PRA Pillar 3 Working Group - testing commences

Bit of activity on the Pillar 3 front, with the PRA's industry working group publishing minutes from their 'recent' meeting (i.e. 2 months ago).

Rather than another bleat about late delivery in contravention of their Terms of Reference (bottom of last page!), let's enjoy the content for what it is, which is incredibly useful.

Data Collection and xBRL
A few basics were formally tabled, such as the PRA completing their vendor selection for a data collection system, and a note that the xBRL process chosen across the EU has "some commonality". Of particular interest is the commencement of a testing sub-group which has been charged with assisting the PRA in getting their technology up and running with sample data, and that work is apparently ongoing as we speak.

They have planned to allow selected submittors to dry-run their facilities in Q1 2015, before opening it up to all other firms obliged to submit material in the preparatory phase in Q2. Not sure how much lag this set-up allows, so let's hope they get happy before Christmas!

External Audit and Pillar 3
Another sore point has been the potential inclusion, on a short or long-term basis, of external auditors in the preparation and delivery of Pillar 3 reporting (raised on the Solvency II Wire last month). The PRA opine that external audit requirement guidelines "...are not scheduled to be included" in the forthcoming ITS, and that EIOPA has not decided when to issue public consultation on the matter, though they will at some point.

Clearly the PRA have ambitions to continue their existing requirements for the external audit of regulatory submissions, as evidenced by their preparatory phase approach to gaining comfort on Solvency II Balance Sheet components of all IM applicants and larger SF firms, which will pad out a few partner's wallets at the Big 4 (though perhaps for the right reasons).

Lobbying and questions
Effectively told the attendees to direct more questions to EIOPA rather than them, and in particular to wait for EIOPA's second set of ITS, due any day now. On the basis that ITS will (probably) be accepted by the Commission as delivered, the PRA are reminding firms that this is effectively the only window for the industry to bleat.

Board sign-off of QRTs
A huge bugbear across the industry was the implication, reinforced through the PRA's Pillar 3 Q&A document (Q20, last page), that June 2015 would see piles of QRT material tabled at Board meetings across the UK for them to formally approve. They confirmed at this meeting that the Board "...may choose to delegate aspects of the process for operational reasons" - CFO sign-offs all round!

Asset Data, and interaction between Asset Managers and Insurers
A slightly odd, but very relevant point was raised regarding Insurers interacting with their asset managers to ensure they get the right quantity and level of granularity in their asset data to populate the QRTs. The PRA are naturally concerned about this, given the shortening timeframe, and given that the asset management industry themselves appear to be making some voluntary efforts, it feels like the insurers have some work to do.

Deloitte's 8th Global Risk Management Survey - cause for concern?

A survey from Deloitte has recently hit the news stands, namely the 8th edition of their Global Risk Management Survey - I thought I'd postpone my August holidays to pick through the bones of it (?).

The data was gleaned from an online survey they sent out to CRO/equivalents back in Sept-Dec 2012, so is a bit dusty, and there were 86 respondents, so a half-decent sample. It isn't dominated by a particular sector or continent (p7), but there are more conglomerate/bank-heavy respondents than pure insurers.

There is an infographic for those of a short attention span with a few headline numbers, but having sifted through the larger doc, I found the following elements worthy of note;

Boards, Committees and Risk Management

• 80% of Boards are reviewing and approving Risk Management Policies/ERM Frameworks and Risk Appetite Statements. Bearing in mind the types of organisation in the sample, that is disappointingly low.
• 25% don't review individual risk policies
• 23% don't review strategy against risk profile
• Almost half don't invite CRO to EXCOM meetings
• Almost two-thirds delegate risk oversight to satellite committees (and two-thirds of those delegate to a Risk Committee)
• Only half have their Risk Committee chaired by an INED.
• Use of specific management risk committees for individual risk types tends to cluster around the 40-60% bracket (for example, 60% have an ERM committee, while 44% have an Op Risk Committee). Heavily weighted by organisation size i.e. larger ones tend to have them! 
• Emerging risk reporting not supplied to 30% of Boards
• Model validation results not supplied to 70% of Boards!
• 66% (of insurance respondents) have their Boards responsible for reviewing economic capital results

