Lloyds directors briefing and Solvency II update - looking well

With Solvency II news and comment pretty thin on the ground this month as the guys at EIOPA count their LTGA beans, it was nice to see the trailblazers at Lloyds release their director briefing slides from last week, an event one may assume is relatively frosty after the money spent in preparation and the distinctly agitated tone on the matter from their CEO recently!

Bling - things Lloyds could have
bought with £300m

As Lloyds are already well down the road of internal model development (having almost kept to their original IMAP deadline they were able to get materials down to the FSA prior to the implementation deadline shifting), the slides are very revealing as to where the group remain lacking when attempting to meet the Tests and Standards for Internal Model approval (TSIMs). With 84% of the market 'by materiality' meeting the principles of the TSIMs, they are clearly in good nick, although by stressing 'materiality', it implies that a relatively large number of smaller members are perhaps still lagging.

The list of "common issues" found will neither surprise nor delight anyone else in IMAP, given that the same themes have been festering for a good 18 months now, and the legislative paralysis on the continent has clearly done nothing to aid the industry (in particular, the FSA letter from this time last year touches on most of these!). Specifically, they observe problems in the following areas;

• ORSA - looking far enough forward (i.e. past year 1), and using stress and scenario testing effectively
• Validation - evidencing validation work done, and following up on test failures
• Model Change - justifying the thresholds for minor/major changes, and agreeing an approach for aggregating minor changes so that they can be considered as minor/major in aggregate
• Use Test - using the model for something other than spewing out an SCR, and it would appear also that when interviewed, the effectiveness of board training and their understanding of the model is being found wanting
• Documentation - documents are either not checking off against the TSIMs, or the content is contrary to the revised controls and processes which have been developed for Solvency II

As Julian Adams made clear at the turn of the year, full compliance with TSIMs is not part of the ICAS+ agenda down at the PRA, however they will expect firms to be fully aware of where they are currently light, and what they plan to do about it. Certainly looks like the Lloyds application won't struggle in this regard, and I wish them well.

The PRA's take on EIOPA's Interim Guidelines - far from a 'Tragedy'...

The Prudential Regulatory Authority have celebrated their second week in office by hosting a number of industry briefings regarding EIOPA's Solvency II Preparation Guidelines. One Blogger keenly dripped some of the materials discussed out yesterday, but I've had a look through the briefing materials released today on the PRA's site to see if there are any messages worth amplifying.

Steps - appropriate?

From a calendar perspective, the PRA are planning some technical workshops with "industry representatives" in early May, to be followed by an industry briefing later in that month. The output from the workshops appears to be a major influencer on whether the PRA will "comply" with EIOPA's guidance or "explain" why they won't.

With final versions of EIOPA's guidelines expected by September/October 2013, the national regulators have an additional 2 months from publication to formally confirm their "comply or explain" position.

Reading between the lines this looks (for now at least) as a foregone conclusion however, with this comment from the internal model pre-application slides;

"We expect firms to have regards to the interim guidelines and take appropriate steps to prepare for Solvency II" 

Three slide sets have been released - anything new, or worth reiterating, below;

Internal Model Pre-Application

• Model change - to be monitored throughout pre-application.
• Colleges - Evidently notable divergences in assessment practice across the union which the Guidelines hope to fix, but "no direct implication for firms".
• IMAP - while EIOPA's guidelines "will be considered as part of IMAP reviews", they don't (in the PRA's mind) touch on anything which wasn't already part of existing L1/Draft L2/pre-application L3, so no surprises on that front. They do however highlight the elements on Expert Judgement and Validation as providing more clarity on supervisory expectations.

ORSA and System of Governance (combined)

• No PRA expectation of  a full/'live' ORSA or Solvency II-compliant systems of governance by 2014
• Neither are there any expectations for firms to make changes in investment strategy/capital strategy/outstanding Pillar 1 elements - at least not due to Solvency II in its current form.
• For System of Governance, the PRA's slides highlight areas where EIOPA's guidelines exceed expectations of the PRA Handbook - these include Board MI; revisions to control functions; revisions to Risk Management Policy; Prudent Person Principle; and calculation of TPs.
• For ORSA, the slides clearly indicate that dry runs and ORSA process development should be the immediate focus, and it should serve to reaffirm best practices that already "underpin the ICAS".

Submission of information to supervisors

• Only a subset of the full package recommended by EIOPA in July 2012
• EIOPA want to see at least one round of annual submissions, and two rounds of quarterly submissions before Solvency II goes live, with 2016 seemingly the preferred year.
• On that basis, firms will have 20 weeks (26 weeks for groups) after year-end 2014 to submit annual template obligations.
• They will then have 8 weeks (14 weeks for groups) after quarter end Sept 2015 to submit their quarterly template obligations.
• As per ORSA, firms which are involved with internal model pre-application will need to perform both standard formula and internal model work in this area.
• Also as per ORSA, thresholds for participation based on TPs (Life firms)/Premiums (Non-Life).
• Narrative reporting requirements are "significantly reduced"compared to final requirements - however, there is plenty of crossover between what one might document during ORSA processes and what is expected to appear in RSR/SFCR, so firms shouldn't struggle in this regard.
• The concept of a "Reporting Policy" document (guideline 33 in the consultation) covering who will be responsible for what in the submission of information to supervisors, is referenced in these slides. This hadn't featured on my radar before as 'compulsory', so documenting this early, even just as process steps/maps, seems like a move that the PRA would appreciate.

UK's "new" Prudential Regulatory Authority - Approach to Insurance Supervision

So a magical thing happened over the weekend: a venerable institution disappeared on Friday, only to come back reborn on Monday...

...that's right, the FSA is no more, being replaced by two more focused entities in the Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FSA). This is part of the UK-specific fallout from the financial crisis, where a perceived lack of focus from the former tripartite system which housed the FSA allowed for both systemic risk (Northern Rock, RBS) and conduct risks (PPI, Interest Rate swaps) to emerge largely unchecked.

Rather excitingly, this means a new website with some natty logos from the Bank of England (which

PRA - emperor's new clothes
or Solvency II aperatif?

has rehoused the PRA side of the FSA), as well as a statement on the new supervisory approach that the PRA will be taking.

For anyone in the ERM/Solvency II/Corporate Governance space, this gives us a chance to pick up on the kind of regulatory interrogation one might expect when writing/upgrading system of governance-related materials in preparation for both full Solvency II implementation in 20??, as well as how they are accommodating EIOPA's interim measures from 2014.

