Thursday, 30 April 2015

Love RAFs? CRO Forum's Risk Appetite survey

The CRO Forum have recently published the results of their 2014 survey on Risk Appetite development in insurance entities. It is perhaps the oldest drum in Risk Management Town, but one we are always happy to hear the beat of, and while we shouldn't expect a forum with such luminary members to deliver any shocking results, a careful sift through the carcass is always a smart idea.
The Cure - to tolerance breaches?
The final presenter at the PRA's recent NED briefing noted that Risk Appetite is "no longer an aspiration", a comment I felt was further behind the times than Nana wearing Juicy Couture. That said, on page 8 it suggests that less than a quarter of firms are "very satisfied" with their RAF maturity, and over a third feel they have "a lot of work to do", so perhaps he hit the nail half on the head...

This document should clarify whether that caution is justified, and with 48 responses from the top table, it should be a reliable benchmarking tool. Despite starting like a GCSE essay ("the topic of Risk Appetite has exploded"?), it contains some useful, if a little dry, benchmarks, such as;
  • Principles for a RAF (p3-4) - hard to argue with
  • Main goals - dominated by preserving capital, while only a third are looking to "improve shareholder value" or "optimise capital"
  • Main stakeholder list (p5) seems good in breadth and priority
  • Almost everyone is using regulatory capital in some way as a Risk Tolerance measure (p9)
  • Stress and Scenario testing is being used by 80% to set Risk Tolerance levels, which feels at the right end of expectations
  • 60% report quarterly, with most others slightly more or less frequent
It takes a few odd turns, in particular;
  • One of the main objectives cited (p4) seem to be centre around boiling down things into a single document. I appreciate that pressure, but surely we feel that a RAF has a more substantial objective that document consolidation?
  • "Development of a Risk Appetite Statement is an evolution" (p6) - don't agree at all, it is a task, otherwise it would never get done.
  • Coverage of Risk Appetite Statements as "regulatory requirements", in particular under Solvency II. Just because the industry is choosing to discharge its obligations in EIOPA's Guidelines (SoG 15 & 16) by producing a single statement document, it doesn't make a Risk Appetite Statement a requirement.
  • Less than half are using a "1-in-x" loss that would breach regulatory capital in their Risk Tolerances - just feels like a very obvious one to use, so suprised by that number
Some of the more practical issues faced by firms are well covered, for example;
  • Difficulties for Groups when setting risk appetite. Does the parent/head-office set overall appetite, and the children sub-divide it by business unit/risk category/Both? Do the children set their own appetites and feed them up for aggregation?
  • Listing Risk Concentration targets looks awkward across the board (p5). While firms seem to be able to quantify Liquidity and Capital targets in their Risk Appetite Statements, other categories are much less consistently quantified. Market, Credit and Insurance Risk appear to be quantified by less than a third of respondents, preferring to address these in separate policies/guidelines (a Solvency II by-product perhaps?).
  • Setting Risk Tolerance levels is highlighted as a "minor" improvement required by over 60% of respondents.
  • There is a veritable bombsite of Earnings at Risk metrics in use, which is healthy for the industry I guess (p10).
  • What does one do when Risk Tolerance level is breached? Around a third are not OK with limit breaches and demand immediate rectification, while two thirds allow for a "Cure Period" to return the Risk Profile to its required form. A "Cure Period" seems the fairest breach rectification approach to me - after all, I don't care if Monday's blue...
A worthy benchmarking document, so fill those boots.

Wednesday, 29 April 2015

Pillar 3 implementation phase - "I can change, I can change"...

There has been a bit of noteworthy activity on the Pillar 3 side over the last few weeks, which I will cover below if I can keep awake long enough.
Pillar 3 Deadlines - "take it easy fella"
Pillar 3 was shouldered in to the NED briefing at the end of March (slide 19), and in a style similar to South Park's Saddam Hussein charicature, they effectively told the audience to "relax guy"...

Were those calming words justifiable? Given the PRA's admin function was seemingly on a "no uploading" break for Lent, we have in the last couple of days seen a whopping 3 months worth of minutes from their Regulatory Reporting Industry Working Group (or "Pillar 3 whingepit" as it more commonly known) made public. Interesting snippets include;

