KPMG on Solvency II - Progress in an uncertain world?

Handy survey from KPMG pushed around today touching on technical practices of UK Life firms (35 responded to the survey, so a decent enough sample). Appreciating the irony of the title in the same week as the rumour mill on an extension of Solvency II go-live to 2015 went into overdrive, the content is still valid on the benchmarking front, so worth a comb through.

Of particular interest I noted;

• IMAP remains top priority for those in the application process, though KPMG highlight that firms are closely reviewing the advantages of the IM versus standard formula due to FSA fussiness, implementation costs snowballing and less-than-attractive results coming out of the model (i.e the fabled 20% reduction guess-timates are perhaps out of reach!). Some comfort there for anyone struggling with the same issues.
• Documentation second priority for IMAP and non-IMAP firms - concerning at this stage, bearing in mind the FSA will have had plenty of opportunity to feed back on the big ticket items. If the industry still doesn't have a handle on regulatory requirements (or it does, but is not meeting them!), then perhaps it's a good job there is an extra year in the offing! 87% of the IMAP respondents said IM documentation specifically is causing challenges.
• Pillar 3 also high on priority lists - might we expect that to slip back on the agenda with the extra year? Particularly around software solutions, which may have previously been the only way for some laggards to populate QRTs etc within the proposed timeframes, some may decide to do something a little more ad-hoc for 2013 rather than full dry-running. Two-thirds of respondents note that turnaround time is a concern, and unsurprisingly 'achieving sign off' is a concern of around half, with the tight timescales naturally impacting on the likelihood of getting an executive to confidently put pen to paper.
• Only a third of respondents have dry-run their ORSAs - feels instinctively light, with those yet to run spread across the next 5 quarters. Natural areas of concern are later highlighted in this area, with ability (or lack of) to project across the business planning period, and plugging the ORSA process into the BAU strategic decision making process troubling around half of respondents. Bearing in mind only a third of respondents have performed any on-to-one training (with group training/workshops seemingly the preferred route), they may find that one will facilitate the other!

Some other noteworthy points;

• Only 80% think Solvency II will "significantly" impact the wider business - struggle to see how it could not frankly, but appreciate their are non-IMAP firms in the mix here
• Disturbingly large number of IMAP candidates appear to be behind the curve on P&L Attribution and Validation - interesting to know on the latter whether that is in respect of their internal findings or the FSA's view.
• Two-thirds of IMAP candidates using external assistance for validation - wonder how long that gravy train stays on the tracks with a shift to 2015?
• 20% don't have TPs in their IM scope - is that a bit chancey at this stage? I thought the FSA view on scope was a bit more onerous than some applicants may wish for.
• Datawarehousing seemingly moving towards being the preferred route to meet Pillar 3 obligations where an existing solution has not already been implemented prior to Solvency II

Good intelligence for both IMAP and Non-IMAP firms, and should provide some programme managers with crumbs of comfort when they see what's eating their counterparts right now.

Deloitte on "How to conduct the ORSA" - facts and apocrypha

While our pals at the FSA, EIOPA, the CRO Forum, 3 of the Big 4 (here, here and here), the Little 3 (here, here and here), the IRM,  the Irish SoA, and even the guys in the stars and stripes have deemed to recommend to all and sundry what ingredients will make a good ORSA, Deloitte have chipped in this week with a 50-page whopper that tells us everyone else was wrong and they are right...

...well OK, not quite! Deloitte's release about this "important yet enigmatic" area, which seems to have a mainland Europe-flavour to it, works its way through EIOPA's reformulated opinion on L3 ORSA guidance released in July, summarising what changed between the Nov 2011 and July 2012 versions. I of course managed this feat two months ago, but I couldn't quite pad it to 50 pages! They then embellish a section-by-section analysis of the two documents with some charming apocryphal tales of what "many companies" or "the industry" are struggling with currently (i.e. their clients' problems!).

As with most things generated by the behemoths, it is a really useful piece of material despite on the face of it not adding anything new to the knowledge pool, so from an ORSA consultant's perspective, I've made the following notes;

• Emphasises that supervisory intervention will come from lax ORSA processes, as opposed to ORSA Report content (which will drive the US approach)
• Notes that, given the opportunity for the ORSA and the SCR calculations to to be conducted on different reference dates, that this may allow organisations to keep any existing strategic planning processes where they already are in the calendar, rather than unnecessarily shift them to, say, follow financial year-ends. The proviso of "no material change in the risk profile" may of course discourage that, if only due to the need to define "material"!
• Some rather controversial free text around risk appetite ("intuitively simple" as a concept) and risk appetite frameworks ("very much a work in progress" at insurers) - appreciating progress is somewhat inconsistent across industries and the inter-body squabbling on the matter, I can imagine many practitioners would argue the opposite of both points - it's complex, but we're well on the way!
• Highlights difficulties with performing obligatory entity-level ORSAs if risk appetite is expressed in regions/products/funds, which seem perfectly reasonable anchors for risk appetite statements on the face of it.
• "Most organisations" defining AMSB as parent company Boards, plus entities if applicable - no evidence provided though.
• "Many firms" struggling with the "cultural challenge" of getting Boards to drive ORSAs - this I found odd, as many ORSA processes will already be in place to a greater or lesser extent, and most would feature in their individual crystallised reporting form in a BAU board pack. They go on to suggest that getting AMSB input into stress and scenario testing is one way of evidencing ORSA "driving".
• Comment that "In general, the ORSA guidelines were seen as too prescriptive" [my emphasis] - I generally recall the clamour from the industry over the last 3 years being that there isn't enough!
• Common (unevidenced) theme identified that ORSA policies have tended to be signed off by Risk Committees, which may not satisfy the AMSB sign-off requirement
• "Some organisations" electing to split out record of the ORSA Process from the ORSA Report to trim the document size - makes perfect sense, as there's no danger of the co-ordinating function not retaining those records for repeatability purposes.