Remembering that the PRA's two statutory objectives are to promote safety and soundness of the firms it regulates, as well as specifically providing appropriate protection to insurance policyholders, I thought it wise to make some notes on how they have catered for Solvency II and deference (when due) to EIOPA, as well as the general content around expectations of governance systems. I found the following worthy of note;

Control function-specific

Section 82 - "[PRA] wants to be satisfies in particular that designated risk management and control functions carry real weight within insurers"

Section 117 - Should have separate risk management and individual control functions in place (dependent on nature scale and complexity etc)

Section 118 - the PRA "expects these functions to be independent of an insurer's revenue generating functions"

Section 120 - expectation of an "operationally independent Actuarial function", which the PRA consider to be "integral to the effective implementation of a firm's risk management framework"

Section 182 - "Actuaries can play an important part in supporting prudential supervision"

Section 119 - an effective Risk function on the other hand merely "ensures that material risk issues receive sufficient attention from the insurer's senior management and Board" - just because I'm paranoid, doesn't mean the Risk profession isn't being made something of a gooseberry here, particularly as the FSA/Actuarial profession love-in started some time ago!

On Risk Appetite

Section 110 - a firm's risk appetite "[is] to be integral to its strategy, and the foundation of its risk management framework"

Remuneration

Section 84 - "remuneration and incentive schemes should reward careful and prudent management" - just like Prudential's and Standard Life's did this week!

Section 194 - Hint at potentially restricting pay in firms if intervention is warranted

Stress/Reverse Stress Testing

Section 109 - the AMSB must have "...an explicit understanding of the circumstances in which their firm might fail"

Section 145 - with regards to Reverse Stress Testing, "...management should consider the reliability of the output of the internal model compared with the results of these tests"

Section 106 - "competent, and where appropriate, independent control functions" should oversee risk management and internal control frameworks

Internal Models

Section 116 - On Internal Models, the AMSB should understand;

• extent of reliance on models for managing risk;
• limitations of their structure and complexity;
• Data used;
• key underpinning assumptions

Section 140 - "PRA expects internal models to be appropriately prudent"

Section 144 - firms may not choose the lowest capital requirement to determine whether or not to model internally

Regulatory Capital

Section 135 - for capital adequacy, firms "...should not rely on regulatory minima", and also "...should not rely on aggressive interpretations of actuarial or accounting standards"

Proportionality

Sections 212-215 - touches on treatment of "low impact" firms - is this effectively where aggressive approaches to proportionality interpretation should be expected (combined control functions, limited documentation, passive acceptance of Standard Formula etc)?

p43 - table covering the allocation of supervisory staff - 10 staff to 1 firm for the 25 largest insurers, versus approaching 10 firms to 1 supervisor at the small end.

Solvency II-specific references

• In the PRA's view "[Solvency II technical detail should] leave scope for supervisors of individual insurers to make informed judgements around risks posed"
• Confirms that elements of the Directive such as Prudent Person Principle, ORSA, Control Function requirements and Pillar 1 are all aligned with the new Threshold Conditions
• Model approval will be dependent on "adequate" risk identification, measurement, management, monitoring and reporting throughout the modelling process
• Will impose capital add-ons when necessary "to ensure insurers meet the required standards"

EIOPA Preparatory Guidance - ORSA (or 'forward looking assessment of risks')

Forward-looking assessment of the undertakings own risks (based on ORSA principles) (plus explanatory text)

The ORSA preparatory guidelines* are not a massive burden for anyone busy rolling eggs down hills at the moment, coming in at 34 pages containing 25 guidelines, as well as 29 pages of explanatory text. In this instance, it is probably disappointing to any underprepared supervisors and insurers in that they may have preferred more!

More pointedly, the materials add little to what was already in existence from EIOPA in July 2012, and certainly will required little in the way of adaption in the UK's instance, who are already in a similar headspace and have been advising accordingly.

Of course the world and her husband have piped up with their opinion on what ORSA should cover and how it should be administered and documented (this post has a decent sweep at capturing most of them), so opinion on this matter is something we are not short on.

For me the headline points are:

• ORSAs (well, 'overall solvency needs assessments', but let's be serious!) expected from 2014
• Internal Models should be used by anyone in pre-application
• Likely that most standard formula firms will have to qualitatively assess deviations between SF and their own Risk Profile at this time
• Expectation of an internal ORSA report and a ORSA supervisory report
• Records of the assessment expected to be documented and kept which must be "appropriate" - no prescription of what that means
• ORSAs to be performed at least annually

The following points are either new, or worthy of reiteration for anyone whose preparations on this front are less than certain - for ease of reference I have used 'ORSA' where EIOPA use 'forward looking assessment of risk', and as with the other preparatory guidance papers I have looked at, I will assume there will be blanket application as written, with no dissent from industry or NCAs:

Guideline 3

• Overall Solvency Needs assessments will be expected from 2014 (i.e compliance with Article 45.1)
• Minimum of 80% of the market must also assess whether they would comply with the Articles 45 (b) and (c) from 2014 - regardless of any Pillar 1 uncertainty.
• Internal Models expected to be used in ORSAs if a company is in model approval pre-application
• IF the standard formula is 'provided' by 2014, expectation that SF firms will assess deviation between the SF assumptions and their own Risk Profile - this excludes anyone outside of the magic 80% catchment figure mentioned above.

Guideline 6 - Documentation generated by ORSAs must include:

• An ORSA Policy
• An ORSA Record
• An Internal ORSA Report
• AN ORSA Supervisory Report

Guideline 7 - The ORSA Policy must include

• Description of component ORSA processes and procedures
• Consideration of the linkages between Risk Profile, Risk Tolerances and Overall Solvency Needs (OSN)

As well as information on

• frequency on stress tests, scenario analyses and reverse stress tests; 
• data quality standards; and 
• the frequency of the assessment, justified in relation to Risk Profile, volatility of OSN relative to capital position, timing (from calendar perspective I guess) and circumstances for ad-hoc assessments

Guideline 8 - ORSA Record

• Firms expected to "appropriately evidence" the assessment - no prescription as to what that means (logs, working papers, meeting minutes, e-mails)

Guideline 9 - Internal ORSA Report

• AMSB must communicate results to "all relevant staff" post-approval, which includes the ORSA results and conclusions

Guideline 10 - ORSA Supervisory Report

• 2 weeks after concluding ORSA, ORSA supervisory report must be submitted, which must include;
• Quantitative and qualitative results, and conclusions drawn
• Methods and main assumptions
• Comparison between Own Funds, SCR and OSN

Guideline 11

• Must quantitatively estimate the impact of different valuation bases (if used) when assessing OSN

Guideline 12

• OSN must be quantified, supplemented by a qualitative description of all material risks
• Expectation that these items are all stress/scenario tested

Guideline 17 - ORSA output to be used at least for;

• Capital Management
• Business Planning
• Product Development

Guideline 18

• ORSA to be performed at least annually

* So let's end with something fundamental, EIOPA - it is NOT useful to replace 'ORSA', as an acronym or indeed in full, with the expression "Forward-looking assessment of risk (based on ORSA principles)" 5 years down the road - I'm sure there is a rationale, just as sure as I am not going to like it (even the GCAE agree with me, going with 'ORSA-like')!

