FSA - Data Review findings in context of IMAP

So I guess there was an inevitability that, with all of the resourcing around Solvency II programmes over the last couple of years being focused on filling the yawning corporate governance chasms within EU insurers with bald, handsome, impeccably mannered Pillar 2 consultants (well, one out of three ain't bad!), that some of the more mundane aspects of preparations would take a back seat.

Step forward Data Quality! With the considerable efforts expended by UK internal model applicants already on plugging their calculation kernels in, risk calibration, loss function fitting, correlations etc, the FSA's latest review findings take us right back to the starting point of SCR generation - data inputs - and they are not impressed.

The FSA began working on this topic with the industry as far back as this time last year, and are not scheduled to be finished with this thematic review until Q3 2013. Bizarrely, they note in the introduction to these review findings that their scoping tool released in July 2011 aimed to help assess compliance with both Level 1 and draft Level 2, which wasn't released to the industry (i.e. leaked) until late October - quel chance mes amis?

Splitting hairs on timings aside, just reading the five section headings of their review work would be enough to reduce many BAU staff to a quivering wreck ("Implementation of the Data Policy"? What, today?), so I wasn't expecting a glowing report. That said, the quality of data which ultimately results in today's technical provisions, capital requirements etc is seemingly fit enough for purpose, so a full-on hatchet job would be a poor reflection on both the industry and the regulator.

Assuming a 2014 go-live date (looking unlikely as of 9pm GMT today!), the areas of major concern for insurers, based on these preliminary findings, would be;

• Difficulty in assigning data ownership - there will be enough Pontius Pilates in the BAU world who will happily wash their hands of data ownership until the cows come home. Programmes will need to be extremely forceful in assigning ownership and ensuring it sticks
• Inability to articulate "accurate", "complete" and "appropriate" - this should have been an easy win, so I'm surprised that it is seemingly an issue. Realistically, should we expect the business to take ownership of data sources when we cannot define what is and isn't acceptable output from them? 
• Data Dictionary/Data Directory confusion - a suite of pretty scathing findings in this field, suggesting both over-simplicity and over-complexity has been found in the workings of Data teams.
• Spreadsheet controls and non-compliance with end user computing policies - onerous expectations on the face of it (paragraphs 4.41 and 4.42), which will be a shock to both programme budgets as well as end-users.

Some other interesting points made in the review include;

• Firms either using their Risk Committees, or a bespoke "data steering" committee as their data governance body - pretty sure the Risk Committees won't fancy this as long-term work.
• A number of suggestions as to what areas are not currently being consistently addressed when assessing materiality (p11-12)
• Some very useful comment around data classification methods (p13)
• Suggestion that, as I expected, the techniques applied to assessing the quality of data provided by third parties is not robust enough - industry-wide consensus on how to interrogate your outsourcing parties would be useful in this respect.
• A rather strange comment around poorly designed/controlled data warehouses - I can only assume they have seen one or more horror stories on their travels, as the warehouse is surely the way to go!

Any smart cookies who haven't got going on Phase II with the FSA at this juncture should be stripping this down line-by-line. For those of you outside of the UK, you may want to cross your fingers that your friendly national regulator doesn't use this approach as a yardstick...

Financial Reporting Council - Developments in corporate governance 2011

The FRC pushed this out today on progress in implementing the UK Corporate Governance Code (and of less interest to me, the Stewardship Code. Outside of the news of what is to come (more consultation in 2012 on Audit Committees, Risk Management and Internal Control elements of the code) some interesting trends are reported;

• Code requirements on board and board committee composition all above 80% on the "comply" front - strangely the requirement for having at least half NEDS on the board was the worst area of compliance for FTSE 350 firms.
• Still having "diversity" and "gender diversity" spoken of in the same breath - more to come on that subject from me another time
• FRC are attributing some of the gripes from the industry on independence criteria and difficulty in recruiting good quality NEDs on their inability to look beyond "the usual suspects", and by doing so, they will enhance diversity.
• 80% of boards put themselves up for re-election annually in their entirety (one of the more controversial elements of the last set of Code revisions).
• Discussions regarding the expanded nature of the Board's responsibility for Risk (to essentially include consideration and setting of Risk Appetite) has led the FRC to schedule a revision to the old Turnbull guidance in 2012.
• Still griping about "boiler plate" annual report text.
• Some of the "explanations" given for non-compliance still said to be lacking
• Chairman's Statement suggestions made by the FRC appear to be bearing fruit
• Lack of consistency around the application and reporting of Board evaluations
• Disclosure on business model, strategy and risk (massive for Solvency II disclosure policy/SFCR purposes) is, because of a lack of guidance, allowing companies to determine their own levels of disclosure. However, the FRC are expecting more from companies in this regard.
• Very critical of the extent of reporting from the Audit Committee, hence the consultation due in early 2012. Also goes on to be untopically lightly critical of remuneration committee reporting in the same regard!