Plenty of other clutter in there on risk quantification and capital management, but nothing controversial, just nice to read. Bon appetit...

FSA - Data Review findings in context of IMAP

So I guess there was an inevitability that, with all of the resourcing around Solvency II programmes over the last couple of years being focused on filling the yawning corporate governance chasms within EU insurers with bald, handsome, impeccably mannered Pillar 2 consultants (well, one out of three ain't bad!), that some of the more mundane aspects of preparations would take a back seat.

Step forward Data Quality! With the considerable efforts expended by UK internal model applicants already on plugging their calculation kernels in, risk calibration, loss function fitting, correlations etc, the FSA's latest review findings take us right back to the starting point of SCR generation - data inputs - and they are not impressed.

The FSA began working on this topic with the industry as far back as this time last year, and are not scheduled to be finished with this thematic review until Q3 2013. Bizarrely, they note in the introduction to these review findings that their scoping tool released in July 2011 aimed to help assess compliance with both Level 1 and draft Level 2, which wasn't released to the industry (i.e. leaked) until late October - quel chance mes amis?

Splitting hairs on timings aside, just reading the five section headings of their review work would be enough to reduce many BAU staff to a quivering wreck ("Implementation of the Data Policy"? What, today?), so I wasn't expecting a glowing report. That said, the quality of data which ultimately results in today's technical provisions, capital requirements etc is seemingly fit enough for purpose, so a full-on hatchet job would be a poor reflection on both the industry and the regulator.

Assuming a 2014 go-live date (looking unlikely as of 9pm GMT today!), the areas of major concern for insurers, based on these preliminary findings, would be;

• Difficulty in assigning data ownership - there will be enough Pontius Pilates in the BAU world who will happily wash their hands of data ownership until the cows come home. Programmes will need to be extremely forceful in assigning ownership and ensuring it sticks
• Inability to articulate "accurate", "complete" and "appropriate" - this should have been an easy win, so I'm surprised that it is seemingly an issue. Realistically, should we expect the business to take ownership of data sources when we cannot define what is and isn't acceptable output from them? 
• Data Dictionary/Data Directory confusion - a suite of pretty scathing findings in this field, suggesting both over-simplicity and over-complexity has been found in the workings of Data teams.
• Spreadsheet controls and non-compliance with end user computing policies - onerous expectations on the face of it (paragraphs 4.41 and 4.42), which will be a shock to both programme budgets as well as end-users.

Some other interesting points made in the review include;

• Firms either using their Risk Committees, or a bespoke "data steering" committee as their data governance body - pretty sure the Risk Committees won't fancy this as long-term work.
• A number of suggestions as to what areas are not currently being consistently addressed when assessing materiality (p11-12)
• Some very useful comment around data classification methods (p13)
• Suggestion that, as I expected, the techniques applied to assessing the quality of data provided by third parties is not robust enough - industry-wide consensus on how to interrogate your outsourcing parties would be useful in this respect.
• A rather strange comment around poorly designed/controlled data warehouses - I can only assume they have seen one or more horror stories on their travels, as the warehouse is surely the way to go!

Any smart cookies who haven't got going on Phase II with the FSA at this juncture should be stripping this down line-by-line. For those of you outside of the UK, you may want to cross your fingers that your friendly national regulator doesn't use this approach as a yardstick...

USA and ORSA - Let's do it baby!

Promising sounds from across the pond, as the NAIC make some definitive movements (detail here and here) towards the inclusion of Own Risk and Solvency Assessments as part of their regulatory reporting package - difficult to find the exact paperwork, but the summary of what was tabled by the ORSA subgroup at their August jamboree is here, while a statement to cover their adoption of the Risk Management and Own Risk and Solvency Assessment model act is available here.

I have touched on the movement of the US towards production of ORSAs in earlier blog posts, including recently on the preparedness of firms to meet ORSA reporting requirements,

From another earlier post, I can see the 15 volunteer company pilot which was mooted at the start of the year ultimately became 13 companies by the conclusion of the pilot (no word on who started, but couldn't be bothered finishing!). According to the Clearwater information, only 8 participants ORSA Reports were considered "complete", this despite the NAIC providing an ORSA Manual from which to work from.

Is this ratio of incompleteness indicative of what the 27 EU national regulators are likely to encounter in 2014, or is the lack of prescriptive guidance at Level 1 and Level 2 handy in this regard (i.e. ORSA Supervisory Reports will be "passed" regardless of quality, and regulatory arbitrage is back on the agenda).

Either way, Clearwater also note that 2015 is looking like the most likely time for imposition of ORSA reporting, so the guys will still have time to borrow from our experiences, as we can from theirs - suggested improvements  from the NAIC's sub-group to the participants (none of which would hurt anyone in the ORSA space over here!) include;

• Include a summary of “significant changes” from prior year
• Provide additional detail regarding risk managers and compensation
• Include additional stress testing, specifically for liquidity

 Looking forward to the sub-group's next report, the approach over there appears to be relatively easy to follow and well led, which I guess it can afford to be if it isn't masquerading as something other than a filing requirement... 

Did we learn from Equitable Life? Professor says "No"...

A cracking thought paper was released this week by Professor Roberts from Kings College regarding the lessons one could reasonably have learned from British mutual Equitable Life's demise in early 2000s, and more importantly, did UK plc actually learn them! (simple timeline of recent events here for our non GB readers, but anyone whose website starts with a banner exclaiming "recreating value for policyholders" has clearly had a lean few years!)