EIOPA Preparatory Guidelines - System of Governance

Consultation on System of Governance preparatory guidance (plus explanatory text)

For a topic which has felt like a given for a number of years (certainly in UK and Ireland where we already ask a lot in this area), the System of Governance preparatory guidance is still 40 pages, comprising of 57 guidelines, accompanied by 60 pages of explanatory text.

A couple of things immediately grabbed at me when going through the guidance (again anticipating a conservative approach of the supervisors rolling over and applying all content as is)

• That the Risk Management Policy (regardless of how one structures the component elements) is expected to contain procedure-level information about the management of each major risk category - this sounds hopelessly disproportionate, and almost impossible for supervisors to reasonably get through;
• That it is "expected" that large or complex firms separate their four key control functions, and that others at the small/medium end may ultimately find it easier to do so than consider the range of controls/maintenance of independence required to have combined functions;
• That an expectation that insurers' systems of governance require regular independent review, with the AMSB only retaining the ability to choose the performer;
• That insurers will be expected to formally identify/analyse/report on Operational Risk Events
• That EIOPA bottled out of defining Risk Appetite and Risk Tolerance, leaving national supervisors and insurers to fight it out amongst themselves.

Ultimately, the document reads like a checklist which practitioners or full-timers can run through against the suite of documentation no doubt already in existence which, if based on CEIOPS/EIOPA final advice and/or the Commission's Draft Level 2 measures, won't be miles away as it stands. On that premise, I've only listed elements which jump out for me.

GENERAL GOVERNANCE REQUIREMENTS

Guideline 3

• Evidence should be collected of the AMSB "proactively" seeking information from committees/key functions

Guideline 5

• No more detail than an expectation that the AMSB "appropriately implements" their key functions - in the explanatory text, it goes on to say that larger companies will be "expected" to fully separate Risk/Actuarial/Compliance/IA, with a series of measures expected to preserve functional independence if smaller companies choose to combine some.

Guideline 7

• Expectation that both AMSB decisions, and how information generated from the Risk Management System (RMS) influences them, is "appropriately documented" - compulsion for Board Decision Logs?

Guideline 8

• Regular System of Governance reviews appear to be expected, which are documented and reported back to the AMSB - the AMSB retains the right to choose who performs it 

Guideline 9 - All policies must include:

• Goal of policy
• Tasks to be performed and by whom (person or role, unlike for validation, where person/s was specified)
• Associated processes and reporting procedures
• Obligations of affected operational teams to inform control functions of "relevant facts" at all times

Guideline 10

• Contingency plans are expected for areas which are "especially vulnerable" - this pushes outside of what one would consider a conventional contingency plan for operational emergencies.

FIT AND PROPER

Guideline 11

• Must have a Fit and Proper persons policy
• It must be equally applicable to both hired staff and outsourced functions

RISK MANAGEMENT

Guideline 15 - AMSB is "ultimately responsible" for:

• RMS effectiveness
• Setting Risk Appetite and Risk Tolerance Limits
• Approving Risk Management strategies and policies

Guideline 16 - Risk Management Policy must cover at least

• Risk categories used and measurement methods
• How each category/grouping of risks is managed
• Risk tolerance limits for all categories in line with Risk Appetite
• Linkage of both SCR and ORSA to risk tolerance limits
• Frequency and content of regular stress tests, and circumstances for additional testing

In addition, the associated guidelines touch on the risk categories within one's Risk Management Policy. There is an expectation for pretty much every category that procedure-level information is included in the policy documents themselves, as well as hard limits, which is unlikely to be the case as it stands.

Guideline 18 - Insurance Risk Policy

• Expected to cover types of acceptable insurance risks, how premiums will cover claims/expenses, as well as how product design accounts for investment restrictions and formal risk mitigation techniques

Guideline 19 - Op Risk Policy

• Expectation that Operation Risk Events will be formally identified/analysed/reported in insurers, and that a system for collecting and monitoring them should be in place.
• Operational Risk Scenarios should be developed and used, based on failures of key persons/processes/systems and external events

Guideline 23 - Investment Risk Policy

• Buzzphrase introduced of managing the level of "security, quality, liquidity, profitability and availability" of one's asset portfolio

OWN FUND REQUIREMENTS AND THE SYSTEM OF GOVERNANCE

Guideline 32

• Concept of a "medium term capital management plan" introduced which covers; planned capital issuances, maturities and distribution policies - not sure how that works for mutuals, but I can see what they're fishing for

INTERNAL CONTROLS

Guideline 33

• "All personnel [should be] aware of their role in the Internal Control system
• The Internal Control system should be "commensurate to the risks arising from the activities and processed to be controlled" - this line should hopefully avoid overkill

INTERNAL AUDIT FUNCTION

Guideline 36

• The Internal Audit policy should include the procedure for informing supervisors [of whistleblowing-level wrongdoing I guess]

ACTUARIAL FUNCTION

Guideline 44

• "Material"deviations of Best Estimate Liabilities should be back-tested for by the Actuarial function, reported on, and remedial changes proposed

Guideline 46

• The Actuarial function is expected to "contribute to" specifying the risk coverage in the internal model, as well as the dependency structure - this feels like areas where, even in larger insurers, the function probably already leads, so will they be asked to take a step back?

EIOPA preparatory guidelines - pre-application for Internal Models

Consultation on Pre-application for internal models guidance  (plus explanatory text)

As staggering as it is frightening, and perhaps indicative of the diversity of approaches currently on parade across the Union, the pre-application for IMs preparatory guidance is 60 pages, comprising of 72 guidelines, accompanied by a whopping 144 pages of explanatory text. This accompanies the existing 82 pages of L3 guidance on the matter released by then-CEIOPS in 2010! A sub-group of EIOPA's IRSG has been assigned to deal with the nitty gritty of this element of the preparatory guidelines.

On first read, this feels massively influenced by the UK's activities to date, and indeed anyone working in that space will recognise FSA pawprints all over the granular details contained within. This is fair I suppose - the InsuranceERM models map has the UK down for around 1/3rd of models currently in 'pre-application' across the continent.

Therefore bearing in mind the UK approach is already pretty well established, I have highlighted below areas which either diverge from what is currently being exercised on the ground, or which clarify (at least for me!) areas which were previously ripe for controversy or disproportionate/inconsistent application. Where it is common sense or continuez tout doit, I have ignored it.

Most importantly, I am reading it as a fait accompli - bearing in mind the short window of time between consultation end and period commencement, EIOPA's recent past on consultation responses (i.e. 'thanks but no thanks') and the UK's evident participation in the bulking of these guidelines, I don't see much room for lobbying swathes of this away, nor for the PRA to "explain" rather than "comply"!

