Jurassic Talk - enhanced NED challenges during Solvency II preparations?

 Britain's youngest NED

Given that there won’t be a heck of a lot more briefing done on the Non-Executive Director front, I’ve given the PRA Industry Event slide pack published the other week a bit more of a going over to see if the left and right hands are pushing the Solvency II wheelie bin in the right direction. I haven’t gone as far as watching the 1h 30m video of the event yet – if I wanted to watch a room full of fidgeting old men in ill-fitting suits I’d just go to Bridge Night at the bowling club…

I can’t say I was massively enthused by the read of the slides as an individual who is frequently delivering material to the very audience the presentation was aimed at. I would highlight the following oddities;

Internal Model-specific (slides 6-12)

• That Solvency II “sets a high bar” for model approval – that feels a little disingenuous given that the PRA has had the whip hand in the IRSG’s internal model committee for years, and has evidently driven their CAT. Fair to say that the PRA set the "high bar" on behalf of the rest of Europe.
• From the “lessons learned” section they suggest that some IMAP/CAT firms have used assumptions which are not matching their experience. Is that not bravado bordering on criminality? Doesn’t feel like small beer, so unless the PRA are splitting hairs with that comment, I trust the protagonists had a strip torn from them.
• Some models ignoring “Key Risks” faced by a firm – how can this be? If this is about cheeky risk selection (i.e. let’s use SF, but model Market Risk as we get a good number from it) all well and good, but to say that firms are ignoring them is not a good steer, and if they are, then how is punishment not already being dispensed?
• For Use Test purposes, NEDS told to have “belief” but not “blind faith” – this feels like Bank Creep, given that the PRA  have been vocal (here and here) on firms blindly following models after the banks got caught with their trolleys down a few years back (nice PRA summary here). Doesn’t feel especially fair to tar insurers with exactly the same brush in advance, even if it is smart!
• “Boards need to own validation design” – just sounds meaningless when you read it back. If you want them to “do” the design (which Andrew Marshall’s later slides deriding the efforts of the validation contracting community suggest also support), then just say it.
• The “Key Questions” slides contain some very ropey gear. “Does the output of the model give a credible answer”? “Can the firm survive on the Standard Formula”? The terms used are so flimsy that one could spend hours arguing the toss about their definition – “so what is survival – EC+, SCR+, MCR+ with recovery plan” etc.

ORSA and SoG (slides 14-18)
Starts with a bit of good news – some generic industry feedback is seemingly due within the next couple of months (pertaining to our 2014 ORSA efforts?). The slide summarising findings to date is also a useful yardstick for those who can’t wait that long.

For System of Governance, the executive world should prepare themselves for NED questions regarding whether or not they (as opposed to their underlings and contractors) are reading EIOPA's Guidelines. Let's hope they have!

On the gnarlier side;

• Seems to be an obsession with assigning named individuals (as opposed to roles or teams)  to perform mitigating tasks relating to anything ropey uncovered during the ORSA
• “ORSA should be holistic” – at what point is that breathtakingly grim term going to be put to pasture? For a NED briefing, the use of plain English should be considered par for the course. It is followed two slides later by “top-down/bottom-up” which is equally non-specific.
• “ORSA is not a compliance exercise resulting in a report to the PRA” – I think you meant to say “not ONLY...”!

The final slides from Ian Marshall’s presentation are revealing more due to the clumsy terminology often used at the table with NEDs (“Key Drivers” and “Key Correlations” for example – if you mean “most money riding on it”, then say it!). Also, the idea that Risk Appetite is “no longer an aspiration” is worrying – I would have given the insurance industry credit that it ceased to be aspirational some time ago, and doesn’t need a 2015 ‘tick’, but then I am a trusting fellow.

Does anyone think, off the back of these slides, that their NEDs will be chomping at the bit at the next Risk Committee/Board meeting using the ammunition supplied here?

Maybe I’d better watch the video after all… 

ORSA and Independent Review - Misunder-stud?

Independent review of ORSA
- banging the drum?

I listened in on a Solvency II readiness webcast a couple of weeks ago which pricked my ears like a low-budget high street beauty parlour. The specific theme was independent review of ORSA, and the broadcaster confidently included it in the list of "things we all need to do" in the Solvency II preparatory phase, both 2014 and 2015.

While most familiar with the topic would immediately cry "that got lobbied out in 2011", the speaker's argument was that, while EIOPA's Guidance no longer says firms should "independently" review its ORSA, it also doesn't not say it, therefore we must do it, and do it annually!

I would have chuckled and left it at that, but having read InsuranceERM's recent roundtable on preparations for Solvency II, the topic again reared its head, albeit in a more controlled manner, as a number of attendees explained how they have used Internal Audit (and dismissed the idea of using external firms) in reviewing their ORSA processes during the preparatory phase.

My problem is this - as an industry we were happy to, erm, relieve ourselves and moan when CEIOPS's first attempts at ORSA Guidance in 2010 included a guideline which compelled annual independent review of the ORSA Process (included in slide 32 of Mr Bernadino's pack here in Summer 2011, as I can't find the original CP anywhere).

This was lobbied-out by the time the re-badged EIOPA released their 2011 CP (here), and when their Final Report followed in June 2012, "independent review" was a distant memory.

Any compulsion to review the ORSA Process is now  covered only by EIOPA's System of Governance Guidelines (here), specifically Guideline 8 asking that a firm's SoG is regularly "internally reviewed on a regular basis" (5.11).

EIOPA continue in 5.11 that "...the review undertaken by the internal audit function on the system of governance as part of its responsibilities can provide input to this internal review" - i.e. this is not work considered to be performed automatically and exclusively by one's Internal Audit function.

In terms of frequency, EIOPA elaborate in section 4.26 of the Guidelines, namely that your AMSB, given your firm's nature, scale and complexity;

...determines the scope and frequency of the internal reviews of the system of governance

 So three things - no 'annual' requirement; AMSB's choice on frequency; and that this is internal review, not "independent", "external", or indeed any other word which gets me contracted past 2016!

Solvency II Delegated Acts available online (kind of...), plus EIOPA's plans for 2014/15

So let's start with something a bit unexpected - DRAFT DELEGATED ACTS! ONLINE!

I'm not sure who the leaky uploader is (appears to be a Spanish consultancy firm), but the document is very much online. Sadly, it is only the January 2014 version, which as you will see in the rest of the post, has just been superseded, but it definitely pairs up with the version currently doing the rounds, I promise!

I have managed to get a sneak preview of the latest version of this document (dated 14th March) which have seemingly managed to burst the banks of the tightly-knit circle of advisors, and are now no doubt winging their way to a Solvency II Programme Director near you! There are "tracked changes" on the March document now circulating, which only appears to cover changes since the emergence of the January document hyperlinked above.

Lord help anyone who wants to trace it back to the more familiar 2011 (unpublished) draft, you might as well draw a load of foxheads on sticks...

