UK Senior Insurance Managers Regime - just be natural...

The PRA’s Supervisory Statement on Strengthening Individual Accountability in Insurance (SS35/15) has been released, not that far apart from their demolition job on Co-op Bank’s system of governance, which demonstrated something of an absence of such accountability across all three lines of defence, quite a feat!

While the Banking industry have been catered for on this topic with a few more bells and whistles, most noticeably by including an element of criminal liability  for their senior management (thanks Fred!), the approach for insurers and banks is supposed to be largely consistent.

The doc itself rather awkwardly references multiple sections of the incoming PRA Rulebook which, as yet at least, doesn’t exist as a conventional reference site, though it is due for release in “the summer” (the PRA subsequently released the new site 3 days after I published this post - that'll teach me!). It still pays to fish through the appendices of old Consultation Papers to get the materials cross referenced in this Supervisory Statement (here for most of them, from p44)

SIMF Interviews - "Next"...

I did cover this topic when the consultation paper first hit the table, and for those of a nervous disposition, the PRA have since produced a nice one-pager summarising what you need to know in the context of Approved Persons, Solvency II etc here (and done so much better than me, I hasten to add!). In addition, the transitional map from CF-XX to SIMF-YY is already available here.

I had a look through (largely ignoring the Group and Third Country specifics) to see if there was anything new and exciting since the consultation, and naturally there isn't! That said, the industry feedback received is detailed here (section 2), while I noted a few things below for my own benefit;

• PRA not concerned about individuals located overseas, unless they are involved in strategic implementation, as opposed to strategy formulation (2.11).
• Alerting to potential PRA blocking of SIMF applications where someone wishes to wear more than one hat, citing the obvious CEO & Chair example (2.15)
• Persons allowed to do the same function in more than one firm - targeted perhaps at the floating actuary contignent who do the CF12 job for a few firms?
• Awkwardly try to accommodate SIMF job-sharing, but lean towards discouraging it in the text (2.17-2.19)
• List a few examples of what firms might consider to be "Key Functions" over and above those named in the Solvency II legislation, being particularly keen on Investments (2.25 and 2.27)
• On the list of 11 Prescribed Responsibilities, they do their best to keep the NED world out of assuming any of them (2.40)!
• Some attempt to informally restrict Chairpersons from filling their time with multiple other roles and responsibilities (2.44)
• A timely reference, given the Co-op Bank Final Notice, to ensuring that Boards understand the Threshold Conditions (p12-13) and Fundamental Rules.

The Individual Conduct Standards (from p16) all seem fair at face value, with a bit of devil in the details, such as;

• Key function holders being told (3.19) to not only meet the letter of the prevailing regulatory system, but also not to engage in "...creative compliance or regulatory arbitrage" - spoilsports!
• Expectations that Key Function holders "take reasonable steps" to ensure that the business has sufficient systems of control, even if they delegate some, or indeed most, of the associated tasks themselves (3.20-3.22).
• That should you breach any of the Conduct Standards, it materially affects your fitness and/or propriety, and therefore the PRA expect to be notified

Finally, to clear up that age-old debate, the PRA clarified in 2.4 that it "...does not expect persons other than natural persons to be approved for a SIMF". Anyone with career ambitions had better lay off the Botox and Bronzing then...

Insurance Banana Skins in 2015 - PwC and CSFI

PwC and the CSFI guys have teamed up for another Insurance Banana Skins publication, a particularly useful doc for the BAU Risk world, and one which I have covered on the blog in years gone by (well, 2011's and 2013's anyway).

In particular, I always found it useful as a means of digging out the kinds of awkward cross-bred expressions which would invariably end up rolling out of 75-year-old INEDs’ mouths at the next Risk Committee meeting, probably due to someone trying to sell insurance cover for it, or a business journal doing a centre spread about it. On this basis, I was delighted to see “Cyber Risk” given prominence this time around, which is the highest new entry, and apparently a “new risk” - here’s the sales forum, and here’s the HBR white paper!

Sarcasm aside, given this pulled in over 800 responses from around the globe, and across the distribution and provision side of the industry, the content is worth poring over and briefing colleagues on if this is your day job. There are also plenty of quotes from the great and good wrapped up inside as well.

I’ve only jumped on a few of the findings below;

• Regulation remains the top risk for the 3^rd survey running, and for the 4^th out of the 5 actually held. It did take a ‘world’s end’ scenario for investment returns to knock it off the top in 2009 though, which suggests that those surveyed are happy to bleat about regulatory concerns, regardless of the rest of the exogenous threats to insurance firms.

• Much of the top ten is focused on investments and returns, whether it be interest rates, investment performance or guarantees.

• Governance and management of insurance companies seen as an area of declining risk – does it therefore warrant the Banking industry-inspired whip that SIMR is about to introduce in the UK?

• Similarly, Business Practices, incorporating misselling, is falling down the list – not sure a UK-only survey would be so generous!