GENERAL GUIDELINES

Guideline 3

• As well as nature, scale and complexity, "design, scope and qualitative aspects" of the IM should be considered when allowing for proportionality 

Guideline 4

• Any model changes pre-application look like they will be pored over by NCAs, including the associated change approval process 

MODEL CHANGES

Guideline 5 - Model Change Policy

• Policy should, as well as SCR-related changes, include changes to: system of governance (around model change); compliance with Use Test requirements; appropriateness of technical specifications and changes in Risk Profile

Guideline 6

• Approach to classifying "major" changes is expected to be objective
• Must also take into account specificities of the company (so benchmarking percentage changes against your neighbours may not be that useful) 

Guideline 7

• Aggregated change triggers must be considered, not just isolated changes
• Offsetting positives and negatives won't be acceptable to avoid a "major change" trigger!

Guideline 8

• Major/minor changes must be determined at Group and entity level

USE TEST

Guideline 9

• "No complete and detailed list of specific [model] uses" will be supplied by NCAs.

Guideline 11

• Granularity of the Risk Management System will need to match the IM in terms of categorisation
• The "structure of decision making fora" will be assessed in ensuring the IM fits to the business - extraordinary!
• Records expected to be available to show how IM outputs are designed

Guideline 12

• Assessment of training, seminars, workshops, meetings and direct interviews "should be considered" in pre-application

Guideline 13

• Will need to "ensure [IM] will be used" during pre-application, as opposed to "use it"
• Expectation that, if other tools are used in decision making, IM is improved having assessed inconsistencies against said tools

Guideline 14

• Evidence of prospective support and retrospective verification of decision making would be advisable for candidates

Guideline 15

• Must document where model is not aligned to the decision ultimately made

ASSUMPTION SETTING/EXPERT JUDGEMENT

Guideline 19

• "Materiality" in the context of assumptions will need to be both qualitatively and quantitatively assessed - should generate some healthy Risk/Actuarial function debate!

Guideline 20

• A validated and documented process for assumption setting and expert judgement will be required
• Sign-off on assumptions will need "sufficient seniority", up to and including AMSB

Guideline 21

• A formal and documented feedback should be maintained between assumption setters and users

Guideline 22

• On the transparency of assumption setting, point 1.64 here effectively asks for an Assumptions Register, as well as dictating what it expects to see in it.

Guideline 23

• Process mapping of some kind expected for the validation of assumption setting
• Independent assumption review is also expected - doesn't dictate whether this should be internal/external, but it will keep someone in clover no doubt.

METHODOLOGICAL CONSISTENCY

Guideline 26

• Methodological consistency to be validated

P&L ATTRIBUTION

Guideline 37

• Point 1.105 seems to confirm P&L attribution by risk driver is required

Guideline 39

• P&L attribution must be used at least annually in the decision making process

Guideline 40

• P&L attribution to be used in the validation process (specifically, old ones to be compared against  experience

VALIDATION

Guideline 41 - Validation Policy to contain at least

• Process, methods and tools, and their purposes
• Frequency of validation for each part of the IM, and triggers for ad-hoc validation
• Persons (not roles) responsible for each task
• Procedure to be followed where reliability of IM is questioned, and ensuing decision making process

Guideline 42

• Shies away from touching Internal Model scope when talking of validation scope - great move!

Guideline 43

• Evidence of sensitivity testing expected when determining materiality

Guideline 44

• Must document known limitations of validation process, as well as circumstances where the process falls over
• May even be asked to quantify the degree of uncertainty!

Guideline 45

• A documented escalation path would be advised

Guideline 46

• Risk Management function will be pressured, as the function with overall responsibility, to ensure all tasks are completed (if not directly performing them) - new skill set?

Guideline 47

• Evidence of how the RM function ensures that the validation process remains independent of IM design and ops should be collected/enhanced

Guideline 49

• A process will be expected to ensure the choice of validation tools used considers; complexity, nature, independence and knowledge of participants - feel this could be tricky for the smaller IMAP guys without leading to additional spend on consultants

Guideline 50

• Must be able to document the appropriateness of the validation tools used accounting for; materiality of IM part, granularity of the data being tested, purpose of the task and the expected outcome

DOCUMENTATION

Guideline 53

• Expectation of a "...clear referencing system [for IM documentation] which should be used in a documentation inventory"

Guideline 55

• An overall summary of IM shortcomings, "consolidated into a single document" will be expected
• This needs to cover at least; Risks not modelled, limitations in modelling, sources of uncertainty in results, data deficiencies, external models/data, IT limitations and governance limitations.

Guideline 56

• Potential suggestion that there should be more than one level of IM documentation to suit other audiences/uses - IM for Dummies anyone?

Guideline 57

• End-to-end User Manual expected which an Independent Knowledgeable Third Party could operate

Guideline 58

• Stress that a single document containing all model outputs (as Use Test evidence) is not required - acceptable as single docs

EXTERNAL MODELS AND DATA

Guideline 60

• Expectation that external data sets will be sense-checked against "other relevant sources"

Guideline 61

• Understanding of external models must extend to technical and operational aspects, as well as assumptions

Guideline 64

• "Material" assumptions of external models must be validated
• In point 1.163, any potential for cherry-picking features/options of external models is constrained

EIOPA consultation on "Solvency II Preparation Guidelines" - Wham!

In between Mickey Mouse cartoons today, my young lad said "EIOPA just don't publish enough consultations about Solvency II, I hope we see some more soon" - well wait no further son, this year's motherload has just arrived!

EIOPA Guidelines - supervisors have
been 'hanging on like a yo-yo'

What was mooted back in December as EIOPA's interim measures, intended to make sure that impatient  individual national supervisors didn't 'plan on going solo' have been released today for public consumption and comments, covering the 4 areas "fundamental to ensure effective preparation for Solvency II".

The consultation is open until June 19th, but the guidelines once finalised will apply from Jan 1st 2014.

EIOPA will apply them proportionally to the national supervisors, who in turn are asked to "...regard the burden on small and medium sized undertakings" when incorporating these guidelines into national regulatory landscape. May be the first acknowledgement of disproportionately burdening SMEs I have seen from EIOPA!

Those 4 areas are:

1. System of Governance (L2 final advice here)
2. Forward-looking assessment of Risk/ORSA (issues paper here)
3. Submission of information to national authorities (L2 advice here)
4. Pre-application for internal models (L3 guidance here)

I'll pick these off as separate posts and link them back to this page, so sers toi in the meantime and happy reading!

InsuranceERM round table on Solvency II and Capital Management

Nice freebie from the InsuranceERM guys, covering a CRO/ERM Head roundtable touching on economic capital, internal models and Solvency II - the first of this double header is here. With representation from from all sides and sizes of the insurance industry spectrum, the views tabled should be useful for most practitioners in this space, even if some of it is not exactly new news.

