EIOPA's Implementing Technical Standards on Approval Processes - Cut and Paste?

EIOPA have at last commenced their work on "Level 2.5" regulation in the Solvency II world, and with it being something of a trip into the unknown (only their sister body ESMA world appear to have performed a similar exercise to-date), their consultation papers will no doubt be getting torn apart like a parking ticket by Insurers and NCAs alike.

Open until the end of June with a view to presenting this particular batch to the European Commission for endorsement by the end of October, the ITS cover how the following approvals should be applied for and administered, with definitions and rationale provided in this cover note.

• Use of Matching Adjustment
• Use of Internal Model, "Major" changes to that model, and changes to the Model Change Policy (phew!)
• Use of a Group Internal Model
• Use of Undertaking-Specific Parameters (USPs)
• Use of Ancilliary Own Funds for SCR
• Use of Special Purpose Vehicles for risk transference

For this post, I wanted to concentrate on the Internal Model-themed ITS (emboldened), specifically things which introduce something new to the table (i.e. not already in the thoughts of UK firms/regulators through the Directive, Delegated Acts, Preparatory Guidance or indeed the existing IMAP structure in the UK).

Therefore in the interests of recyclability, UK firms will be delighted by the requirements within this particular ITS - you will recognise the text as part of the Self-Assessment Template "tabs" which you would have been populating as part of IMAP over the last 2 years!

That text was of course co-opted from the Draft Implementing Measures from October 2011 (specifically Article 203 IM1 for the application requirements, IM2-IM8 for the model change and administrative process elements). These articles had disappeared from the latest version of the Delegated Acts, only to find its way into this ITS almost verbatim.

Elements which therefore show noteworthy change from that old text (other than semantics) include

• The addition of a requirement for a (year-end 2014?) P&L Attribution to be submitted as part of the application.
• Withdrawal of some of the ceremony around applying for a change to the Model Change Policy, which was a little more elaborate in the October '11 text (AMSB explanation and justification text, 6 month turnaround time for NCAs to make a ruling).
• The same for an application for a Model Change itself, now seemingly less formal
• Giving room for terms and conditions and transitional plans to be factored in to an NCA's decision on model approval
• That more detail should be published on the NCA's website regarding the approval (namely that the scope of the IM should be disclosed, as well as risk categories and business units covered, which feels a touch commercially sensitive to me!)

I'm guessing this isn't the only ITS which is going to use this approach (i.e. ripping text directly out of the Oct 2011 Draft Implementing Measures where it has been seemingly jettisoned), so a bit of cross checking might help you second guess what is going to appear in the rest of the ITS!

Now I'm off to have a look at the others...

"Comply or Explain" responses to EIOPA's preparatory guidance - UK oddities?

Isle of Man - "Call that a flood"

Happy New Year (or Blein Vie Noa as we say on the relatively unflooded Isle of Man). I hope you all took the opportunity to fall ill and get fat like I did, so we can recommence battle in 2014 with overflowing sinuses and bursting belt buckles...

I managed to take a look at some of the responses that EIOPA have received regarding whether or not the 32 National Competent Authorities (NCA) currently invested in the Solvency II game are planning to follow EIOPA's Preparatory Guidance over the next 2 years. Please serve yourselves from this central location.

It became evident over December that there was likely to be some non-compliance (both the French and British put their heads above the parapet), though as this was a "comply or explain" exercise, this was not necessarily grave - we are after all in the business of 'preparing' at this juncture - but I was curious to see precisely how different countries "explained" themselves.

In response to each guideline within the 4 EIOPA documents, the options for each NCA were to respond;

1. Yes - we already comply
2. Yes - we intend to comply
3. No - we do not and will not comply
4. Not applicable (though I'm not certain why this is an option)

They were also given space to provide text/links to prove how they are compliant with each guideline, and som space to provide explanations (questionnaire template here).

I was therefore surprised to see the British approach (which was generally "yes") also involved;

• Not providing an explanation when they have said "No" to a guideline (which admittedly is only in one case!)
• Unnecessarily using a copy/paste piece of text as an explanation for a number of guidelines where they have said they "Intend to comply"
• Unexpectedly answering "Not Applicable" to no fewer than 10 articles within the System of Governance guidance, some of which definitely featured in the feedback on the PRA's recent Supervisory Statement as bones of contention (the actuarial function's responsibilities for example).

