ICAEW on "overarching principles of corporate governance" - how much is too much?

I hadn't got around to this thought-leadership document from the ICAEW on corporate governance, despite their kind tweet asking for my thoughts, due to the welter of Solvency II activity that started from September.

The premise behind their document seems to be that corporate governance codes are perhaps a touch unwieldy these days, and might benefit from some Google-style "Do No Evil" overarching principles which even the sneakiest, mealiest-mouthed Board member would struggle to justify their (mis)conduct in the context of.

In general, the word 'overarching' makes me want to pull my thinning tufts out. I'm not much of a compliance-ferret, but the thought of Board conduct being so misguided by the corporate governance codes in place in developed countries that we need to refine it another notch is one I couldn't entertain. Certainly, given the importance of holding these people to account, and the level of education and experience a great many of them will have attained, I am inclined to think that 'more is more' rather than 'less'.

The ICAEW paper comes up with 5 overaching principles of corporate governance, centred around;

1. Leadership
2. Capability
3. Accountability
4. Sustainability 
5. Integrity

The following parts jumped out at me;

• That overarching principles should be "aspirational and credible" - feels counter-intuitive.
• That overarching principles should "think beyond the letter of laws and regulations" - why should they? Laws and regulations, regardless of how badly drafted, capture the kind of corporate recklessness that we would all gladly see consigned to history. Punishment seems to be a bigger issue (i.e. why aren't white collar criminals thrown to the dogs, or captains of industry who are hoist by their own petard immediately banned for life?)
• The thought of companies explaining links (or gaps) between overarching principles and their actual actions is almost too grubby to contemplate, giving leaders an undeserved shade of grey to support bad governance ("...well, in principle...")
• That overarching principles should be "...easy for boards and stakeholders to understand". Why should a Board job be easy? Why do people of such talent, education, breeding (?), etc. need to have the words "Don't be an idiot" written for them in crayon? Briefing onesself on the requirements of a national corporate governance code is only beyond a Board member who cannot be ar bothered.
• That the current UK code, at 18 principles and 28 supporting principles is "...too detailed for most people to remember". That would include me! However, it's only a click away, and is certainly not justification for further refinement.

I definitely sympathise with anyone who has to keep on top of corporate governance code development, particularly in the EU, where pan-European angles bubble up with regularity (here and here for example). That said, just do your job and comply with them!

Given that certain organisational bodies cannot be held to similar standards, yet may be equally significant in the case of UK/Planet Earth plc (Government departments, Private Equity firms, Mutuals/Friendly Societies), I would certainly find it hard to transplant such a layer onto existing requirements for listed entities. If anything, these overrarching principles could be targeted towards the general public in order to help laymen and women understand what areas our current codes are focused on, and why.

I certainly don't see the overarching principles as aiding leaders of business in any other respect that providing another layer of excuse confetti when they need to explain away the next slew of avaricious corporate conduct. I wonder who it's going to be next?

Accenture Insurance Sector research - Global Risk Management survey

Flood Risk?

A nice generic risk management benchmarking piece from the guys and girls at Accenture came out this week, and after I spent last week at the Leicester rugby game, I was happy to see another 15 "tigers", albeit this time scattered throughout the survey paper itself, presumably as a subtle metaphor for "death by tiger" risk...

It is made up of 98 C-suite respondents (nicely spread across disciplines), is Insurance sector-specific, and Global in coverage (one-third Europe, half N.America), so should be useful to any reader for trend-spotting and Board briefing.

From the document itself, I've pulled out the following;

Risk Governance

• 98% have their "risk management owner" reporting to the CEO
• 96% have a senior executive (regardless of title) as "risk management owner"
• 80% have their "risk management owner" report regularly to the Board
• 55% had a titled CRO
• A number of those stats (whilst improved since their last survey) are a poor reflection on the Global insurance industry, but perhaps reflect where corporate culture is outside of the EU/US axis
• Of the governance bodies, I was surprised to see only 60% of Life companies have an operational risk committee

Solvency II/Non EU equivalent legislation-specific

• Over 80% of Life and P&C respondents seem happy that they are preparing well for their regulatory initiatives (Solvency II or local equivalent).
• Other than Internal Model development, the main outstanding issues for Life insurers to be prepared for Solvency II/equivalent is IT architecture and Data Management/Integration. For P&C, documenting risk processes and developing a meaningful Use Test are also worrying at least half of respondents.
• Issues such as training and education, risk culture and risk governance documentation are relatively low on the priority list.
• Conversely, when asked on a 1-5 scale about specific areas of risk governance, respondents were more positive about their Data preparations than their risk governance - go figure!
• Use Test preparation remains a laggard throughout.

Generic

• Top external pressure was Legal risk, and by a good distance. Regulatory risks relatively low on the list, perhaps reflecting Europe's low weighting in the quantum surveyed.
• Risk Management seemingly well integrated with strategic deployment, but not with product development or reward.
• Poor statistics around embedding risk management into core functions.
• Two thirds of Life respondents noting that a lack of "early warning capabilities" impedes emerging risk management.
• Over half of Life companies said investment benefits ("above and beyond" continued compliance with regulations) would come from better reporting and better integration of Risk and Finance.