They are relatively benign on controversial areas such as industry cost, and even positive when talking of Solvency II having provided an incentive to improve both risk and model governance in the here-and-now, regardless of the necessity from a pure compliance perspective.

Between the two, the following noteworthy views were tabled;

On Solvency II

• "...has to be considered now if, not necessarily when"
• "...from a non-life risk and capital perspective, Solvency II just does not work" - citing reserve risk specifically as inherently flawed 
• The UK's ICA+ regime "...pushes [Solvency II] back towards a more sensible view of capital"

On Internal Models

• "The main issue with the models is spurious accuracy and detail masking big assumptions, which is possibly a systemic risk"
• Regulators in some European countries think internal models are "unnecessarily complicated"
• In response to the suggestion that internal modellers could be "gaming the system" to reduce capital requirements regardless of risk profile, Aviva's ERM head noted that the FSA have identified through their own research that the ICA regime appeared to have done just that back in 2004
• It is "...inevitable that [the Bank of England wearing their PRA hat] is going to take a far more sceptical view of internal models", particularly where Internal Model SCR is lower than Standard Formula SCR
• On Use Test, "...potentially 3 or 4 years before the model is truly bedded in"

On Ratings Agencies and their capital requirements to maintain target ratings

• "...many people, especially in Bermuda, see ratings agencies as de facto regulators"
• "...may take internal models less seriously in the short term" off the back of Solvency II
• Ratings agencies capital requirements are "the worst common denominator" alongside SF SCR and IM SCR

I've personally been relatively well shielded from the extent of the discontent on the non-life side, but judging by the confidence intervals used by high profile insurers as their EC targets (frequently observed at 99.9-something/A or AA rating space), it's no surprise that ratings agency requirements are in many cases paramount - that business could potentially be dragging three or four capital measures to their respective Boards for the next 3 years (agency capital, IM SCR, ICA and SF SCR) is a grim prospect.

Perhaps of more immediate concern is the view that the FSA/PRA have the potential to be more cantankerous around internal models once they move into their new office - something to look forward to in 2013?

EIOPA's Montalvo on the Solvency II impasse - "more complex than it was originally foreseen"

EIOPA published a transcript of Carlos Montalvo, their Executive Director, speaking with Risk Universe magazine about the current state of play in the Solvency II/Omnibus II world. Always nice to hear from the horse's mouth, and he had a fair amount to say (with not all of it regurgitation!);

• "The objective of Solvency II is not to reduce risks, but to allow companies to properly understand, price and manage the risks they face" - we frequently hear from the EU institutions on what the 'objective' of Solvency is, so I might do a clean-up post on this, particularly as the scare stories on the impact of the LTG assessment outcome on granny and grandad's pensions are increasing the prominence of the topic (the Advisory world being a prime example). 
• "Solvency II is more complex than it was originally foreseen" - early contender for understatement of the year...
• Credible timeline is "a must have".
• Insurers should "make sure that Boards of firms keep considering Solvency II a priority" - after  4 years of phoney war, easier said than done Señor!
• EIOPA's interim measures "...an excellent way for all parties to use the extra time of the delay as a way to be better prepared for implementation".
• Internal Models are "a fundamental management toolkit" - quite the opposite take of the wonderful blog post from one of Willis's finest last week, writing that actuarial models "take combinations of assumptions and torture them to come to conclusions"!
• "The ORSA Process must be owned by the company" - without any useful elaboration on what 'ownership' entails and how it should be documented from a system of governance perspective. I would add that the questioner's view that firms are still "struggling" with ORSA feels a touch dated, otherwise what has industry been spending its money on for the last 3 years

The standout comment on p4, for all the wrong reasons, is around the potential use of ORSA supervisory reports for the calculation of capital add-ons, stating "...if we would do so, it would be a one and done exercise". Can't work out if this is a misquote, mistranslation, or if I need a trip to the optician, but if there is any threat of ORSAs being used by national supervisors for this purpose, a direct, plain-English statement to that effect would be appreciated by all.

Reactions magazine - CRO Risk Forum - Solvency II and ERM opinion

I covered the last one of these releases from Reactions magazine this time last year on the basis that it had some good all round coverage of ERM and Solvency II from Europe's highest profile risk executives, and again they haven't disappointed.

This recent release again has a veritable Who's Who of European CROs providing their take on a range of matters, so is definitely worth your time. It covers most of today's hot topics, including SIFIs, ERM, Solvency II, ORSA (in US), Internal Modelling and Emerging Risk.

I've taken the following from it;

Hannover Re CRO

• "...experiencing increasing requirements for internal model approval" - strange one this, as they have already converted to a Societas Europaea, potentially driven by a wish to escape a more onerous challenge in this respect from Bafin and the FSA - doesn't therefore sound like that tactic is of much use!
• Their internal model is currently S&P ECM III-approved - detail on the significance of that available here for those not familiar with their methodology etc, but of course a positive review of an ECM will impact both S&P's assessment of a company's ERM framework, as well as the amount of capital required to sustain a particular rating.
• The CRO uses the cost of the Risk Function against the capital savings from an approved model as a demonstration of the function's value - in the absence of a range of alternatives, I guess it's worth a shot.
• As CRO, has a veto of decision making at executive committee level
• Comments in a rather peeved manner that current draft Level 3 proposals insist upon separately staffed and operationally independent compliance, risk and actuarial functions (they appear to have everything balled up into a second line of defence 'risk control unit'  - bit confused by this, but I'm guessing he has seen something behind closed doors, and rightly doesn't appreciate EIOPA determining how a company should be departmentally structured.

SCOR CRO

• The financial crisis "...has shown that the diversification of financial risks disappears in extreme situations"

Kiln CRO

• "Every generation of activity since [Level 1] has produced ever increasing requirements for documentation"
• "We are wallowing in paperwork"
• As with Hannover Re, they cite S&P internal model approval positively against the developing EIOPA/national requirements - only 40 pages required to evidence a standard sufficient for S&P 'model approval'
• They differentiate between Strategic Risk and Emerging Risk, with the latter seen positively as product development opportunities.

FSA and cost of Solvency II in the UK - two tunnels or half a tunnel?

Andrew Bailey, incoming head of the PRA in the UK, was widely quoted yesterday as saying that the spiralling costs of Solvency II could ultimately cost "twice as much" as London's new £15bn choo-choo tunnel Crossrail. This was at a parliamentary select committee, which for non-UK readers is where second tier politicians jump on the latest bandwagons, so that fact that Solvency II is getting some air-time is telling in itself.

Not entirely certain what expenses are included in this £30bn mega-bill, but the number is surely as inconceivable as a 2014 start date unless we add FSA costs, industry costs and slap on some arbitrary figure for "additional capital the industry will probably need to hold" - which is of course what was contained in the Cost Benefit Analysis commissioned by the FSA published back in 2011. With much of that based on QIS5 standard formula results (but at least in the same ball park as £30bn), I guess we can swallow £30bn, albeit with a pint, rather than a pinch, of salt.