This document works nicely as an aide-memoire for anyone working in a financial services risk function as to what one should be wary of in the day-job. Professor Roberts ties in some of the most recent work in this space (leaning heavily on the Cass Business School/AIRMIC Roads to Ruin research and its conclusions in particular), and comes to the inevitable conclusion that lessons are well publicised, but never learned.

My main concern as a risk specialist is that certain recurring themes in the failure of financial services firms appear to remain outside of the Risk function's control or indeed influence, notably;

• Hubris of Senior/Chief executives - Almost every example of failure in insurance and banking referenced in Prof. Roberts paper includes a flukey, unchallenged CEO who got bolder as circumstance rather than skill kept their businesses growing. I had flagged a couple of articles in a post last year touching on what makes an executive tick, and since then I have seen psychopathy and leadership (as opposed to cherubic faces!) examined further in a popular mainstream book. The legitimate concern here of course is that CROs are seemingly no nearer to being guaranteed seats at the top table, let alone a veto to keep the most dominant executives in check, regardless of their loud voices, when necessary.
• Poor quality governance from Non-Executive Director level - Risk functions simply must have the NEDs performing at their optimum in order to provide acceptable services to their employers. While the "old school tie" approach to recruiting NEDs may take a generation to phase out entirely (to be replaced by an army of Fembots, so Viviane Reding would have us think), Risk functions are left with tottering old fee-sweepers as their key route to early intervention. The more visceral approaches to documenting risk appetite/tolerance/preference now being supported by corporate governance codes and vocational/professional bodies may make it easier to raise concerns with NEDs in future (probably as it will be colour coded and in Excel...), but until they are actually prepared to risk their comfortable semi-retirement with some probing questions in the C-suite itself, should Risk functions ever think they can overcome such a void?
• Failure of regulation - Should Risk functions be banking on the (inevitable?) failure of the nascent regulatory environment, and reserve for subsequent claims/compensation if one or a number of products are "too" successful, thus providing the necessary quantum of dissatisfied customers for the regulator to act? I would have laughed this suggestion out of the room until a year ago, since when the FSA have made retrospective calls on interest rate swaps, PPI, and TLPs, all of which would have been presented as "compliant" products in the Boardroom.

For the Solvency II fans, it also notes on page 11-12 that Equitable Life featured in the research which grew up to be Solvency II! Maybe we did learn something after all - if we smash up the affordability of long-term guaranteed products, we can all go unit-linked and never have to worry about another Equitable...

Clear Path Analysis - Solvency II "The Global Dimension"

This piece of research from the guys at Clear Path Analysis (sign up required) has been in the offing for a while, and as I covered their last impressive release on this blog (and I don't have a life :-( ), I've been looking forward to it...

There is certainly plenty in here to keep those of every persuasion entertained (with the sponsors as omnipresent as their funding permits!), but I've sectioned out highlights for my own benefit;

Foreword

• Solvency II "...clearly a step in the right direction" - oddly, not followed by a punchline...
• On the likelihood of Sol II remaining ahead of the IAIS approach to solvency regulation - "Asia no longer looks to the west for regulatory best practice", going on to cheekily recommend a cherry-picking approach

Barbara Ridpath - think tank CEO, on short-termism and regulation

• Highlights one (widely acknowledged) consequence of Solvency II being a disincentive to invest in long term and/or non-Sovereign debt instruments, which is not in the mandate of the regulations, or indeed the regulators.

Roundtable on un-level playing fields between EU and non-EU insurers - includes Standard Life Sol II lead

• Solvency II likely to weed out companies who can't handle the ongoing compliance cost from running EU operations
• Large piece on Canadian equivalence (of particular importance to Standard Life of course) and the practicalities of equivalence being neither sought nor at this point offered for a non-EEA wing of a EEA HQd insurer.
• Standard Life not happy with equivalence assessments running concurrently with IMAP, due (rightly) to the significance of a "yay" or a "nay" to the strategic thinking around non-EEA arms.
• Suggestion that Asia is looking harder at the IAIS approach as opposed to Solvency II for future direction

Data and Risk Reporting Interview - Dan Wilkinson, ERM head at Liberty Syndicates

• Increased formality around Data and Risk reporting, using both controls-focused and risk-focused approaches. Makes reference to a monthly management committee which takes reporting on data deficiency matters, which I have heard reference to on the circuit before, and certainly demonstrates that data inputs, whether for internal modelling or for strategic decision making, feature as a high priority, rather than taken as read.
• Notes that his employer is moving risk reporting away from the 1-in-200 VaR to "...more foreseeable points in the distribution", which we definitely like to hear in the ORSA world!
• Alludes to concerns around disclosing ORSA-related information to the outside world, which is an area yet to be adequately chewed over by regulators and industry quite yet, let alone ratings agencies, analysts etc
• "Sensible amount of proportionality" should be adopted when deciding what should be disclosed - is that a contradiction in terms, an oxymoron, or some other expression I can't quite lift off of Google!
• Sensibly stresses that an effective emerging risk policy should allow input and challenge at all levels of an organisation, when asked about internal models evolving with the risk profile of the business.
• "...biggest deliverable is cultural" - i.e. stripping back your long-since-gone consultancy friends' technical documentation (where required) in order to make it more accessible and free BAU staff to use the new facilities, be it a spruced up RMF or a full Internal Model - appreciate I may be doing myself a disservice by highlighting it!
• Didn't agree one bit with the comment that ORSA could "...inflate regulatory capital, based on rather speculative assumptions" - FSA have been pretty clear that ORSA has no bearing on required capital, appreciating the nuances around what they say and what actually transpires!
• Also wasn't massively sold on the comment that the ORSA "...should bring together information that is used within the business to allow analysis of medium term trends", unless of course he was cut off mid-sentence!