Insurance Europe were obviously part of the privileged few for the March revisions, hence they fired out this missive last week regarding all of the Pillar 1 technical areas which they feel (on behalf of the industry) remain deficient. There are no real surprises in their list - it is the same topics which have been on the whinge-list since EIOPA's LTGA last year, and indeed earlier in the case of the Currency Risk approach and Own Funds classification.

Following on from the draft Delegated Acts being made more widely available, there has been a reasonable amount of noise in the paid-for press (here, here and here for subscribers), as well as Insurance Europe's top man having a lobbying call published in the FT (here).

Being more of a Pillar 2 man myself, I thought I would check to see what, if anything, had been tweaked in my areas of interest. The impression given earlier this year was that little had changed outside of the Long-Term Guarantee elements, and that was certainly true if you compared the November 2011 and January 2014 documents.

However, having examined the amendments in the March 2014 version, I have found is that a few areas of governance (both SOG and Internal Model governance) which were previously untouched have actually received a fair bit of treatment, for example;

• Changes to the requirements for internal audit function holders not to cover multiple control functions (this constraint has been removed). This is presumably to pacify the smaller firms across Europe who have a Risk/Compliance/Internal Audit multi-tasker, so textbook "three lines of defence" have taken a bath in the interests of proportionality.
• The devil remains in the detail though, as the amended text allows someone to "carry out" more than the IA function, but seems to stop shy of them "taking responsibility" for other functions. Not sure how that will work in practice.
• Changes in the IM Validation space, in particular the removal of the requirement for a "Validation Policy". Fair to say most firms in IMAP would have produced one of these at least a year ago now (plenty of industry references here, here, here (p8) and here for example!), and while still a document of merit, does a "validation policy" now constitute gold-plating?
• Changes in the required Internal Model Documentation, targeting a much slimmer set of compulsory documents. This includes replacing a number of "policies" with "descriptions of...", which will no doubt be well received by those supervisors with multiple internal models to assess over the next 18 months!
• The tiered timescales for submitting QRTs, SFCRs and RSRs have now moved into the Directive, via Omnibus II text (as opposed to haveing been deleted, which is what it looks like at first glance!)
• A few of the other TSIM articles (Tests and Standards for Internal Model Approval) have been enhanced. "At least quarterly..." assessment of the IMs coverage of material risks is now specified, for example. Quite how the hard-coding of the regularity cramps your actuaries' style is another thing! 

I strongly suggest you all get back to work and check for yourselves!

"Comply or Explain" responses to EIOPA's preparatory guidance - UK oddities?

Isle of Man - "Call that a flood"

Happy New Year (or Blein Vie Noa as we say on the relatively unflooded Isle of Man). I hope you all took the opportunity to fall ill and get fat like I did, so we can recommence battle in 2014 with overflowing sinuses and bursting belt buckles...

I managed to take a look at some of the responses that EIOPA have received regarding whether or not the 32 National Competent Authorities (NCA) currently invested in the Solvency II game are planning to follow EIOPA's Preparatory Guidance over the next 2 years. Please serve yourselves from this central location.

It became evident over December that there was likely to be some non-compliance (both the French and British put their heads above the parapet), though as this was a "comply or explain" exercise, this was not necessarily grave - we are after all in the business of 'preparing' at this juncture - but I was curious to see precisely how different countries "explained" themselves.

In response to each guideline within the 4 EIOPA documents, the options for each NCA were to respond;

1. Yes - we already comply
2. Yes - we intend to comply
3. No - we do not and will not comply
4. Not applicable (though I'm not certain why this is an option)

They were also given space to provide text/links to prove how they are compliant with each guideline, and som space to provide explanations (questionnaire template here).

I was therefore surprised to see the British approach (which was generally "yes") also involved;

• Not providing an explanation when they have said "No" to a guideline (which admittedly is only in one case!)
• Unnecessarily using a copy/paste piece of text as an explanation for a number of guidelines where they have said they "Intend to comply"
• Unexpectedly answering "Not Applicable" to no fewer than 10 articles within the System of Governance guidance, some of which definitely featured in the feedback on the PRA's recent Supervisory Statement as bones of contention (the actuarial function's responsibilities for example).

Obviously no surprises that the French will not be attempting to comply anything in the System of Governance world after their earlier warning, though their rationale is expanded upon in this Risk.net article. That the strict definition of "AMSB" is an issue for the French industry is surely old news at this juncture, and it is ludicrous that such a matter has yet to be dealt with by the Commission's draftsmen. It certainly hasn't posed an issue for Germany (who intend to comply with all of Sys Gov), who operate dual boards.

While more may emerge over the next few weeks on what has been submitted here across the countries, I am more immediately interested in why the UK have elected to respond "not applicable" to so many System of Governance guidelines. It seems to fly in the face of their Supervisory Statement, and I can't imagine EIOPA are satisfied with that response. 

Governance flaws in UK financial institutions - complacency or one-offs?

Some very interesting bits released over the weekend which should prick the ears of the UK's banking and insurance entities like a corporate governance-driven piercing gun, hot off the back of last month's Co-operative Group scandal.

Governance structures
- unchallenged by Risk for too long?

Over at RSA, one of the UK's most venerable General Insurance, a house of horrors-style drama appears to be emerging. Starting with what looked like a serious, yet relatively modest, localised valuation issue over in Ireland has developed in short order into the straw which has broken the camel's back with regards to the tenure of the Chief Executive of the entire group - all off the back of a routine audit, according to one source, and perhaps not coincidentally breaking formally as a story one day after the announcement of enormous premium hikes in the country.

Astonishingly, one of the three men suspended at the Irish unit is also one of the biggest hitters in their national industry, being the current president of the Irish Insurance Federation. He was quoted in August thus (my emphasis);

I’m very optimistic about the future. The Irish Insurance Industry is robust, well capitalised, making a significant contribution to the economy and most importantly, delivering for customers.

While it is fair to say that the knives were already out for the Group CEO, who has presided over general bad news over the last year or so (this year's profit warnings one and two for example), to actually see a FTSE 100 insurer crippled to the point of fire sales to plug capital holes by such a matter is pretty remarkable, even if the geographical source of the pain is less surprising after Quinn went down actuary-less a couple of years back.

What's more, the interim CEO (who is pulling off the much-maligned Chairman/CEO double act for now, though was Non-Exec) has sanctioned a root and branch review of governance arrangements in the firm across all markets (cited here from an analyst call), quite an undertaking in itself bearing in mind its geographical spread.

It made me revisit the published feedback to EIOPA's preparatory guidance, where I had remembered that the feedback received from RSA was pretty caustic with regards to the appropriateness of EIOPA's guidance where it seemingly went above and beyond the Directive and Implementing Measures.

Pointedly in the context of this particular failure of their internal controls, they fed back extensively on the Fit and Proper requirements (p237), most of which centred around 'less is more', and emphasised the administrative burden such activity already causes. This is supplemented on p339 with a piece against the rotation of internal audit teams, both of which look discomforting in hindsight!