"But wait a second" keen readers of the FT cry, "this time last month a prominent CEO said the cost was supposed to be HALF that of Crossrail,". Has someone in the fact sheet-preparing department at the Wharf got their wires more crossed that a breakdancing electrician, and sold their boss a dud here? Has one of the journos at the Telegraph or FT misquoted someone? Either way, there's probably a salient lesson in there somewhere around looking before you leap, it just remains to be seen who's left with the proverbial, errr, mucky shoes.

Incidentally, the full text from a separate questionnaire which the UK Parliament's Treasury Select Committee asked Mr Bailey to respond to is available here - this is separate to the interrogation transcript where the "twice as much" quote was obtained from, but contains some insight into where prudential regulation is going as of next month when the PRA take the reigns, including some good news on the regulatory levy front;

"For the next year, we intend to levy just £0.1mn [for Solvency II]. The difference [from last year's £15m] reflects cut backs that we have applied to Solvency 2 preparation costs. Although it is hard to be sure of the final cost of Solvency 2 preparations given the uncertainty on timing and substance, I expect the overall cost to be considerably lower than previously estimated. This will be a saving for insurers."


However, when one reads that, in his own words, the new head of Prudential regulation in the UK is "...by comparison new to insurance, but [he takes] it very seriously", you truly hope if the £30bn faux pas is attributable to him, that it can be put right - with all the Solvency II scaremongering and doom-mongering, we could probably use a little realism-mongering...

• 
  

  
  
  
  
  

AKG - Solvency II perspectives from the financial advisory industry

In the absence of materials pointed towards the sector, AKG have released a Solvency II guide for financial advisers (sign-up required, but worth it), which provides a refreshing angle change from the usual bureaucrats vs lobbyists vs politicians chatter flooding the trade presses.

Solvency II and RDR -
"mess with me, you mess
with my whole family"

While Solvency II was clearly De Vito to RDR's Schwarzenegger over the last year and a half for the financial advisory industry (indeed all bar one of those surveyed by AKG's pollsters had been concentrating "exclusively" on RDR), there was at least some familiarity with the impact on product availability from the current impasse - Protection and Annuity rates, With Profits availability and Guarantee costs are all on the industry's radar.

While there was a couple of faux pas in the document (the official timeline is certainly not "established and managed by EIOPA", and as the world and her husband will tell you, the ORSA is not an annual report!), the document helps understand the concerns and needs of the distribution world at this uncertain time. I picked out the following;

• That CROs will be more concerned about risks posed by external distributors and advisors in future
• That advisers will likewise need assurance on product supplier risks, and that provider and product ratings from external sources "...will be crucial components in gaining this reassurance"
• That the alignment of capital and risk "...will undoubtedly drive capital light products in future"
• That the mainstream press hasn't yet "gone big" on Solvency II, but that advisers may get caught out when they do
• That the advisory industry wants "...a guide [to Solvency II] to explain in an easy-to-understand, jargon-free manner" - over to you FCA!
• There are concerns around the quantum and familiarity of products/providers once Solvency II goes live and we see new market entrants/consolidation

They conclude that "advisers should not panic about Solvency II and its implications". That has a whiff of Chamberlain about it to say the least, but the "panic" would be about convincing punters to pay more for guarantees or share the risks in insurance products in the near future, as opposed to the solvency adequacy of the providers themselves.

Preliminary full year results - Solvency II implementation costs and opinions

Now the UK preliminary full year results are starting to flow in, we can get more visibility on what was spent in last year's Solvency II phoney war. This is a topic I have covered for the last two years on this Blog (here touches on previous disclosures in particular) and bearing in mind most of the UK's Big Rigs are in the habit of disclosing the sums spent on preparation, it gives a good feel for where the implementation costs tally may finally get to.

So read on if you are interested in seeing if 2012, just like the popular 'Lovely Day' singer, was the year that the...errrr....Bill Withers (?)

Legal and General

• "Delivered the core components" of Solvency II, though there remains "much uncertainty" - go figure!
• £50m spent on Sol II and "other strategic projects" (no further split available) - this figure was £56m last year

RSA

• Costs of £32m (£30m previous year) for Solvency II
• Expect costs to fall by "around 50%" for the next two years
• "Rephased our implementation project to minimise costs"
• EC calibrated to 1-in-1,250 (S&P 'A' rated)
• In the AR&A, they add that they "...remain at the forefront for internal model approval"

Resolution 

• £76m spent on (predominantly) Solvency II in 2012, as opposed to £56m in 2011 - 2012 was of course the year that they dropped out of IMAP, so the spend dropped in the second half of the year
• Original provision for Sol II released from MCEV this year was £34m!
• Economic Capital coverage of 182%

Aviva

• £117m spent on Sol II specifically, against £96m last year
• "Well placed" for ICAS+ review 

Standard Life

• £112m spent on Sol II, RDR and other restructuring (no further split available) - was down as £59m specifically on Solvency II in 2011

Old Mutual

• Economic capital at risk managed to 99.93%, and currently at over 160%
• "Given the delay to the Solvency II go-live date", focusing on embedding ORSA and internal model during 2013
• No coverage of project spend - same as last year

Prudential

• £48m of Solvency II implementation costs in 2012 (£55m previous year)
• "...expects to engage in the initial stage of the FSA's proposed Individual Capital Adequacy Standards Plus (ICAS+) regime"
• Solvency II "may" provide a more risk-based capital framework, but "...we now know that it will not be implemented before December 31st 2015"
• "Continue to evaluate [their] options, including consideration of the Group's domicile"
• "...remain focused on preparing for implementation" despite uncertainty

And over to continental Europe;

Allianz

• "...adoption in 2014 is no longer guaranteed"
• EC coverage of 199%, calibrated to 99.5% VaR over 1 year - was previously calibrated to 99.97%, and Solvency II is used as rationalisation for the y-o-y change
• Rated 'strong' by S&P for ERM, and have had their internal model positively rated by them
• "Will take advantage of the delay in the implementation of Solvency II" to industrialise balance sheet production and internal model processes

Munich Re

• "..some uncertainty remains" around Solvency II, and they are banking on "at least two further years" delay
• Note that "...the risk that our Life primary insurers may not meet the capital requirements cannot yet be entirely excluded"
• Confident that "new opportunities...will exceed the challenges"
• Targeting 1.75 x 99.5% VaR over 1 year as their Economic Capital Target - this is a "...conservative approach, offering a high degree of security"
• Currently hold 129% of that figure
• Perhaps more significantly from an internal model perspective, hold 225% of 99.5% VaR over 1 year - if we considered that "conservative", I wonder what we might consider "liberal"?