"Challenges of Pillar III" roundtable, focused seemingly on getting asset managers to pull their fingers out! Includes a CRO from an Italian insurer

• "Asset managers who are not willing or able to invest in appropriate data management and reporting systems will find it hard, if not impossible, to attract or retain insurance clients" - so there!
• Suggestion that "parts of the industry will have to get up to speed on" underlying assets which they are currently invested in for the look-through basis - I suspect that there are plenty of horror-stories to emerge once some CIOs and CFOs get a proper butchers at what some of their collectives are actually invested in, particularly with the advent of outsourcing investment management or just administration over the last decade or so...
• Note that ratings agency priorities over the near-term may focus more on differences between SF and IM-calculated SCRs and the impact of transitionals, rather than purely on SCR outcomes.
• Note that "Solvency II is effectively a lead in this area [transparency]", so no pre-conditions should be expected from ratings agencies
• Even bring up the old gripe that EEV/MCEV is still not understood well enough by agencies/analysts, so by implication there should be few worries about additional disclosures!

Considerations for Building a Diversified Investment Portfolio - Charles Pears from Insight Investment

Really accessible and well structured two-pager on portfolio diversification, of particular use to non-experts which covers

• Rationale for insurance companies looking for low risk returns;
• Risk drivers which make that difficult in today's environment, even if accepting minimal risk
• Why companies may look to seek excess returns, and the constraints around that
• Why decisions to accept more risk for enhanced rewards should be (but perhaps aren't always) knowledge based
• Basic options for enhancing portfolio returns without breaking the bank from a capital perspective.

Interesting is wrapped up with a comment that "...we expect insurers who adopt a Liability Driven Investment approach will secure a meaningful competitive advantage" - hard sell perhaps, but the rationale for it is well documented here.

Omnibus II moves again - accelerating the inevitable?

No sooner has the holiday season drawn to a close (and by that I mean everyone else's holiday season, as we don't 'do holidays' at Governance Matters...) than our good friend Omnibus II has jogged down the road another month - the procedure file has just been updated to show it will be hitting the November parliamentary Plenary (by my count, the 5th postponement since 2011).

Not entirely sure of the rather abrupt nature of this movement, bearing in mind the main players are probably still wearing their 'budgie smugglers' in the Med at the moment, but Gideon over on the Wire picked up on an issue which may have led to an early concession that October was simply too early, with an impact assessment on LTGs likely to roll off the back of the next trialogue.

We are also close enough to the finish line (don't laugh) to be getting into the national political cesspits, so a whiff of sabotage and national interest may also be coming to bear. Not only have the UK political opposition decided that Solvency II is controversial enough to start point scoring on, but last month Sharon Bowles (current Chair of ECON) gave an astonishingly frank interview to Risk.net (subscription only I'm afraid) where Das Küchenspüle was thrown at the German contingent. Quotes included;

• "...certain leading German MEPs have publicly said that Solvency II is never going to happen anyway" and
• "...I think there is a subtext here that the Germans - and I think this is well known - are trying to jettison the whole of Solvency II"

Well if Der Wahnsinn really is eine schmale brücke like the song says, its probably best not to cross it!

KMPG - Economic Capital Modelling in the Insurance Industry survey

Just when you think things will be quiet while the normal world goes to the beach for a month, KPMG chip in with a survey on EC modelling, polling 43 of the world's largest global insurers, with a nice spread of continents and insurer-types represented. Over 90% of respondents were Chief Actuary/CCO/CRO etc level.

With this subject being a hotter potato right now than a Jersey Royal locked in a sauna, in a tank top, in Bangkok, I've had a trawl through and found the following highlights:

• Most reasonable business uses of EC metrics appear to be applied or planned by respondents (pricing/underwriting decisions being the straggler)
• 40% of respondents said management understanding of EC is still limited - schematic on p9 showing the differences between 'sophisticated' Europe and 'savage' RoW hints at some kind of Solvency II dividend, though the results are not flattering across the board.
• Interesting schematic on implementation difficulties (p12), broken down by continent - data quality seems to have topped the list of implementation problems, which is no surprise I guess, but they neatly connect it with potential for over-reliance on expert judgement, simplifications and approximations to fill the gaps (all of which are to the detriment of a pure EC approach, at least in theory).
• Curve fitting is the majority-used approach (58%) to deliver model outputs quicker (i.e. 'lite' modelling), with replicating portfolios and LSMC less favoured
• Understanding around fungibility and dependency higlighted as areas for improvement
• Two-thirds still not allowing for sovereign debt risk in their EC calcs - I admire the persistency!
• Very interesting bit towards the back on effectively projecting EC, the holy grail for anyone in the ORSA space right now. While they loosely refer to the business planning horizon as "typically 3 years" (I've seen longer than that before breakfast, lads!), the point made is perfectly valid, namely that methodologies for this kind of projection are in their infancy.
• Finally, a nugget on Operational Risk Modelling (which I only touched on yesterday!), by some distance the least effective part of respondent's EC frameworks. They do note that 60% of EU respondents have moved to stochastic-based Op risk models with all bar one using expert judgement to calibrate them! They also bemoan the lack of credible data and subjectivity around cause/effect/latency of op risk events.

I guess the most surprising element of the document is how cagily it is written, as if EC modelling of risk profiles still has something to prove against, say, arbitrary and aimlessly prudent margins - the authors acknowledge that, if done badly, EC modelling is an accident waiting to happen, which supports the "rigour" being applied by the FSA when pre-assessing the UK insurance industry's model applications.

Also surprised that more reference to ratings agency demands wasn't made, particularly with that element seemingly influencing EC calibration points in the EU right now (hands up if you're at 1-in-2,000!)

