EIOPA's Implementing Technical Standards on Approval Processes - Cut and Paste?

EIOPA have at last commenced their work on "Level 2.5" regulation in the Solvency II world, and with it being something of a trip into the unknown (only their sister body ESMA world appear to have performed a similar exercise to-date), their consultation papers will no doubt be getting torn apart like a parking ticket by Insurers and NCAs alike.

Open until the end of June with a view to presenting this particular batch to the European Commission for endorsement by the end of October, the ITS cover how the following approvals should be applied for and administered, with definitions and rationale provided in this cover note.

• Use of Matching Adjustment
• Use of Internal Model, "Major" changes to that model, and changes to the Model Change Policy (phew!)
• Use of a Group Internal Model
• Use of Undertaking-Specific Parameters (USPs)
• Use of Ancilliary Own Funds for SCR
• Use of Special Purpose Vehicles for risk transference

For this post, I wanted to concentrate on the Internal Model-themed ITS (emboldened), specifically things which introduce something new to the table (i.e. not already in the thoughts of UK firms/regulators through the Directive, Delegated Acts, Preparatory Guidance or indeed the existing IMAP structure in the UK).

Therefore in the interests of recyclability, UK firms will be delighted by the requirements within this particular ITS - you will recognise the text as part of the Self-Assessment Template "tabs" which you would have been populating as part of IMAP over the last 2 years!

That text was of course co-opted from the Draft Implementing Measures from October 2011 (specifically Article 203 IM1 for the application requirements, IM2-IM8 for the model change and administrative process elements). These articles had disappeared from the latest version of the Delegated Acts, only to find its way into this ITS almost verbatim.

Elements which therefore show noteworthy change from that old text (other than semantics) include

• The addition of a requirement for a (year-end 2014?) P&L Attribution to be submitted as part of the application.
• Withdrawal of some of the ceremony around applying for a change to the Model Change Policy, which was a little more elaborate in the October '11 text (AMSB explanation and justification text, 6 month turnaround time for NCAs to make a ruling).
• The same for an application for a Model Change itself, now seemingly less formal
• Giving room for terms and conditions and transitional plans to be factored in to an NCA's decision on model approval
• That more detail should be published on the NCA's website regarding the approval (namely that the scope of the IM should be disclosed, as well as risk categories and business units covered, which feels a touch commercially sensitive to me!)

I'm guessing this isn't the only ITS which is going to use this approach (i.e. ripping text directly out of the Oct 2011 Draft Implementing Measures where it has been seemingly jettisoned), so a bit of cross checking might help you second guess what is going to appear in the rest of the ITS!

Now I'm off to have a look at the others...

The PRA Consultation on EIOPA's Preparatory Guidance - priorities for 2014 and 2015

After 10 years, it's finally getting interesting - the PRA today have dropped out a consultation paper on applying EIOPA's preparatory guidelines to PRA-authorised firms (CP 9/13). You can get at the EIOPA materials through this post for convenience.

The content will, subject to any intense lobbying by industry, be adopted as a supervisory statement (section 233) to cover the 2014 and 2015 calendar years, with the expectation remaining that 2016 is our "go-live" date. It covers the following aspects of the preparatory phase;

• The PRA's expectations of firms as they prepare for Solvency II;
• The PRA's approach to implementing the guidelines; and
• The PRA's interpretation of aspects of the guidelines.

They are at pains to highlight that these are "preparatory" guidelines, and provide the traditional spiel on "nature, scale and complexity", so incremental progress is to be expected during the period in question. What that means in practice is perhaps another thing - can you show measurable 'incremental progress' for materials which are only on an annual review cycle, for example? - but that aside, it's worth picking the bones out for your respective programmes, and perhaps most importantly, getting your feedback in by November 15th if you don't like it!

Perhaps the most noteworthy aspect of this CP is that in no way is it suggestive of the PRA rejecting any of EIOPA's guidance (remember, they have until the end of November to voice any protest). That of course makes preparatory work much easier to plan for, as the UK will seemingly be doing it all!

