UK Senior Insurance Managers Regime - just be natural...

The PRA’s Supervisory Statement on Strengthening Individual Accountability in Insurance (SS35/15) has been released, not that far apart from their demolition job on Co-op Bank’s system of governance, which demonstrated something of an absence of such accountability across all three lines of defence, quite a feat!

While the Banking industry have been catered for on this topic with a few more bells and whistles, most noticeably by including an element of criminal liability  for their senior management (thanks Fred!), the approach for insurers and banks is supposed to be largely consistent.

The doc itself rather awkwardly references multiple sections of the incoming PRA Rulebook which, as yet at least, doesn’t exist as a conventional reference site, though it is due for release in “the summer” (the PRA subsequently released the new site 3 days after I published this post - that'll teach me!). It still pays to fish through the appendices of old Consultation Papers to get the materials cross referenced in this Supervisory Statement (here for most of them, from p44)

SIMF Interviews - "Next"...

I did cover this topic when the consultation paper first hit the table, and for those of a nervous disposition, the PRA have since produced a nice one-pager summarising what you need to know in the context of Approved Persons, Solvency II etc here (and done so much better than me, I hasten to add!). In addition, the transitional map from CF-XX to SIMF-YY is already available here.

I had a look through (largely ignoring the Group and Third Country specifics) to see if there was anything new and exciting since the consultation, and naturally there isn't! That said, the industry feedback received is detailed here (section 2), while I noted a few things below for my own benefit;

• PRA not concerned about individuals located overseas, unless they are involved in strategic implementation, as opposed to strategy formulation (2.11).
• Alerting to potential PRA blocking of SIMF applications where someone wishes to wear more than one hat, citing the obvious CEO & Chair example (2.15)
• Persons allowed to do the same function in more than one firm - targeted perhaps at the floating actuary contignent who do the CF12 job for a few firms?
• Awkwardly try to accommodate SIMF job-sharing, but lean towards discouraging it in the text (2.17-2.19)
• List a few examples of what firms might consider to be "Key Functions" over and above those named in the Solvency II legislation, being particularly keen on Investments (2.25 and 2.27)
• On the list of 11 Prescribed Responsibilities, they do their best to keep the NED world out of assuming any of them (2.40)!
• Some attempt to informally restrict Chairpersons from filling their time with multiple other roles and responsibilities (2.44)
• A timely reference, given the Co-op Bank Final Notice, to ensuring that Boards understand the Threshold Conditions (p12-13) and Fundamental Rules.

The Individual Conduct Standards (from p16) all seem fair at face value, with a bit of devil in the details, such as;

• Key function holders being told (3.19) to not only meet the letter of the prevailing regulatory system, but also not to engage in "...creative compliance or regulatory arbitrage" - spoilsports!
• Expectations that Key Function holders "take reasonable steps" to ensure that the business has sufficient systems of control, even if they delegate some, or indeed most, of the associated tasks themselves (3.20-3.22).
• That should you breach any of the Conduct Standards, it materially affects your fitness and/or propriety, and therefore the PRA expect to be notified

Finally, to clear up that age-old debate, the PRA clarified in 2.4 that it "...does not expect persons other than natural persons to be approved for a SIMF". Anyone with career ambitions had better lay off the Botox and Bronzing then...

Approved Persons in UK under Solvency II - "SIMF-ly The Best"?

The UK prudential and conduct supervisors doubled-up this week with a barrage of paperwork regarding "Fit and Proper" assessment of senior staff members in Insurers under Solvency II.

This was already acknowledged as an area where intelligent copy-out wouldn't quite cut the mustard for UK plc, so no doubt the Compliance functions of insurance entities have been looking forward to these publications appearing. Given the light touch on the topic in the Directive (Art.42) and Delegated Acts (Art.273), this is very much welcome gristle.

Evidently "Proper" - but "Fit" enough?

While the maintream media has cranked out some comment already on both the FCA (here) and PRA approach (here, here and here), they are naturally broad with their brushes. I thought I would cut it up into my much more insular world of "what does it mean for Key Functions under Solvency II".



PRA Consultation Paper

• The regulatory framework for individuals will be called the Senior Insurance Managers Regime (SIMR), and will come into force from 1st Jan 2016. 
• The CP is targeted at ensuring fitness and propriety of individuals running an insurer, or performing a Key Function.
• NED's have been left out of this paper, as there is a wealth of comment already provided on a separate joint FCA/PRA consultation from the Banking industry.
• That said "...the regime for insurers should not be identical to the regime for banks". 
• While Controlled Functions continues to exist as a PRA term, it will be interchangeable with the term Senior Insurance Management Functions ("SIMFs"), which I have used below.