Operational Risk - Scenario analysis and best practice

Short and sweet - couple of interesting papers in the Op Risk space which should help anyone working on operational risk scenarios or indeed brushing up on best practices.

Milliman start off with this scene setter on approaches being adopted in order to bypass the rather broad brush (and I suspect in some cases, financially onerous) standard formula approach to calculating the Op Risk SCR element. They of course touch on the old-but-legitimate complaint around imput data quality if one wants to model their capital requirement rather than sketch it on the back of EIOPA's fag packet.

While they take the opportunity to applaud the efforts of those creating a database of scenarios, or indeed using the ORIC database, they ultimately come down on the Bayesian side of the debate, which I suspect is a touch too rich for most people's blood, but those of us with deep pockets (and large Op Risk SCR totals!) may give that a stab.

The second piece came from Corven around best Op Risk practices from other industries, and how they could be adopted by the Financial Services industry. Not much of the research is actually published yet (and the main meat of their published findings is hidden behind FT's paywall), but I found it particularly interesting to see which industries were cited as areas where Financial Services could learn from.

Some good interim stats (full report to follow in October), including;

• All respondents to date trying to tie in op risk performance with compensation
• Regulatory hounding appears to have inspired 64% of respondents to inprove Op Risk management
• Full root cause analysis only conducted by 38% of respondents upon a "major risk failure" - woolly words aside, that is not impressive at all.
• Responses to major risk incidents overwhelmingly look to amend processes and systems, not the people and capabilities that inevitably led to them!

The example of air crews being compelled to point out senior staff members' inadequacies is a particularly powerful example of bottom-up op risk mitigation, though I struggle to see its application in financial services. However, it was also strange to see the Oil industry also cited as a best practitioner - the major risk events in that industry surely draw parallels with financial services at their most grasping over recent years.

Deloitte and Forbes - the new world of Risk Management

This Deloitte/Forbes paper is sub-titled "Aftershock", which makes anyone of my age immediately recoil at the though of the world's most repulsive bar shooter - it is in fact a pretty decent stab at running on from the kinds of financial services-specific research which came off the back of the 2006-2008 mega-turbulence (these were mostly titled "We've broken the World, what are we going to do" :-( )

At 192 respondents it is a decent sample size, though is US-centric and non-Finance organisations, so not a great all-rounder for you global readers. However, the central message that risk management programmes and frameworks remain in a state of flux (hence the aftershock motif) is a worrying one when one examines the stats behind it:

• 91% are reorganising and reprioritising approach to risk management in next 3 years, citing continued market volatility.
• Only 37% had plans to provide additional training in that respect
• Centralisation cited as more efficent way of bubbling risks to the top - interested to know if that is everyone's experience?
• Around 50% retain primary responsibility for the "risk management approach" with CEO or CFO, with the CRO in third at 20% - should we be expecting that percentage to be moving up or down at this juncture (in particular, does a CRO need a seat at the top table to be responsible for ERM approach?).
• Example cited of ERM being managed in the corporate strategy department, which I thought was an interesting development.
• Biggest challenges included; 26% stating that incentives are not rewarding 'risk based decisions'; 22% struggling with the misalignment of the business operating model and the ERM model, and 23% suffering a lack of information to make risk based decisions. These three (there are of course more in the list!) struck me as common issues when preparing for Solvency II, so handy stats in that respect.
• Staggeringly, Social Media is equal fourth on the list of "most important risk sources over the next 5 years" - equal with Financial Risk! Not to underplay the emergence of social media and its multiplier effect on reputational risk, but seriously?
• Most "risk types" are monitored either periodically or continuously, though strategic and reputational risks seem to be most likely to be measured on an ad-hoc basis (something which you ORSA consultants out there will sympathise with!)
   

I say "worrying" at the top here from a professional perspective - is it reasonable after events as seismic as those experienced in the last 5 years for the risk profession to still be sliding in a mass of new parts into the ERM machine, as opposed to tinkering under the bonnet?

Bearing in mind this doesn't include the financial services industry, maybe the timelag is rational, as the other industries have had plenty of time to learn what not to do!

Society of Actuaries in Ireland Newsletter - ORSA, Solvency II and Cocktails

Always a riveting read, the Irish Society of Actuaries fired out their newsletter for August, which as ever is a treasure trove for any diet-mathematicians like me who need to have things spelled out for them on all matters actuarial.

Of particular note was their report from the ORSA Working Party (p7), which covers a presentation and paper delivered earlier in the year - to show what a fantastic bunch the SAI are, you can access both the full working party paper (all 52 pages of it) and the presentation slides on their website. I picked out the following from the newsletter (I'll read the working party paper in more detail separately);

• "Compilation of the ORSA Document is quite a significant undertaking" - emphasising the difficulty in selling ORSA in purely process terms
• "ORSA is a risk management exercise, not a compliance exercise" - I would prefer to sell it as both, as it is unfair to undersell the compliance angle, particularly to smaller firms who may not have gone to the nth degree on projecting capital adequacy before.
• "ORSA needs to be readable..." - again, almost impossible not to talk about it as a report, rather than the report being the output of a process
• "ORSA would be of great interest to the Board" - I would hope that the Board would be queueing up next to the printer to get their hands on ORSA reporting output!
• Projecting the business planning period "...likely to be 3-5 years into the future" - interesting to see what the general consensus is on this (I feel this will fit most insurers, but if you are shooting for longer, would love to hear how you're doing it!)
• Some discussion over how prescriptive the Central Bank of Ireland may be on the ORSA documentation front (bearing in mind how liberal the FSA have been on this matter) - seems to suggest that a similar approach will be taken i.e. justify what you have.

There are a couple of nice pieces towards the back on unintended consequences of Solvency II and Basel III (on cost of capital and funding patterns), as well as some nice real world examples of why one should be wary of actuaries who manage to change internal model parameters in a way that magically reduces capital requirements each year!