There is some of the softer stuff on aspirational elements of risk management thinking at the back, but if you just want to check against your peers, you can save that for a rainy day.

Standard and Poors on European ERM - momentum lost after Solvency II delays?

S&P released these pearls of wisdom regarding ERM within European insurers, specifically whether the additional breathing space offered to Solvency II may put the brakes on developments.

There's certainly no sitting on the fence with them - they start with the following as a statement of fact;

...the delayed start date of Solvency II has prompted some insurers in the region to reduce their efforts in developing ERM

Unsupported, but probably fair! They are also overwhelmingly positive on Solvency II on the whole, for example;

Solvency II remains a major driver of ERM improvements in Europe

the Directive has firmed up insurers' approaches to risk appetite, risk governance, and risk reporting

The introduction of the Own Risk and Solvency Assessment (ORSA) process...has helped to embed risk appetite in insurers' operations

Solvency II has brought risk management to the fore in insurers' strategic planning 

Easy to take any of those comments to task in the UK and Ireland, where national corporate governance code revisions, listing requirements, IAIS considerations and developments in both the actuarial and  nascent Risk professions are all taken very seriously by the respective industries, all the while cognisant of the shadow cast by Solvency II. In addition, the disciplines espoused by S&P's ERM assessments are practiced to a decent extent in existing ICA/FCR processes/reports, regardless of how 'ORSA-fied' they have become over the last couple of years.

This potential slight to the Western world is remedied on p7 however, where the research acknowledges that Western Europe effectively leads the way on ERM, and in the appendix (p8-12) where the league tables sit Germany and the UK firmly at the top of the ratings class.

They ultimately get to the real crux of their fears with this;

We would view negatively any evidence of a reduced role for economic capital in insurers' capital management arising from the delay

They are also gunning for insurers who continue to sell uneconomical products in the face of sustained low interest rates (p4), and validation standards in internal modelling (p5).

One would hope that, certainly in the UK with ICA, ICA+, and a supervisor who is continuing to staff pre-application for internal models adequately, that momentum around using economic capital in decision making will not be lost during 2014, particularly now that the PRA have as good as said that they accept EIOPA's preparatory guidance.

So give this a read if you want to know where your firm lies in the S&P ERM rating table, and if their opinion matters to your bottom line, be sure to quote this material when your Programme sponsors try to take the pace of 2014 Solvency II activity!

 

 

Lloyds - cognition and how human factors affect risk perception

While the Solvency II world will be as grateful for as they are familiar with Lloyds of London's work in the Sol II sphere, they pushed out an intriguing paper for all risk practitioners this week around cognition, the impact of human behaviour, and our interaction with models when identifying and assessing risks.

This is a piece of academic research very much needed at this point in time, where the regulatory obligations around internal model challenge have yet to formally land, let alone be adequately road-tested, while at the same time the UK is continuing with its ICAS+ regime, where entrants will no doubt receive running commentary on their progress in upscaling both assumption/parameter challenge as well as model use.

Anyone involved in the 200-ish pre-applications for internal model use prior to Solvency II go-live in Europe would therefore benefit from a read of this, particularly if you are on the validation-side. I picked out the following;

Fundamentals which impact on modelling choices (data sets, interpolation/extrapolation, correlations, tail dependencies etc)

• "We are not equally aware of all risks...people make decisions based on a subset of the available evidence"
• "Expectations are strongly influenced by personal experience and current events"
• Tendency to "...lose sight of infrequent losses" in the face of more frequent visible events
• Tendency to procrastinate around risks which are difficult to assess
• "Some may query the relevance of human factors, given the prevalence of quantitative risk models - the suggestion being.modelling rules out biases"

Risk appetite

• "Low risk appetite can increase false alarms, and a high risk appetite increases misses"
• "The greater risk appetite of powerful individuals can stem from a tendency to focus more on rewards and successes, while people who are lacking in power are often more cautious and attentive to threats and potential obstacles" - is it this dichotomy which makes the role of the CRO ultimus inter pares in the boardroom?

Aide-memoire lists for risk practitioners

• How to counteract risk perceptions - p11
• Separating risk perceptions from immediate context - p13
• Awareness of bias linked to power - p16
• Risks in perspective - p20
• Behavioural principles which can create added value - p22

Did we learn from Equitable Life? Professor says "No"...

A cracking thought paper was released this week by Professor Roberts from Kings College regarding the lessons one could reasonably have learned from British mutual Equitable Life's demise in early 2000s, and more importantly, did UK plc actually learn them! (simple timeline of recent events here for our non GB readers, but anyone whose website starts with a banner exclaiming "recreating value for policyholders" has clearly had a lean few years!)