Jan 2015 - PRA full working group
  • Publication of example reporting schedules for anyone without a December year-end
  • "Early May" appears to be the starting point for any Category 1-3 firms who need to test out the PRA's QRT recepticle handiwork
  • Firms "must submit data in XBRL" from July of this year, in case there were any chancers out there
  • No additional information about the spectre of external auditors poring through your reporting efforts until Q2 2015 (i.e. now!). This will be in the form of EIOPA Guidelines, from which the PRA will "determine its position".
  • About 20% of firms responded to the PRA's readiness survey that they are behind the curve
  • Sourcing asset data still noted as an "issue", as well as vendor limitations, which would be of some concern for anyone who has splashed out on a software solution.
Feb 2015 - PRA testing sub-group
  •  Problems around compatability of firms' earlier efforts appear to emerge every time EIOPA apply a hotfix to their taxonomy
  • EIOPA filing rules and guidance were scheduled for Q1 2015 release - I can't seem to see them (though I haven't looked hard), so their timeliness maybe a victim of the EIOPA budget cuts?
  • Firms are directed to the draft ITS to distinguish between preparatory requirements on Reporting and "live" requirements. This seems to be a repeated message, so presumably firms are not reading this document properly. 
  • First testing cycle kicked off on 27th Feb, with (9) firms down at the PRA's offices. Second cycle scheduled for soon/now in April, performed externally to "test connectivity"
  • Firms were effectively encouraged to sent in any old tat in XBRL, which the PRA would feedback on.
March 2015 - PRA testing sub-group
  • Initial testing of the PRA's facilities doesn't appear to have been discouraging
  • Less that half a dozen firms will be kicking the tyres in the second test phase
  • EIOPA effectively overrule the PRA by allowing old and new taxonomies to be used in the preparatory phase.
  • The PRA's (unpublished?) validation rules will not be applied during the preparatory phase, which will be light relief to some firms.
This information seems to support rather than contradict the more general yet widely reported Grant Thornton survey which suggests there will be a good number of firms who will struggle with their 2016 obligations, let alone 2017's. They made the following points;
  • GI and composite firms seemingly the most worried
  • Half of firms are planning to create their own reporting solution (based on T4U?), mostly Lloyds and GI firms. Are these "have-a-go heroes" the hidden issue for the PRA, given their restricted testing group.
  • Around 20% are behind schedule on QRTs
  • A third have done little if anything on the SFCR/RSR front – the PRA have stated that these are required "in year 1" (Q17, and yes, both of them!)
  • Compared against an earlier survey they conducted, the one topic which hasn’t alleviated any concerns is the ability to extract data from internal IT systems.
  • Majority of firms are having a single dry run for quarterly and annual QRTs
Should anyone be worried given the granular information above, or is Pillar 3 still tomorrow's problem?

Tuesday, 28 April 2015

Jurassic Talk - enhanced NED challenges during Solvency II preparations?

 Britain's youngest NED
Given that there won’t be a heck of a lot more briefing done on the Non-Executive Director front, I’ve given the PRA Industry Event slide pack published the other week a bit more of a going over to see if the left and right hands are pushing the Solvency II wheelie bin in the right direction. I haven’t gone as far as watching the 1h 30m video of the event yet – if I wanted to watch a room full of fidgeting old men in ill-fitting suits I’d just go to Bridge Night at the bowling club…

I can’t say I was massively enthused by the read of the slides as an individual who is frequently delivering material to the very audience the presentation was aimed at. I would highlight the following oddities;

Internal Model-specific (slides 6-12)

  • That Solvency II “sets a high bar” for model approval – that feels a little disingenuous given that the PRA has had the whip hand in the IRSG’s internal model committee for years, and has evidently driven their CAT. Fair to say that the PRA set the "high bar" on behalf of the rest of Europe.
  • From the “lessons learned” section they suggest that some IMAP/CAT firms have used assumptions which are not matching their experience. Is that not bravado bordering on criminality? Doesn’t feel like small beer, so unless the PRA are splitting hairs with that comment, I trust the protagonists had a strip torn from them.
  • Some models ignoring “Key Risks” faced by a firm – how can this be? If this is about cheeky risk selection (i.e. let’s use SF, but model Market Risk as we get a good number from it) all well and good, but to say that firms are ignoring them is not a good steer, and if they are, then how is punishment not already being dispensed?
  • For Use Test purposes, NEDS told to have “belief” but not “blind faith” – this feels like Bank Creep, given that the PRA  have been vocal (here and here) on firms blindly following models after the banks got caught with their trolleys down a few years back (nice PRA summary here). Doesn’t feel especially fair to tar insurers with exactly the same brush in advance, even if it is smart!
  • Boards need to own validation design” – just sounds meaningless when you read it back. If you want them to “do” the design (which Andrew Marshall’s later slides deriding the efforts of the validation contracting community suggest also support), then just say it.
  • The “Key Questions” slides contain some very ropey gear. “Does the output of the model give a credible answer”? “Can the firm survive on the Standard Formula”? The terms used are so flimsy that one could spend hours arguing the toss about their definition – “so what is survival – EC+, SCR+, MCR+ with recovery plan” etc.