CRO and Risk Management Function

• 97% of large respondents have a CRO, 81% of smaller firms 
• 88% using "3 Lines of Defence" (almost all of the larger respondents do)
• 62% have an "ERM Programme"
• 58% increasing risk management budgets (still!)
• In the list of tasks currently performed by CROs, the fact that only 63% are involved in the approval of new business lines/products is pretty telling, and not in a good way.

Other control functions

• Almost half of respondents said that Internal Audit and the ERM Framework do not use common risk categories and language.
• 33% do not have a independent model validation 'function' (remember, the banks are in these stats as well!) - most of those who have made provision park it in the Risk Management function.

Risk management techniques

• 90% using some form of stress testing in the business, with most saying the outputs are used in business planning, strategy setting and identifying risk tolerance. More than half however don't use the outputs in the allocation of capital to lines of business.
• 74% have some type of Stress Testing policy
• Over 20% either do not have a Risk Appetite Statement, or only have a quantitative one
• Almost 70% still use regulatory capital as one of their quantitative measures in their Risk Appetite Statements
• Risk limits tending to be set at enterprise level, as opposed to business or desk/subsidiary level - stats are a little murky due to the emphasis towards banking sector.
• Model risk and Liquidity risk seem to be the risk types least factored in to companies ERM programmes

Management of Key Risks

• Full list on p24, with the percentage shown representing the number of respondents who thought their management of each risk was "extremely" or "very" effective - stand outs were that perceptions of the effectiveness of the management of Operational, Model, Outsourcing and Data risks appear to be much lower than one would hope, with Lapse risk management ranked unusually high.
• Op Risk KRIs and Loss data only collected in 60% of respondents
• Just over half are modelling Op Risk in some way - varying degrees of complexity experienced
• Most are using stress testing and/or reserving to assess Insurance risk - over 40% not currently using EC, and over 50% not using VaR.

Risk and Reward

• Almost 60% of remuneration schemes have no clawback provisions
• Almost 70% of schemes do not align incentive payouts with the term exposure of the underlying risks

Solvency II-specific

• 92% (of relevant responders) will focus resource on ORSA in next 12 months
• 77% will focus resource on Data Quality in next 12 months
• 69% will focus resource on Documentation and Reporting in next 12 months
• Less than 25% rate their processes and systems for Data Governance extremely/very effective.
• Declining trend of insurers who will be modelling economic capital (p19)
• Only 80% actually calculate Economic Capital
• Some very grim stats on p21 covering which risk types are modelled for EC purposes (underwriting risks seemingly very low on the list)

There are a number of areas touched on here which fall short of pending (or indeed actual) national/international regulations and codes, never mind "best practice". Perhaps we can account for the innate conservatism of CROs in their responses, and assume things aren't quite as bad as they have self-assessed here?

Solvency II "Where are we now" - summaries from Milliman and PwC

Some useful "where are we now" materials have emerged over the last couple of weeks which you may find helpful, if only to validate your own interpretations of the current state of play:

PwC Ireland preparing for solvency II

Predominantly covers summaries of EIOPA's preparatory guidance, with some nice touches around;

• Differences between Irish Corporate Governance code and L3 system of governance demands (p15)
• Insisting that "an automated solution is required" for the reporting to NCAs, no doubt in the hope of drumming up some work out of such projects now that Pillar 2 work is largely done (p27)
• Comprehensive Use Test schematic (p39)
• General problems encountered meeting data requirements (p47)

In addition, PwC appear to be facilitating the set-up of a CRO Network over in Ireland, which will allow "all the different professional skills that feed into risk management" a place to swap Solvency II risk function-related war stories. First meeting at the end of the summer, can't wait to hear the outcomes.

