Friday, 28 August 2015

UK Senior Insurance Managers Regime - just be natural...

The PRA’s Supervisory Statement on Strengthening Individual Accountability in Insurance (SS35/15) has been released, not that far apart from their demolition job on Co-op Bank’s system of governance, which demonstrated something of an absence of such accountability across all three lines of defence, quite a feat!

While the Banking industry have been catered for on this topic with a few more bells and whistles, most noticeably by including an element of criminal liability  for their senior management (thanks Fred!), the approach for insurers and banks is supposed to be largely consistent.
The doc itself rather awkwardly references multiple sections of the incoming PRA Rulebook which, as yet at least, doesn’t exist as a conventional reference site, though it is due for release in “the summer” (the PRA subsequently released the new site 3 days after I published this post - that'll teach me!). It still pays to fish through the appendices of old Consultation Papers to get the materials cross referenced in this Supervisory Statement (here for most of them, from p44)
SIMF Interviews - "Next"...
I did cover this topic when the consultation paper first hit the table, and for those of a nervous disposition, the PRA have since produced a nice one-pager summarising what you need to know in the context of Approved Persons, Solvency II etc here (and done so much better than me, I hasten to add!). In addition, the transitional map from CF-XX to SIMF-YY is already available here.

I had a look through (largely ignoring the Group and Third Country specifics) to see if there was anything new and exciting since the consultation, and naturally there isn't! That said, the industry feedback received is detailed here (section 2), while I noted a few things below for my own benefit;
  • PRA not concerned about individuals located overseas, unless they are involved in strategic implementation, as opposed to strategy formulation (2.11).
  • Alerting to potential PRA blocking of SIMF applications where someone wishes to wear more than one hat, citing the obvious CEO & Chair example (2.15)
  • Persons allowed to do the same function in more than one firm - targeted perhaps at the floating actuary contignent who do the CF12 job for a few firms?
  • Awkwardly try to accommodate SIMF job-sharing, but lean towards discouraging it in the text (2.17-2.19)
  • List a few examples of what firms might consider to be "Key Functions" over and above those named in the Solvency II legislation, being particularly keen on Investments (2.25 and 2.27)
  • On the list of 11 Prescribed Responsibilities, they do their best to keep the NED world out of assuming any of them (2.40)!
  • Some attempt to informally restrict Chairpersons from filling their time with multiple other roles and responsibilities (2.44)
  • A timely reference, given the Co-op Bank Final Notice, to ensuring that Boards understand the Threshold Conditions (p12-13) and Fundamental Rules.
The Individual Conduct Standards (from p16) all seem fair at face value, with a bit of devil in the details, such as;
  • Key function holders being told (3.19) to not only meet the letter of the prevailing regulatory system, but also not to engage in "...creative compliance or regulatory arbitrage" - spoilsports!
  • Expectations that Key Function holders "take reasonable steps" to ensure that the business has sufficient systems of control, even if they delegate some, or indeed most, of the associated tasks themselves (3.20-3.22).
  • That should you breach any of the Conduct Standards, it materially affects your fitness and/or propriety, and therefore the PRA expect to be notified
Finally, to clear up that age-old debate, the PRA clarified in 2.4 that it "...does not expect persons other than natural persons to be approved for a SIMF". Anyone with career ambitions had better lay off the Botox and Bronzing then...

Wednesday, 26 August 2015

PRA Final Notice on Co-op Bank - "cautious", with blurry lines...

"Two straws please"...
The PRA published a Final Notice last week regarding the numerous shortcomings of a UK bank over the last few years, which included the news of a colossal £121m fine which the PRA would have levied if the entity wasn't still losing wedge faster than a mojito in a cement mixer.

I'm sure some of us chortled at the Chrystal Methodist headlines a couple of years ago when the Non-Executive Chair of the UK's Co-operative Bank had his numerous vices sold to the highest tabloid bidder by a rented acquaintance. I covered some of the initial fallout on here, themed mostly around reputational risk and fit and proper persons, given the exponential effects of the exposé on the ultimate failure of the Group in its form at the time.

