming weeks and months. Fair to say that Solvency II Pillar II accommodates much of what is covered here, so worth thinking about leveraging this benchmarking work in one's 2013 activities.