Milliman - Solvency II Where are we now?

This very detailed slide package was released last week, and like the item above, covers all of the timeline-related activity around EIOPAs L3 work. It goes into updating readers on the latest position on;

• Economic Balance Sheet - noting similarities and differences in IFRS Phase II/Solvency II approaches to valuation, and a large amount of detail around technical provisions
• Data Management - retreads some of the FSA's findings from last year
• SCR - Covers latest standard formula position, as well as partial internal models and generic IMAP issues (again, retreading FSA letter content from last year). Particularly nice IM schematic on slide 21
• System of Governance - Basics on general requirements, function requirements and risk categories (which they have as 'risk management areas'). ORSA piece is fairly generic, but the schematic on Risk Appetite Frameworks (p35) is quite handy.
• Supervisory review - covers circumstances around capital add-ons and how they see the PRA identifying and assessing such instances.
• Supervisory disclosure - SFCR, RSR and QRT content and timetables for submission. Particularly useful to have this summarised, bearing in mind EIOPA's expectations for the interim period are for a subset of the full QRT suite previously published
• Insurance Groups and Equivalence are also covered at the end

Plenty of substance between the two (around 100 slides), so if you have an hour to kill, sers toi tout seul!

EIOPA preparatory guidelines - pre-application for Internal Models

Consultation on Pre-application for internal models guidance  (plus explanatory text)

As staggering as it is frightening, and perhaps indicative of the diversity of approaches currently on parade across the Union, the pre-application for IMs preparatory guidance is 60 pages, comprising of 72 guidelines, accompanied by a whopping 144 pages of explanatory text. This accompanies the existing 82 pages of L3 guidance on the matter released by then-CEIOPS in 2010! A sub-group of EIOPA's IRSG has been assigned to deal with the nitty gritty of this element of the preparatory guidelines.

On first read, this feels massively influenced by the UK's activities to date, and indeed anyone working in that space will recognise FSA pawprints all over the granular details contained within. This is fair I suppose - the InsuranceERM models map has the UK down for around 1/3rd of models currently in 'pre-application' across the continent.

Therefore bearing in mind the UK approach is already pretty well established, I have highlighted below areas which either diverge from what is currently being exercised on the ground, or which clarify (at least for me!) areas which were previously ripe for controversy or disproportionate/inconsistent application. Where it is common sense or continuez tout doit, I have ignored it.

Most importantly, I am reading it as a fait accompli - bearing in mind the short window of time between consultation end and period commencement, EIOPA's recent past on consultation responses (i.e. 'thanks but no thanks') and the UK's evident participation in the bulking of these guidelines, I don't see much room for lobbying swathes of this away, nor for the PRA to "explain" rather than "comply"!

GENERAL GUIDELINES

Guideline 3

• As well as nature, scale and complexity, "design, scope and qualitative aspects" of the IM should be considered when allowing for proportionality 

Guideline 4

• Any model changes pre-application look like they will be pored over by NCAs, including the associated change approval process 

MODEL CHANGES

Guideline 5 - Model Change Policy

• Policy should, as well as SCR-related changes, include changes to: system of governance (around model change); compliance with Use Test requirements; appropriateness of technical specifications and changes in Risk Profile

Guideline 6

• Approach to classifying "major" changes is expected to be objective
• Must also take into account specificities of the company (so benchmarking percentage changes against your neighbours may not be that useful) 

Guideline 7

• Aggregated change triggers must be considered, not just isolated changes
• Offsetting positives and negatives won't be acceptable to avoid a "major change" trigger!

Guideline 8

• Major/minor changes must be determined at Group and entity level

USE TEST

Guideline 9

• "No complete and detailed list of specific [model] uses" will be supplied by NCAs.