A document covering part of Co-op's demise, specifically its Bank, was released last week by the PRA,

The PRA's Final Notice to the Co-op Bank is issued publicly, and highlights where the firm breached what were at the time the FSA's Principles for Business, replaced since the PRA/FCA divorce by the PRA's Fundamental Rules.

Included in the Final Notice on this matter was a number of matters which risk practitioners should be salivating over, given the failures which led to this punishment include
  • Inappropriate culture,
  • Internal control framework failures,
  • Ineffective risk management policies, and, the jackpot,
  • A "three lines of defence" model "...flawed in both design and operation"!
The activities demonstrating this include a woeful suite of incomplete management information, three horrendously chancy accounting interpretations benefiting the balance sheet at the expense of real-world accuracy, and a suite of defensive line failures, all of which are followed through in forensic detail.

I have sectioned my notes below for my own use, particularly given the PRA goes on something of a limb here and provide usable definitions for certain terms which I suspect many practitioners would benefit from reading. The PRA (and EIOPA) generally try to dodge requests for definitions, so while the peg is square and the hole is round, it might be as good as you get!

Definitions and expressions
  • Three lines of defence - "This is a system which relies on there being an opportunity at three complementary and independent levels to identify and correct any control failures". 
  • Second line of defence - "Second line functions should support and challenge the management of risks firm-wide, by expressing views within a firm on the appropriateness of the level of risks being run"
  • The above is supplemented by the following: "Responsibility for risk should not be delegated to risk management and control functions" - amen brother!
  • Third line of defence - "Internal Audit should provide independent assurance over firms' internal controls, risk management and governance"
  • Risk Appetite - "A firm's stated risk appetite is an important factor in determining whether a firm's risk and control framework is commensurate with [the] nature of its business, and should be both integral to a firm's strategy and at the heart of its risk management system" - not far off a direct quote from last year's Approach Paper on Banking Supervision (p22), though it has moved from "foundation" to "heart" in this Final Notice. I know what I prefer to build on!
  • "Clearly-defined strategy" - they list "well-defined objectives, responsibilities and milestones" as expected
  • Policies - "The establishment of appropriate policies [and procedures] governing the conduct of a firm's activities is an essential component in the exercise of appropriate organisation and control of a firm's business"
  • "Good risk management culture" (p7) - interestingly an expression most bodies have avoided using, preferring "sound" to "good". They later go on to talk of culture more generically in terms of "right" and "inappropriate" (p33).
  • Interestingly, Co-op Bank never refer to operating "3LOD" until their 2012 Annual Report (p56 for the boilerplate and clearly untrue definitions), so any deficiencies in the model before that year might be for a good reason!
  • First line management oversight was seen as "inadequate" and "inappropriate" (p12)
  • Their second line managers "...repeatedly voiced concerns" about headcount (p29), which weren't addressed until the back end of the period under scrutiny. Hard to think post-2007 it would be hard to justify reinforcing that area of the business, which perhaps says a lot about the entity's culture. 
  • Second line not monitoring adherence to policies (p29) - quite hard to conceive of nobody in the second line doing this!
  • A clear distinction made more than once between "Risk Management Framework Policies" and "adequate policies and procedures" relating to operational matters (p5)
  • Some of the failure to follow 'internal policies' seems to have been sponsored by the acquisition of the Britannia book - perhaps a natural by-product of M&A activity, where the cultures and modus operandi clash (p21)
  • Second line criticised for not providing proper "independent challenge" - happy to see this, given the focus tends to be on second line oversight, which always feels like a bit of a jib-job.
  • Third line giving the business credit for proposed remedial action in its audit reports (p31) - even taking this into account, they were rolling over around 30% of recommended actions in their reports as "overdue"!
  • Head of Internal Audit reported to the Head of Risk
  • An implication that one may be permitted shortcomings in one's internal control framework, providing one's culture is "appropriate" (p5). 
  • An interesting slant on reputational risk emerges from one of the accounting interpretations used, specifically that while assuming a particular accounting treatment (on the Leek notes in this case) which benefits the entity at the expense of counterparty might benefit the immediate balance sheet, the long-term effect on being able to raise new capital must be considered (p16)
  • External Auditors using a 1-to-7 scale to assess how punitive/liberal the accounting treatments used by clients are. These assessments have bitten this particular client on the bum, given the PRA quote them in the document in the context of whether they align with a "cautious" risk taker!
Open ended questions
  • Is "cautious" a realistic appetite for risk at Entity level? More importantly, if one has a "cautious" risk appetite, is one obliged to manage its capital "cautiously"?
  • Management information was criticised for not being "sufficiently forward looking" - should it be (as opposed to mostly summarising positions at a point in time)?
  • Is the PRA allocating resources to firms based on their Risk Appetite Statements (p13)?
  • Is it possible for non-Accounting experts working in the second line to identify just how many ropey interpretations of UK GAAP/IFRS are being applied to a balance sheet? Is it plausible to leave such work to external audit firms who couldn't have a more vested interest in the grey areas of such legislation? The artificial boosting of the balance sheet listed in this notice would be subtle enough to trick an accountant or two I'd bet!
  • Can quant risks be effectively managed in a separate team from the qualitative world? Appreciating there is a shockingly blurry line in Co-op Bank's approach (p29), it certainly feels like Solvency II pressures might lead to similar pressures on the staffing front, particularly for modellers and small/medium sized firms where staff may wear more than one hat.

