In 2023, EIOPA has published several recommandations and progress reports, the most insightful being:
Advice to the European Commission on Greenwashing – EIOPA-BoS-23/157 – 01 June 2023
Consultation Paper on the Opinion on sustainability claims and greenwashing in the insurance and pensions sectors – EIOPA-BoS-23/450 – 17 November 2023
Both documents contain highly important information and guidelines towards a future framework for the industry, a framework probably to be applicable no later than 2025.
As outlined in both papers, EIOPA addresses these guidelines in close cooperation with the two other ESA in charge of financial services supervision, EBA and ESMA. It’s advice summarizes this interconnectedness with a « Sustainable Finance Investment Value Chain » chart:
The Advice to the EC defines the meaning of « Sustainibility Claims« , the critical item to be addressed to analyse any kind of greenwashing activity within this value chain.
‘Sustainability claims’ are claims that state or imply that an entity or product ‘benefits’ the environment or society. The type of ‘benefit’ is varied and includes:
positively impacting sustainability factors;
not impacting sustainability factors;
minimizing negative impacts on sustainability factors;
minimizing the impact of climate change on society (this includes climate adaptation measures).
This understanding of ‘sustainability claims’ is consistent with the definition of “environmental claims” as defined in the EC proposed Directive as regards empowering consumers for the green transition which would amend the Unfair Commercial Practices Directive (UCPD): “‘environmental claim’ means any message or representation […], which states or implies that a product or trader has a positive or no impact on the environment or is less damaging to the environment than other products or traders, respectively, or has improved their impact over time”. ‘Sustainability claims’ as understood by EIOPA extends it to also cover social aspects.
Misleading sustainability claims can deceive consumers into buying products that are not aligned with their preferences, or into buying products from a pension or insurance provider that misleadingly portrays itself an entity with sustainability credentials. In such cases, consumers’ investments or premiums are re-routed away from sustainability factors.
Further, greenwashing occurrences erode consumers’ trust in providers’ ability to positively impact environmental or social factors. While EIOPA has not identified to date any major greenwashing cases in the insurance and pension sectors, because cases emerged in other sectors there may be already a general mistrust from consumers in relation to sustainability claims which can be made by providers. The EU-wide Eurobarometer survey carried out by EIOPA in June 2022 shows that 62% of EU consumers do not trust the sustainability claims made by insurance undertakings or distributors, while a similar percentage (63%) says that sustainability claims about insurance products are often misleading. Consumer representatives in their response to the ESA Joint CfE in January 2023 also reported limited trust in insurers and pension providers sustainability claims.
Additionally, misleading sustainability claims do not allow consumers as well as broader society to hold providers accountable for their environmental and social impact. This unaccountability might embolden providers to make misleading sustainability claims to gain a competitive advantage over other providers, after which these other providers might follow suit to close the competitive advantage, leading to more greenwashing occurrences.
Where and How Greenwashing Occurs in the Insurance and Pension Sectors
EIOPA differentiates seven major fields (three specific stages for insurers, three for IORPs and one common stage for both types of organizations) within the insurance and pensions lifecycle chart:
The major difference among insurers and IORPs are the reference to « products » and « schemes », taking into account the still highly heterogenous pension market and pension scheme providers within the EU.
In relation to the stages of the insurance and pensions lifecycle, respondents to the ESA Joint CfE provided views on the likelihood of the occurrence of greenwashing:
Declared likelihood shows that Marketing and Sales a clearly fingerpointed as they are considered « highly likely » to be subject to greenwashing. Without neglecting the other stages and especially the entity model and management clearly in the drivers’ seat of the other stages’ behaviour, let’s focus on the product delivery issues:
Marketing: main fields of potential greenwashing have their origins in the risks related to terminology and non-textual imagery.
Sales: information asymmetry or misleading information/disclosure as well as risks related to unsuitable product due to poor advice, incentives and distributors’ training are cited as potentially important and critical
Tackling Greenwashing
EIOPA regularly conducts surveys with the NCA to evaluate maturity and action plans as long as the framework is not in place.
Results are for the time being relatively mitigated as the large majority of NCA (21) didn’t identify greenwashing issues yet due to missing criteria to be applied and inexisting client related investigations. However, NCA reporting first actions are using several techniques EIOPA will probably evaluate and adopt for the future framework:
Very interesting also the survey results on the potential use of Suptech to deal with the enormous need to analyze data on products, sales and marketing practices:
Next Steps
Based on additional analyses, discussions and evidence that emerges by the delivery of the final report (May 2024), EIOPA will further refine its view on the definition of greenwashing, its impacts and risks (particularly on potential financial stability risk implications), as well as on how greenwashing can occur in the insurance and pensions lifecycle. To further exemplify the latter, EIOPA might develop case studies showing how greenwashing can emerge in practice.