ORSA and SoG (slides 14-18)
Starts with a bit of good news – some generic industry feedback is seemingly due within the next couple of months (pertaining to our 2014 ORSA efforts?). The slide summarising findings to date is also a useful yardstick for those who can’t wait that long.

For System of Governance, the executive world should prepare themselves for NED questions regarding whether or not they (as opposed to their underlings and contractors) are reading EIOPA's Guidelines. Let's hope they have!

On the gnarlier side;

  • Seems to be an obsession with assigning named individuals (as opposed to roles or teams)  to perform mitigating tasks relating to anything ropey uncovered during the ORSA
  • ORSA should be holistic” – at what point is that breathtakingly grim term going to be put to pasture? For a NED briefing, the use of plain English should be considered par for the course. It is followed two slides later by “top-down/bottom-up” which is equally non-specific.
  • ORSA is not a compliance exercise resulting in a report to the PRA” – I think you meant to say “not ONLY...”!

The final slides from Ian Marshall’s presentation are revealing more due to the clumsy terminology often used at the table with NEDs (“Key Drivers” and “Key Correlations” for example – if you mean “most money riding on it”, then say it!). Also, the idea that Risk Appetite is “no longer an aspiration” is worrying – I would have given the insurance industry credit that it ceased to be aspirational some time ago, and doesn’t need a 2015 ‘tick’, but then I am a trusting fellow.

Does anyone think, off the back of these slides, that their NEDs will be chomping at the bit at the next Risk Committee/Board meeting using the ammunition supplied here?

Maybe I’d better watch the video after all… 

Wednesday, 15 April 2015

Solvency II - things what happened in the last couple of months...

She might not be singing yet, but just like my nana at Pilates, the Solvency II fat lady is taking some deep breaths. As I have spent the last couple of months at home in au-pair mode, gladly leaving the rest of the world to waffle about ERM and Solvency II, I thought I would throw together a catch-up post, given that applications for some of the Solvency II goodies have been open since 1st April.

Starting at the top, the UK Government managed to stay sellotaped together long enough to get the fundamental Solvency II legislative work pushed through Parliament before they disbanded for the General Election. The documentation is available in full here, with synopsis here. Interestingly, this formally obliges the PRA to review capital add-ons "at least" once a year, as well as to provide specific reporting to EIOPA on the topic. There is also a little more meat around the sticky issue of firms who breach their MCR, then look unlikely to rectify the matter.

The Government also released the findings of their Regulatory Policy Committee (RPC) in assessing whether Solvency II was going to be a blessing or a curse for Britain. This is actually a very handy drop-in document for your NEDs/peripheral programme figures, and is worth pushing on to them.

They do make the rather controversial statement that on top of the estimated £2.6bn cost to the industry of implementation (!!!!!), the ongoing costs of c.£200m a year will be due to reporting obligations (fair enough) as well as the need for a remuneration policy (hmmm?). Rather disparagingly, the Treasury merely estimate "un-quantified administrative benefits" off the back of improvements in risk management and governance arrangements.

The PRA have recently released the Policy Statement covering their final rules for Solvency II implementation, which on paper should contain no surprises (other associated materials available here). Generalist media chatter (here and here for example) was pretty underwhelming, and while Mark Carney emphasises in the statement that Insurers must be "robustly supervised", Andrew Bailey stated merely that while the " regime will not be is a welcome step in the right direction"

On a lighter note, the European institutions got a bit beefy over the new year when the newly installed Commissioner Hill had his ears chewed by ECON's new Chair regarding a range of issues or unanswered questions regarding the Delegated Acts. Having given himself a couple of weeks to digest, he pinged out a reply thanking ECON for pointing out three typos, and otherwise defending his corner. Much of the background noise in this correspondence regarding infrastructure investment and EIOPA funding has had a life of its own for some time now - indeed, EIOPA's dummy was definitively spat on the matter last week when they "reprioritised" their 2015 work plan to account for budget cuts.

B-ABI - got back?
NEDs have recently been the beneficiaries of a webcast featuring the juicy double of Huw Evans and Paul Fisher discussing the implications of Solvency II's progression for NEDs. For anyone struggling to get their NEDs to read overinflated board packs these days, a diversion to this footge would be a smart idea (video 1 is more chatter, so start at video 2).

A parallel release for NEDs came from the PRA in the form of a slide pack and a monster 1hr 30m recording of the presentation which it accompanied. Clearly the PRA have seen enough gaps in the efforts of NEDs to date to go to these en-masse tutorial lengths, but the material on validation and ORSA in particular should be swallowed whole.