Generali

• Economic capital ratio (calibrated by their internal model to ultimately deliver the required SCR percentile) of 159%, unchanged y-o-y, despite a lot of positive capital management activity (p33)
• Solvency I ratio is 150% (p31), up significantly on last year's 119%

Aon Risk Maturity Index Report 2013

With the potential for early implementation of Pillar 2 on the horizon for Europe's insurers, Aon's release of their latest research on Risk Maturity Index is perhaps a timely one, particularly for anyone in the small-to-midsize bracket who wants to get a feel for the proportionality of their current approach (and for UK IMAP candidates, whether it might fold under ICA+ questioning in the next two years!)

Their claim that that the Risk Management Index fills the current "void" which prevents interested parties from benchmarking their risk management frameworks against those of their peers, and indeed reaching recommendations on how to further enhance them has a whiff of bolshiness about it, but nevertheless, the output is valid for practitioners in all industries.

Fundamentals behind the research, conducted in conjunction with Wharton Business School, are;

• Aon's "Risk Maturity Index" is an online self assessment of risk management practices.
• It asks 125 questions regarding 40 "key components" of risk management - all tied in to the following 10 characteristics of risk maturity:

 1. Board Understanding & Commitment to Risk Management

 2. Executive Level Risk Management Stewardship

 3. Risk Communication

 4. Risk Culture: Engagement & Accountability

 5. Risk Identification

 6. Stakeholder Participation in Risk Management

 7. Risk Information & Decision Making Processes

 8. Integrating Risk Management & Human Capital Processes

 9. Risk Analysis & Quantification to Understand Risk & Demonstrate Value

10.Risk Management Focus on Value Creation

• Allows for a ranking between 1-5 across various sub-cuts of the data collected, and an assessment in aggregate of each firms "risk maturity"
• Data was then analysed against over 100 listed companies from 20 industries, geographically spread, to see if "risk maturity", or a lack of it, translated into anything measurable
• Over 500 companies have responded to the survey since 2011, this being its second periodic summarisation (results from first one summarised here).

The headline news was that a correlation was identified between organisations with superior risk maturity and stock price volatility, with a reduction of up to 50% potentially up for grabs between the 'best' and the 'worst' - a particularly visceral way to "derive and demonstrate financial value from...risk management frameworks" which, let's face it, is a hard sell for the best of us!

I observed some more general points from the white paper, namely;

• The insurance industry was third only to Aviation and Consumer Goods in the assessment of risk maturity - something to be learnt from these industries (in particular around Op Risk maturity in Aviation)?
• Only 15% of respondents were rated at 4+ out of 5, or "operational/advanced" in Aon's terminology
• Lower revenues seem to translate into lower risk maturity on the whole
• Responses from CRO's resulted in the best aggregate maturity scores, while Internal Auditor/CFO responses resulted in the worst aggregates - expected biases nicely exhibited

Of particular note though were the three areas of common differentiation between higher and lower rated firms which are worthy of more attention than might otherwise come from reviewing average maturity scores. 

Awareness of the complexity of risk - more mature organisations are able to demonstrate:

• Risk adjusted return expectations by business unit/department
• Documented and applied assumptions in forecasts/projections
• Supporting forecasting ranges with applicable historical data

Agreement on [risk] strategy and action - more mature organisations stabilise their performance by:

• Re-evaluating risk management strategy based on experience
• Reviewing and validating risk tolerances based on external conditions
• Evaluating strategic decisions with reference to quantified risk tolerances

Alignment to execute [the risk strategy]

• Communicating negative results and predictions (nicely tied into Risk Culture by Aon)
• Developing cross-functional risk understanding, and how organisational activity relates to overall risk management strategy 
• Incorporating risk/return approaches into strategy, in particular recognising up-side potential in decision making, rather than loss minimisation

These are particularly interesting findings for the EU insurance industry, who will be waddling into Live ORSA territory in the coming weeks and months. Fair to say that Solvency II Pillar II accommodates much of what is covered here, so worth thinking about leveraging this benchmarking work in one's 2013 activities.

Lloyds - cognition and how human factors affect risk perception

While the Solvency II world will be as grateful for as they are familiar with Lloyds of London's work in the Sol II sphere, they pushed out an intriguing paper for all risk practitioners this week around cognition, the impact of human behaviour, and our interaction with models when identifying and assessing risks.

This is a piece of academic research very much needed at this point in time, where the regulatory obligations around internal model challenge have yet to formally land, let alone be adequately road-tested, while at the same time the UK is continuing with its ICAS+ regime, where entrants will no doubt receive running commentary on their progress in upscaling both assumption/parameter challenge as well as model use.

Anyone involved in the 200-ish pre-applications for internal model use prior to Solvency II go-live in Europe would therefore benefit from a read of this, particularly if you are on the validation-side. I picked out the following;

Fundamentals which impact on modelling choices (data sets, interpolation/extrapolation, correlations, tail dependencies etc)

• "We are not equally aware of all risks...people make decisions based on a subset of the available evidence"
• "Expectations are strongly influenced by personal experience and current events"
• Tendency to "...lose sight of infrequent losses" in the face of more frequent visible events
• Tendency to procrastinate around risks which are difficult to assess
• "Some may query the relevance of human factors, given the prevalence of quantitative risk models - the suggestion being.modelling rules out biases"

Risk appetite

• "Low risk appetite can increase false alarms, and a high risk appetite increases misses"
• "The greater risk appetite of powerful individuals can stem from a tendency to focus more on rewards and successes, while people who are lacking in power are often more cautious and attentive to threats and potential obstacles" - is it this dichotomy which makes the role of the CRO ultimus inter pares in the boardroom?

Aide-memoire lists for risk practitioners

• How to counteract risk perceptions - p11
• Separating risk perceptions from immediate context - p13
• Awareness of bias linked to power - p16
• Risks in perspective - p20
• Behavioural principles which can create added value - p22

Clear Path Analysis - Interview with EIOPA's Montalvo

The guys at Clear Path Analysis have come through with another suite of exclusive Solvency II material, following along from their efforts in September 2012 and 2011 (sign up required if you are not already hooked up with them).

This is dominated by asset allocation and Pillar 3 requirements, and I'll cover through those in due course. It was the interview with Sr. Montalvo from EIOPA which immediately caught my eye, so I picked the following bones out of it:

• Solvency II is "...nothing more and nothing less than a risk-based supervisory framework"
• Solvency II "aims to be a neutral system" with regard to asset allocation
• "The new framework creates business opportunities rather than operational risks"
• "No Pillar prevails, all are equally important" 
• The capital weightings on asset lines are based on "...sound technical calculations that were taken by the supervisory community (and in particular by the actuarial teams involved)" - is this a tacit acknowledgement of a residual element of black-boxedness?
• On IFRS convergence "...we had to move forward because in the accounting areas progress was not being sufficiently made". 'Aimerez-vous rencontrer M. Kettle, M. Pot?'
• On early implementation, "...once we see how it is working, [EIOPA] will have the courage to say which things can be improved"

Perhaps his sweetest quote is worth isolating:

Elderfield speech to Institute of Directors in Ireland - 'the Gene Genie'

With all the subtlety of an American industrialist in Paris, Mr. Elderfield delivered a speech to the Irish IoD this week focused on the Central Bank of Ireland's refresh of its 3-year strategic plan, as well as reinforcing what it expects financial services Boards to be focusing on in the near future.