The less said about the actuarial cocktail making class on the back page (complete with bottle of Kia-ora in centre shot) the better I suspect...

FTSE Insurers and IMAP - Resolution are out!

Shock news announced today (unless you actually listen to the grapevine I guess) that Resolution have dropped out of the FSA's internal model application process, citing the decreasing likelihood of go-live on Jan 1st 2014.

Unlike the other big-hitter candidates who appear, despite their concerns on go-live date, to hunger for approval at outset, Resolution seem happy to take their chances (at least in year 1) with a standard formula approach.

They note the following;

• "Looking forward, the Group believes there is heightened uncertainty around the future requirements of Solvency II both as regards its structure and timing of implementation. The implementation date for Solvency II has been delayed to 1 January 2014 and the Group expects that it will be delayed further" - p48
• "In line with this it has concluded that it is in the Group’s best interests to delay its internal model application to allow time for any further changes in the Solvency II implementation timetable and to help smooth the Group’s overall change agenda. Accordingly FLG has withdrawn from FSA’s internal model pre-application process and is now targeting obtaining internal model approval in January 2015" - p56
• "If the Directive is implemented in 2014, FLG will be ready to comply with its requirements through the use of the Standard Formula. Use of the Standard Formula, pending obtaining internal model approval is not expected to lead to any significant disadvantage in terms of capital requirements" - p56

I would hasten to add that this decision cannot reverse the whopping £48m of transformation costs for the 6 months booked predominantly to Solvency II (they were less than £60m for all of 2011!).

Whose next for dropping out...

KPMG on the Solvency II Reporting package

You can always rely on one of the big 4 to do the admin around EIOPA's releases, formatting and paginating it into a handy A4 slice of pure Gauguin - KPMG to the rescue this time, breaking out EIOPA's work on the Pillar 3 reporting and disclosure package into something slightly more edible for Boards and senior management.

Really one for the specialists on reporting templates content, rationale for why thing dropped out or emerged pre and post-consultation, and outstanding issues from a practical perspective - I am slightly divorced from this element at the moment, but have certainly heard the rumblings around look-through requirements, quarterly balance sheets and detailed asset lists etc on various grapevines, and with time ticking on, these kinds of materials can only help to aid prioritisation of the required BAU activity to populate the things!

The introduction of data requirements for EIOPA around financial stability (particularly Lapse information) seems very controversial - I have always found it the most closely guarded, and indeed requested information from interested third parties (analysts in particular!).

You should enjoy the sectioned material towards the back, which includes some free KPMG comment - if that is the house line, you may be able to save yourself a few quid!

FTSE Insurers and Solvency II at interim-time - 'Oops I spent it again'

While the politicians and eurocrats are having a well earned soak in the August sun before they pick up their Omnibus II cudgels again, the rest of the Solvency II world has to continue with the more mundane tasks of counting beans and predicting the future.

On that basis, the great and good of UK Insurance plc have been comparing abs this week on both cost and go-live date, with the following revelations;

Legal and General

• "...expect implementation [of Solvency II] could be later than 2014"
• On track to submit IMAP by end 2012 - guessing this means a large amount of tedious rolling forward of balance sheets, SCR etc for the guys in 2013 in order to meet FSA application requirements
• £23m spent on "Investment Projects" for the half year, predominantly related to Solvency II - pro-rated, this is down slightly on 2011's total spend of £56m.

Old Mutual

• Bermuda's new capital regime (fishing for equivalence of course) has obliged the Group to send capital to Bermuda itself, reducing their FGD surplus.
• Seem confident that the overhanging Omnibus arguments (equivalence, discount rate methodology, contract boundaries) will affect its SCR surplus
• "...increasing risk of delay in the Solvency II timetable beyond January 2014"
• "...currently on track to deliver all requirements for Solvency II compliance"
• No word on project costs as such

Aviva

• Costs associated with preparing the businesses for Solvency II for the half year of (eeeekk!) £72m (as opposed to just under £100m for all of 2011)
• Note that a draft of the Level 2 implementing measures were "published in 2011" - I wouldn't call unofficial circulation via national trade organisations "publication" as such!
• Implementation date "...continues to be discussed"

RSA

• Content that go-live is still scheduled for 2014
• Interesting, calibrating their EC model to 1-in-1,250, which doesn't copy the vogue of 1-in-2,000 which appears to have landed with larger firms, I guess to save the ratings agencies having to work a bit harder!
• £16m of Solvency II costs for the half year 

Prudential

• "...currently anticipated to be implemented from 1 January 2014"
• "...continue to evaluate actions, including continuing consideration of the group's domicile"
• Total of £27m spent on Solvency II implementation costs in the half year

Resolution

• £48m at half year - their bigger news on exiting IMAP until 2015 is covered on this blog post.

Standard Life

• £42m at half year for Solvency II and RDR "restructuring programmes" - RDR is a beast in itself, so may be difficult to attribute a portion of that cost, though the guys were in the £50m+ bracket for all of 2011.
• Little in the way of additional Solvency II comment

Royal London

• £9m in "corporate costs", which includes Solvency II, but doesn't cover all by any stretch
• No additional comment

Some big money getting laid down right now, which was no doubt budgeted as tapering-off by now in previous budgets, alongside (no doubt well briefed) messages of uncertainty on go-live date - let's hope we get it right kids!

FSA's Pillar 2 site - updates on ORSA

So the Wharfsiders have released some material to their Pillar 2 microsite around ORSA, rolling off the back of EIOPA's releases earlier in July. Bearing in mind the ORSA training stats assembled by KPMG on my previous post, I dare say any guidance is good guidance, so I haven't been too precious when making notes on it!