This document works nicely as an aide-memoire for anyone working in a financial services risk function as to what one should be wary of in the day-job. Professor Roberts ties in some of the most recent work in this space (leaning heavily on the Cass Business School/AIRMIC Roads to Ruin research and its conclusions in particular), and comes to the inevitable conclusion that lessons are well publicised, but never learned.

My main concern as a risk specialist is that certain recurring themes in the failure of financial services firms appear to remain outside of the Risk function's control or indeed influence, notably;

• Hubris of Senior/Chief executives - Almost every example of failure in insurance and banking referenced in Prof. Roberts paper includes a flukey, unchallenged CEO who got bolder as circumstance rather than skill kept their businesses growing. I had flagged a couple of articles in a post last year touching on what makes an executive tick, and since then I have seen psychopathy and leadership (as opposed to cherubic faces!) examined further in a popular mainstream book. The legitimate concern here of course is that CROs are seemingly no nearer to being guaranteed seats at the top table, let alone a veto to keep the most dominant executives in check, regardless of their loud voices, when necessary.
• Poor quality governance from Non-Executive Director level - Risk functions simply must have the NEDs performing at their optimum in order to provide acceptable services to their employers. While the "old school tie" approach to recruiting NEDs may take a generation to phase out entirely (to be replaced by an army of Fembots, so Viviane Reding would have us think), Risk functions are left with tottering old fee-sweepers as their key route to early intervention. The more visceral approaches to documenting risk appetite/tolerance/preference now being supported by corporate governance codes and vocational/professional bodies may make it easier to raise concerns with NEDs in future (probably as it will be colour coded and in Excel...), but until they are actually prepared to risk their comfortable semi-retirement with some probing questions in the C-suite itself, should Risk functions ever think they can overcome such a void?
• Failure of regulation - Should Risk functions be banking on the (inevitable?) failure of the nascent regulatory environment, and reserve for subsequent claims/compensation if one or a number of products are "too" successful, thus providing the necessary quantum of dissatisfied customers for the regulator to act? I would have laughed this suggestion out of the room until a year ago, since when the FSA have made retrospective calls on interest rate swaps, PPI, and TLPs, all of which would have been presented as "compliant" products in the Boardroom.

For the Solvency II fans, it also notes on page 11-12 that Equitable Life featured in the research which grew up to be Solvency II! Maybe we did learn something after all - if we smash up the affordability of long-term guaranteed products, we can all go unit-linked and never have to worry about another Equitable...

Clear Path Analysis - Solvency II "The Global Dimension"

This piece of research from the guys at Clear Path Analysis (sign up required) has been in the offing for a while, and as I covered their last impressive release on this blog (and I don't have a life :-( ), I've been looking forward to it...

There is certainly plenty in here to keep those of every persuasion entertained (with the sponsors as omnipresent as their funding permits!), but I've sectioned out highlights for my own benefit;

Foreword

• Solvency II "...clearly a step in the right direction" - oddly, not followed by a punchline...
• On the likelihood of Sol II remaining ahead of the IAIS approach to solvency regulation - "Asia no longer looks to the west for regulatory best practice", going on to cheekily recommend a cherry-picking approach

Barbara Ridpath - think tank CEO, on short-termism and regulation

• Highlights one (widely acknowledged) consequence of Solvency II being a disincentive to invest in long term and/or non-Sovereign debt instruments, which is not in the mandate of the regulations, or indeed the regulators.

Roundtable on un-level playing fields between EU and non-EU insurers - includes Standard Life Sol II lead

• Solvency II likely to weed out companies who can't handle the ongoing compliance cost from running EU operations
• Large piece on Canadian equivalence (of particular importance to Standard Life of course) and the practicalities of equivalence being neither sought nor at this point offered for a non-EEA wing of a EEA HQd insurer.
• Standard Life not happy with equivalence assessments running concurrently with IMAP, due (rightly) to the significance of a "yay" or a "nay" to the strategic thinking around non-EEA arms.
• Suggestion that Asia is looking harder at the IAIS approach as opposed to Solvency II for future direction

Data and Risk Reporting Interview - Dan Wilkinson, ERM head at Liberty Syndicates

• Increased formality around Data and Risk reporting, using both controls-focused and risk-focused approaches. Makes reference to a monthly management committee which takes reporting on data deficiency matters, which I have heard reference to on the circuit before, and certainly demonstrates that data inputs, whether for internal modelling or for strategic decision making, feature as a high priority, rather than taken as read.
• Notes that his employer is moving risk reporting away from the 1-in-200 VaR to "...more foreseeable points in the distribution", which we definitely like to hear in the ORSA world!
• Alludes to concerns around disclosing ORSA-related information to the outside world, which is an area yet to be adequately chewed over by regulators and industry quite yet, let alone ratings agencies, analysts etc
• "Sensible amount of proportionality" should be adopted when deciding what should be disclosed - is that a contradiction in terms, an oxymoron, or some other expression I can't quite lift off of Google!
• Sensibly stresses that an effective emerging risk policy should allow input and challenge at all levels of an organisation, when asked about internal models evolving with the risk profile of the business.
• "...biggest deliverable is cultural" - i.e. stripping back your long-since-gone consultancy friends' technical documentation (where required) in order to make it more accessible and free BAU staff to use the new facilities, be it a spruced up RMF or a full Internal Model - appreciate I may be doing myself a disservice by highlighting it!
• Didn't agree one bit with the comment that ORSA could "...inflate regulatory capital, based on rather speculative assumptions" - FSA have been pretty clear that ORSA has no bearing on required capital, appreciating the nuances around what they say and what actually transpires!
• Also wasn't massively sold on the comment that the ORSA "...should bring together information that is used within the business to allow analysis of medium term trends", unless of course he was cut off mid-sentence!