Obviously no surprises that the French will not be attempting to comply anything in the System of Governance world after their earlier warning, though their rationale is expanded upon in this Risk.net article. That the strict definition of "AMSB" is an issue for the French industry is surely old news at this juncture, and it is ludicrous that such a matter has yet to be dealt with by the Commission's draftsmen. It certainly hasn't posed an issue for Germany (who intend to comply with all of Sys Gov), who operate dual boards.

While more may emerge over the next few weeks on what has been submitted here across the countries, I am more immediately interested in why the UK have elected to respond "not applicable" to so many System of Governance guidelines. It seems to fly in the face of their Supervisory Statement, and I can't imagine EIOPA are satisfied with that response. 

Reporting/Submission of information to NCAs - EIOPA's FINAL preparatory guidance for national supervisors

And last, but not least, EIOPA have produced their final preparatory guidance to NCAs regarding the submission of information by firms to their supervisors, covering both quantitative reporting templates (QRTs) and narrative reporting. The consultation paper (summarised here by the PRA) caused quite a stir due to the volume of requirements during what is purported to be the 'preparatory phase', and even EIOPA's own Insuarnce and Reinsurance Stakeholders Group (IRSG) put the boot in on a number of elements.

It was of course natural that a combination of parallel running, legacy system horror-shows and potential ambivalence from third party information vendors was going to make this consultation the most controversial, but that said, the outcome appears to be pretty fair insofar as concessions have been made by EIOPA while still keeping the pressure on over-reluctant firms to construct the required processes in a timely manner.

One attempt at quarterly reporting is therefore retained (set for Q3 2015) as well as one run at completing annual templates, based on YE 2014.

The preamble borrows from the other preparatory guidance documents without anything new, so ignoring that, the following items jumped out at me thematically;

Concessions
3.54 Despite the gibberish in paragraph a), this effectively allows for some simplification in the quarterly reporting during the preparatory phase
3.55 Captives are excused for the quarterly run in Q3 2015

Parallel run costs/strains
3.58 As with other papers, EIOPA don't care!

Template changes
3.62 A change log covering amendments between the original template release and those now available has been included to help firms level any work already done in this space. A surprisingly large number of changes made, magnifying the difficulties faced by firms, NCAs and ultimately EIOPA.

Legal entities which are below the threshold
3.72 If a legal entity is below the reporting threshold in isolation, but forms part of a group which is above it, the LE will still have work to do

Annual reporting
3.76 An extra two weeks added to the submission deadline (now 22 weeks for solos, 28 for groups)

Quarterly reporting
3.81 As above, the requirement to report on Q4 2015 has been removed, a practical attempt to manage the myriad other reports expected from firms in early 2016.

XBRL
3.83 Up to each NCA as to whether they demand firms use XBRL in submissions - I think some of the supervisors may already favour it or have indirect experience of handling it (UK, Ireland, France)
3.84 EIOPA will provide a tool to aid firms in doing this, should they want/need to

Internal Model applicants obliged to complete Standard Formula templates
3.94 Confirms that IM applicants will need to complete both, though their SF template work will be governed by the pre-application for internal model guidance (due to the different timescales applicable to that work)

Narrative reporting
3.102 Not negotiable - get it done!

Balance Sheet
3.106 Statutory accounts figures must be included

Assets
3.111 Unit-linked assets will not be exempted - also a clumsy reference to "contagious risk", one of many which betray mother-tongue related drafting problems

Particularly telling is that while the IRSG were obliged on some of their issues, they were not able to drive home all of their agenda - they had asked for and additional 4 weeks for completion of all templates for example.

Unquestionably a great deal of work to do for both firms and NCAs on this matter, and with existing reporting teams no doubt working to tight schedules, the sooner 2014 programmes factor in this disruption the better.

Pre-application for Internal Models - EIOPA's FINAL preparatory guidance for national supervisors

So the March consultation document for internal model pre-application brought a few eye-openers for those countries partaking in a less onerous application process than that favoured by the UK, with the detail in it suggesting that the UK very much had the whip hand in its drafting.