EIOPA will also provide further considerations on the supervision of greenwashing, particularly in relation to any new greenwashing-related supervisory experiences and practices, as well as in relation to greenwashing-related supervisory and enforcement measures, if any.
Finally, EIOPA will further develop the list of issues it has already identified in the regulatory framework and based on those issues it will propose improvements – by way of recommendations – to the regulatory framework relevant to the insurance and pension sectors, including to Level 1 legislation. However as requested by the CfA, EIOPA will not make any proposals that would imply modifications of the Corporate Sustainability Reporting Directive (CSRD).
Digital transformation doesn’t stop creating surprise, admiration, innovation … but also deception and divide. In 2023, Gen AI has taken the lead regarding use, high speed engagement, discovery, and implementation.
How Tech Executives Rank Other C-suite Leaders’ Digital Skills and Mindset
They give the highest marks for proficiency and mindset (the ability to imagine digital solutions) to chief marketing, strategy and operations officers and CEOs among non-tech roles – and rank legal and HR leaders lowest, on average. Several potential reasons could explain this « gap »:
one of it probably being the traditionally less developed business partnership among CTO/CIO functions and HR and especially Legal departments as these functions either work with robust legacy or with low or no IT solutions to produce their output;
another root cause of underestimated « mindset » and « proficiency » might be stronger compliance requirements usually existing for HR and Legal functions, requirements natively less open for technical disruption;
finally, both functions are frequently « (dis)qualified » by IT management as being too « open to shadow IT » solutions.
Three-Quarters of CEOs Have Tried ChatGPT Since Its Launch
A third of chief executives who have used the tool for work used it for writing and communication. More than 20% have employed it for general research, followed by market research and presentations (13% each).
Definitely a great start compared to significantly lower C-level adoption of previous IT innovations and disruptions. However, given the extremely broad potential among all other functions within an organization, from front lines to back office and all support functions, it’s critical to involve executives and boards in all inititiatives identified or to be identified as critical and potentially disruptive and/or transformative for the organizations future.
Otherwise, the risk to underestimate value and underallocate investments could be huge (e.g. past experience with social network, IoT, data science … too often considered being « for their kids or for freaks » than for their organizations and business).
As Executives Laud AI, Consumers in the U.K., Canada and U.S. Express Fear
More than half of consumers in all three countries chose “complex” and “threatening” to describe AI, while “effective” was the least-selected word.
Not really a surprise as Big Tech is considered being a cunsumer unfriendly « oligopoly » after the skyrocketing of their market capitalization since Covid.
Fastly growing data privacy issues and cyber security incidents naturally add concerns regarding this technological disruption mainly built on Big Data and AI usage most consumers didn’t imagine prior to ChatGPT going mainstream.
How to Cope With Global Digital Divides
At least four digital infrastructures are emerging as ideology splits the world — in China, the U.S., the EU, and Russia. After three decades of global consistency for multinational companies, this shift has radical implications for business.
The number of national policies restricting data flows or access more than doubled from 2017 to 2021. With AI regulation following the same path, hoping this divided world will “return to normal” is futile. And a purely tactical C-suite response to one digital policy at a time is too costly.
To reduce risks to growth, executive leaders should instead view geopolitical and digital tensions strategically while reacting to measures in specific jurisdictions. That means:
Adjusting local enterprise technology architectures, operating models and corporate structures as needed
Exiting the market as the final resort if following the steps outlined in Figure 1 does not sufficiently mitigate operational risks
Assess Country Dependency Risk — Including Sovereign Data and Digital Strategies
Executive leaders should first determine the business impact of geopolitical and digital risks in a country — including regulations — and consider appropriate mitigating steps. For example, some multinational enterprises that continued to operate in Russia after February 2022 had to adjust their technology stack when one or more of their technology suppliers left the country.
Many multinational organizations are assessing the potential for a similar problem to arise in other regions of high tension. They also now need to manage China’s Personal Information Protection Law (PIPL) and India’s new Digital Personal Data Protection Act (passed in August 2023 but not yet effective) while remaining compliant with the EU’s general data protection regulation (GDPR).