"Challenges of Pillar III" roundtable, focused seemingly on getting asset managers to pull their fingers out! Includes a CRO from an Italian insurer

• "Asset managers who are not willing or able to invest in appropriate data management and reporting systems will find it hard, if not impossible, to attract or retain insurance clients" - so there!
• Suggestion that "parts of the industry will have to get up to speed on" underlying assets which they are currently invested in for the look-through basis - I suspect that there are plenty of horror-stories to emerge once some CIOs and CFOs get a proper butchers at what some of their collectives are actually invested in, particularly with the advent of outsourcing investment management or just administration over the last decade or so...
• Note that ratings agency priorities over the near-term may focus more on differences between SF and IM-calculated SCRs and the impact of transitionals, rather than purely on SCR outcomes.
• Note that "Solvency II is effectively a lead in this area [transparency]", so no pre-conditions should be expected from ratings agencies
• Even bring up the old gripe that EEV/MCEV is still not understood well enough by agencies/analysts, so by implication there should be few worries about additional disclosures!

Considerations for Building a Diversified Investment Portfolio - Charles Pears from Insight Investment

Really accessible and well structured two-pager on portfolio diversification, of particular use to non-experts which covers

• Rationale for insurance companies looking for low risk returns;
• Risk drivers which make that difficult in today's environment, even if accepting minimal risk
• Why companies may look to seek excess returns, and the constraints around that
• Why decisions to accept more risk for enhanced rewards should be (but perhaps aren't always) knowledge based
• Basic options for enhancing portfolio returns without breaking the bank from a capital perspective.

Interesting is wrapped up with a comment that "...we expect insurers who adopt a Liability Driven Investment approach will secure a meaningful competitive advantage" - hard sell perhaps, but the rationale for it is well documented here.

Deloitte and Forbes - the new world of Risk Management

This Deloitte/Forbes paper is sub-titled "Aftershock", which makes anyone of my age immediately recoil at the though of the world's most repulsive bar shooter - it is in fact a pretty decent stab at running on from the kinds of financial services-specific research which came off the back of the 2006-2008 mega-turbulence (these were mostly titled "We've broken the World, what are we going to do" :-( )

At 192 respondents it is a decent sample size, though is US-centric and non-Finance organisations, so not a great all-rounder for you global readers. However, the central message that risk management programmes and frameworks remain in a state of flux (hence the aftershock motif) is a worrying one when one examines the stats behind it:

• 91% are reorganising and reprioritising approach to risk management in next 3 years, citing continued market volatility.
• Only 37% had plans to provide additional training in that respect
• Centralisation cited as more efficent way of bubbling risks to the top - interested to know if that is everyone's experience?
• Around 50% retain primary responsibility for the "risk management approach" with CEO or CFO, with the CRO in third at 20% - should we be expecting that percentage to be moving up or down at this juncture (in particular, does a CRO need a seat at the top table to be responsible for ERM approach?).
• Example cited of ERM being managed in the corporate strategy department, which I thought was an interesting development.
• Biggest challenges included; 26% stating that incentives are not rewarding 'risk based decisions'; 22% struggling with the misalignment of the business operating model and the ERM model, and 23% suffering a lack of information to make risk based decisions. These three (there are of course more in the list!) struck me as common issues when preparing for Solvency II, so handy stats in that respect.
• Staggeringly, Social Media is equal fourth on the list of "most important risk sources over the next 5 years" - equal with Financial Risk! Not to underplay the emergence of social media and its multiplier effect on reputational risk, but seriously?
• Most "risk types" are monitored either periodically or continuously, though strategic and reputational risks seem to be most likely to be measured on an ad-hoc basis (something which you ORSA consultants out there will sympathise with!)
   

I say "worrying" at the top here from a professional perspective - is it reasonable after events as seismic as those experienced in the last 5 years for the risk profession to still be sliding in a mass of new parts into the ERM machine, as opposed to tinkering under the bonnet?

Bearing in mind this doesn't include the financial services industry, maybe the timelag is rational, as the other industries have had plenty of time to learn what not to do!

Ernst and Young on Solvency II Pillar 3 - a likely story (sadly)

Time for a walk (actually more of a sthaager for a Manxman!) into the less familiar territory of Pillar 3, or "the output" as some traditionalists may label it.

