UK Senior Insurance Managers Regime - just be natural...

The PRA’s Supervisory Statement on Strengthening Individual Accountability in Insurance (SS35/15) has been released, not that far apart from their demolition job on Co-op Bank’s system of governance, which demonstrated something of an absence of such accountability across all three lines of defence, quite a feat!

While the Banking industry have been catered for on this topic with a few more bells and whistles, most noticeably by including an element of criminal liability  for their senior management (thanks Fred!), the approach for insurers and banks is supposed to be largely consistent.

The doc itself rather awkwardly references multiple sections of the incoming PRA Rulebook which, as yet at least, doesn’t exist as a conventional reference site, though it is due for release in “the summer” (the PRA subsequently released the new site 3 days after I published this post - that'll teach me!). It still pays to fish through the appendices of old Consultation Papers to get the materials cross referenced in this Supervisory Statement (here for most of them, from p44)

SIMF Interviews - "Next"...

I did cover this topic when the consultation paper first hit the table, and for those of a nervous disposition, the PRA have since produced a nice one-pager summarising what you need to know in the context of Approved Persons, Solvency II etc here (and done so much better than me, I hasten to add!). In addition, the transitional map from CF-XX to SIMF-YY is already available here.

I had a look through (largely ignoring the Group and Third Country specifics) to see if there was anything new and exciting since the consultation, and naturally there isn't! That said, the industry feedback received is detailed here (section 2), while I noted a few things below for my own benefit;

• PRA not concerned about individuals located overseas, unless they are involved in strategic implementation, as opposed to strategy formulation (2.11).
• Alerting to potential PRA blocking of SIMF applications where someone wishes to wear more than one hat, citing the obvious CEO & Chair example (2.15)
• Persons allowed to do the same function in more than one firm - targeted perhaps at the floating actuary contignent who do the CF12 job for a few firms?
• Awkwardly try to accommodate SIMF job-sharing, but lean towards discouraging it in the text (2.17-2.19)
• List a few examples of what firms might consider to be "Key Functions" over and above those named in the Solvency II legislation, being particularly keen on Investments (2.25 and 2.27)
• On the list of 11 Prescribed Responsibilities, they do their best to keep the NED world out of assuming any of them (2.40)!
• Some attempt to informally restrict Chairpersons from filling their time with multiple other roles and responsibilities (2.44)
• A timely reference, given the Co-op Bank Final Notice, to ensuring that Boards understand the Threshold Conditions (p12-13) and Fundamental Rules.

The Individual Conduct Standards (from p16) all seem fair at face value, with a bit of devil in the details, such as;

• Key function holders being told (3.19) to not only meet the letter of the prevailing regulatory system, but also not to engage in "...creative compliance or regulatory arbitrage" - spoilsports!
• Expectations that Key Function holders "take reasonable steps" to ensure that the business has sufficient systems of control, even if they delegate some, or indeed most, of the associated tasks themselves (3.20-3.22).
• That should you breach any of the Conduct Standards, it materially affects your fitness and/or propriety, and therefore the PRA expect to be notified

Finally, to clear up that age-old debate, the PRA clarified in 2.4 that it "...does not expect persons other than natural persons to be approved for a SIMF". Anyone with career ambitions had better lay off the Botox and Bronzing then...

Central Bank of Ireland speeches - "and there's more"...

Solvency II-ready?
"It's the way I tell them"...

I rejoiced on Friday at the sight of more speech material emerging from the Central Bank of Ireland directorate, if only due to the Frank Carson* gag I could wheel out due to the volume of their recent speech-giving...

As an industry we should always be happy to hear the regulator on lead vocals, so I gave the pair of speeches released a once-over to see what Irish concerns have justified the recent bounty of public addresses.

Deputy Governor Cyril Roux was very targeted in his speech, delivered to PwC's Annual CEO Dinner. It apparently gave him "great pleasure" to be in PwC's offices, which presumably means they weren't on the meter...

Some of the statistics and comments served to highlight that Ireland is something of a special case in the context of Solvency II, in that two-thirds of Irish gross premiums are to cover 'foreign risks', and that many insurers under their auspices will not have proximity to or oversight of much of their distribution network.