Guideline 11

• Granularity of the Risk Management System will need to match the IM in terms of categorisation
• The "structure of decision making fora" will be assessed in ensuring the IM fits to the business - extraordinary!
• Records expected to be available to show how IM outputs are designed

Guideline 12

• Assessment of training, seminars, workshops, meetings and direct interviews "should be considered" in pre-application

Guideline 13

• Will need to "ensure [IM] will be used" during pre-application, as opposed to "use it"
• Expectation that, if other tools are used in decision making, IM is improved having assessed inconsistencies against said tools

Guideline 14

• Evidence of prospective support and retrospective verification of decision making would be advisable for candidates

Guideline 15

• Must document where model is not aligned to the decision ultimately made

ASSUMPTION SETTING/EXPERT JUDGEMENT

Guideline 19

• "Materiality" in the context of assumptions will need to be both qualitatively and quantitatively assessed - should generate some healthy Risk/Actuarial function debate!

Guideline 20

• A validated and documented process for assumption setting and expert judgement will be required
• Sign-off on assumptions will need "sufficient seniority", up to and including AMSB

Guideline 21

• A formal and documented feedback should be maintained between assumption setters and users

Guideline 22

• On the transparency of assumption setting, point 1.64 here effectively asks for an Assumptions Register, as well as dictating what it expects to see in it.

Guideline 23

• Process mapping of some kind expected for the validation of assumption setting
• Independent assumption review is also expected - doesn't dictate whether this should be internal/external, but it will keep someone in clover no doubt.

METHODOLOGICAL CONSISTENCY

Guideline 26

• Methodological consistency to be validated

P&L ATTRIBUTION

Guideline 37

• Point 1.105 seems to confirm P&L attribution by risk driver is required

Guideline 39

• P&L attribution must be used at least annually in the decision making process

Guideline 40

• P&L attribution to be used in the validation process (specifically, old ones to be compared against  experience

VALIDATION

Guideline 41 - Validation Policy to contain at least

• Process, methods and tools, and their purposes
• Frequency of validation for each part of the IM, and triggers for ad-hoc validation
• Persons (not roles) responsible for each task
• Procedure to be followed where reliability of IM is questioned, and ensuing decision making process

Guideline 42

• Shies away from touching Internal Model scope when talking of validation scope - great move!

Guideline 43

• Evidence of sensitivity testing expected when determining materiality

Guideline 44

• Must document known limitations of validation process, as well as circumstances where the process falls over
• May even be asked to quantify the degree of uncertainty!

Guideline 45

• A documented escalation path would be advised

Guideline 46

• Risk Management function will be pressured, as the function with overall responsibility, to ensure all tasks are completed (if not directly performing them) - new skill set?

Guideline 47

• Evidence of how the RM function ensures that the validation process remains independent of IM design and ops should be collected/enhanced

Guideline 49

• A process will be expected to ensure the choice of validation tools used considers; complexity, nature, independence and knowledge of participants - feel this could be tricky for the smaller IMAP guys without leading to additional spend on consultants

Guideline 50

• Must be able to document the appropriateness of the validation tools used accounting for; materiality of IM part, granularity of the data being tested, purpose of the task and the expected outcome

DOCUMENTATION

Guideline 53

• Expectation of a "...clear referencing system [for IM documentation] which should be used in a documentation inventory"

Guideline 55

• An overall summary of IM shortcomings, "consolidated into a single document" will be expected
• This needs to cover at least; Risks not modelled, limitations in modelling, sources of uncertainty in results, data deficiencies, external models/data, IT limitations and governance limitations.

Guideline 56

• Potential suggestion that there should be more than one level of IM documentation to suit other audiences/uses - IM for Dummies anyone?

Guideline 57

• End-to-end User Manual expected which an Independent Knowledgeable Third Party could operate

Guideline 58

• Stress that a single document containing all model outputs (as Use Test evidence) is not required - acceptable as single docs

EXTERNAL MODELS AND DATA

Guideline 60

• Expectation that external data sets will be sense-checked against "other relevant sources"

Guideline 61

• Understanding of external models must extend to technical and operational aspects, as well as assumptions

Guideline 64

• "Material" assumptions of external models must be validated
• In point 1.163, any potential for cherry-picking features/options of external models is constrained

KPMG's Solvency II Readiness Survey for CEE - the flaw in EIOPA's plan?