This of course should sit in the context of what I covered last week on thematic enforcement work in 2013. Aside from his comments around board diversity, namely that the CBoI's 'fit and proper' activity to date is "...broadening the gene pool of corporate life" (eeeewwwww!), emphasis was given  to three particular areas:

Risk Appetite Statements

• CBoI expects "... [a] high quality risk appetite statement that is well understood and implemented throughout the firm in practice"
• "...clear articulation of the acceptable level of risk...at different confidence levels, is an important discipline and an essential compliment to a well-articulated business strategy"
• That, due to disappointments in the past, Risk Appetite statements are "...certainly an area of increasing interest on [the regulator's] part, and where we are debating the best approach for encouraging improvements"

System of Governance and Risk Culture

• Boards should "...provide broad, challenging scrutiny of your firm's culture regarding regulatory compliance and internal challenge"
• Ensure that there are "...appropriately resourced and well-qualified risk management and compliance functions"
• "Think more fundamentally and strategically about the culture in the institution that you oversee"

I would add that a lot of this sits nicely with the FSB's Risk Governance paper which was released last week.

Board composition

• Expect directors to take a "...hard nosed view on Board composition, with a view to improving performance"
• Endeavour to attain the "...right gender diversity...and international experience"

With Risk Appetite and Risk Culture both having featured on the IRM's hitlist recently, the practitioners over there will have some assistance to hand from an industry body, however there should be some other useful stuff available in the tag cloud at the bottom of this page on appetite, culture and diversity if you are struggling for inspiration.

Adams speech to the Economist Insurance Summit - lessons from financial crisis

Some particularly useful context setting from Julian Adams last week for anyone in the Internal Model game, with this speech to the Economist Insurance Summit around what lessons could be learned by insurance supervisors from the financial crisis.

While he amusingly interchanges between "financial crisis" and "banking crisis" to emphasise that it wasn't our fault, and drops in the now obligatory reference to the importance of insurers as long-term investors, echoing the Commission's pleas from late last year, the majority of the speech focuses on why models go wrong (not the name of a ropey catwalk reality tv show...)

Insight on where the FSA thought firms were going awry in the Solvency II modelling preparations was delivered to the industry in the middle of last year, but I found this speech helpful in the context of proportionality i.e. what elements of economic capital modelling are worth spending extra time on theorising, documenting, debating and minuting for IMAP candidates. I saw the following comments as highlights;

Reasons for internal models in the banking industry being exposed;

• "...rested on assumptions which turned out not to hold when bad times came"
• "...review period" selected when parameterising
• "...insufficient rigour and independence from the front end of the business" when parameterising
• "...management attention too often focused on those parameters considered too conservative at the expense of those that were insufficiently prudent"
• "...destabilising feedback loops" where underestimation of risk (due to data selection) plus use of the model leads to a vicious cycle of unacknowledged over-accumulation of risk
• "...flawed technical assumptions" in tail-end probability estimation where data is drawn from "normal" times

Lessons for Solvency II

• "Data [should be] sufficiently robust"
• Assumptions should be "appropriately conservative"
• "[Supervisors] can be helped...by the much greater use of imaginative tests of resilience to deeply stressed scenarios"
• "...paucity of relevant historical data for the calibration of tail dependencies between risks"
• That "...the limitations [of capturing tail dependencies] are recognised, and conservatism built in to the calibrations"
• That "...correlations in the tail are likely to be assymetric in nature" for insurers
• That "...the adoption of quantitative techniques...will not change the nature of the risk itself"
• That supervisors "...must not blindly accept the outputs of these models"

Appreciating some of this is hardly new news, any increased documentation and rigour in the areas highlighted will no doubt be well received down at the Wharf.

Protiviti - top risks for 2013

Nice piece of 'top risks' benchmarking for practitioners was pushed out this week by Protiviti - heavily US-centric, cross-industry (around 25% financial services, but all respondents are C-suite types), and the 'risks' are provided as a selection of 20 pre-written items, but the work has still got some mileage, even if I am far from convinved by the early statement that "...the first question an organisation seeks to answer in risk management is 'what are our most critical risks'" with no reference to their strategic objectives!

Let's take that as an editorial oversight, and pick through the highlights;

• Unsurprisingly, economic conditions and regulatory change/scrutiny are top of the financial services hitlist of 'top risks' (and indeed other industries)
• CROs and Chief Audit Executives were less likely to rate a risk "less significant" than their first-line counterparts - nest feathering or legitimate conservatism?
• Financial services considerably more likely to deploy additional resource to enhance risk management capabilities in the next year

There is also a "suggested questions for Boards" list at the back, which covers (albeit in a rather flannel-y fashion) the kind of items which emerged in the FSB's risk governance recommendations from earlier in the week, such as;

• Is the Board sufficiently involved in/informed of the risk assessment process regarding the implementation of strategy (mergers & acquisitions, new lines etc)?
• Is the MI around the Risk Profile sufficient?
• Is there an existing emerging risk management process?
• Is the risk profile consistent with risk appetite?

A decent piece to run through your NEDs at the very worst, and potentially of some use for your emerging risk/reverse stress testing activities for 2013.

Omnibus II - back to October 2013

Following on from the barely noticeable number of previous posts on Omnibus II Plenary vote delays (here, here, here, here, here and here), we can now stick lucky number 7 in the pot, after the procedure file was updated today to show a postponement to October 2013 - whilst the delay was inevitable after EIOPA made it clear that the Long Term Guarantees Assessment report would only reach the co-legislators by July, the actual date helps with short-term planning for all stakeholders concerned.

I guess the big questions that emerge from a delay to October are:

• Whether it is enough time, factoring in the summer holidays, to consume the LTG report, acknowledge its outcomes regardless of which territory benefits most from the conclusions, and vote positively
• Whether it is actually too much time to pull apart the report's outcomes, and between the trilogue parties, industry lobbyists and any national political pressures than can be marshalled in the interim, October just becomes the next promises graveyard.
• The increasing proximity of this date to the campaigning for the 2014 EU parliamentary elections, which must surely impact on how the voting will go if the LTG report gives a duff outcome to those countries still writing swathes of guaranteed business
• The entry into the mix of Karel van Hulle's replacement (haven't seen a name yet)

Not certain if 2016 is exactly riding on Omnibus II approval by October, but one feels it would certainly help restore some credibility.