A few messages jumped out from the rest of the speech;

• A lot of positive messages had a caveat implicitly wrapped with them - "...we are in the main satisfied with your engagement with the Central Bank"; "On the whole international firms generally file returns on time..."; "I also commend your general adherence to our Corporate Governance Code..."
• Goes as far as using the IMF's recent review findings to tell firms to stop poaching regulatory staff while simultaneously complaining about turnaround time!
• Nice point about keeping focused on current risks through the PRISM framework, rather than drifting into Solvency II mode before 2016.
• Having recently been complimented by Sr. Bernadino on Ireland's reserving governance (p12), he reinforced that assumptions pertaining to reserves are expected to be "critically debated".
• On ORSA, that the CBoI "...expects to see Boards actively directing the use of risk management tools...such s stress or scenario testing"
• On Internal Modelling, he not only expects Boards to "...have sufficient knowledge and skill to challenge the model outputs", but adds that they "...like to see a Board direct the modellers in their firms to run specific stresses and scenarios prior to an item being discussed at the Board" - a big advance on previous murmurings on use test from supervisory bodies.
• Pulls up firms who are seemingly not tailoring their model's parameters for the Irish-specific business.
• Similarly a message of insisting that cross-border distributors tailor Group-driven materials and processes for the Irish market such as "...group policies and output, such as the ORSA, and internal model...".
• A cute but important distinction that "embedding" Solvency II, rather than complying with it on paper, is still going to take considerable effort.

Sylvia Cronin's speech (well, the Solvency II aspect of it) stayed along the same lines as she pursued at the Industry event in late April, where she was harsh on a number of specific elements in preparatory phase ORSA Reports which had been observed.

In a section of the speech covering "challenges to be overcome", a number of pieces of insistent ORSA direction are given, for example;

• "Your Board must use the ORSA to more fully align business strategy and capital"
• "You also need to use it as a lever to discharge your core responsibility not to take on risks and exposures which the capital base does not support".
•  "...there is a lot of work yet to do by firms to get this element of the new regime embedded to the extent we required" - I add here that, given they will have only reviewed 2014's preparatory phase ORSA Reports and Processes, is this not a given, particularly after CBoI sponsored a template-filling approach for the smaller firms?

On the wider world, the speech covers;

• That Solvency II sets out "clear standards and expectations around your internal control and risk management" - agree on the latter, but the former?
• Believes that the "scope for subjective judgement" may open up regulatory arbitrage opportunities, and that "a number of iterations" will be required before EU-wide consistency is achieved, in a sly dig at, errrr, everyone in mainland Europe! 
• Similarly, the volume of cross border business HQd in Dublin poses a problem due to the geographical boundary of CBoI's "prudential remit"
• Reinforces the message fro April that Pillar 3 readiness is a growing concern
• A large suite of views on Conduct Risk, where "culture" and "conduct" are hogtied together as the grimmest twins since DeVito and Schwarzenegger - that message won't be changing in a hurry, so I strongly recommend your work in that area caters to the supervisor's tastes.

Useful insight from what appears to be a supervisor with their sleeves rolled-up - keep up the good work.

* PS I know the connection is tenuous as he's a Belfast man, but give me a chance!

Approved Persons in UK under Solvency II - "SIMF-ly The Best"?

The UK prudential and conduct supervisors doubled-up this week with a barrage of paperwork regarding "Fit and Proper" assessment of senior staff members in Insurers under Solvency II.

This was already acknowledged as an area where intelligent copy-out wouldn't quite cut the mustard for UK plc, so no doubt the Compliance functions of insurance entities have been looking forward to these publications appearing. Given the light touch on the topic in the Directive (Art.42) and Delegated Acts (Art.273), this is very much welcome gristle.

Evidently "Proper" - but "Fit" enough?

While the maintream media has cranked out some comment already on both the FCA (here) and PRA approach (here, here and here), they are naturally broad with their brushes. I thought I would cut it up into my much more insular world of "what does it mean for Key Functions under Solvency II".



PRA Consultation Paper

• The regulatory framework for individuals will be called the Senior Insurance Managers Regime (SIMR), and will come into force from 1st Jan 2016. 
• The CP is targeted at ensuring fitness and propriety of individuals running an insurer, or performing a Key Function.
• NED's have been left out of this paper, as there is a wealth of comment already provided on a separate joint FCA/PRA consultation from the Banking industry.
• That said "...the regime for insurers should not be identical to the regime for banks". 
• While Controlled Functions continues to exist as a PRA term, it will be interchangeable with the term Senior Insurance Management Functions ("SIMFs"), which I have used below.

Going into detail, we find the following;

• CEO, CFO, CRO and Head of Internal Audit are all SIMFs, with Chief Actuary, WP Actuary and a couple of Lloyds-specific roles also lined up.
• Some Group-specific SIMFs also created.
• Any Solvency II "Key Function" holders who are not SIMFs will simply be assessed within the business, with the PRA having right to overturn. I thought this would include the Head of Compliance, but they are picked up by the FCA (below). Not sure who else could be Key Function but not a SIMF, unless some SIMF role-holders don't plan to also do a day job.
• List of new Core Responsibilities provided which need to be allocated to one or more SIMFs (2.21). These include the old chestnuts of remuneration policy and "culture" in its broadest sense, as well as performance of ORSA.
• A form will follow which needs to be completed by firms for all prospective SIMFs and Key Function holders containing "relevant information" on them - I suspect this will be a LinkedIn cut-and-paste job.
• Obligation to make and maintain a "Governance Map" listing the positions and key functions which run the firm, the allocation of management responsibilities (including the new ones in 2.21 presumably) and relevant reporting lines. Oddly, the PRA think "...there will be some costs in compiling and maintaining the Governance Map", when it feels like a lazy Thursday morning for Company Secretarial to me...
• Some reinforcement of Conduct standards for SIMFs and Key Function holders, with Key Function holders having an additional policyholder protection-related standard added to their armoury.
• Emphasise that Fit and Proper needs to be assessed on an ongoing basis, as opposed to periodically, which effectively gives the regulator a get-out-of-jail when a bad apple SIMF mismanages a firm (i.e. "why didn't you pick it up internally first?").
• Solvency II brings in a legal requirement for firms to satisfy themselves of a candidate's fitness and propriety before sending applications to the PRA. They therefore plan to assess whether firms recruitment processes are "appropriately rigorous", which feels like a step into the un-assessable (if that is even a word).