Fit and Proper Persons in financial services - judge not, lest ye be judged

A quick note on the high-profile leadership-related crises which have reared their heads over the last couple of weeks, and whether the risk management professionals of the world can learn from them.

Two stories related to the flip-side of the kind of driven, charismatic figures that can progress rapidly through their chosen careers while coping with some rather spectacular character flaws. One being the ex-Chair of the UK's Co-operative Bank (already in financial turmoil), caught in a drugs and prostitutes sting this week, which has followed on from the city mayor of Toronto, who has been drawn into a similar web of videotaped misbehaviours.

Sticking with the financial services example, we have a number of issues which should interest the risk pros;

• A Chair with no financial services experience or qualifications (Northern Rock encore un fois!) ...
• In an organisation undergoing a massive transformation after acquisition...
• With a previous (if expired) criminal conviction...
• Who had resigned from public office while in the role due to pornography-related misuse of office equipment (reported at the time as due to "increasing responsibilities" at Co-op!)
• Who then (allegedly) used his work e-mail to solicit prostitutes (bottom of article)
• And all of this post-dating the nadir of the financial crisis, when one would have naturally thought that both institutions and the regulator would have been on point on such a matter.

Some elements of the story are dominating the headlines, such as the gender of the prostitutes, the type of drugs used, or the fact that the Co-operative movement, purporting to have a higher calling than the soul-hoovering plcs, should perhaps be impervious to such matters. 

For me, we have a straigthtforward case of significant internal control failings across departments, a failure to hold senior management to account when breaching internal policies, and a very strong working example of a reverse stress test, combining a number of risk factors which in concert deliver a failed business model. On that basis, I would think that the business-as-usual risk teams across the country will be analysing this one until the cows come home.

How much of a bum-paddling the FSA/PRA deserve on this is another matter. Whether light-touch or prescriptive, I think regulators in many countries will wince at the details of the approval of Rev. Flowers' appointment once this one plays out at Treasury Select Committee over the coming weeks (I have no insider information, but let's face it, we'll be watching through our fingers!). 

For context however, in 2009 the FSA (as it was then) made a formal submission to the TSC addressing many of the failings uncovered by the retreating tide post-Lehmans/Bear Stearns/Northern Rock, and what Hector Sants & Co had planned to make up the shortfall. 

The TSC made a number of comments (sandwiched within the FSA's submission) which are worth highlighting today - I have emphasised the parts which should now echo in eternity;

The FSA's assessment of whether senior bankers were fit and proper for their posts appears to have been little more than a tick-box formality, unless the applicant had a criminal record or gave some other evidence of a shady past. That bar was demonstrably set too low. We welcome the acknowledgement from the FSA that a candidate's competence, as well as their probity, will now be thoroughly reviewed before taking up a senior post in a bank. We recognise that there may be some dangers in the FSA assessing competence, not least because the FSA will become exposed to accusations of incompetence itself, if it makes a wrong judgement

We recommend that the FSA assess whether bank executives should possess relevant qualifications. We would like to see banking qualifications become one of the core indicators against which the FSA can assess a candidate's competence. If a candidate has no relevant qualifications, the onus should be on them to prove to the FSA that they have relevant compensatory experience

And from the PRA themselves...

We strongly agree that it is important for bank executives to have the right level of skills and experience. As noted above, we have recently written to all CEOs of relationship-managed firms reminding them that it remains the firm's responsibility to ensure that the candidates they put forward are fit and proper to perform the role in question, and that firms should, therefore, have robust recruitment, referencing and due diligence processes in place

It was only three years ago - at what point do we (grim pun intended) practice what we preach on corporate governance in financial services?

The PRA Consultation on EIOPA's Preparatory Guidance - priorities for 2014 and 2015

After 10 years, it's finally getting interesting - the PRA today have dropped out a consultation paper on applying EIOPA's preparatory guidelines to PRA-authorised firms (CP 9/13). You can get at the EIOPA materials through this post for convenience.

The content will, subject to any intense lobbying by industry, be adopted as a supervisory statement (section 233) to cover the 2014 and 2015 calendar years, with the expectation remaining that 2016 is our "go-live" date. It covers the following aspects of the preparatory phase;

• The PRA's expectations of firms as they prepare for Solvency II;
• The PRA's approach to implementing the guidelines; and
• The PRA's interpretation of aspects of the guidelines.

They are at pains to highlight that these are "preparatory" guidelines, and provide the traditional spiel on "nature, scale and complexity", so incremental progress is to be expected during the period in question. What that means in practice is perhaps another thing - can you show measurable 'incremental progress' for materials which are only on an annual review cycle, for example? - but that aside, it's worth picking the bones out for your respective programmes, and perhaps most importantly, getting your feedback in by November 15th if you don't like it!

Perhaps the most noteworthy aspect of this CP is that in no way is it suggestive of the PRA rejecting any of EIOPA's guidance (remember, they have until the end of November to voice any protest). That of course makes preparatory work much easier to plan for, as the UK will seemingly be doing it all!

My thoughts on the specifics were as follows;

System of Governance (SOG)

• Emphasise that the SFCR requirements around SOG are also catered for in EIOPA's work (3.7), so a smart move would be to factor that into your drafting plans during 2014
• General governance requirements "largely consistent with SYSC", though individuals holding key functions might expect a personal visit in the next two years (3.10)
• Similar position for Risk Management Systems (3.12), stressing the commonality of requirements with existing PRA obligations, but stressing in particular that firms should be "...including suitable mechanisms and methodology for connecting to their ORSAs and for carrying out regular stress and scenario tests" during the preparatory phase.
• That Prudent Person Principle is not a new concept to the PRA, but firms would be expected to review investment strategies in line with PPP over the next couple of years. A concession is seemingly made regarding the provision and review of third-party data by investment functions for smaller firms. 
• On the (new) requirement for a Capital Management Policy/Medium Term Capital Plan (3.16), they are not moving, despite the howls of protestation - "The PRA regards the development and implementation of such policies and plans as an integral part of sound risk and capital management for all firms, especially as their management and Boards assess the implications of the forthcoming Solvency II own funds and capital requirements"
• On internal controls, they appear to be fishing for firms to analyse whether their existing framework is Solvency-II ready, and then piggy-back of that self-assessment (3.17)
• Same for Internal Audit function readiness! (3.18)
• Actuarial function get a more bespoke treatment (3.19), with all firms asked to "carefully consider" the functional structure to avoid conflicts of interest. They also reserve the right to "...review firms’ analysis of the areas required for improvement, and understand the actions the firm is taking to resolve these".
• Outsourcing similarly gets additional treatment by the PRA (3.22), who are "particularly interested" in changes made specifically with Solvency II readiness in mind

Useful quotes

...the PRA articulates its expectations of firms in the preparatory period, including that firms should read, assess and implement the substantive provisions of the guidelines in order to achieve the intended outcomes (2.5)