Wednesday, 12 August 2015

Insurance Banana Skins in 2015 - PwC and CSFI

PwC and the CSFI guys have teamed up for another Insurance Banana Skins publication, a particularly useful doc for the BAU Risk world, and one which I have covered on the blog in years gone by (well, 2011's and 2013's anyway).

In particular, I always found it useful as a means of digging out the kinds of awkward cross-bred expressions which would invariably end up rolling out of 75-year-old INEDs’ mouths at the next Risk Committee meeting, probably due to someone trying to sell insurance cover for it, or a business journal doing a centre spread about it. On this basis, I was delighted to see “Cyber Risk” given prominence this time around, which is the highest new entry, and apparently a “new risk” - here’s the sales forum, and here’s the HBR white paper!

Sarcasm aside, given this pulled in over 800 responses from around the globe, and across the distribution and provision side of the industry, the content is worth poring over and briefing colleagues on if this is your day job. There are also plenty of quotes from the great and good wrapped up inside as well.

I’ve only jumped on a few of the findings below;
  • Regulation remains the top risk for the 3rd survey running, and for the 4th out of the 5 actually held. It did take a ‘world’s end’ scenario for investment returns to knock it off the top in 2009 though, which suggests that those surveyed are happy to bleat about regulatory concerns, regardless of the rest of the exogenous threats to insurance firms.
  • Much of the top ten is focused on investments and returns, whether it be interest ratesinvestment performance or guarantees.
  • Governance and management of insurance companies seen as an area of declining risk – does it therefore warrant the Banking industry-inspired whip that SIMR is about to introduce in the UK?
  • Similarly, Business Practices, incorporating misselling, is falling down the list – not sure a UK-only survey would be so generous!
  • Cyber Risk itself was only #6 on the list for Life Companies, while #1 for Non-Life – wonder why the guys who are selling cover rate it so highly? Of more interest, North America had it as #1 “by some margin” – this suggests the wave will be coming across the Atlantic in the next 12 months (a nice precursor of how that will emerge here)! It is written up nicely however, with cloud storage, and the richness of data held on customers, being elements which make insurers prime targets. It doesn’t dwell on the proliferation of legacy systems in insurers however, which always felt to me a good reason for criminals to ‘have a crack’.
  • Europe considered the interest rate environment, regulation and guarantees to be the top 3 banana skins, which given the aggressive tailoring applied to Solvency II in the drafting stages to negate country-specific difficulties in these areas (MA/VA/Transitionals), is no surprise.
Oh, to have a day job again…

Tuesday, 11 August 2015

"Dear Deidre" - Cross border insurance flogging under General Good provisions

One for giggles more than anything else. The other day I spotted a response from Lord Hill, the esteemed EC Commissioner for Financial Stability, to a question arising from Deidre Clune, a relatively new Irish member of the European Parliament.