In the Q&A section, they throw few punches (and pull most of those anyway!) when answering on subjective elements such as proportionality, ORSA Report length, Group ORSA scopes and potential use of ORSA report content by the fledgeling FCA. They are however clear that they will expect to see evidence of ORSA Processes in working order in the IMAP package, and that ORSA's are not expected to be generic across the industry.

Meanwhile in the Expert Group presentation (my invite clearly lost in the post!), the slides reiterate the fundamentals (i.e. it's a process that happens to produce a report, not a reporting process), but doesn't shed much more light - I guess you had to be there!

KMPG survey on Solvency II Board Training - "Do more!"

Been slack the last couple of weeks while doing my final preparations for the Isle of Man half marathon, which I "tore up" last Sunday in, errr, 1h 36m, coming in just ahead of Brian the Snail and Albert Steptoe.

On the basis that I'm now safe from potential Olympic requirements, I am left with plenty of time to blog while my multiple friction-related injuries heal...

Starting with KPMG's latest diatribe on Solvency II Board Training, an admirable attempt to put one of the darkest sheep into the spotlight - anyone who has dragged a Policy, Solvency II briefing note, draft ORSA Report or internal model justification paper through a Board or Board sub-committee will know that getting the membership to take Solvency II seriously is not a walk in the park (particularly when you have to also explain once a quarter why the go-live date keeps moving!).

There is therefore a "comfort in numbers" which one can draw from KPMG's survey (sadly no details on sample size), with an overriding message of "do more, immediately", in particular;

• 80% of boards have received 15 hours or less of Solvency II training - I dare say in many cases this would be accumulated by tacking on Solvency II-related matters to the end of existing Board agendas over a 12-24 month period.
• 57% have covered ORSA in their training
• 30% have covered Use Test
• 44% will be embedding training objectives into their director's PDPs

Outside of those "big hitters", some interesting gaps emerge;

• 10% have not commenced training
• Half have performed 1-on-1 training with execs (perversely, more have done 1-on-1's with NEDs at 56%!). My experience would say they are equally and entirely in need of bespoke training!
• 35% have delivered training on IMAP itself, a pretty sobering number bearing in mind where we are in pre-application
• Over 20% of respondents have nothing currently planned for training around Pillar 3 reporting (22% on the QRT/SFCR side, and 26% on the RSR/ORSA supervisory report) - to have not at least briefed on these matters at this juncture is remiss, bearing in mind the consults were put out last year!
• Only a third have instigated a company-wide training programme

The section around training on the Internal Model however (p7) felt instinctively wobbly to me, with the FSA said to be "likely" to expect all directors to have a "good" understanding of the IM.

While KPMG have purloined the best bits of Article 120 (and 213 in the Level 2 draft) for the purposes of what good might look like, I would still argue that a "good" understanding is not even close to being defined from a national regulatory perspective in a manner that lends itself to effective training planning.
No doubt anyone in the IMAP space will find this useful, but you might want to check the sample size with KPMG in order to put any weight behind the conclusions if it prompts you to change programme priorities/budgets etc. Certainly an eye-opener regardless.

EIOPA's response on the ORSA consultation - get on with it!

In a week so full of heavy reading (EIOPA's response to the Reporting Package consultation and the FSA's second tome on creating their SOLPRU handbook), I was hoping to get to something a bit lighter towards the end of the week (heard great things about 50 Shades of Grey on the grapevine...).

Then appears EIOPA's response to the ORSA consultation paper feedback, which is affixed to the document in a whopping 200 page annex. While I have blogged on the consultation paper itself back in November, the real meat and spuds of the response is condensed into the front 15 pages, from which I would flag the (non-exhaustive) following lobbyists points, along with EIOPA's responses;

• Lobbyists were still asking for more prescription/examples in areas of the guidelines, regardless of this being Level 3
• Specific concerns around the "deviation from risk profile" guideline, which may force insurers to adopt internal models
• Continued concerns around proportionality and materiality definitions
• Still seeking "ORSA Report" examples
• Concerns around projecting overall solvency needs over the planning period, so looking for simplifications in that area
• Range of concerns around Group ORSAs (diversification, Colleges of Supervisors, Third Countries, ORSA scope)

EIOPA's highlights in response are;

• Re: proportionality and materiality - stop whining and get on with it (p8)!
• Re: "Record of the ORSA" - a specific document containing all records of ORSA-related activity is NOT required, where existing documentation/records contribute to the assessment as they stand (in such cases "a reference to the relevant data is sufficient") (p9)
• To supplement this, they note "A record of an individual ORSA will in most cases contain more information than is contained either in the internal ORSA Report or the ORSA Supervisory Report" (p10)
• No specific approach for captives (so another 'get on with it'!) (p10)
• All risks are expected to be quantified, regardless of the difficulty (p10)
• Lobbying on forward looking perspective has clearly paid off, as the requirement to quantify overall solvency needs for each year of the projection period has been dropped (p10)
• Onus on companies to justify conclusions around the severity of deviations of risk profile (which may lead a Standard Formula firm to start modelling) - a result of sorts for the industry I guess (p11)
• Confirms that ORSA and SCR calculations cannot be completely divorced, but would allow an ORSA to be performed using an older SCR calculation, providing the risk profile hasn't materially changed in the interim

No reason to think they would radically divert from their proposal (indeed, they didn't on the reporting package as well, so at least the industry is getting the certainty it craves, if not the actual legislation!)

Ernst and Young on Solvency II Pillar 3 - a likely story (sadly)

Time for a walk (actually more of a sthaager for a Manxman!) into the less familiar territory of Pillar 3, or "the output" as some traditionalists may label it.