E&Y dropped a Pillar 3 preparations survey out to a relatively small (53 respondents) but nicely spread (8 countries, and roughly split into Life/Non-Life/Composite) sample, and as one might expect, preparations were found to be slightly underdone by the majority.

They note that even for companies who have completed their gaps analysis between BAU and Solvency II demands, there remains some meaty outstanding issues such as reporting granularity; capturing synergies for other requirements (namely ORSA); policy drafting and implementation around data governance, and process redesign. Appreciating that some of these matters are still up for debate, some aspects of this gap list should be closed by now, and I suspect that the regulators will not look favourably at firms who continue to nudge this topic into the 2013 space.

Other aspects which jumped out include;

• Only a third of respondents have completed a gap analysis of QRTs against capabilities
• Less than a fifth have mocked up an SFCR/RSR, despite the prescriptive nature of Level 2 on the reports
• Interestingly, two-thirds have designated their finance functions as primarily responsible for Solvency II reporting - some have parked it with Risk which, while appreciating a three lines of defence model is not compulsory, seems very wrong regardless of the function's skillset.
• Three quarters expect to achieve reporting compliance only after "significant" or "fundamental" changes to their existing processes
• Some firms were identified as planning to speed up their existing processes to meet the proposed reporting deadlines under Solvency II, which seems an excellent idea

Pillar 3 is likely to be an even more bountiful smorgasbord after EIOPA released their feedback statement on their consultations around the Solvency II reporting package today. I suspect I don't have the ambition to swallow the 88 pages today (or perhaps any other day!), but Will Coatesworth neatly tweeted the big message earlier which the industry tried to avoid, which is that quarterly balance sheets look like they are here to stay as part of the reporting package.

Good news for regulators, consumers, and anyone who is punting round Pillar 3 software solutions I guess!

ORSA guidance from Accenture - good, bad and ugly?

In the same week as the FSA told the industry to "go fish" for additional guidance around ORSA, the guys at Accenture have pushed out a bite-sized piece on extracting added value (i.e. above and beyond "compliance") from one's ORSA processes.

There are clearly a number of consultancies who fancy themselves in this space (click the ORSA link in the tag cloud at the bottom of this webpage for my review history of them), so having cast an eye over it, I noted the following;

• Leads with the rather hackneyed soundbite around ORSA helping insurers "extract additional value" from what is ostensibly a compliance investment
• Note that "...many companies have just begun to implement their ORSA projects, or are still considering how to do so" - if that's the case, it is good for my business, but it sounds like a lazy justification for publishing this pamphlet (how can anyone only be as far as "considering" in mid 2012?)
• Recommend that operational specifications should derive from the C-suite - easier said than done, but I totally agree if one wants to extract value from the ORSA process rather than tick the box.
• Suggest that ORSA "...may become a source of competitive advantage" - clearly the assessment does not do this, rather the consideration of it by the AMSB and the application of management actions off the back of it.

They then go on to split the doc into sections as below;

Compliance requirements

• Neat enough as a beginner's guide to ORSA compliance 101, though they introduce a rather naughty term in "ORSA Capital" as the amount over and above SCR - the concept of ORSA is difficult enough to transpose into BAU for smaller organisations who perhaps haven't had to consider economic capital measures before, so this term is one I would consign to the "nice try" bin.
• Some nice schematics in the section as well around the process side of ORSA.

Creating an operating model

• Suggest that preliminary input should be obtained from the C-suite to create one's target operating model. As above, I agree with their participation in the design phase, but with BAU pressures around ICA/FCR etc, it should be weighted much more towards approval of recommended models, rather than dialogue, as there simply isn't enough time when dual running.
• Recommend designing the process with people already familiar with existing performance management framework, which is good advice.
• Also allude to the significant crossover synergies between Pillar 3 requirements (as documented in the draft implementing measures) and ORSA as it stands.

Develop risk-adjusted performance management

• Relatively bland section which won't tell you anything new on the topic if you are building/refining an ORSA process off the back of a reasonable ERM Framework

Make the most of these releases - you can be sure that your friendly national regulator will be!

PS - In case you viewed this on Friday looking rather bare, I was supposed to save it as a draft, and accidentally published it!

Deloitte and economist intelligence unit - where are insurers heading on Solvency II

Always nice to see a benchmarking piece at a time when the legislative process has conceded that Eurocracy has led us to Solvency one and a half and we are no nearer to hearing whether the trialogue discussions are going to keep the new timetable on track.