Because digital technology is central to business, digital regulations affect almost everything a company does (as well as nearly all consumers and public-sector activities). Executive leaders must, therefore, take a broad view of how their enterprise uses data (see Figure 2).
Evaluate your digital risk in a country using Figure 2 as a guide. Take each element as a potential risk area you need to gauge due to one or more sovereign data and digital regulations. While this process will depend on where and how your company operates, a standardized assessment across all elements will help you make consistent, actionable changes faster at a strategic level.
Executive leaders addressing the enterprisewide impact of increasing digital regulations should:
Identify the business scenarios and outcomes that are hardest to govern because of, for example, geographic and organizational diversity, complexity and autonomy.
Consider establishing a virtual team to govern data and analytics throughout business functions and across geographies to address one of these situations. Using this connected governance framework will involve creating a proof of concept to test the benefits, risks and impacts associated with the scenario.
December 13, 2023, EIOPA has published a Consultation Paper regarding potential amendments of the prudential treatment of sustainibility risks (EIOPA-BoS-23-460). The expected Article 304a of the Solvency II Directive mandates EIOPA to assess the potential for a dedicated prudential treatment of assets or activities associated substantially with environmental or social objectives, or harm to such objectives, and to assess the impact of proposed amendments on insurance and reinsurance undertakings in the European Union. EIOPA is required to submit a corresponding report to the Commission.
A discussion paper outlining the scope, methodologies, and data sources for the analysis has been published in 2022 as the first outcome of EIOPA’s work under this mandate. This consultation paper is the second outcome, based on the discussion paper’s public feedback received, together with the feedback received from the Platform on Sustainable Finance and the European Banking Authority (EBA). It will form the basis of the report envisaged to be submitted to the Commission after consulting the European Systemic Risk Board (ESRB).
EIOPA decided to focus its analyses on the following three conceptual areas that are considered to be appropriate for a risk-based analysis:
The first area of the analysis is dedicated to the potential link between prudential market risks in terms of equity, spread and property risk and transition risks.
The second area of the analysis focuses on the potential link between non-life underwriting risks and climate-related risk prevention measures, since the prudential treatment of assets or activities as referred to in the mandate includes insurance undertakings’ underwriting activities.
The third area of the analysis is related to the potential link between social risks and prudential risks, including market and underwriting risks.
As a kind of « disclaimer » EIOPA states that « since sustainable finance is an area characterized by an ongoing progress regarding data availability and risk modelling, certain natural limitations of the analysis exist at this stage« :
Firstly, the sample size of certain asset portfolios for the analysis is relatively small due to general data constraints that can hardly be overcome. Further to this, the limited sample size covered in the present analysis might not reflect the overall insurers’ exposure to transition risks, which could also materialize from indirectly held assets.
Secondly, since legally binding transition plans of firms, for instance in relation to the Corporate Sustainability Reporting Directive (CSRD), are not yet available, reliable firm-specific characteristics affecting the (long-term) transition risk exposures of firms are difficult to obtain as further input data for the analysis. In this respect, a sectoral classification approach is generally not able to model firm-specific transition risk characteristics, which would require a firm-level approach instead.
Thirdly, technical challenges for the analysis exist in isolating transition risks from other risk drivers, such as the impact of the Covid-19 shock on asset prices, which is an important determinant for the backward-looking analysis, but not for the forward-looking analysis.
Fourthly, the exact extent to which credit ratings reflect transition risks remains unclear at this stage, making it challenging in the case of the prudential treatment of spread risk in the Standard Formula whether a dedicated treatment would be justified.
By acknowledging the methodological limitations in the context of assessing sustainability risks from a prudential perspective, EIOPA, at this stage, does not recommend policy options in all areas studied in this consultation paper, and does not express a preference between the options proposed as regards equity and spread risk in relation to transition risk exposures.
Potential link between prudential market risks in terms of equity, spread and property risk and transition risks
The challenging question arises as to whether to rely on historic asset price data to conduct an empirical risk analysis (backward-looking) or to use model-based risk assessments, typically in terms of stress scenarios (forward-looking), or a combination of both.
The feedback EIOPA received to its 2022 discussion paper (« Discussion paper on physical climate change risks ») overall support for the methodologies outlined regarding the forward-looking analysis. Some respondents mentioned that the use of a model-based assessment can be subject to technical bias due to the model assumptions taken, and corresponding findings should be treated with caution regarding the conclusion on potential prudential implications. Several respondents suggested focussing only on a forward-looking assessment, since historic time series data might not be able to show a potential materialization of transition risks.