E&Y dropped a Pillar 3 preparations survey out to a relatively small (53 respondents) but nicely spread (8 countries, and roughly split into Life/Non-Life/Composite) sample, and as one might expect, preparations were found to be slightly underdone by the majority.

They note that even for companies who have completed their gaps analysis between BAU and Solvency II demands, there remains some meaty outstanding issues such as reporting granularity; capturing synergies for other requirements (namely ORSA); policy drafting and implementation around data governance, and process redesign. Appreciating that some of these matters are still up for debate, some aspects of this gap list should be closed by now, and I suspect that the regulators will not look favourably at firms who continue to nudge this topic into the 2013 space.

Other aspects which jumped out include;

• Only a third of respondents have completed a gap analysis of QRTs against capabilities
• Less than a fifth have mocked up an SFCR/RSR, despite the prescriptive nature of Level 2 on the reports
• Interestingly, two-thirds have designated their finance functions as primarily responsible for Solvency II reporting - some have parked it with Risk which, while appreciating a three lines of defence model is not compulsory, seems very wrong regardless of the function's skillset.
• Three quarters expect to achieve reporting compliance only after "significant" or "fundamental" changes to their existing processes
• Some firms were identified as planning to speed up their existing processes to meet the proposed reporting deadlines under Solvency II, which seems an excellent idea

Pillar 3 is likely to be an even more bountiful smorgasbord after EIOPA released their feedback statement on their consultations around the Solvency II reporting package today. I suspect I don't have the ambition to swallow the 88 pages today (or perhaps any other day!), but Will Coatesworth neatly tweeted the big message earlier which the industry tried to avoid, which is that quarterly balance sheets look like they are here to stay as part of the reporting package.

Good news for regulators, consumers, and anyone who is punting round Pillar 3 software solutions I guess!

ORSA guidance from Accenture - good, bad and ugly?

In the same week as the FSA told the industry to "go fish" for additional guidance around ORSA, the guys at Accenture have pushed out a bite-sized piece on extracting added value (i.e. above and beyond "compliance") from one's ORSA processes.

There are clearly a number of consultancies who fancy themselves in this space (click the ORSA link in the tag cloud at the bottom of this webpage for my review history of them), so having cast an eye over it, I noted the following;

• Leads with the rather hackneyed soundbite around ORSA helping insurers "extract additional value" from what is ostensibly a compliance investment
• Note that "...many companies have just begun to implement their ORSA projects, or are still considering how to do so" - if that's the case, it is good for my business, but it sounds like a lazy justification for publishing this pamphlet (how can anyone only be as far as "considering" in mid 2012?)
• Recommend that operational specifications should derive from the C-suite - easier said than done, but I totally agree if one wants to extract value from the ORSA process rather than tick the box.
• Suggest that ORSA "...may become a source of competitive advantage" - clearly the assessment does not do this, rather the consideration of it by the AMSB and the application of management actions off the back of it.

They then go on to split the doc into sections as below;

Compliance requirements

• Neat enough as a beginner's guide to ORSA compliance 101, though they introduce a rather naughty term in "ORSA Capital" as the amount over and above SCR - the concept of ORSA is difficult enough to transpose into BAU for smaller organisations who perhaps haven't had to consider economic capital measures before, so this term is one I would consign to the "nice try" bin.
• Some nice schematics in the section as well around the process side of ORSA.

Creating an operating model

• Suggest that preliminary input should be obtained from the C-suite to create one's target operating model. As above, I agree with their participation in the design phase, but with BAU pressures around ICA/FCR etc, it should be weighted much more towards approval of recommended models, rather than dialogue, as there simply isn't enough time when dual running.
• Recommend designing the process with people already familiar with existing performance management framework, which is good advice.
• Also allude to the significant crossover synergies between Pillar 3 requirements (as documented in the draft implementing measures) and ORSA as it stands.

Develop risk-adjusted performance management

• Relatively bland section which won't tell you anything new on the topic if you are building/refining an ORSA process off the back of a reasonable ERM Framework

Make the most of these releases - you can be sure that your friendly national regulator will be!

PS - In case you viewed this on Friday looking rather bare, I was supposed to save it as a draft, and accidentally published it!

FSA on Technical Provisions - "The question bank" part 1

The FSA have already publicly stated (about halfway down) that internal model applications will not get a final decision before applicants have the tyres kicked on their Technical Provision calculations, though like one of a hundred Solvency II-related Damoclesean swords, the precise nature of that kicking was beautifully unclear.

Happily, they have released a technical provisions question bank which, while not necessarily departing much from the line of questioning that an EV auditor might take, at least brings some clarity to the level of granularity required to commence this work (appreciating that Julian Adams also stressed in that speech that he wants to review based on the YE 2012 balance sheet).

As you will see, it is GI-related only at this point, with a Life version to follow next week. Neatly, they are already aligned to the L1 and L2 text, which should make any compliance checking aspects of the work more robust for firms.

Luckily I am too handsome to be an TP Actuary (?), but at first glance, the lines of questioning are extremely flabby to say the least (lots of "How do you do x", and references to "materiality", "proportionality" and "significance"), all of which point towards a rather subjective and painful administrative exercise for the first line to go on top of a similar "tell us what you think" exercise when populating the internal model application template.

Is it feasible to expect the regulator to consume this level of subjectivity around how one arrives at their technical provisions when, in their own words (p10), "proportionality" means focusing IMAP activity around the 300-or-so regulatory requirements (of which the TP-related L1 articles do not feature)? Not convinced that this method of condensing data is a bad idea as such, more that I'm not certain what the guys at the Wharf can do with it!

Interestingly, they note that they are "aligning" their TP review work with Lloyds of London - not sure entirely what this means, but would guess it means the syndicates are guinea pigging on behalf of the rest of the applicants, which probably suits the industry just fine!