The guidelines and this statement are designed to work towards a consistent and convergent approach in preparations for Solvency II and not its early implementation (2.6)

 The PRA expects firms, when asked, to be able to explain what governance changes they need to make to satisfy the guidelines, how they plan to make those changes, what progress there has been to date and any particular difficulties they face (3.4)

The PRA expects firms to be able to document their overall approach to outsourcing, including contingency plans in the event of a service provider failure, to ensure that the efficiency of the service remains unimpaired and uninterrupted. (3.22)

During the preparatory period, the work of the actuarial function will now focus on co-ordinating the calculation of technical provisions, providing an opinion on the underwriting policy and reinsurance arrangements and contributing to the development and performance of the internal model in the pre-application stage where relevant (3.19)

During the preparatory period, the PRA encourages firms to consider how to manage the transition to the new regime and to assess the impact on existing asset portfolios of Solvency II requirements. This need not necessarily mean that changes have to be made to firms’ investment strategies or portfolios but firms are encouraged to work on an incremental basis towards demonstrating that they meet the requirements of the PPP (3.14)

During the preparatory period firms should review their existing policy for assessing fitness and propriety and whether it needs updating in advance of Solvency II (3.11)

FLAOR/ORSA

• PRA only planning to review assessments "...on a proportionate basis" during preparatory phase - they elaborate further by stating "Due to the high number of ORSAs which will be submitted, the PRA expects that it may have to stagger its review of these during the preparatory period in a way that is risk based and proportionate". Does that mean "Top Ten & Lloyds & IMAP" get the works, with everyone else getting a lite-touch?
• Expectation that improvements are identifiable between the 2014 and 2015 FLAORs - the PRA will contact firms individually if they are within the threshold limits which enact guidelines 14-16.
• On ORSA documentation, "...firms should recognise the need for effective documentation and record keeping", for both Policy and Report (4.7)
• Note that the Board's involvement in ORSA is "...far more extensive than setting risk appetites and tolerances", and leave an open threat to go through Board packs/agendas to ensure this is the case (4.8)
• Smaller firms get permission to use their internal ORSA Report as the ORSA Supervisory Report, provided it has enough detail. Larger/riskier firms may conversely be asked to supplement whatever they submit. (4.10)
• PRA actually considering issuing a "summary sheet" to firms in order to help gather information consistently (4.11). Here comes the ORSA Template!
• Expectation that 2014 projection work is done on existing basis, and 2015 (ideally) on Solvency II basis (4.15)

Useful quotes

The preparatory period is a time of development for firms in designing, compiling and trialling these assessments (4.3)

To help capture [ORSA] data and information in a consistent way from firms and facilitate review the PRA is considering whether it may be beneficial to provide a summary sheet to firms (4.11)

The PRA does not intend to prescribe when firms should submit their ORSA...Firms should inform the PRA when their ORSA will be submitted well in advance of the submission date (4.19)

The PRA expects the Board to play an active part at various stages, providing initial steering on how the ORSA should be designed and documented, challenging on risk identification and mitigation along the way and culminating in the Board approving and communicating the finished product. (4.8)

The PRA expects all firms to develop a qualitative process to develop an ORSA which can be documented and reviewed by the PRA in line with its overall proportionate approach.(4.6)

Submission of Information

• Confirms that XBRL is required prior to 2016 as submission format for QRTs (5.7)
• Suggest that policies and procedures around reporting in firms may need "potentially significant revision" in light of Solvency II. (5.15)
• Rather obscurely, they write, "The PRA does not expect that preparatory reporting will be subject to a requirement for external audit but it may draw upon audited inputs" - as I recall the participation of external auditors in QRT-type reporting has been a massive bone of contention in Brussels (indicated within these IRSG comments from last year, but I'm sure there's a more recent story), but potentially not a welcome development.

Internal Model Pre-Application

• They isolate the Model Change policy as an example of something which should already be tested for its appropriateness (6.5)
• Still expect firms to come forward and brief them on "significant" changes during pre-application.
• Surprisingly, very little else,

Useful quotes

...it is important that where models are sufficiently stable, firms are beginning to demonstrate their use and continue to refine their models with the benefits of experience (6.5)

I may fire some feedback in, but ultimately I suspect this lady is not for changing...

EIOPA's FINAL preparatory guidance for national supervisors - it's on at last!

Sporting less change than a busker's flatcap, EIOPA have published their final version of the preparatory guidance for the EU's National Competent Authorities (NCAs) to get themselves ready for Solvency II ahead of the anticipated implementation date of 2016. You can catch my post on EIOPA's consultation papers here if you want to dig out their position prior to the consultation, which saw over 4,000 comments offered.

EIOPA - Thanks for the feedback,
here's your change...

Over the last week, while I have been recuperating from yet another rugby injury, there is plenty of chatter recently about the kick-off date, Omnibus II's progression through trilogues (and hopefully parliament before the May 2014 elections), etc elsewhere, so I've just had a run through the final guidance to see what got lobbied out, and whether that is a win for all stakeholders, or just the industry. As the PRA have already made it clear that should the go-live date move, their expectations on supervisory reporting will also move (p3), whether it is 2016, 2017, etc. is kind of a moot point.

The mainstream press has trumpeted the big wins as being in the reporting space which, judging by the IRSG's scathing take on that topic, should be no surprise to anyone. However, it would appear that EIOPA have refused to bend for much else, adopting a relatively sniffy tone in response to stakeholders concerns/complaints.


Below are links to separate blog posts covering the more contentious highlights for each of EIOPA's 4 hot topics, while Mike Claffey and the Milliman crew have quickly summarised the changes here;

System of Governance - Final Guidance (EIOPA Doc)

ORSA/Forward Looking Risk Assessment - Final Guidance (EIOPA Doc)

Reporting/Submission of information to NCAs - Final Guidance (EIOPA Doc)

Pre-application for Internal Models - Final Guidance (EIOPA Doc)

System of Governance - EIOPA's FINAL preparatory guidance for national supervisors

Based on feedback received since their initial consultation paper was released, EIOPA make the following generic clarifications/statements in the preamble of their guidance doc for System of Governance preparations;

• That proportionality will not be defined or presented as examples in the guideline text (p5-6)
• That NCAs are "expected to...review and evaluate the quality of the information provided to them" - bad news for the PRA, who were clinically uninterested in reviewing Solvency II reporting attempts according to one blogger (p6)
• The emergence of a new ORSA acronym, "FLAOR", which looks more like something an amused teenager would write on Facebook (p6)
• The expectation that 2015 will see submissions of (2014) ORSAs to NCAs (p7)
• While there is no generic take on what enforcement action should take place in this interim period, firms are expected to (a) Discuss any negative findings from their ORSA/Governance systems with their supervisor, and (b) To produce SCRs using information of appropriate quality. Enforcement action in the absence of this WILL NOT consist of capital add-ons, apparently (p7)
• That the submission date calendar for all of the information expected will be reviewed at the end of this year, so that EIOPA can take Omnibus II progress into account (p8)
• That the explanatory text in each set of guidance is NOT part of "Comply or Explain" (p9)
• That the reasons behind a negative "Comply or Explain" decision from any country will be kept secret as standard (p10, and disgraceful, frankly).