So KPMG released this little gem in the same time period as Solvency II preparedness became something of a moot point!

Drawing in responses from 84 people, with around three-quarters EU-based and 70% under £100m in GWP, the questions were posed in Q2 2012, so with Omnibus II missing the last plenary before summer holidays, the writing was already on the wall - despite that, KPMG reckon most respondees would have been working to a 2014 go-live date. It expands on their 2010 work in this area, where 44% or respondents hadn't got started on their Solvency II projects, so progress on that front would be considered a good start!

I gleaned the following from it;

• 31% not expecting to be "Solvency II compliant" before 2014 - one problem that's gone away then!
• Almost half do not have a risk management function in line with the Directive, with smaller companies the main culprits
• Only 19% (down from 40% in 2010) will be using IM or PIM for SCR calculation. Attributed to the realities of building them as well as Groups rethinking their IMAP strategies over the last few years.
• 62% of companies not even planning an ORSA dry run until 2013 at the earliest, with 14% not planning for one at all as it stands.
• Only 14% electing to use more than 3 years as their "business planning period" for ORSA - two thirds settling for 3 years - supports the anecdotal trend of 3-5 years as par for the course
• 20% reported that their internal models allow for multiple year calculations to project for the ORSA - not sure if that is stochastic or deterministic though, didn't think any of the kernel technologies out there could do multi-year projections
• Half of companies have 50% or less of the data required to populate their QRTs
• Extraordinary perceptions on staffing requirements for both project and BAU, which even KPMG are drawn into calling "excessively pessimistic and indeed unrealistic" - it may be led in some respects by subsidiaries using shared Group services, but is still shocking in its naivety.
• Three quarters would like "more interpretation" from their regulator on Level 1 and 2 texts - not sure what there is to "interpret", so maybe its the Pillar 2 and 3 elements that they are struggling with (the other stats here would certainly lend weight to that).
• More than half of model applicants strugglinbg with Validation, highlights assumption setting and expert judgement as problem areas (no surprises there)
• 70% looking to define "new roles and responsibilities" around Data Governance - as referenced in my earlier post, not convinced that will end happily. Over a quarter don't plan to compile their data dictionaries until mid-2013.
• Only a third looking to do full SCR calculations quarterly, and over 50% look like they will struggle to generate the SCR calculation faster than 8 weeks.
• 20% have a dedicated Solvency II team - explaining a lot of the shortfalls in preparedness relative to Western Europe, but given the delays and uncertainty, a financially astute move.

What should worry EIOPA is the results around control function preparedness, or lack of it. If Sr Bernadino thinks that the low hanging fruit of Pillar 2 is ripe for picking before 2016, a quick review of those stats would suggest that a decent number of the 27 countries are in no such state.

Accenture study on Risk Analytics - lessons for Insurance Industry

Decent piece of benchmarking from Accenture on the current usage of risk analytics as well as drivers for the future. 450 mostly c-suite level respondees from across industries (40% insurers), but the findings are targeted specifically at the Insurance industry. Interestingly, respondees leaned towards incomplete data sets, rather than a lack of data or technological capability, as the main constraint.

While it touches on a number of areas of interest for Use Test specialists, it also covers Stress and Scenario Testing (13% of Life and 21% of P&C insurers reporting that they "rarely" or "never" use stress testing in decision making), and Reporting (which suggests the main driver for reporting improvements is regulatory rather than voluntary, due to regulators "...[increasing] their focus on the quality and frequency of reporting"). Internal Modelling also gets a mention, with almost 80% of respondents saying they already use, or are planning to use, an internal model for capital adequacy requirements.