Good question, wrong Deidre...
Specifically, the question related to a Maltese-licenced insurer which hit the skids back in 2014, with the CBoI's summary information here. It seemingly only wrote business in Ireland (hence I suspect it was cheekily named after Ireland's TV sports channel to aid sales!), and therefore left every White Van Man/Woman without cover, until Ireland's Insurance Compensation Fund stepped in.

A few things stood out about this exchange;
  • The then prospective MEP used the incident as political currency in the election campaign - "Vote me in, and I'll personally fix the EU insurance industry...", she almost said!
  • That Ireland, the log-term epicentre of EU cross-border distribution and birthplace of Quinn (which almost turned over the UK White-Vanners back in 2010), would have the brass to nibble at the hand that feeds it! Only 3 months ago, the CBoI's Sylvia Cronin was warning of a likely "...increase in cross-border activity", and at the same time EIOPA's Sr. Bernadino left a not-too-subtle hint that "In the specific case of the Irish insurance market, special attention needs to be devoted to the fulfilment of the general good provisions of host countries by the companies selling cross-border."
  • That it took 6 months to get an answer to Deidre's very basic question (at least according to her first public mention of a response in this media article). It took an extra two months for that answer to be published formally.
  • That in that article she was reported to believe that the measures spelled out by Lord Hill were to "...prevent this from happening again" (as opposed to enhance policyholder protection while facilitating orderly failures when they occur, etc etc). To be clear though, that is quoting the article, not the member!
Does anyone think that now, even after EIOPA's efforts to-date, that supervisory colleges will be effective enough to prevent these kind of events, or do we just buy local and hope for the best?

2015 FTSE Interim Reporting and Solvency II costs - forewarned and forearmed?

Solvency II costs - impressed?
I always liked to keep an eye on the FTSE lads’ Interim and Full Year pronouncements on the Solvency II front back in the day, but given the legslative delays and sporadic cost reporting over the last couple of years, plus the internal model hokey-cokey, disclosures on the topic have been “Slim Pickens” to say the least.

For those interested, the sweep I did last year is here, and while a few of the firms featured have attempted to expand out, they have largely disclosed the same information as last year (Boiler-plate disclosures? Never!).

However, a few of the great and good have chirped up some extras about Solvency II on the home straight, none more revealing than the Canary-supporting egg-chasers at AvivaThey dished up the basics as a matter of  course;
  • Solvency II costs of £46m for the half year (£39m for last half year)
  • Submitted Solvency II internal model in June and expect approval in December. – must be a good one, Hannover Re-style!
  • Currently operating within our expected Solvency II target range, regardless of any changes in economic capital surplus quantum and composition driven by Solvency II
The InsuranceERM lads expanded on that, having presumably dialled in to associated conference call! In a suit-and-tie version of Surprise Surprise (R.I.P Cilla), the CEO shocked listeners with the following statements;
  • "[Solvency II] has taken an inordinate amount of management time and I'd really like that time back"
  • "It has cost us in the region of £400m [$620m]. This figure does not impress me one little bit…” – to my shame I did do the countback on published costs, as if a CEO couldn’t count to £400m, and it does add up!
  • Solvency II costs of £14m for the half year (same as last half-year)
  • “…application for Internal Model approval under Solvency II has been submitted and we target a positive outcome by year end
  • "…current Internal Model for Solvency II shows higher coverage ratios than our ECA model.”
Old Mutual does its best to treat the SAM/Solvency II imposters the same in its reporting, but in recent times has been light on our side. There was a bit more in the bag this time round though, particularly;
  • "Based on the current underlying timetable and regulation of Solvency II, we estimate the total cost of completion will be up to £20 million, of which £10 million will be incurred in H2 2015, and the balance running into H1 2016".
  • "The Solvency II regime will introduce a different lens through which to look at Group capital. It will use a more conservative 1 in 200 stress scenario in determining capital requirements and apply a more rules-based determination of capital fungibility and transferability"
  • Given their tone on the “inherent conservatism” of Solvency II and their loving gazes at the existing FGD treatment of capital fungibility, can we read some indifference to their current treatment as a Group by the PRA, perhaps?
  • "During July 2015, we completed our initial reporting to regulators under the interim arrangements of Solvency II"
I suppose the biggest surprises continue to be the (potential) absence of compulsion to internally model for entities such as Old Mutual (confirmed as “out” of IMAP on p82 here). Given the PRA’s pronouncements on Standard Formula appropriateness and capital add-ons, you might expect them to be marched down the aisle before too long.