They then go on to focus on some of the larger bones of contention within the 52 guidelines provided. The following generic points stand out for me as a practitioner;

1. There is almost no discernible movement in EIOPA's position, even after a volumous lobbying effort;
2. That explanations for the inclusion of contentious content are generally forthcoming, though on a number of occasions, flimsy;
3. That planning for 2014 full-year mothballing of Solvency II programmes is not an option, particularly for ICAS+ candidates - some may get away with a few months of inertia, depending on the quality of their paperwork (strategies, policies, process guides/maps, terms of reference, charters etc).

The following supporting arguments for EIOPA's final view were, in my mind at least, poorly formulated, regardless of whether the end result is still agreeable;

3.48 (Guideline 6)

- Refused to add more definition around what constitutes a "significant decision", which is poor form.

3.58 (All of Chapter III)

- That the expectations of Risk Management in insurers  "...comprise risk management standards which are considered to be matter-of-course and wide spread activities" - extraordinarily loose, considering the lack of a majority-accepted global, or indeed pan-European standard on the subject (IRM/ISO/COSO/FERMA/FSB's efforts notwithstanding)

3.65 (Guideline 19)

- That, while it is "not an easy task", Operational Risks should be quantifiable, and therefore subject to tolerance limits - I don't think it would have hurt to suggest (or even compel the use of) a method if it is that difficult.

3.68 (Guideline 25)

- That firms should maintain Investment Risk-related KRIs outside of what might be provided by normal parties (for example, ratings agencies), which would help "...increase overall risk management" - not entirely convinced that a generic "increase" is any kind of worthy ambition. 

3.74 (Guideline 31)

- That a capital management policy and capital management plan is both necessary (though for not entirely convincing reasons when tying back to the Directive)

3.78 (Chapter VI [Internal Control])

- That there is already plenty of clarification on what the Compliance function is charged with. I would agree in principle, but have heard evidence to the contrary in practice.

3.81 (Chapter VII [Internal Audit])

- That they neither wish to mandate or discourage rotation of Internal Audit staff or whistleblowing direct to NCAs - in which case, why mention it!

3.110
- A bizarre comment in response to a suggestion that a public statement should be released by the AMSB annually regarding the discharge of responsibilities around the system of governance that the Directive "...only deals with internal governance, not corporate governance" - think I know what they are fishing at, but terribly worded.

3.144
- Justify their decision not to define risk appetite and risk tolerance in the context of these guidelines

They have however provided some more defendable clarifications, for example;

3.51 (Guideline 11)

- Clarified that the gold-plated "Fit and Proper" requirements apply to AMSB/Control Function staff only, as well as specify what is expected from Outsourcers.

3.57 (Chapter III [Risk Management])

- That in the context of separating the duties of the Risk and Actuarial functions, the Directive is abundantly clear and that undertakings "...cannot deviate from [the Directive's] distribution of tasks"

3.62 (All "Policy"-related guidelines)

- That efforts should be targeted towards drafting the required documents during the preparatory phase. I would imagine this would be "re-working" in the UK, where such activity is most probably long done.

3.67 (Guideline 19)

- That there is no compulsion for firms to operate an electronic database to store operational risk events

3.85 (Chapter VIII [Actuarial])

- That, regardless of the absence of a valuation framework for TPs, the processes behind their co-ordination and calculation justify early activity, rather than "wait and see" on Pillar 1.

3.124
- Regarding Op Risk, activity will have to include "...identifying all operational risks that have crystallised and their near misses" (my emphasis)

Relatively easy in summary then - if it was a gap/issue in your system of governance in March, it probably still is, so go and fix it!

PRA's take on EIOPA Guidance - no truck with dual reporting?

One of the Barnett Waddingham crew was kind enough to make a few notes about the PRA's current position, presented in an industry briefing back in early June (slides seemingly unavailable). While it didn't touch on pre-application for internal models, it did publicly tease out a few more details on ORSA and System of Governance from those already available, for example;

• The concept of a "Glide Path" towards ultimate Solvency II compliance, which is being agreed between firms and the PRA, to make up for the lack of certainty around both EIOPA's requirements from 2014 and of course the ultimate 'Go Live' date itself - gives both parties plenty of wriggle room in their preparations
• PRA are currently doing an "EIOPA vs PRA" comparison, but are not looking to change the PRA Handbook (which would neccesitate a consultation period, and therefore wouldn't be ready for 2014)
• That the PRA are not especially enamoured with their reporting requirements up to EIOPA!
• That the PRA believe that the trilogue discussions will be concluded before EIOPA's guidelines come into force. That seems less likely with every passing day
• That the PRA do not have the resources to feedback on any of the firms' efforts in the Solvency II reporting space

I guess the slightly odd thing is that the PRA have just announced a radically reduced Special Purpose Fee for Solvency II preparation (only £3.1m for IMAP, and a rebate for non-IMAP due to underspend last year - compare that to previous years!). Could they perhaps have just hung on to a bit more cash to provide a more substantial service in the next 18 months, or have they also given up the ghost on anything of substance happening in the foreseeable future?

Risk Appetite white paper from Oliver Wyman - hold the onions...

A white paper on Risk Appetite from Oliver Wyman caught my eye recently whilst fishing for supporting materials for my own take on the matter. I have covered on this blog a range of opinion

Risk Appetite - need to 'ketchup' with
latest benchmarks?

pieces on Risk Appetite from the professional institutes to the consultancies to the regulators perspectives, and so far they never seem to be on the same page at the same time.

From the Solvency II perspective, we know that (as it stands) Risk Appetite only exists in written word in Level 3 System of Governance and ORSA guidance, namely;

• That the AMSB is "ultimately responsible" for setting it (Sys Gov G15)
• That EIOPA did not wish to distinguish between "risk appetite" and "risk tolerance", rather let national regulators and the industry scrap out any divergence in term usage themselves (Sys Gov p30-38!)
• On that basis, "Risk Appetite" doesn't even feature in the L3 ORSA Guidance, though "risk tolerance limits" do (ORSA G7 and G11), perhaps indicating what terminology EIOPA prefer.

From the national regulatory perspective, the PRA have ingrained its importance as the "foundation of [an insurer's] risk management framework" in its new approach paper (section 110), whilst the Central Bank of Ireland have not only built Risk Appetite into the supervisory structure, but even had time remonstrate with the industry for its lack of progress around Risk Appetite statements!

The ratings agencies expectations on Risk Appetite also come into play, with S&P expecting its "clear communication" and "linking to risk limits" as part of its ERM assessment programme (p5, and more extensively, p9). They do however have the courage to define their terms with respect to appetite, tolerance and preference in the appendix. 