This one comes from our old friends the EIU, with Deloitte riding shotgun. 60 firms, mostly UK domiciled and a good mix of Life/Non-Life, polled in what is a follow-up to last year's survey from the same authors. Already covered as highlights in a few articles (here for example), but I found the following salient:

• Change in emphasis from restructuring and introducing new risk mitigation techniques to repricing and/or redesigning new products.
• 20% of respondents noting they will need to "significantly change investment strategy" - perhaps as a result of the firming up of lobbying positions on the sticking points of Omnibus II?
• ORSA a key area of focus for the majority of respondents over the next 6 months - strange in light of model applicants use test obligations that it is only an area of focus now. Fascinatingly, data quality was only 4th on the priority list, with model embedding/use and risk appetite naturally high up the list.
• Even-ish split between those who are confident of timely implementation of the Directive by the industry and those who are concerned
• Majority have seen their project costs hiked due to the delay to 2014 - not especially new news, though the scale of increase seems relatively modest, with only 5% saying they have ponied up more than 10% over budget
• Only 45% worried about dual running ICA and SCR next year, weighted much more heavily towards the larger companies.
• Big changes in the profile of firms modelling habits year-on-year, the movements strangely towards more complexity (standard formula to partial internal model, or partial to full). A likely link to the earlier stats on radical changes in investment strategy and repricing becoming higher priority? Regardless, it's more work for our pals in Canary Wharf!
• A quarter of eligible respondents are in the FSA landing windows of 2013 (lucky devils!), with a suprisingly large number pencilled in for this year. Bearing in mind the scathing summary of IMAP materials issued to date by Julian Adams last week, should we expect these candidates to one-by-one ask for more time (and potentially get chucked out, as previously indicated?) Seemingly not too many respondents interested in the suggestion that there will be sugnificant tangile business benefits off the back of their Solvency II Programmes.

UK-centric as a piece of research for sure, but certainly some ideas to be gleaned by EU internal model candidates off the back of it, as well as some comfort for anyone lagging on ORSA.

PwC paper - Solvency II Pillar II "operational issues of risk management"

Following on from KMPG's efforts, the PwC crew have released their own aide-memoire for Pillar II specialists, which at the very least should be handy for CRO/Head of Risk etc amongst us for board training/briefing ideas as we approach the home straight.

At 60 pages, it's not exactly a comic, and while a great deal of the introductory material is 'Pillar 2 101', it does contain material (either text or schematics) which should be of immediate use, so I would recommend checking out;

• First line of defence and reasons for risk ownership (p26)
• Definitions of Risk Appetite/Risk Tolerance/Risk Profile/Risk Limits/Risk Budget (p35) - I haven't cross referenced these against IRM definitions for example, but may be worth doing for consistency. An accompanying schematic is on p36.
• Internal Model Scope (p40) and Validation (p48) should be extremely topical after Mr Adams's speech on Thursday.
• Communications and training plan ideas (p53-54)
• ORSA schematic, and some talk around process industrialisation (p56)

Perhaps the main weakness in the text is that there are no references to the Commission's draft Level 2 text, which is now clearly a document in a lot of people's hands (not least the FSA, who have made it clear that this plus the Directive text is what IMAP is based on). I also wasn't mad keen on the reference to P&L attribution being "the real risk profile" (p48) - there is already enough flab around this term without additional mis-steers.

All in all, well worth dissecting, even if like a Roast Pigeon, you end up throwing away more than you consume!

PS - Far be it from me to suggest a document from one of the Big 4 has a whiff of Google Translate about it, but this was authored almost entirely by PwC France it would appear, perhaps explaining the odd COSO-ERM reference on p17, the rather oblique title, and of course, the whopping 60 pages...

PPS - Wife is French, so allowed the odd cheap gag around bureaucracy!

Economist Intelligence Unit - new Solvency II research on Insurers and Society

Our pals at the EIU (kindly sponsored by BNY Mellon) have published this new research on how 'regulation'  affects the insurance industry's ability to fulfil its role in society (no prizes for guessing which 'regulation' in particular this focuses on!).

It has a more cross-professional angle than other EIU releases (here, here and here for example), which is a by-product of BNY Mellon's sponsorship, looking more at changes in capital allocation and derisking which are likely to be by-products of Solvency II implementation.

Sample size is pretty good at 254 respondents, all EU based, mostly Financial (72%) or Risk (24%) professionals, and nicely spread across the continent. They split the results into Insurers, Other Financial Institutions and Non-Financials, which is handy to see where divergences in the comprehension of Solvency II's impact are. I noted the following on the way through;

Solvency II Directive and impact on capital

• Only 16% disagree that Solvency II "goes too far" in ensuring capital adequacy
• Life Sector respondents more equivocal on whether "most" insurers already have sufficient capital
• Great table on p14 for Solvency II asset popularity (or not!) by asset class, supplemented by an insurers-only version on p 15

Policyholders and products

• 73% feel that policyholders are going to bear the costs (over 80% when just insurers are considered) - I think I have flagged this previously!
• Half think that the (inevitable?) shift to providing more unit-linked business will have a negative affect on pensions and savings
• 67% of responsdents have life insurance down as a product which will be "most negatively affected" by Solvency II
• Less than a quarter disagreed that With-Profits products would be valued in the current market, but have been driven out by accounting rules and capital charges
• Over half feel that the "squeezed middle" of smaller insurers and mutuals will consolidate to achieve scale, or indeed outsource (though not clear on whether this means administrative functions to reduce overheads, or something else).