My thoughts on the specifics were as follows;

System of Governance (SOG)

• Emphasise that the SFCR requirements around SOG are also catered for in EIOPA's work (3.7), so a smart move would be to factor that into your drafting plans during 2014
• General governance requirements "largely consistent with SYSC", though individuals holding key functions might expect a personal visit in the next two years (3.10)
• Similar position for Risk Management Systems (3.12), stressing the commonality of requirements with existing PRA obligations, but stressing in particular that firms should be "...including suitable mechanisms and methodology for connecting to their ORSAs and for carrying out regular stress and scenario tests" during the preparatory phase.
• That Prudent Person Principle is not a new concept to the PRA, but firms would be expected to review investment strategies in line with PPP over the next couple of years. A concession is seemingly made regarding the provision and review of third-party data by investment functions for smaller firms. 
• On the (new) requirement for a Capital Management Policy/Medium Term Capital Plan (3.16), they are not moving, despite the howls of protestation - "The PRA regards the development and implementation of such policies and plans as an integral part of sound risk and capital management for all firms, especially as their management and Boards assess the implications of the forthcoming Solvency II own funds and capital requirements"
• On internal controls, they appear to be fishing for firms to analyse whether their existing framework is Solvency-II ready, and then piggy-back of that self-assessment (3.17)
• Same for Internal Audit function readiness! (3.18)
• Actuarial function get a more bespoke treatment (3.19), with all firms asked to "carefully consider" the functional structure to avoid conflicts of interest. They also reserve the right to "...review firms’ analysis of the areas required for improvement, and understand the actions the firm is taking to resolve these".
• Outsourcing similarly gets additional treatment by the PRA (3.22), who are "particularly interested" in changes made specifically with Solvency II readiness in mind

Useful quotes

...the PRA articulates its expectations of firms in the preparatory period, including that firms should read, assess and implement the substantive provisions of the guidelines in order to achieve the intended outcomes (2.5)

The guidelines and this statement are designed to work towards a consistent and convergent approach in preparations for Solvency II and not its early implementation (2.6)

 The PRA expects firms, when asked, to be able to explain what governance changes they need to make to satisfy the guidelines, how they plan to make those changes, what progress there has been to date and any particular difficulties they face (3.4)

The PRA expects firms to be able to document their overall approach to outsourcing, including contingency plans in the event of a service provider failure, to ensure that the efficiency of the service remains unimpaired and uninterrupted. (3.22)

During the preparatory period, the work of the actuarial function will now focus on co-ordinating the calculation of technical provisions, providing an opinion on the underwriting policy and reinsurance arrangements and contributing to the development and performance of the internal model in the pre-application stage where relevant (3.19)

During the preparatory period, the PRA encourages firms to consider how to manage the transition to the new regime and to assess the impact on existing asset portfolios of Solvency II requirements. This need not necessarily mean that changes have to be made to firms’ investment strategies or portfolios but firms are encouraged to work on an incremental basis towards demonstrating that they meet the requirements of the PPP (3.14)

During the preparatory period firms should review their existing policy for assessing fitness and propriety and whether it needs updating in advance of Solvency II (3.11)

FLAOR/ORSA

• PRA only planning to review assessments "...on a proportionate basis" during preparatory phase - they elaborate further by stating "Due to the high number of ORSAs which will be submitted, the PRA expects that it may have to stagger its review of these during the preparatory period in a way that is risk based and proportionate". Does that mean "Top Ten & Lloyds & IMAP" get the works, with everyone else getting a lite-touch?
• Expectation that improvements are identifiable between the 2014 and 2015 FLAORs - the PRA will contact firms individually if they are within the threshold limits which enact guidelines 14-16.
• On ORSA documentation, "...firms should recognise the need for effective documentation and record keeping", for both Policy and Report (4.7)
• Note that the Board's involvement in ORSA is "...far more extensive than setting risk appetites and tolerances", and leave an open threat to go through Board packs/agendas to ensure this is the case (4.8)
• Smaller firms get permission to use their internal ORSA Report as the ORSA Supervisory Report, provided it has enough detail. Larger/riskier firms may conversely be asked to supplement whatever they submit. (4.10)
• PRA actually considering issuing a "summary sheet" to firms in order to help gather information consistently (4.11). Here comes the ORSA Template!
• Expectation that 2014 projection work is done on existing basis, and 2015 (ideally) on Solvency II basis (4.15)

Useful quotes

The preparatory period is a time of development for firms in designing, compiling and trialling these assessments (4.3)

To help capture [ORSA] data and information in a consistent way from firms and facilitate review the PRA is considering whether it may be beneficial to provide a summary sheet to firms (4.11)