Data Governance  of course gets decent treatment here. Only 69% of insurers polled currently have a Data Policy, but 41% have a data quality department, which feels alarmingly high, particularly when drawn against Accenture's comment that "...many firms have insufficient rigor who owns data, who sets it up and who manages it". The FSA concurred with that in their preliminary Data Quality Review findings back in September, and I'm not at all convinced that a DQ department will help in this respect (i.e. BAU absolve themselves of responsibility for their data sets!)

The Accenture crew use the "Leaders" and "Laggards" analogy throughout, so benchmark away and find out which one you are!

Aon Benfield's CRO guide to Solvency II - in case you're not ready yet...

For all those CROs who are about to get left holding the Solvency II baby three years early by their over-enthusiastic executive colleagues, Aon Benfield pulled together a CRO guide to Solvency II which aims to take the journey "from complexity to best practice". 10 out of 10 for ambition...

It leans heavily towards General Insurers/Reinsurers (indeed it reads like a reinsurance sales brochure in many parts!), but nevertheless contains a suite of very useful content for anyone in the Risk space, as well as attempting to shatter a few myths. I took the following from it;

• Steady early bits on capital planning and common questions a CRO should be posing in that space
• On page 5, an excellent table comparing standard formula against internal modelling by risk driver, in particular emphasising why internal modelling may be more appropriate, rather than how much capital it could shave off. Being able to explain to the national regulator why one has neglected to apply the enhancements that internal modelling introduces to the accuracy of one's quantitative risk profile would be a smart thing for CROs to practice!
• The undo some of that noble work by suggesting part of any IM feasibility study should include estimating the capital benefits!
• Nice examples at the top of p6 of what mixes of business lend themselves to benefitting from an IM approach
• Highlighting that domicile of firm continues to dictate feasibility of IMs for smaller firms (i.e some countries can't staff it!).
• Recommend reviewing SF SCR factoring in the draft L2 asap. As was clear from the E&Y research I covered yesterday, many firms across the EU consider themselves to be advanced in the Pillar 1 space while disregarding draft L2. They highlight the Swiss experience as one where they struggled to authorise models for "Day 1" approval, and the Aon crowd propose some meaningful contingencies on p8
• Useful analysis of capital drivers and optimisation strategies (p9-10)
• Section on expert judgement validation (p15), touching on the Level 3 expectations, and in particular how a (non-Actuarial) CRO may struggle to adequately challenge certain judgement calls, such as selected data series or correlation matrices, without specialist advice. Very hard for smaller firms to obtain that, as most of their actuarial function will have probably contributed to the judgement!
• Note that one of the key challenges for documenting the IM is getting the best-placed people (who are normally swimming in BAU) to pick up a pen and write!
• Neat section on ORSA (p27-29), emphasising that SF firms with complex risk profiles may find they struggle to justify that approach when concluding the assessment. They go on to suggest that early experiences of ORSA Report/process documentation submissions have left CROs feeling that the regulatory approach is (Level 3?) tickbox as to content expectations.
• Key challenges for CRO in briefing and educating senior colleagues for Solvency II-readiness are all fair, in particular the gap that could emerge if a CRO is not also an executive member.
• The section on Risk Appetite is particularly useful for smaller non-IMAP firms, who may struggle to quantify their target measures - whether using Standard Deviations/volatility measures as suggested is a touch too simple depends on the business I guess.
• The Pillar 3 section hits on the same issues I (and the FSA!)have picked up on earlier, such as end-user computing, inability to transition to BAU, data ownership issues etc.

I did take exception to a couple of bits in here, where the industry or indeed common sense appears to suggest otherwise;

• The "fallacy" outlined on p5 that an IM enables a firm to hold less capital than an SF equivalent. The research I pointed to yesterday (p20) suggests across the EU that modellers are already "making it rain" with their capital savings
• That the IM alternative for Op Risk is based on ORIC and individual loss event info. I'd certainly seen Milliman suggest that this approach is as flimsy as the SF approach, recommending options such as Bayesian networks to generate IM inputs.
• Concerns that evidencing senior management model "use" could create a "value-destroying documentation burden". Is that what we call "minutes" these days!
• Comments around the documentation delivery for the Internal Model Application Process becoming detached from the underlying processes referenced in those docs influencing BAU value-adding activity are perfectly valid, but no real solution is proposed.
• The operation of the Model Change Policy features heavily (p19-21), as anyone in that space would expect. Again. little offered in the way of solutions, but I certainly would have expected more discussion on the "scope" of the model, which in my experience is a solid, liquid or gas depending on which control function you speak to, and I'm sure the FSA would agree!