Proposed Supervisory Statements are appended to their document covering the assessment of fitness and propriety, and the application of new conduct standards. From those I would highlight;

• "The norm" is for single individuals to perform SIMFs
• That firms may add to the list of conventional Key Functions using a bullet-point checklist
• Firms can "...freely decise how to organise each function in practice"

FCA Consultation Paper

• The existing Approved Persons Regime will be adapted to fit Solvency II and PRA/EIOPA requirements, as well as existing application forms.
• "Pre-approval" will therefore still exist in 2016.
• While the PRA pick up approval of most Key Functions under Solvency II, the FCA keep hold of the approval of Compliance Function heads, which don't feature in the SIMF list.
• Give themselves some leeway to impose approval and conduct obligations on "certain other functions" in insurers
• Appear to be combing over conduct-related rules from their work with the banking industry

Frankly, the amount of crossover between prudential and conduct regulators, existing and new rulebooks, and banking and insurance industries, makes this particular topic an awkward read, which is why I don't work in Compliance!

Levity aside, the outcome of these consultation papers will have a significant effect on insurers existing onboarding and approval processes, content of executive job specifications, and indeed the fundamental operacy of governance systems, given the level of prescription involved. Now would be a good time to start briefing!

PwC and CSFI's 2013 Insurance Banana Skins survey - "Conduct Risk" firmly a la mode

Following on from the 2011 version, PwC and the Centre for the Study of Financial Innovation have pumped out another version of their Insurance Banana Skins survey, identifying how well the insurance industry feels it is prepared to handle a list of pre-identified risks. The average response on a scale of 1 to 5 was 2.97, which rather unrevealingly suggests the industry is averagely prepared to manage its collective risk profile.

EU Legislative process - not for vegans

This survey was conducted during March/April 2013, and elicited 662 responses from 54 countries, with two-thirds of respondents coming the insurance industry (the rest consultants/brokers etc). Almost half were European, so no surprises that the risks emerging from the regulatory environment were top of the pops for the second survey in a row. Solvency II gets a particularly flavoursome mention, with reference to its struggles to get through the "Brussels Sausage Machine"...

Bearing in mind the exquisite pressures being applied by the EU machinery to quantify risk, this publication is a welcome return to horizon scanning, qualitative assessment and emerging risk, all of which is handy for the ORSA posse, who according to recent surveys, should be all over this during 2013.

Some very interesting snippets emerge from the report, in particular;

• "Conduct Risk" - if ORSA was the new boy in 2012, then its 2013 counterpart is surely Conduct Risk, which I suspect didn't warrant a category of its own in many risk managers thinking until the return of twin peaks regulation in the UK. Conduct Risk has shot up the charts in its significance for insurers, now sitting 4th (from 18th last year)! Specifically, the suggestion that insurers are now "...looking beyond conduct risk as simply a compliance exercise" makes you wonder what some firms through were acceptable products in the last 10 years!
• "Guaranteed Products" - was not listed last time around, now jumps to number 6
• Actuarial Assumptions (which can easily mask the emergence of a number of the risks listed) unchanged at 12th
• Capital availability down from 2nd last time to 16th this year - interim period been spent squirrelling capital away, or happy that the onerous elements of Solvency II are (thanks to Germany) in the distant future?
• Reputational risk still in mid-table, at 14th

And sectoral/country specific;

• Surprisingly, the Life sector doesn't have actuarial assumptions in its top ten concerns
• Equally surprisingly, the non-life sector doesn't have regulation in its top ten concerns - clearly happy with their proposed Solvency II lot!
• That reputation doesn't feature in reinsurer's top ten - with customers likely to be eager yet more discerning  under Solvency II, one would think this is an area for enhancement in order to stand out from the similarly-rated crowd
• The quality of risk management appears to have spiked as a concern largely due to the emergence of emerging market firms into the space playing catch-up (on paper at least), as well as concerns that some firms are playing at risk management without making necessary adaptations to the prevailing risk culture.