The PRA does not intend to prescribe when firms should submit their ORSA...Firms should inform the PRA when their ORSA will be submitted well in advance of the submission date (4.19)

The PRA expects the Board to play an active part at various stages, providing initial steering on how the ORSA should be designed and documented, challenging on risk identification and mitigation along the way and culminating in the Board approving and communicating the finished product. (4.8)

The PRA expects all firms to develop a qualitative process to develop an ORSA which can be documented and reviewed by the PRA in line with its overall proportionate approach.(4.6)

Submission of Information

• Confirms that XBRL is required prior to 2016 as submission format for QRTs (5.7)
• Suggest that policies and procedures around reporting in firms may need "potentially significant revision" in light of Solvency II. (5.15)
• Rather obscurely, they write, "The PRA does not expect that preparatory reporting will be subject to a requirement for external audit but it may draw upon audited inputs" - as I recall the participation of external auditors in QRT-type reporting has been a massive bone of contention in Brussels (indicated within these IRSG comments from last year, but I'm sure there's a more recent story), but potentially not a welcome development.

Internal Model Pre-Application

• They isolate the Model Change policy as an example of something which should already be tested for its appropriateness (6.5)
• Still expect firms to come forward and brief them on "significant" changes during pre-application.
• Surprisingly, very little else,

Useful quotes

...it is important that where models are sufficiently stable, firms are beginning to demonstrate their use and continue to refine their models with the benefits of experience (6.5)

I may fire some feedback in, but ultimately I suspect this lady is not for changing...

Pre-application for Internal Models - EIOPA's FINAL preparatory guidance for national supervisors

So the March consultation document for internal model pre-application brought a few eye-openers for those countries partaking in a less onerous application process than that favoured by the UK, with the detail in it suggesting that the UK very much had the whip hand in its drafting.

On the basis that there were still areas which even the most hardened IMAP-veteran may have winced at, it was interesting to see if anything got dropped in the lobbying stampede. On that basis, the final guidance for internal model pre-application covers the following in the preamble;

• 3.10 - That it is not in the NCAs gift to conduct pre-application preparation along the lines of provisional approval or to provide "roadmaps" to compliance (which may explain the PRA's caginess with the industry). It is purely about a firm's preparedness and suitability to submit an application
• 3.33 - On request, EIOPA have introduced a compulsion for NCAs to provide "regular feedback" to firms
• 3.35 - Confirms that not all model changes need to be reported to NCAs during pre-application, just those considered "relevant" by firms themselves

It is fair to say that the lobbying in this space has been noticeably more successful than for ORSA or System of Governance, no doubt due to the smaller sub-set of affected stakeholders having a more concentrated relevance. That said, there were still a number of rebuffs from EIOPA, particularly where the lobbying looked more like whinging about paperwork volumes! Highlights below;

Model Change Policy

3.38 - No danger of EIOPA supporting the recommendation to "fast track" model change approvals if a "major change" is required at short notice. They instead recommend "proactivity" with NCAs. Not sure what this does for the world of opportunistic acquisitions though

3.40 - Fudged the question as to whether parameter changes are considered "major", offering an answer of 'it depends' which, for me at least, leans more towards 'yes they are'.

Use Test

3.42 - Confirms that evidencing "use" is not compelling use of model outputs over and above other techniques

Assumptions and Expert Judgement

3.46 - Documentation and validation of assumption setting and expert judgements considered "crucial" in order for undertakings to counter the lack of data and subjectivity in those processes

3.47 - A guideline has also been amended to confirm that the materiality principle applies for this topic

3.48 - Only the most material assumptions will need AMSB sign-off

Methodological Consistency/PDF/Calibration

A number of changes made to clarify guidance in these areas

Profit and Loss Attribution

3.64 - No escaping the requirements to produce P&L attribution granularity at Legal Entity level, as well as by risk driver

Validation

3.68 - EIOPA do not accept that those who build models may also validate them

Documentation

3.70 - That the guidance around the documentation of the internal model should provide "...[protection] from key-person risk", which I have never seen offered as justification from the supervisory end before

Ultimately, there have been no huge concessions from the position in March, which one would think will cause a number of the more liberal EU regulators to give serious consideration to "explaining" rather than "complying" - that said, with this having been written in Union Jack ink, my British cousins should simply get their transition planning updated accordingly.