Going into detail, we find the following;

• CEO, CFO, CRO and Head of Internal Audit are all SIMFs, with Chief Actuary, WP Actuary and a couple of Lloyds-specific roles also lined up.
• Some Group-specific SIMFs also created.
• Any Solvency II "Key Function" holders who are not SIMFs will simply be assessed within the business, with the PRA having right to overturn. I thought this would include the Head of Compliance, but they are picked up by the FCA (below). Not sure who else could be Key Function but not a SIMF, unless some SIMF role-holders don't plan to also do a day job.
• List of new Core Responsibilities provided which need to be allocated to one or more SIMFs (2.21). These include the old chestnuts of remuneration policy and "culture" in its broadest sense, as well as performance of ORSA.
• A form will follow which needs to be completed by firms for all prospective SIMFs and Key Function holders containing "relevant information" on them - I suspect this will be a LinkedIn cut-and-paste job.
• Obligation to make and maintain a "Governance Map" listing the positions and key functions which run the firm, the allocation of management responsibilities (including the new ones in 2.21 presumably) and relevant reporting lines. Oddly, the PRA think "...there will be some costs in compiling and maintaining the Governance Map", when it feels like a lazy Thursday morning for Company Secretarial to me...
• Some reinforcement of Conduct standards for SIMFs and Key Function holders, with Key Function holders having an additional policyholder protection-related standard added to their armoury.
• Emphasise that Fit and Proper needs to be assessed on an ongoing basis, as opposed to periodically, which effectively gives the regulator a get-out-of-jail when a bad apple SIMF mismanages a firm (i.e. "why didn't you pick it up internally first?").
• Solvency II brings in a legal requirement for firms to satisfy themselves of a candidate's fitness and propriety before sending applications to the PRA. They therefore plan to assess whether firms recruitment processes are "appropriately rigorous", which feels like a step into the un-assessable (if that is even a word).

Proposed Supervisory Statements are appended to their document covering the assessment of fitness and propriety, and the application of new conduct standards. From those I would highlight;

• "The norm" is for single individuals to perform SIMFs
• That firms may add to the list of conventional Key Functions using a bullet-point checklist
• Firms can "...freely decise how to organise each function in practice"

FCA Consultation Paper

• The existing Approved Persons Regime will be adapted to fit Solvency II and PRA/EIOPA requirements, as well as existing application forms.
• "Pre-approval" will therefore still exist in 2016.
• While the PRA pick up approval of most Key Functions under Solvency II, the FCA keep hold of the approval of Compliance Function heads, which don't feature in the SIMF list.
• Give themselves some leeway to impose approval and conduct obligations on "certain other functions" in insurers
• Appear to be combing over conduct-related rules from their work with the banking industry

Frankly, the amount of crossover between prudential and conduct regulators, existing and new rulebooks, and banking and insurance industries, makes this particular topic an awkward read, which is why I don't work in Compliance!

Levity aside, the outcome of these consultation papers will have a significant effect on insurers existing onboarding and approval processes, content of executive job specifications, and indeed the fundamental operacy of governance systems, given the level of prescription involved. Now would be a good time to start briefing!

UK's "new" Prudential Regulatory Authority - Approach to Insurance Supervision

So a magical thing happened over the weekend: a venerable institution disappeared on Friday, only to come back reborn on Monday...

...that's right, the FSA is no more, being replaced by two more focused entities in the Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FSA). This is part of the UK-specific fallout from the financial crisis, where a perceived lack of focus from the former tripartite system which housed the FSA allowed for both systemic risk (Northern Rock, RBS) and conduct risks (PPI, Interest Rate swaps) to emerge largely unchecked.

Rather excitingly, this means a new website with some natty logos from the Bank of England (which

PRA - emperor's new clothes
or Solvency II aperatif?

has rehoused the PRA side of the FSA), as well as a statement on the new supervisory approach that the PRA will be taking.

For anyone in the ERM/Solvency II/Corporate Governance space, this gives us a chance to pick up on the kind of regulatory interrogation one might expect when writing/upgrading system of governance-related materials in preparation for both full Solvency II implementation in 20??, as well as how they are accommodating EIOPA's interim measures from 2014.

Remembering that the PRA's two statutory objectives are to promote safety and soundness of the firms it regulates, as well as specifically providing appropriate protection to insurance policyholders, I thought it wise to make some notes on how they have catered for Solvency II and deference (when due) to EIOPA, as well as the general content around expectations of governance systems. I found the following worthy of note;

Control function-specific

Section 82 - "[PRA] wants to be satisfies in particular that designated risk management and control functions carry real weight within insurers"

Section 117 - Should have separate risk management and individual control functions in place (dependent on nature scale and complexity etc)

Section 118 - the PRA "expects these functions to be independent of an insurer's revenue generating functions"

Section 120 - expectation of an "operationally independent Actuarial function", which the PRA consider to be "integral to the effective implementation of a firm's risk management framework"

Section 182 - "Actuaries can play an important part in supporting prudential supervision"

Section 119 - an effective Risk function on the other hand merely "ensures that material risk issues receive sufficient attention from the insurer's senior management and Board" - just because I'm paranoid, doesn't mean the Risk profession isn't being made something of a gooseberry here, particularly as the FSA/Actuarial profession love-in started some time ago!