Balance Sheet de-risking

• Hints at knowledge gap between corporates and insurers regarding the impact of insurers being overcapitalised (corporates favouring additional capital being held by insurers for additional security).
• Divergence between non-financial and financial institutions regarding how important rating and tenor of debt issuance will be in future (non-financials seemingly less concerned).
• Similar divergence around whether unrated debt will be forced to pay higher yields to appear more attractive to insurers (p18) - insurers were by some distance less convinced than other financial institutions and non-financials, so clearly a perception issue there.

Capital charges

• Half want the risk-free aspect of Eurozone government debt to be revisited (which Omnibus II has promptly obliged!).
• 41% want all capital charges reconsidered as they stand,  while only 22% would like them maintained as they are (down to a trifling 9% when measuring just insurers). Can this level of displeasure really stand during the trialogues?

Some smart general comment throughout by some "expert" talking heads, which expands on some of the conflicting responses.

Another worthy piece of research from the EIU, and hopefully will be wielded by the trialogue parties accordingly.

ERM Speciality papers - Harvard Business Review and Zurich

As with the previous post, another document which may make Insurance industry readers feel like the proverbial grandmother being taught to suck eggs was pushed out by Zurich, in conjunction with the Harvard Business Review. Heavily themed around ERM programs and CRO tactics used in deployment.

This contains some generic examples of current CRO risk management practices, obtained from the horses' mouths. I hasten to add that these are not all "best practice", and indeed some might not even be considered "good", but they are across all industries, which does help benchmark any progress you might be making on infant ERM programmes forced by Solvency II or Corporate Governance code changes.

In its entirety it feels 10 pages longer than it ought to be, purely due to the number of quotations and practice examples it includes. It does however include a decent sample size (1,419), so the response percentages are a better representation than a lot of benchmarking/best practice materials.

I took from it the following;

• Huge growth in number of CROs at large companies since 2008 (11% to 42%)
• Two-thirds felt they were not doing well at the 6 risk management capabilities cited in the report as critical to organisational performance - all of these capaibilities are very much embedded in the ORSA world for insurers
• Only 1-in-10 felt they had a "Strong risk-aware culture" - I know this is a topic for debate on the IRM's LinkedIn page, so worth a look if you feel you are lacking in this area
• Note a "broad agreement on the increased importance of ERM" - the PwC paper referenced in the last post argues the opposite!
• "Big risks" flagged as currently being the zeitgeist were; Nat Cat, Economic Crisis, Talent Retention and Reputation - this definitely shows how the CRO can pull themselves away from operational activity to focus attention on less visceral matters.
• Reference to "sequential risks" which to all intents and purposes is describing scenario analysis - is there a case for trying to enforce a common risk language on this matter as a profession?
• Reference to "proactively managing risk, rather than simply mitigating it in a reactive way" - is it not possible to proactively mitigate risk?
• Half of companies surveyed have a single identifiable individual reponsible for ERM, "a key factor in driving success in this area" - can't make up my mind if this is a good or a bad thing, but I guess it is dependent on how vigorously the three lines of defence are established.
• Aggregation of risk types and proactively identifying current/emerging risks were deemed by the sample to be less important than "embedding a risk-aware culture at all levels" - this seems very odd, and perhaps borrows on the vagaries of the term to enhance its importance to CROs
• Piece quoting from COSO on page 11 which contradicts the view mentioned above that individual ownership of ERM is something to aspire to.
• Some strange numbers on the relationship between Risk and Internal Audit - over a quarter of respondents said they either didn't work closely with IA at all, or didn't know. Goes on to describe an example of IA using ERM-identified risks as the basis of the Audit plan, which in my view is ideal, and a great example of knowledge and intelligence sharing.
• Strangely for something with heavy US input, no references to ratings agencies as a driver for ERM
• Primary barriers to implementing ERM all seem logical, though the failure of key staff to acquire new skills features around halfway down the list, and in my experience this would probably be top.
• Finally, one CRO talks of his "small, lean staff" - no need for a punchline there... 

Overall good benchmarking questions, but perhaps too much in the way of "at one firm..." examples.

AON research paper - Solvency II revealed

AON have fired out another worthy paper regarding the changing landscape for insurers during Solvency II implementation, as well as what an "optimal" insurer will look like post-Solvency II.

I enjoy reading anything that looks at post-Solvency II implementation, as well as anything which touches on the reinsurance potential on the capital requirements front, so this was right up my street. I particularly liked;

• Their process for optimising insurance risk and asset strategy in tandem (rather than the two, being the preserve of the actuarial and investment functions respectively, being operated in isolation)
• Articulation of "risk appetite" as a percentage of own funds surplus volatility above and beyond SCR (interesting way to communicate it)
• Table on capital changes for market risk and implications for insurers by sub-module - easy to digest
• Good sections on Catastrophe risk (if that is your cup of tea!)
• Ratings agency drivers, which stress the importance of transitional measures (for orderly transitions to preferred Tier 1 capital vehicles), the likelihood of ORSA-related criteria on future solvency sliding into their assessments.