Appreciating therefore the Oliver Wyman paper is catering outside of the financial services sector, it still contains a host of rather inane platitudes such as;

Risk Appetite Framework

"...bringing discipline to major strategy decisions" - as opposed to the Chief Exec and Chair? 

"...essential for firms considering an ambitious growth strategy" - as opposed to all firms?

"...developing a robust risk appetite framework does not take an inordinate amount of time and effort" - might want to tell that to the rest of the invoice-generating consultancy world!

Risk Appetite Statement

"...more than just a set of benchmarks" - at what point has a RAS ever been that?

"...setting the 'tone at the top' about the relationship between risk and return" - "tone" as opposed to "rules"? 

It also contains a number of apocryphal tales and irritants, such as

• Senior management "often" fail to take risk appetite into account - probably true even in the financial services world pre-2007 (indeed it was a major feature of the Lehman's autopsy!), but one would think less so now.
• "Few" companies able to unlock benefits of a risk appetite framework - that feels a bit light, though I don't doubt some firms may struggle depending on their corporate structure and industry.
• Frequently interchanging between "Framework" and "Statement" throughout, in the same way as many ORSA-related materials do so for "Process" and "Report".

It ultimately recommends that a Risk Appetite Framework should contain the following characteristics;

1. Qualitative and Quantitative Risk Appetite Statement
2. Ensure the statement content is "useful" for all internal stakeholders (Board, Senior Management, Financial analysis teams and business unit leaders"
3. Connect the statement to the planning, review and decision making processes and forums

There are also a number of positive elements within the document, which I would certainly advocate, such as;

• Size Limit - they recommend no more than 4 pages for a Risk Appetite Statement, and one could probably get away with less
• Concepts of Ability (what one can technically afford) and Willingness (to tolerate uncertainty)...
• ...applied as appropriate to a set of qualitative and quantitative themes which are pretty much ready off the shelf (p3)
• Ensuring the metrics used for monitoring are company-specific - very easy to replicate what one has seen in previous firms, but these will inevitably not make the cut in decision making processes, thus defeating the point.

I'll be doing more on this topic in the near future, but for now this material may at least be of use to you for benchmarking purposes.

Elderfield at the European Insurance Forum - one for the road...

So the European Insurance Forum is in full swing over in Dublin, which from what I have seen to date in the tweetosphere (thanks DIMA and Mike!), sounds more like Alan Partridge's sales conference for Ireland plc.

That aside, Matthew Elderfield, the outgoing Head of Financial Regulation at the Central Bank of Ireland, gave a rousing speech touching on risk-based supervision and the 'prospects' for Solvency II. As a member of EIOPA's management board and head of the second largest internal model assessment body in the EU, his words are very much worth heeding.

Given that he has already addressed this forum a couple of years ago on such matters, as well as being relatively outspoken  recently on the quality of components parts of Irish risk management systems, one might expect a few home truths on his way out of the door to an equally precarious task as Head of Compliance at Lloyds Banking Group.

EIF 2013 - More to Ireland 'dan dis'?

The headline acts for me was his revelation that diversification in internal models remains a bugbear, to the extent that he supports the kind of 'floor' arrangement being given airtime at the PRA. Given he had already made his distaste at the extent of the diversification benefits being sought clear in a speech last year, it is not surprise to see it on his agenda, more that it implies that the expert judgements of those involved in the calculation process may be overridden (due to regulatory prudence?), regardless of how well they are documented or supported. 

In addition, his angle on bridging the LTG issue makes interesting reading for anyone who doesn't receive briefings on EIOPA's inner workings.

Noteworthy points (my emphasis if emboldened) therefore included;

On Solvency II

• Drawn out process has "naturally resulted in a combination of fatigue and exasperation", with the "...high costs of preparation compounding concerns"
• Regardless, "it is unacceptable that the common regulatory framework for insurance in Europe in the 21st century is not risk-based"
• "Urgently need" the framework to reflect asset risks, riskiness of different lines of business, encourage better governance and risk management, and provide better disclosure.
• "Solvency II does indeed have its imperfections", but "...the benefits of moving ahead with Solvency II outweigh the costs..."
• Notes his "long-standing concern" around over-optimism in the calibration of internal models
• "...complexity has clearly gone too far in some areas - and makes implementation very difficult for smaller companies"

On Omnibus II and EIOPA's LTGA

• Omnibus II delay "...is a course of considerable concern to regulators and industry alike", and the "...entire framework is essentially stuck on one issue" which "...will require a political compromise"
• Personally supports a more generous approach to matched premium adjustments on certain lines of business, provided they are (a) only applied to the back-book, (b) companies provide Pillar 3 disclosures both with and without those adjustments, and (c) supervisors can apply capital charges if they are not happy.
• "With European elections looming next year, it is important that this process concludes in the autumn at the latest"

EIOPA - filling gaps
since 2013

On EIOPA's Interim Guidelines

• As justification for supporting them, "Much of the Solvency II framework is already clear", and emphasises that "we will adopt a proportionate approach"
• EIOPA is "helping 'fill the gap' created by the hiatus in the political negotiation"
• "The EIOPA initiative should be strongly welcomed by regulators and industry alike"
• Hopes the system of governance and ORSA interim guidance provide "manageable and useful transitional steps towards full Solvency II adoption"
• For Pillar 3, expecting "best efforts" especially from High Impact insurers, with the use of statutory powers held in reserve "as a last resort.
• For IMAP, can neither sanction an "early conclusion" nor a "hard stop", so will ultimately elongate the administrative burden, hopefully leaving less to do towards the end.

On Diversification benefits

• "...in common with a number of other [unnamed] supervisors", CBoI is concerned to ensure "prudent recognition of diversification effects"
• "Fundamentally, what is needed is a broad agreement on the outer bounds of acceptable levels of diversification in the model approval process", citing one jurisdiction (UK?) looking at hard SCR floors based on proportion of MCR.
• "...the Central Bank's message to Irish firms is to take a conservative approach to the recognition of diversification..."
• Points to the failure to add formal constraints on diversification benefits in the Directive text
• "Supervisory quants are at risk of being outgunned by industry quants in the minutiae of a correlation debate"
• Also has a stab at "overly generous approval" in other member states in the context of regulatory arbitrage - is it that hard to say "no" just because the home regulator says "yes"?

Of less consequence for those outside of Ireland, he goes on to cover the CBoI's bespoke work around VA-specific risks (in light of prolonged low interest rate environment), the failure of Quinn Insurance, and the bedding in of their PRISM risk-based supervisory framework, the latter eliciting the comment that "we are still some way from fully embedding our new approach".

From this, one might reasonably think that, should Mr Elderfield's successor continue in the same vein, that the correlation matrices of Ireland's 30-something IMAP candidates are likely to get a severe working over in the next couple of years. Let's hope the industry gets their documentation in order!