PS All the best to you guys on the US East Coast, let's hope the worst has passed...

KPMG on Solvency II - Progress in an uncertain world?

Handy survey from KPMG pushed around today touching on technical practices of UK Life firms (35 responded to the survey, so a decent enough sample). Appreciating the irony of the title in the same week as the rumour mill on an extension of Solvency II go-live to 2015 went into overdrive, the content is still valid on the benchmarking front, so worth a comb through.

Of particular interest I noted;

• IMAP remains top priority for those in the application process, though KPMG highlight that firms are closely reviewing the advantages of the IM versus standard formula due to FSA fussiness, implementation costs snowballing and less-than-attractive results coming out of the model (i.e the fabled 20% reduction guess-timates are perhaps out of reach!). Some comfort there for anyone struggling with the same issues.
• Documentation second priority for IMAP and non-IMAP firms - concerning at this stage, bearing in mind the FSA will have had plenty of opportunity to feed back on the big ticket items. If the industry still doesn't have a handle on regulatory requirements (or it does, but is not meeting them!), then perhaps it's a good job there is an extra year in the offing! 87% of the IMAP respondents said IM documentation specifically is causing challenges.
• Pillar 3 also high on priority lists - might we expect that to slip back on the agenda with the extra year? Particularly around software solutions, which may have previously been the only way for some laggards to populate QRTs etc within the proposed timeframes, some may decide to do something a little more ad-hoc for 2013 rather than full dry-running. Two-thirds of respondents note that turnaround time is a concern, and unsurprisingly 'achieving sign off' is a concern of around half, with the tight timescales naturally impacting on the likelihood of getting an executive to confidently put pen to paper.
• Only a third of respondents have dry-run their ORSAs - feels instinctively light, with those yet to run spread across the next 5 quarters. Natural areas of concern are later highlighted in this area, with ability (or lack of) to project across the business planning period, and plugging the ORSA process into the BAU strategic decision making process troubling around half of respondents. Bearing in mind only a third of respondents have performed any on-to-one training (with group training/workshops seemingly the preferred route), they may find that one will facilitate the other!

Some other noteworthy points;

• Only 80% think Solvency II will "significantly" impact the wider business - struggle to see how it could not frankly, but appreciate their are non-IMAP firms in the mix here
• Disturbingly large number of IMAP candidates appear to be behind the curve on P&L Attribution and Validation - interesting to know on the latter whether that is in respect of their internal findings or the FSA's view.
• Two-thirds of IMAP candidates using external assistance for validation - wonder how long that gravy train stays on the tracks with a shift to 2015?
• 20% don't have TPs in their IM scope - is that a bit chancey at this stage? I thought the FSA view on scope was a bit more onerous than some applicants may wish for.
• Datawarehousing seemingly moving towards being the preferred route to meet Pillar 3 obligations where an existing solution has not already been implemented prior to Solvency II

Good intelligence for both IMAP and Non-IMAP firms, and should provide some programme managers with crumbs of comfort when they see what's eating their counterparts right now.

FSA - Data Review findings in context of IMAP

So I guess there was an inevitability that, with all of the resourcing around Solvency II programmes over the last couple of years being focused on filling the yawning corporate governance chasms within EU insurers with bald, handsome, impeccably mannered Pillar 2 consultants (well, one out of three ain't bad!), that some of the more mundane aspects of preparations would take a back seat.