Nice sales pitch for ReMetrica at the end as well - for all your ORSA needs...

Towers Watson paper on Extreme Risks - useful for Reverse Stress Testing

For anyone who has reverse stress testing on their agenda, this release from Towers Watson should help you on the "unlikely but extreme" events front.

They categorise these events into three types - Financial, Economic and "Other" (being environmental and political), and provide 15 solid risk events, some ideas on ranking, hedging and parameterising impact and likelihood., all of which are valid in the face of a lack of guidance from EIOPA on the subject at this juncture (remember ORSA requirements!).

Certainly worth using in your next FSA-driven reverse stress testing exercise if you are UK-based, and considering in the context of the forthcoming public consultation on ORSA for the rest of you Euro-landers.

AON Report on Regulatory, Accounting and Rating Agency critera changes

A decent piece from AON covering influences of Solvency II (amongst other similarly flavoured risk-based capital regulatory influences), IFRS, and ratings agency criteria for ERM on capital allocation strategies.

Some (surely sympathetically sampled) stats are included on how ratings strength will be more important than Solvency ratios - remains to be seen which measures are preferred for economic capital measurement for those who don't necessarily want or need to chase ratings agency favour.

Also includes country specific details on ORSA in the US, Risk based capital in Asia and Latin America, and references the AM Best supplemental rating questionnaire for ERM, which sounds like there might be some merits in reading

Article - Journey's end for Solvency II

Well researched article in Financial Risks Today (including a name check for yours truly!) is worth a look - it covers quite a lot of ground and references a suite of research and comment, so you might find it useful as a one-stop shop.

Think piece from CII - rethinking risk management (Solvency II angle)

In the context of the FSA's perceived wish to have more mathematicians in charge of Insurance company risk functions, it is always nice to wrap one's self in the comfort blanket of some views from the soft side of the fence.

This paper from Dr. Ashby, taking a sample of 20 risk management professionals (no mention of their backgrounds, which would have been handy in the context), is a look back over the causes of the credit crisis and how to negate such causes in future. It points at the following;

• Consensus that inappropriate risk culture, poor risk communication and over-reliance on modelled risk assessment were significant contributing factors (both institutions and regulatory/ratings agencies highlighted). These are of course the kinds of aspects most difficult to attack without an appropriate remit and seniority (i.e CRO seat)
• Recommends more of a balance "between modelling and judgement", to counter the increased focus on "objective measurement over effective management" - guessing the quota of pure risk versus actuarial-style in the 20 person sample was weighted towards my kind!
• Fairly critical of risk functions for either alienating themselves from the business with a compliance-led approach, or for lacking the skills to communicate risk exposures
• None of the sample agreed that Solvency II would lead to improvements in risk management.
• Strangely highlights operational risk as an aspect of risk management "that does not lend [itself] to formal mathematical modelling" - couldn't agree less, and I'm not an actuary!

A worthy paper, good for benchmarking, and good for reassurance - well done to all involved.

Swiss Re World Insurance in 2010 sigma study - no love for Solvency II

Swiss Re have pushed out their World Insurance trends research - expect to see it cited from pillar to post, as it is an exceptional body of work, with a whole host of uses (benchmarking, strategic planning and risk monetising as a minimum).

I have just kept an eye on the Solvency II aspects - references were as follows;

• Higher capital requirements for long-tail business and "overly stringent" capital requirements noted as a challenge which could undermine profitability
• "Onerous" capital requirements deriving from Solvency II could harm policyholders and economic growth
• Life companies will be "forced to shift assets into less risk asset classes"
• "Stricter solvency regulation (Solvency II) and higher capital requirements will be implemented by ratings agencies going forward"
• "Positive step" of Solvency II nullified somewhat by the tightening of "key parameters" since the credit crisis, leading to (potentially) higher capital requirements for "the most important life insurance products"

All in all, pretty negative as far as the predicted impact of Solvency II in its current form on the future of the insurance industry. Fair?

LRN Ethics and Compliance Leadership survey - contradictions

I read through this US-centric publication on corporate Ethics and Compliance trends (107 companies in the sample, you may need to quickly register).

I was surprised to see that, with the majority supporting existing imperatives such as aligning "core values with day-to-day operations" and improving applicability and understanding of individual "Codes of Conduct" that the emphasis on data security centred around privacy and preventing hacks or malicious leaks - surely if one runs an ethical and compliant business, they would not need to worry about Wikileak-style unmasking of institutional misconduct!

Also, over half of respondents report through the General Counsel - not traditionally a path that would allow for enterprise-wide enlightenment, and the recommendations of the research certainly advise as much with its "Less legalistic, more business orientated" theme.

Amusing was the Sales/Distribution function coming top of the ""areas of greatest concern in promoting a strong ethical culture" - poor them!