Standard Life,perhaps betraying where their strategic priorities lie (nicely covered here), did little more than state that they will “remain strong” on the capital front – nothing on costs, nothing on implications, and nothing on modelling (though they confirm here that they are “in” apparently!). “In”, but on the naughty step perhaps, or is the topic just unworthy of comment?

L&G were happy to talk technical, rather than cry about hundreds and millions of pounds of spilt milk – their release touched on the following;
  • Implementing a ‘capital-lite’ model for bulk annuity new business, by reinsuring out some of the risk (light detail here and here, more detail on p5 of the interims).
  • Solvency II internal model is being reviewed by the PRA, and “…It is anticipated that our Solvency II internal model will be approved in Q4 2015, ready for use on the Solvency II go live date - 1 January 2016”
  • Also have applications in for the use of transitionals, matching adjustments and using deduction and aggregation for its American business
  • “We expect the final outcome of Solvency II to result in a lower Group capital surplus and solvency ratio than the Economic Capital basis. Our Economic Capital model has not been reviewed by the Prudential Regulatory Authority (PRA), nor will it be.”
  • "We note recent clarification from the PRA to the effect that transitional capital will count as Tier One capital, including for assessments of dividend-paying capacity". This is particularly piquant given Sam Woods’ coverage of the “dividend” issue a few weeks ago when trying to reassure a room full of analysts that the insurance sector isn’t a busted flush from an investment perspective!
A busy reporting week for sure, with seemingly no horror stories come at the top-end of the UK Insurance Industry...Including a post-script from the Pru today.

They have revealed a miniscule spend of £17m on Solvency II costs in the year-to-date (against £28m for all of last year), as well as a few nuggets in the same vein as the competition;
  • "...we submitted our Solvency II internal model applications to the Prudential Regulation Authority in June 2015"
  • "We continue to seek opportunities to transfer longevity risk to reinsurers or to the capital markets and have transacted when terms are sufficiently attractive and aligned with our risk management framework."
  • "We also noted at the time that certain aspects of our economic capital methodology are different to those required under Solvency II and that the outcome under Solvency II would be lower than our reported economic capital level. This remains the case." - same issue as Old Mutual, one presumes?
They even dropped a Solvency II slide into this morning's presentation pack (slide 28). Interesting that they go to the trouble of highlighting that the transitionals and risk margin "broadly offset" on the UK Life book, as well as their distinct gripes in their Asian and US businesses. 

...and another post-script from Royal London (so I have everything on one page!)
  • Royal London will use the Solvency II standard formula approach initially and will consider seeking approval for its internal capital model in due course
  • We expect to meet the new Capital requirements without material adverse impact on policyholders but there are significant details which remain to be clarified about the new regime. It is possible the outcome from Solvency II will require insurance companies to hold more regulatory capital than is currently required. If Royal London was required to hold significantly increased capital, then the levels of Royal London Profit Share we are able to allocate to our participating members may need to be restricted

...and two more post scripts: firstly Admiral
  • "Admiral is developing an internal economic capital model which will be used to calculate regulatory capital requirements following approvals from the Group's regulators in the UK and Gibraltar. Such approval is not likely to be sought or granted before 2017."
  • "The Group's regulatory capital from January 2016 will, therefore, be based on the Solvency II Standard Formula, with a capital add-on agreed by the PRA to reflect recognised limitations in the Standard Formula with regards to Admiral Group's business (predominantly in respect of profit commission arrangements in co- and reinsurance agreements and risks arising from actual and potential Periodic Payment Order (PPO) claims)."
  • "The level of capital add-on and resulting Group capital requirement from January 2016 is expected to be confirmed by the PRA in the final quarter of 2015."
...and secondly Phoenix
  • "...submitted its application for regulatory approval of its Internal Model in June 2015"
  • "...Group capital position under Solvency II expected to be in excess [of current surplus]
  • "Over 2015, clarity on Solvency II regulations has improved but uncertainties remain in relation to the Group's IMAP and other Solvency II-related applications"