On the basis that there were still areas which even the most hardened IMAP-veteran may have winced at, it was interesting to see if anything got dropped in the lobbying stampede. On that basis, the final guidance for internal model pre-application covers the following in the preamble;

• 3.10 - That it is not in the NCAs gift to conduct pre-application preparation along the lines of provisional approval or to provide "roadmaps" to compliance (which may explain the PRA's caginess with the industry). It is purely about a firm's preparedness and suitability to submit an application
• 3.33 - On request, EIOPA have introduced a compulsion for NCAs to provide "regular feedback" to firms
• 3.35 - Confirms that not all model changes need to be reported to NCAs during pre-application, just those considered "relevant" by firms themselves

It is fair to say that the lobbying in this space has been noticeably more successful than for ORSA or System of Governance, no doubt due to the smaller sub-set of affected stakeholders having a more concentrated relevance. That said, there were still a number of rebuffs from EIOPA, particularly where the lobbying looked more like whinging about paperwork volumes! Highlights below;

Model Change Policy

3.38 - No danger of EIOPA supporting the recommendation to "fast track" model change approvals if a "major change" is required at short notice. They instead recommend "proactivity" with NCAs. Not sure what this does for the world of opportunistic acquisitions though

3.40 - Fudged the question as to whether parameter changes are considered "major", offering an answer of 'it depends' which, for me at least, leans more towards 'yes they are'.

Use Test

3.42 - Confirms that evidencing "use" is not compelling use of model outputs over and above other techniques

Assumptions and Expert Judgement

3.46 - Documentation and validation of assumption setting and expert judgements considered "crucial" in order for undertakings to counter the lack of data and subjectivity in those processes

3.47 - A guideline has also been amended to confirm that the materiality principle applies for this topic

3.48 - Only the most material assumptions will need AMSB sign-off

Methodological Consistency/PDF/Calibration

A number of changes made to clarify guidance in these areas

Profit and Loss Attribution

3.64 - No escaping the requirements to produce P&L attribution granularity at Legal Entity level, as well as by risk driver

Validation

3.68 - EIOPA do not accept that those who build models may also validate them

Documentation

3.70 - That the guidance around the documentation of the internal model should provide "...[protection] from key-person risk", which I have never seen offered as justification from the supervisory end before

Ultimately, there have been no huge concessions from the position in March, which one would think will cause a number of the more liberal EU regulators to give serious consideration to "explaining" rather than "complying" - that said, with this having been written in Union Jack ink, my British cousins should simply get their transition planning updated accordingly.

EIOPA's FINAL preparatory guidance for national supervisors - it's on at last!

Sporting less change than a busker's flatcap, EIOPA have published their final version of the preparatory guidance for the EU's National Competent Authorities (NCAs) to get themselves ready for Solvency II ahead of the anticipated implementation date of 2016. You can catch my post on EIOPA's consultation papers here if you want to dig out their position prior to the consultation, which saw over 4,000 comments offered.

EIOPA - Thanks for the feedback,
here's your change...

Over the last week, while I have been recuperating from yet another rugby injury, there is plenty of chatter recently about the kick-off date, Omnibus II's progression through trilogues (and hopefully parliament before the May 2014 elections), etc elsewhere, so I've just had a run through the final guidance to see what got lobbied out, and whether that is a win for all stakeholders, or just the industry. As the PRA have already made it clear that should the go-live date move, their expectations on supervisory reporting will also move (p3), whether it is 2016, 2017, etc. is kind of a moot point.

The mainstream press has trumpeted the big wins as being in the reporting space which, judging by the IRSG's scathing take on that topic, should be no surprise to anyone. However, it would appear that EIOPA have refused to bend for much else, adopting a relatively sniffy tone in response to stakeholders concerns/complaints.


Below are links to separate blog posts covering the more contentious highlights for each of EIOPA's 4 hot topics, while Mike Claffey and the Milliman crew have quickly summarised the changes here;

System of Governance - Final Guidance (EIOPA Doc)

ORSA/Forward Looking Risk Assessment - Final Guidance (EIOPA Doc)

Reporting/Submission of information to NCAs - Final Guidance (EIOPA Doc)

Pre-application for Internal Models - Final Guidance (EIOPA Doc)

System of Governance - EIOPA's FINAL preparatory guidance for national supervisors

Based on feedback received since their initial consultation paper was released, EIOPA make the following generic clarifications/statements in the preamble of their guidance doc for System of Governance preparations;