Lloyds directors briefing and Solvency II update - looking well

With Solvency II news and comment pretty thin on the ground this month as the guys at EIOPA count their LTGA beans, it was nice to see the trailblazers at Lloyds release their director briefing slides from last week, an event one may assume is relatively frosty after the money spent in preparation and the distinctly agitated tone on the matter from their CEO recently!

Bling - things Lloyds could have
bought with £300m

As Lloyds are already well down the road of internal model development (having almost kept to their original IMAP deadline they were able to get materials down to the FSA prior to the implementation deadline shifting), the slides are very revealing as to where the group remain lacking when attempting to meet the Tests and Standards for Internal Model approval (TSIMs). With 84% of the market 'by materiality' meeting the principles of the TSIMs, they are clearly in good nick, although by stressing 'materiality', it implies that a relatively large number of smaller members are perhaps still lagging.

The list of "common issues" found will neither surprise nor delight anyone else in IMAP, given that the same themes have been festering for a good 18 months now, and the legislative paralysis on the continent has clearly done nothing to aid the industry (in particular, the FSA letter from this time last year touches on most of these!). Specifically, they observe problems in the following areas;

• ORSA - looking far enough forward (i.e. past year 1), and using stress and scenario testing effectively
• Validation - evidencing validation work done, and following up on test failures
• Model Change - justifying the thresholds for minor/major changes, and agreeing an approach for aggregating minor changes so that they can be considered as minor/major in aggregate
• Use Test - using the model for something other than spewing out an SCR, and it would appear also that when interviewed, the effectiveness of board training and their understanding of the model is being found wanting
• Documentation - documents are either not checking off against the TSIMs, or the content is contrary to the revised controls and processes which have been developed for Solvency II

As Julian Adams made clear at the turn of the year, full compliance with TSIMs is not part of the ICAS+ agenda down at the PRA, however they will expect firms to be fully aware of where they are currently light, and what they plan to do about it. Certainly looks like the Lloyds application won't struggle in this regard, and I wish them well.

EIOPA preparatory guidelines - pre-application for Internal Models

Consultation on Pre-application for internal models guidance  (plus explanatory text)

As staggering as it is frightening, and perhaps indicative of the diversity of approaches currently on parade across the Union, the pre-application for IMs preparatory guidance is 60 pages, comprising of 72 guidelines, accompanied by a whopping 144 pages of explanatory text. This accompanies the existing 82 pages of L3 guidance on the matter released by then-CEIOPS in 2010! A sub-group of EIOPA's IRSG has been assigned to deal with the nitty gritty of this element of the preparatory guidelines.

On first read, this feels massively influenced by the UK's activities to date, and indeed anyone working in that space will recognise FSA pawprints all over the granular details contained within. This is fair I suppose - the InsuranceERM models map has the UK down for around 1/3rd of models currently in 'pre-application' across the continent.

Therefore bearing in mind the UK approach is already pretty well established, I have highlighted below areas which either diverge from what is currently being exercised on the ground, or which clarify (at least for me!) areas which were previously ripe for controversy or disproportionate/inconsistent application. Where it is common sense or continuez tout doit, I have ignored it.

Most importantly, I am reading it as a fait accompli - bearing in mind the short window of time between consultation end and period commencement, EIOPA's recent past on consultation responses (i.e. 'thanks but no thanks') and the UK's evident participation in the bulking of these guidelines, I don't see much room for lobbying swathes of this away, nor for the PRA to "explain" rather than "comply"!

GENERAL GUIDELINES

Guideline 3

• As well as nature, scale and complexity, "design, scope and qualitative aspects" of the IM should be considered when allowing for proportionality 

Guideline 4

• Any model changes pre-application look like they will be pored over by NCAs, including the associated change approval process 

MODEL CHANGES

Guideline 5 - Model Change Policy

• Policy should, as well as SCR-related changes, include changes to: system of governance (around model change); compliance with Use Test requirements; appropriateness of technical specifications and changes in Risk Profile

Guideline 6

• Approach to classifying "major" changes is expected to be objective
• Must also take into account specificities of the company (so benchmarking percentage changes against your neighbours may not be that useful) 

Guideline 7

• Aggregated change triggers must be considered, not just isolated changes
• Offsetting positives and negatives won't be acceptable to avoid a "major change" trigger!