The PRA's take on EIOPA's Interim Guidelines - far from a 'Tragedy'...

The Prudential Regulatory Authority have celebrated their second week in office by hosting a number of industry briefings regarding EIOPA's Solvency II Preparation Guidelines. One Blogger keenly dripped some of the materials discussed out yesterday, but I've had a look through the briefing materials released today on the PRA's site to see if there are any messages worth amplifying.

Steps - appropriate?

From a calendar perspective, the PRA are planning some technical workshops with "industry representatives" in early May, to be followed by an industry briefing later in that month. The output from the workshops appears to be a major influencer on whether the PRA will "comply" with EIOPA's guidance or "explain" why they won't.

With final versions of EIOPA's guidelines expected by September/October 2013, the national regulators have an additional 2 months from publication to formally confirm their "comply or explain" position.

Reading between the lines this looks (for now at least) as a foregone conclusion however, with this comment from the internal model pre-application slides;

"We expect firms to have regards to the interim guidelines and take appropriate steps to prepare for Solvency II" 

Three slide sets have been released - anything new, or worth reiterating, below;

Internal Model Pre-Application

• Model change - to be monitored throughout pre-application.
• Colleges - Evidently notable divergences in assessment practice across the union which the Guidelines hope to fix, but "no direct implication for firms".
• IMAP - while EIOPA's guidelines "will be considered as part of IMAP reviews", they don't (in the PRA's mind) touch on anything which wasn't already part of existing L1/Draft L2/pre-application L3, so no surprises on that front. They do however highlight the elements on Expert Judgement and Validation as providing more clarity on supervisory expectations.

ORSA and System of Governance (combined)

• No PRA expectation of  a full/'live' ORSA or Solvency II-compliant systems of governance by 2014
• Neither are there any expectations for firms to make changes in investment strategy/capital strategy/outstanding Pillar 1 elements - at least not due to Solvency II in its current form.
• For System of Governance, the PRA's slides highlight areas where EIOPA's guidelines exceed expectations of the PRA Handbook - these include Board MI; revisions to control functions; revisions to Risk Management Policy; Prudent Person Principle; and calculation of TPs.
• For ORSA, the slides clearly indicate that dry runs and ORSA process development should be the immediate focus, and it should serve to reaffirm best practices that already "underpin the ICAS".

Submission of information to supervisors

• Only a subset of the full package recommended by EIOPA in July 2012
• EIOPA want to see at least one round of annual submissions, and two rounds of quarterly submissions before Solvency II goes live, with 2016 seemingly the preferred year.
• On that basis, firms will have 20 weeks (26 weeks for groups) after year-end 2014 to submit annual template obligations.
• They will then have 8 weeks (14 weeks for groups) after quarter end Sept 2015 to submit their quarterly template obligations.
• As per ORSA, firms which are involved with internal model pre-application will need to perform both standard formula and internal model work in this area.
• Also as per ORSA, thresholds for participation based on TPs (Life firms)/Premiums (Non-Life).
• Narrative reporting requirements are "significantly reduced"compared to final requirements - however, there is plenty of crossover between what one might document during ORSA processes and what is expected to appear in RSR/SFCR, so firms shouldn't struggle in this regard.
• The concept of a "Reporting Policy" document (guideline 33 in the consultation) covering who will be responsible for what in the submission of information to supervisors, is referenced in these slides. This hadn't featured on my radar before as 'compulsory', so documenting this early, even just as process steps/maps, seems like a move that the PRA would appreciate.

EIOPA Preparatory Guidelines - System of Governance

Consultation on System of Governance preparatory guidance (plus explanatory text)

For a topic which has felt like a given for a number of years (certainly in UK and Ireland where we already ask a lot in this area), the System of Governance preparatory guidance is still 40 pages, comprising of 57 guidelines, accompanied by 60 pages of explanatory text.

A couple of things immediately grabbed at me when going through the guidance (again anticipating a conservative approach of the supervisors rolling over and applying all content as is)

• That the Risk Management Policy (regardless of how one structures the component elements) is expected to contain procedure-level information about the management of each major risk category - this sounds hopelessly disproportionate, and almost impossible for supervisors to reasonably get through;
• That it is "expected" that large or complex firms separate their four key control functions, and that others at the small/medium end may ultimately find it easier to do so than consider the range of controls/maintenance of independence required to have combined functions;
• That an expectation that insurers' systems of governance require regular independent review, with the AMSB only retaining the ability to choose the performer;
• That insurers will be expected to formally identify/analyse/report on Operational Risk Events
• That EIOPA bottled out of defining Risk Appetite and Risk Tolerance, leaving national supervisors and insurers to fight it out amongst themselves.

Ultimately, the document reads like a checklist which practitioners or full-timers can run through against the suite of documentation no doubt already in existence which, if based on CEIOPS/EIOPA final advice and/or the Commission's Draft Level 2 measures, won't be miles away as it stands. On that premise, I've only listed elements which jump out for me.

GENERAL GOVERNANCE REQUIREMENTS

Guideline 3

• Evidence should be collected of the AMSB "proactively" seeking information from committees/key functions

Guideline 5

• No more detail than an expectation that the AMSB "appropriately implements" their key functions - in the explanatory text, it goes on to say that larger companies will be "expected" to fully separate Risk/Actuarial/Compliance/IA, with a series of measures expected to preserve functional independence if smaller companies choose to combine some.

Guideline 7

• Expectation that both AMSB decisions, and how information generated from the Risk Management System (RMS) influences them, is "appropriately documented" - compulsion for Board Decision Logs?

Guideline 8

• Regular System of Governance reviews appear to be expected, which are documented and reported back to the AMSB - the AMSB retains the right to choose who performs it 

Guideline 9 - All policies must include:

• Goal of policy
• Tasks to be performed and by whom (person or role, unlike for validation, where person/s was specified)
• Associated processes and reporting procedures
• Obligations of affected operational teams to inform control functions of "relevant facts" at all times

Guideline 10

• Contingency plans are expected for areas which are "especially vulnerable" - this pushes outside of what one would consider a conventional contingency plan for operational emergencies.

FIT AND PROPER

Guideline 11

• Must have a Fit and Proper persons policy
• It must be equally applicable to both hired staff and outsourced functions

RISK MANAGEMENT

Guideline 15 - AMSB is "ultimately responsible" for:

• RMS effectiveness
• Setting Risk Appetite and Risk Tolerance Limits
• Approving Risk Management strategies and policies

Guideline 16 - Risk Management Policy must cover at least

• Risk categories used and measurement methods
• How each category/grouping of risks is managed
• Risk tolerance limits for all categories in line with Risk Appetite
• Linkage of both SCR and ORSA to risk tolerance limits
• Frequency and content of regular stress tests, and circumstances for additional testing

In addition, the associated guidelines touch on the risk categories within one's Risk Management Policy. There is an expectation for pretty much every category that procedure-level information is included in the policy documents themselves, as well as hard limits, which is unlikely to be the case as it stands.