EIOPA considers forward-looking model-based risk assessments to offer valuable insights into the potential impact of transition risks on asset prices, particularly since historical asset price data may not fully reflect the dynamic nature of environmental externalities and the complexities of transitioning to a low-carbon economy. Market sentiment, technological advancements, regulatory changes, and societal awareness of climate issues can significantly influence transition risks in the future. A comprehensive model-based approach can complement historical data analysis and provide a holistic view of how transition risks may materialize in asset prices.
A forward-looking assessment requires models and assumptions regarding the future developments of climate change and the transition to a carbon neutral economy. In particular, uncertainty surrounds the nature and timing of policy actions, technological change and the extent to which financial markets are already reflecting a transition scenario in asset prices. In other words, the results and conclusions obtained can be quite sensitive to the choices adopted for such parameters and assumptions. To capture such uncertainty, researchers make use of scenario analysis to analyse a broad range of future states of the world.
A number of supervisory authorities – both at national and European level – have developed climate change scenarios to assess the exposure of financial institutions to climate risks in terms of transition risks. EIOPA studied several analyses of climate transition scenarios developed by ACPR/Banque de France, DNB, ECB/ESRB as well as EIOPA/2DII to build a conceptual framework for the forward-looking analysis presented in this section. EIOPA’s discussion paper in 2022 briefly summarised these studies21, whereof the main conclusions are:
The assessments make use of different scenarios. ECB/ESRB and ACPR/Banque de France use as a basis the climate scenarios developed by the Network for Greening the Financial System (NGFS), DNB developed its own bespoke shock scenario and the EIOPA/2DII sensitivity analysis makes use of transition scenarios developed by the International Energy Agency (IEA);
The analyses use two ways to measure the impact of disorderly transition scenarios by either comparing them with the baseline results for an orderly transition or with the current, no policy change pathways;
The forward-looking assessments employ several models to translate high-level climate scenarios into pathways for equity and corporate bond prices at sector level using either the NACE breakdown of economic activities or – in case of the EIOPA/2DII sensitivity analysis – fifteen climate-policy relevant activities;
The assessments exhibited substantial differences in exposures to transition risk for the various economic activities and technologies. On the one hand, equity exposures to mining and power generation would be fully stranded in the DNB combined policy and technology shock scenario. On the other hand, equity exposures to renewable energy would double in value in the EIOPA/2DII late and sudden policy shock scenario.
A mapping of the Transition Vulnerability Factors (TVFs) developed by the DNB on the NGFS’s transition risk scenarios to assess the potential exposure of economic activities to transition risks from a forward-looking and risk-oriented perspective. The TVFs capture the sensitivity of stock returns to forward-looking scenario-specific excess market returns, for instance in case of a rise in carbon prices or a technological shock. Based on this mapping exercise, the economic activities that seem to be particularly exposed to transition risk from a forward-looking perspective are the following:
C23 – Manufacture of non-metallic mineral products;
C24 – Manufacture of basic metals;
D35 – Utilities (electricity, gas, steam and air conditioning supply);
H50 – Water transport and
H51 – Air transport.
It is important to differentiate economic activities that might be able to follow a transition to a low carbon economy in the future from those which might not. Indeed, in terms of carbon footprint, sectors related to the extraction, production, processing, transportation and reselling of fossil fuels will hardly be able to reduce their carbon emission levels as it is directly linked with their activity. In this regard, the Platform on Sustainable Finance (PSF) states that “the Platform recognizes there are other economic activities for which no technological possibility of improving their environmental performance to avoid significant harm exists across all objectives and which might be thought of as ‘Always Significantly Harmful’ activities”, referring particularly to economic activities B5 (Mining of coal and lignite), B8.92 (Extraction of peat) and D35.11 (Power generation from solid fossil fuels). According to article 19(3) of the taxonomy regulation, power generation activities that use solid fossil fuels do not qualify as environmentally sustainable economic activities.
Three possible types of transition scenarios can be envisaged in the coming decade:
An orderly type of transition scenario in which there is no or little impact on the real economy and financial sector. This type of scenarios consists of a timely and predictable path to a carbon-neutral economy with companies gradually adjusting their business models and capital stock to this new reality. An orderly transition is considered to be the baseline scenario in the ACPR and ECB/ESRB transition stress tests.
A disorderly type of transition scenario where there is a substantial impact on the real economy and – through their asset exposures to carbon-intensive sectors – the financial sectors. This type of scenarios tends to be characterised by unexpected, sudden and delayed actions to achieve carbon-neutrality. A disorderly scenario is generally considered to be a low probability, but yet plausible event.