On Risk Appetite

Section 110 - a firm's risk appetite "[is] to be integral to its strategy, and the foundation of its risk management framework"

Remuneration

Section 84 - "remuneration and incentive schemes should reward careful and prudent management" - just like Prudential's and Standard Life's did this week!

Section 194 - Hint at potentially restricting pay in firms if intervention is warranted

Stress/Reverse Stress Testing

Section 109 - the AMSB must have "...an explicit understanding of the circumstances in which their firm might fail"

Section 145 - with regards to Reverse Stress Testing, "...management should consider the reliability of the output of the internal model compared with the results of these tests"

Section 106 - "competent, and where appropriate, independent control functions" should oversee risk management and internal control frameworks

Internal Models

Section 116 - On Internal Models, the AMSB should understand;

• extent of reliance on models for managing risk;
• limitations of their structure and complexity;
• Data used;
• key underpinning assumptions

Section 140 - "PRA expects internal models to be appropriately prudent"

Section 144 - firms may not choose the lowest capital requirement to determine whether or not to model internally

Regulatory Capital

Section 135 - for capital adequacy, firms "...should not rely on regulatory minima", and also "...should not rely on aggressive interpretations of actuarial or accounting standards"

Proportionality

Sections 212-215 - touches on treatment of "low impact" firms - is this effectively where aggressive approaches to proportionality interpretation should be expected (combined control functions, limited documentation, passive acceptance of Standard Formula etc)?

p43 - table covering the allocation of supervisory staff - 10 staff to 1 firm for the 25 largest insurers, versus approaching 10 firms to 1 supervisor at the small end.

Solvency II-specific references

• In the PRA's view "[Solvency II technical detail should] leave scope for supervisors of individual insurers to make informed judgements around risks posed"
• Confirms that elements of the Directive such as Prudent Person Principle, ORSA, Control Function requirements and Pillar 1 are all aligned with the new Threshold Conditions
• Model approval will be dependent on "adequate" risk identification, measurement, management, monitoring and reporting throughout the modelling process
• Will impose capital add-ons when necessary "to ensure insurers meet the required standards"

AKG - Solvency II perspectives from the financial advisory industry

In the absence of materials pointed towards the sector, AKG have released a Solvency II guide for financial advisers (sign-up required, but worth it), which provides a refreshing angle change from the usual bureaucrats vs lobbyists vs politicians chatter flooding the trade presses.

Solvency II and RDR -
"mess with me, you mess
with my whole family"

While Solvency II was clearly De Vito to RDR's Schwarzenegger over the last year and a half for the financial advisory industry (indeed all bar one of those surveyed by AKG's pollsters had been concentrating "exclusively" on RDR), there was at least some familiarity with the impact on product availability from the current impasse - Protection and Annuity rates, With Profits availability and Guarantee costs are all on the industry's radar.

While there was a couple of faux pas in the document (the official timeline is certainly not "established and managed by EIOPA", and as the world and her husband will tell you, the ORSA is not an annual report!), the document helps understand the concerns and needs of the distribution world at this uncertain time. I picked out the following;

• That CROs will be more concerned about risks posed by external distributors and advisors in future
• That advisers will likewise need assurance on product supplier risks, and that provider and product ratings from external sources "...will be crucial components in gaining this reassurance"
• That the alignment of capital and risk "...will undoubtedly drive capital light products in future"
• That the mainstream press hasn't yet "gone big" on Solvency II, but that advisers may get caught out when they do
• That the advisory industry wants "...a guide [to Solvency II] to explain in an easy-to-understand, jargon-free manner" - over to you FCA!
• There are concerns around the quantum and familiarity of products/providers once Solvency II goes live and we see new market entrants/consolidation

They conclude that "advisers should not panic about Solvency II and its implications". That has a whiff of Chamberlain about it to say the least, but the "panic" would be about convincing punters to pay more for guarantees or share the risks in insurance products in the near future, as opposed to the solvency adequacy of the providers themselves.

FSA plans for conduct of business under the FCA

Speeches today from Hector Sants and Margeret Cole on the future of regulation for the 24,000+ small financial services firms who will not fall under the auspices of the Prudential Regulatory Authority.

Both provide quality insight as to how the risk/reward argument is playing out at the FSA as they prepare for the 2013 split - particularly liked the parallel of cost of extra regulatory visits against the cost of product failures such as Keydata.