• Cyber Risk itself was only #6 on the list for Life Companies, while #1 for Non-Life – wonder why the guys who are selling cover rate it so highly? Of more interest, North America had it as #1 “by some margin” – this suggests the wave will be coming across the Atlantic in the next 12 months (a nice precursor of how that will emerge here)! It is written up nicely however, with cloud storage, and the richness of data held on customers, being elements which make insurers prime targets. It doesn’t dwell on the proliferation of legacy systems in insurers however, which always felt to me a good reason for criminals to ‘have a crack’.

• Europe considered the interest rate environment, regulation and guarantees to be the top 3 banana skins, which given the aggressive tailoring applied to Solvency II in the drafting stages to negate country-specific difficulties in these areas (MA/VA/Transitionals), is no surprise.

Oh, to have a day job again…

Approved Persons in UK under Solvency II - "SIMF-ly The Best"?

The UK prudential and conduct supervisors doubled-up this week with a barrage of paperwork regarding "Fit and Proper" assessment of senior staff members in Insurers under Solvency II.

This was already acknowledged as an area where intelligent copy-out wouldn't quite cut the mustard for UK plc, so no doubt the Compliance functions of insurance entities have been looking forward to these publications appearing. Given the light touch on the topic in the Directive (Art.42) and Delegated Acts (Art.273), this is very much welcome gristle.

Evidently "Proper" - but "Fit" enough?

While the maintream media has cranked out some comment already on both the FCA (here) and PRA approach (here, here and here), they are naturally broad with their brushes. I thought I would cut it up into my much more insular world of "what does it mean for Key Functions under Solvency II".



PRA Consultation Paper

• The regulatory framework for individuals will be called the Senior Insurance Managers Regime (SIMR), and will come into force from 1st Jan 2016. 
• The CP is targeted at ensuring fitness and propriety of individuals running an insurer, or performing a Key Function.
• NED's have been left out of this paper, as there is a wealth of comment already provided on a separate joint FCA/PRA consultation from the Banking industry.
• That said "...the regime for insurers should not be identical to the regime for banks". 
• While Controlled Functions continues to exist as a PRA term, it will be interchangeable with the term Senior Insurance Management Functions ("SIMFs"), which I have used below.

Going into detail, we find the following;

• CEO, CFO, CRO and Head of Internal Audit are all SIMFs, with Chief Actuary, WP Actuary and a couple of Lloyds-specific roles also lined up.
• Some Group-specific SIMFs also created.
• Any Solvency II "Key Function" holders who are not SIMFs will simply be assessed within the business, with the PRA having right to overturn. I thought this would include the Head of Compliance, but they are picked up by the FCA (below). Not sure who else could be Key Function but not a SIMF, unless some SIMF role-holders don't plan to also do a day job.
• List of new Core Responsibilities provided which need to be allocated to one or more SIMFs (2.21). These include the old chestnuts of remuneration policy and "culture" in its broadest sense, as well as performance of ORSA.
• A form will follow which needs to be completed by firms for all prospective SIMFs and Key Function holders containing "relevant information" on them - I suspect this will be a LinkedIn cut-and-paste job.
• Obligation to make and maintain a "Governance Map" listing the positions and key functions which run the firm, the allocation of management responsibilities (including the new ones in 2.21 presumably) and relevant reporting lines. Oddly, the PRA think "...there will be some costs in compiling and maintaining the Governance Map", when it feels like a lazy Thursday morning for Company Secretarial to me...
• Some reinforcement of Conduct standards for SIMFs and Key Function holders, with Key Function holders having an additional policyholder protection-related standard added to their armoury.
• Emphasise that Fit and Proper needs to be assessed on an ongoing basis, as opposed to periodically, which effectively gives the regulator a get-out-of-jail when a bad apple SIMF mismanages a firm (i.e. "why didn't you pick it up internally first?").
• Solvency II brings in a legal requirement for firms to satisfy themselves of a candidate's fitness and propriety before sending applications to the PRA. They therefore plan to assess whether firms recruitment processes are "appropriately rigorous", which feels like a step into the un-assessable (if that is even a word).

Proposed Supervisory Statements are appended to their document covering the assessment of fitness and propriety, and the application of new conduct standards. From those I would highlight;

• "The norm" is for single individuals to perform SIMFs
• That firms may add to the list of conventional Key Functions using a bullet-point checklist
• Firms can "...freely decise how to organise each function in practice"

FCA Consultation Paper

• The existing Approved Persons Regime will be adapted to fit Solvency II and PRA/EIOPA requirements, as well as existing application forms.
• "Pre-approval" will therefore still exist in 2016.
• While the PRA pick up approval of most Key Functions under Solvency II, the FCA keep hold of the approval of Compliance Function heads, which don't feature in the SIMF list.
• Give themselves some leeway to impose approval and conduct obligations on "certain other functions" in insurers
• Appear to be combing over conduct-related rules from their work with the banking industry

Frankly, the amount of crossover between prudential and conduct regulators, existing and new rulebooks, and banking and insurance industries, makes this particular topic an awkward read, which is why I don't work in Compliance!

Levity aside, the outcome of these consultation papers will have a significant effect on insurers existing onboarding and approval processes, content of executive job specifications, and indeed the fundamental operacy of governance systems, given the level of prescription involved. Now would be a good time to start briefing!