A type of scenario where there is no transition or an insufficient transition to a carbon-neutral economy. Such a type of scenarios is also bound to have substantial negative impacts on the real economy and financial sector. Not due to transition risk, but as a consequence of a further increase in (acute) physical risks, like floods, fires and storms that may damage production facilities and disrupt supply chains.26 However, such risk differentials will materialise in another dimension, i.e. depending on the geographical location of companies rather than their carbon sensitivity.
Given that a disorderly transition poses the biggest transition risk, a prudential forward-looking VaR-analysis should focus on transition risk differentials relating to a disorderly scenario. Since it is difficult to estimate the probability of such a scenario, it is proposed to assess its impact under various annual probabilities of occurrence, e.g. ranging from 0.5% to 4.5% per year. To put these annual probabilities into a longer-term perspective, assume for example that the probability of an orderly transition amounts to 50% during the coming decade. The annual probabilities of 0.5-4.5% will then translate in a cumulative probability of 5-30% after 10 years, leaving a cumulative probability of no (or insufficient) transition of 20-45%.
Equity Risk: Backward-Looking Results
Results of the Broad Portfolio Allocation Approach
Results of the Narrow Portfolio Allocation Approach : CPRS (Climate Policy Relevant Sectors) – based Portfolio Allocation)
Overall, the fossil fuel sector shows a differentiated risk profile relative to the other sectors in terms of the highest VaR (-56.5%) in the relevant time period from 2010-2021. This sector includes the following NACE codes: B5, B6, B8.92, B9.1, C19, D35.2, H49.5, G46.71, which mainly relate to activities associated with the extraction of crude oil, natural gas and the mining of coal. A large number of studies underline that these activities, due to their inherent carbon intensity and limited potential to transition, tend to be more exposed to transition risks, as European economies gradually converge towards the objectives set out by the 2015 Paris Climate Agreement and the EU Green Deal.
Equity Risk: Forward-Looking Results
The forward-looking analysis uses the projected equity shocks for the different economic sectors being distinguished in:
the sudden (1) and delayed (2) transition scenarios of ACPR;
the policy shock (3), technology shock (4) and double (or combined) shock (5) scenarios of DNB;
the delayed transition (6) scenario of ESRB/ECB;
the disorderly transition (7) and ‘too little, too late’ (8) scenarios of IAIS.
In the Monte Carlo simulations, if a disorderly transition scenario materialises, a probability of 1/8 is attached to each of these eight specific scenarios occurring.
Equity Risk Differentials (Monte Carlo)
Spread Risk: Backward-Looking Results
Since the aggregation of various different economic activities into high-level portfolios as regards transition risk exposures appears suboptimal for assessing the potential for a risk differential, the assessment focuses on the narrow portfolio approach, in particular regarding fossil fuel-related bonds.
Spread Risk: Forward-Looking Analysis
In line with the forward-looking analysis for equity risk, the transition return shocks for corporate bonds for the different economic activities are derived from the disorderly transition scenarios of ACPR (sudden and delayed transition scenarios), DNB (policy, technology and double shock scenarios), ESRB/ECB (delayed transition scenario) and IAIS (disorderly and ‘too little, too late’ scenarios). In the Monte Carlo simulations, if a disorderly transition scenario materialises, a probability of 1/8 is attached to each of these eight specific scenarios occurring.
Spread Risk Differentials (Monte Carlo)
Stocks and Bonds: EIOPA’s Potential Policy Options
Based on the detailed analysis, EIOPA describes and evaluates three potential options for both asset classes:
Equity Risk (options and EIOPA’s evaluation)
Option 1: “no change”-option
Option 2: treating fossil fuel-related stocks as Type II (stocks listed outside EEA and OCDE markets) equity, i.e., a capital charge of 49% rather than 39% for Type I equities;
Option 3: a dedicated supplementary capital requirement to the current equity risk calibration with supplementary capital charge to the current Standard Formula’s risk charge of 39%, in case of Type I equities, could lie in the range up to 17% in additive terms, i.e., 39%+17%=56%. Regarding the role of participations or long-term equity, exclusion criteria for fossil fuel-related activities or a potentially higher capital requirement may be needed to limit incentives to re-classify Type I/II stocks as participations for the sake of SCR reduction.
Spread Risk (options and EIOPA’s evaluation)
Option 1: no change option.