• That proportionality will not be defined or presented as examples in the guideline text (p5-6)
• That NCAs are "expected to...review and evaluate the quality of the information provided to them" - bad news for the PRA, who were clinically uninterested in reviewing Solvency II reporting attempts according to one blogger (p6)
• The emergence of a new ORSA acronym, "FLAOR", which looks more like something an amused teenager would write on Facebook (p6)
• The expectation that 2015 will see submissions of (2014) ORSAs to NCAs (p7)
• While there is no generic take on what enforcement action should take place in this interim period, firms are expected to (a) Discuss any negative findings from their ORSA/Governance systems with their supervisor, and (b) To produce SCRs using information of appropriate quality. Enforcement action in the absence of this WILL NOT consist of capital add-ons, apparently (p7)
• That the submission date calendar for all of the information expected will be reviewed at the end of this year, so that EIOPA can take Omnibus II progress into account (p8)
• That the explanatory text in each set of guidance is NOT part of "Comply or Explain" (p9)
• That the reasons behind a negative "Comply or Explain" decision from any country will be kept secret as standard (p10, and disgraceful, frankly).

They then go on to focus on some of the larger bones of contention within the 52 guidelines provided. The following generic points stand out for me as a practitioner;

1. There is almost no discernible movement in EIOPA's position, even after a volumous lobbying effort;
2. That explanations for the inclusion of contentious content are generally forthcoming, though on a number of occasions, flimsy;
3. That planning for 2014 full-year mothballing of Solvency II programmes is not an option, particularly for ICAS+ candidates - some may get away with a few months of inertia, depending on the quality of their paperwork (strategies, policies, process guides/maps, terms of reference, charters etc).

The following supporting arguments for EIOPA's final view were, in my mind at least, poorly formulated, regardless of whether the end result is still agreeable;

3.48 (Guideline 6)

- Refused to add more definition around what constitutes a "significant decision", which is poor form.

3.58 (All of Chapter III)

- That the expectations of Risk Management in insurers  "...comprise risk management standards which are considered to be matter-of-course and wide spread activities" - extraordinarily loose, considering the lack of a majority-accepted global, or indeed pan-European standard on the subject (IRM/ISO/COSO/FERMA/FSB's efforts notwithstanding)

3.65 (Guideline 19)

- That, while it is "not an easy task", Operational Risks should be quantifiable, and therefore subject to tolerance limits - I don't think it would have hurt to suggest (or even compel the use of) a method if it is that difficult.

3.68 (Guideline 25)

- That firms should maintain Investment Risk-related KRIs outside of what might be provided by normal parties (for example, ratings agencies), which would help "...increase overall risk management" - not entirely convinced that a generic "increase" is any kind of worthy ambition. 

3.74 (Guideline 31)

- That a capital management policy and capital management plan is both necessary (though for not entirely convincing reasons when tying back to the Directive)

3.78 (Chapter VI [Internal Control])

- That there is already plenty of clarification on what the Compliance function is charged with. I would agree in principle, but have heard evidence to the contrary in practice.

3.81 (Chapter VII [Internal Audit])

- That they neither wish to mandate or discourage rotation of Internal Audit staff or whistleblowing direct to NCAs - in which case, why mention it!

3.110
- A bizarre comment in response to a suggestion that a public statement should be released by the AMSB annually regarding the discharge of responsibilities around the system of governance that the Directive "...only deals with internal governance, not corporate governance" - think I know what they are fishing at, but terribly worded.

3.144
- Justify their decision not to define risk appetite and risk tolerance in the context of these guidelines

They have however provided some more defendable clarifications, for example;

3.51 (Guideline 11)

- Clarified that the gold-plated "Fit and Proper" requirements apply to AMSB/Control Function staff only, as well as specify what is expected from Outsourcers.

3.57 (Chapter III [Risk Management])

- That in the context of separating the duties of the Risk and Actuarial functions, the Directive is abundantly clear and that undertakings "...cannot deviate from [the Directive's] distribution of tasks"

3.62 (All "Policy"-related guidelines)

- That efforts should be targeted towards drafting the required documents during the preparatory phase. I would imagine this would be "re-working" in the UK, where such activity is most probably long done.

3.67 (Guideline 19)

- That there is no compulsion for firms to operate an electronic database to store operational risk events

3.85 (Chapter VIII [Actuarial])

- That, regardless of the absence of a valuation framework for TPs, the processes behind their co-ordination and calculation justify early activity, rather than "wait and see" on Pillar 1.

3.124
- Regarding Op Risk, activity will have to include "...identifying all operational risks that have crystallised and their near misses" (my emphasis)

Relatively easy in summary then - if it was a gap/issue in your system of governance in March, it probably still is, so go and fix it!