Guideline 8

• Major/minor changes must be determined at Group and entity level

USE TEST

Guideline 9

• "No complete and detailed list of specific [model] uses" will be supplied by NCAs.

Guideline 11

• Granularity of the Risk Management System will need to match the IM in terms of categorisation
• The "structure of decision making fora" will be assessed in ensuring the IM fits to the business - extraordinary!
• Records expected to be available to show how IM outputs are designed

Guideline 12

• Assessment of training, seminars, workshops, meetings and direct interviews "should be considered" in pre-application

Guideline 13

• Will need to "ensure [IM] will be used" during pre-application, as opposed to "use it"
• Expectation that, if other tools are used in decision making, IM is improved having assessed inconsistencies against said tools

Guideline 14

• Evidence of prospective support and retrospective verification of decision making would be advisable for candidates

Guideline 15

• Must document where model is not aligned to the decision ultimately made

ASSUMPTION SETTING/EXPERT JUDGEMENT

Guideline 19

• "Materiality" in the context of assumptions will need to be both qualitatively and quantitatively assessed - should generate some healthy Risk/Actuarial function debate!

Guideline 20

• A validated and documented process for assumption setting and expert judgement will be required
• Sign-off on assumptions will need "sufficient seniority", up to and including AMSB

Guideline 21

• A formal and documented feedback should be maintained between assumption setters and users

Guideline 22

• On the transparency of assumption setting, point 1.64 here effectively asks for an Assumptions Register, as well as dictating what it expects to see in it.

Guideline 23

• Process mapping of some kind expected for the validation of assumption setting
• Independent assumption review is also expected - doesn't dictate whether this should be internal/external, but it will keep someone in clover no doubt.

METHODOLOGICAL CONSISTENCY

Guideline 26

• Methodological consistency to be validated

P&L ATTRIBUTION

Guideline 37

• Point 1.105 seems to confirm P&L attribution by risk driver is required

Guideline 39

• P&L attribution must be used at least annually in the decision making process

Guideline 40

• P&L attribution to be used in the validation process (specifically, old ones to be compared against  experience

VALIDATION

Guideline 41 - Validation Policy to contain at least

• Process, methods and tools, and their purposes
• Frequency of validation for each part of the IM, and triggers for ad-hoc validation
• Persons (not roles) responsible for each task
• Procedure to be followed where reliability of IM is questioned, and ensuing decision making process

Guideline 42

• Shies away from touching Internal Model scope when talking of validation scope - great move!

Guideline 43

• Evidence of sensitivity testing expected when determining materiality

Guideline 44

• Must document known limitations of validation process, as well as circumstances where the process falls over
• May even be asked to quantify the degree of uncertainty!

Guideline 45

• A documented escalation path would be advised

Guideline 46

• Risk Management function will be pressured, as the function with overall responsibility, to ensure all tasks are completed (if not directly performing them) - new skill set?

Guideline 47

• Evidence of how the RM function ensures that the validation process remains independent of IM design and ops should be collected/enhanced

Guideline 49

• A process will be expected to ensure the choice of validation tools used considers; complexity, nature, independence and knowledge of participants - feel this could be tricky for the smaller IMAP guys without leading to additional spend on consultants

Guideline 50

• Must be able to document the appropriateness of the validation tools used accounting for; materiality of IM part, granularity of the data being tested, purpose of the task and the expected outcome

DOCUMENTATION

Guideline 53

• Expectation of a "...clear referencing system [for IM documentation] which should be used in a documentation inventory"

Guideline 55

• An overall summary of IM shortcomings, "consolidated into a single document" will be expected
• This needs to cover at least; Risks not modelled, limitations in modelling, sources of uncertainty in results, data deficiencies, external models/data, IT limitations and governance limitations.

Guideline 56

• Potential suggestion that there should be more than one level of IM documentation to suit other audiences/uses - IM for Dummies anyone?

Guideline 57

• End-to-end User Manual expected which an Independent Knowledgeable Third Party could operate

Guideline 58

• Stress that a single document containing all model outputs (as Use Test evidence) is not required - acceptable as single docs

EXTERNAL MODELS AND DATA

Guideline 60

• Expectation that external data sets will be sense-checked against "other relevant sources"

Guideline 61

• Understanding of external models must extend to technical and operational aspects, as well as assumptions

Guideline 64

• "Material" assumptions of external models must be validated
• In point 1.163, any potential for cherry-picking features/options of external models is constrained