Guideline 18 - Insurance Risk Policy

• Expected to cover types of acceptable insurance risks, how premiums will cover claims/expenses, as well as how product design accounts for investment restrictions and formal risk mitigation techniques

Guideline 19 - Op Risk Policy

• Expectation that Operation Risk Events will be formally identified/analysed/reported in insurers, and that a system for collecting and monitoring them should be in place.
• Operational Risk Scenarios should be developed and used, based on failures of key persons/processes/systems and external events

Guideline 23 - Investment Risk Policy

• Buzzphrase introduced of managing the level of "security, quality, liquidity, profitability and availability" of one's asset portfolio

OWN FUND REQUIREMENTS AND THE SYSTEM OF GOVERNANCE

Guideline 32

• Concept of a "medium term capital management plan" introduced which covers; planned capital issuances, maturities and distribution policies - not sure how that works for mutuals, but I can see what they're fishing for

INTERNAL CONTROLS

Guideline 33

• "All personnel [should be] aware of their role in the Internal Control system
• The Internal Control system should be "commensurate to the risks arising from the activities and processed to be controlled" - this line should hopefully avoid overkill

INTERNAL AUDIT FUNCTION

Guideline 36

• The Internal Audit policy should include the procedure for informing supervisors [of whistleblowing-level wrongdoing I guess]

ACTUARIAL FUNCTION

Guideline 44

• "Material"deviations of Best Estimate Liabilities should be back-tested for by the Actuarial function, reported on, and remedial changes proposed

Guideline 46

• The Actuarial function is expected to "contribute to" specifying the risk coverage in the internal model, as well as the dependency structure - this feels like areas where, even in larger insurers, the function probably already leads, so will they be asked to take a step back?

EIOPA consultation on "Solvency II Preparation Guidelines" - Wham!

In between Mickey Mouse cartoons today, my young lad said "EIOPA just don't publish enough consultations about Solvency II, I hope we see some more soon" - well wait no further son, this year's motherload has just arrived!

EIOPA Guidelines - supervisors have
been 'hanging on like a yo-yo'

What was mooted back in December as EIOPA's interim measures, intended to make sure that impatient  individual national supervisors didn't 'plan on going solo' have been released today for public consumption and comments, covering the 4 areas "fundamental to ensure effective preparation for Solvency II".

The consultation is open until June 19th, but the guidelines once finalised will apply from Jan 1st 2014.

EIOPA will apply them proportionally to the national supervisors, who in turn are asked to "...regard the burden on small and medium sized undertakings" when incorporating these guidelines into national regulatory landscape. May be the first acknowledgement of disproportionately burdening SMEs I have seen from EIOPA!

Those 4 areas are:

1. System of Governance (L2 final advice here)
2. Forward-looking assessment of Risk/ORSA (issues paper here)
3. Submission of information to national authorities (L2 advice here)
4. Pre-application for internal models (L3 guidance here)

I'll pick these off as separate posts and link them back to this page, so sers toi in the meantime and happy reading!

FSA and Solvency II - Adams's speech at City and Financial Conference, London

Just in case any of you UK guys working on IMAP are slacking off, a pretty unequivocal rallying call was delivered by Julian Adams late last week in London, letting the industry know in no uncertain terms that the business end of IMAP starts, well, yesterday!
The double thrust of the speech was to cover both the planned "twin peaks" model of UK regulation due to be phased in over the next year or so, as well as implementation of Solvency II. There is a genuinely aggressive tone in the wording, which betrays a certain impatience with what the guys at Canary Wharf have seen to date in Self Assessment Templates and pre-application activity. I extracted the following from it;

• Highlighting that prudential and conduct issues will be dealt with by separate peaks, allowing a more focused approach.
• A PRA agenda which seems to tread on old ground (assessing the vulnerability of business models, and whether they have a run-off plan in place). The main shift is perhaps a heavier focus on that plan's viability during a crisis, learning one hopes from the real-time experiences of the last 5 years.
• A complimentary, but very unsubtle onus on the subject of reverse stress testing, or "what would break the company" which, bearing in mind the relatively light materials available on the topic from the FSA (a few pointers in here being the most recent release on p2), would suggest firms may need to look elsewhere to bolster their RST approach (TW for example have a decent piece here).
• A very surprising revelation that the 'appropriateness' of the Standard Formula to firms who have elected against internal modelling is essentially a 2013 piece of work - what does that mean for anyone who is found to be using it 'inappropriately', bearing in mind the proximity of implementation (are we to understand that this is a lesser crime than having a stab at modelling and coming up short on the documentation front)?
• "Competence and quality" of senior management will be scrutinised from a system of governance perspective - I like this, on the premise that it would be relatively easy to build a technically compliant structure and populate it with unsufficiently trained/briefed staff. Their bullet point list of what they will be asking around (focused on quality of MI provided, understanding of reverse stresses, quantification of risks in risk appetite frameworks, and availability of management actions, modelled and non-modelled, under duress) should be put in front of your nearest directors tomorrow!
• A definition (of sorts) of proportionality as "the amount of work we expect firms to do to demonstrate a requirement has been met", though adding a vice versa to cover how much time they will devote to assessing it.
• No in-depth reviews of SATs scheduled, nor do they expect a piece of evidence for each one of the 300 model approval requirements (god forbid this turns a bit tick-boxy for the sake of administrative convenience!)
• Making "no apologies" for disagreeing with applicants' own assessments of the quality of their submission paperwork, while suggesting there is a grading criteria already in place (adequate|comprehensive|complete) - not publishing the more critical end of that spectrum it would appear!
• Note that the interaction of component parts of models, as well as correlation/diversification and extreme events in the tail, will receive more attention.
• "Much higher degree of feedback than has been the case to date" should be expected by the IMAP firms in near future, with the FSA being "much clearer on [their] view of progress", and potentially "ceasing to work with you and exiting you from the process" - this is seemingly driven off the back of the pre-application work to date and some peer group review work leaving them in a spot where they can separate the wheat from the chaff.
• Note that the transition between pre-application to submission is where they will make a "substantive decision as to a firm's progress" - explains the Lloyd's position I guess, though I'm not certain a less substantial body may have been reprieved judging by the tone of this speech.
• A final flourish around what has been witnessed to date, where they have specifically singled out the following areas of tardiness as signs of a ropey application: falling behind one's own implementation plans; validation workstreams being "significantly behind" and with narrow scopes; expert judgements not being properly documented or challenged; supporting documentation generally weak, and model change policies which have yet to conquer the challenge of "major/minor" definitions, let alone what a "qualitative major change" may consist of. I would add that these themes were covered at the industry briefing at the end of February (from p9), just not as definitively.

They also note that the scheduled Technical Provisions work noted in an earlier speech by Mr Adams is likely to be something of a fillip to the consulting actuarial profession, and any firm in IMAP will need to have been reviewed in this respect before receiving approval.

Well don't just stand there, get cracking!