Step forward Data Quality! With the considerable efforts expended by UK internal model applicants already on plugging their calculation kernels in, risk calibration, loss function fitting, correlations etc, the FSA's latest review findings take us right back to the starting point of SCR generation - data inputs - and they are not impressed.

The FSA began working on this topic with the industry as far back as this time last year, and are not scheduled to be finished with this thematic review until Q3 2013. Bizarrely, they note in the introduction to these review findings that their scoping tool released in July 2011 aimed to help assess compliance with both Level 1 and draft Level 2, which wasn't released to the industry (i.e. leaked) until late October - quel chance mes amis?

Splitting hairs on timings aside, just reading the five section headings of their review work would be enough to reduce many BAU staff to a quivering wreck ("Implementation of the Data Policy"? What, today?), so I wasn't expecting a glowing report. That said, the quality of data which ultimately results in today's technical provisions, capital requirements etc is seemingly fit enough for purpose, so a full-on hatchet job would be a poor reflection on both the industry and the regulator.

Assuming a 2014 go-live date (looking unlikely as of 9pm GMT today!), the areas of major concern for insurers, based on these preliminary findings, would be;

• Difficulty in assigning data ownership - there will be enough Pontius Pilates in the BAU world who will happily wash their hands of data ownership until the cows come home. Programmes will need to be extremely forceful in assigning ownership and ensuring it sticks
• Inability to articulate "accurate", "complete" and "appropriate" - this should have been an easy win, so I'm surprised that it is seemingly an issue. Realistically, should we expect the business to take ownership of data sources when we cannot define what is and isn't acceptable output from them? 
• Data Dictionary/Data Directory confusion - a suite of pretty scathing findings in this field, suggesting both over-simplicity and over-complexity has been found in the workings of Data teams.
• Spreadsheet controls and non-compliance with end user computing policies - onerous expectations on the face of it (paragraphs 4.41 and 4.42), which will be a shock to both programme budgets as well as end-users.

Some other interesting points made in the review include;

• Firms either using their Risk Committees, or a bespoke "data steering" committee as their data governance body - pretty sure the Risk Committees won't fancy this as long-term work.
• A number of suggestions as to what areas are not currently being consistently addressed when assessing materiality (p11-12)
• Some very useful comment around data classification methods (p13)
• Suggestion that, as I expected, the techniques applied to assessing the quality of data provided by third parties is not robust enough - industry-wide consensus on how to interrogate your outsourcing parties would be useful in this respect.
• A rather strange comment around poorly designed/controlled data warehouses - I can only assume they have seen one or more horror stories on their travels, as the warehouse is surely the way to go!

Any smart cookies who haven't got going on Phase II with the FSA at this juncture should be stripping this down line-by-line. For those of you outside of the UK, you may want to cross your fingers that your friendly national regulator doesn't use this approach as a yardstick...

Economist Intelligence Unit and Blackrock - Asset Allocation trends and Solvency II

Another nice freebie for the benchmarkers out there (you do need to sign up with minimal data changing hands) from the EIU and their sponsors Blackrock, predominantly around asset allocation trends in light of Solvency II.

I haven't exactly gorged on this due to a swollen in-tray, but the population size is pretty decent at over 200 (other stats in the back on size, country etc), and some of the trends are worth considering in the context of one's own balance sheet, particularly;

• Almost all respondents have at least made plans for allocation post-Solvency II, but are waiting until closer to implementation to exercise those plans
• Concerns around "look-through" data requirements on certain investment types (FOHFs etc) and potential impact on asset selection
• Concerns around most areas of data in terms of Pillar 3 preparedness (quality, timeliness, completeness)
• Anticipating aggressive pricing around guarantees, driving consumers into unit linked offerings
• Very interesting granularity around respondents by country on their bond strategies
• Strong support for expectation of downward pressure on equity prices due to lower demand post-Solvency II
• Bit behind the times on the suggestion to review "risk free" assets, which was announced in Omnibus II revisions at ECON, but we'll let them get away with that!

Sign up and dig in, very handy indeed.