Option 2: a rating downgrade of bonds related to fossil fuel activities,
Option 3: a dedicated supplementary capital requirement to the current spread risk calibration, up to 5% in additive terms, which corresponds to an increase in the capital requirements of up to 40% relative to the bond portfolio’s current capital requirement.
An impact assessment conducted by EIOPA shows a very low impact of the proposed policy options on the solvency ratio of the undertakings (cumulated range equity and spread on Germany’s and France’s solvency ratios from -0.21 to -1.71%p) mainly due to the undertakings’ limited exposure to directly held fossil fuel-related assets. The low impact on the undertakings’ solvency ratio thereby suggests a limited impact on the asset allocations of undertakings in terms of potentially triggering fire-sales of fossil fuel-related assets that could contribute to systemic risks in the financial system. Moreover, it is important to note that besides capital charges, insurers take further criteria for their investment decisions into account, such as objectives in terms of duration and cash flow matching between assets and liabilities, further limiting the potential of the proposed policy options to trigger material re-allocations in the undertakings’ asset portfolios. It is therefore concluded that the proposed policy options would not materially contribute to systemic risks in the financial system.
Property Risk and Energy Efficiency
Regarding property risk, the Standard Formula in Solvency II currently foresees a shock to the market value of buildings of 25%. The shock has been calibrated as the annual 99.5%-Value-at-Risk (VaR) of monthly total return real estate indices and does not distinguish between commercial or residential real estate.
To study the potential effect of energy efficiency on property risk, EIOPA proposed in its discussion paper to construct property price indices based on samples of buildings with the same energy performance level, while controlling for major property characteristics typically driving the market value of a building. The energy performance-related price indices track the average price series of a specified reference building over time, and allow to calculate the corresponding annual returns. From a prudential perspective on property risk, a comparison of the annual Value-at-Risk values at the 99.5% confidence level across the energy performance-related price indices can provide evidence on a potential energy performance-related risk differential for property risk.
The two main variables of interest for the analysis are the building’s energy performance and its market value. EIOPA suggested in its discussion paper to use the building’s energy performance certificate (EPC) as a categorical measure of its level of energy efficiency. In this regard, the energy performance of a building is defined as the amount of energy needed to meet the building’s energy demand associated with a typical use of the building in terms of heating, cooling, ventilation, hot water and lighting. The EPCs typically range from A+ (most efficient) to H (least efficient), and using EPCs as a determinant for transition risk exposures was broadly supported in the public consultation. Moreover, energy performance certificates are also used as measure for the energy performance of buildings under the corresponding technical screening criteria of the EU Taxonomy.
The building’s market value, measured for the analysis as a building’s advertised sales price, is scaled by the building’s size (typically the square meter of living area for residential buildings) to reduce selection bias and to raise comparability of prices across buildings. Due to the impact of inflation on the market value of buildings, the building’s sales price in a given year is deflated for the analysis.
A range of factors can typically influence a building’s market value, such as location and age, and should be controlled for when grouping comparable buildings together to construct the house price indices. Generally, grouping data in relation to multiple house characteristics to reach homogeneous groups for comparison can materially limit the number of available price observations to construct respective price indices. In particular, residential buildings are typically infrequently sold during their lifetime, constraining materially the scope of building-specific time series data that could be used to track pricing effects. Therefore, a general tradeoff between complexity (granularity) in terms of building characteristics to construct homogeneous groups of buildings and the sample size arises, and a sufficient balance needs to be found.
To study the effect of a building’s level of energy efficiency on property risk from a backward-looking perspective, energy performance-specific property price indices based on the German residential housing market and advertisement data have been constructed.
The findings of EIOPA’s backward and forward-looking analysis together with a risk differentials based sensitivity study show an inconsistent effect of the level of energy efficiency on property risk in terms of the 99.5% Value-at-Risk of annual property returns. In contrast, the forward-looking analysis finds an increase in the riskiness of properties with energy labels F and G, i.e. the two least energy-efficient classes of property.
Since the quantitative findings from a backward- and forward-looking perspective show mixed evidence, EIOPA cannot conclude whether a dedicated prudential treatment of energy efficiency under the property risk sub-module in Solvency II’s Standard Formula could be justified.
As the analysis is subject to various data limitations that could not have been overcome by means of the public consultation of EIOPA’s discussion paper in 2022, EIOPA suggests a repetition of the analysis, particularly in context of the developments of the Energy Performance of Buildings Directive (EPBD), which aims for a consistent assessment of the energy efficiency of buildings in the EU and for improving corresponding data availability. It can therefore be expected that more data suitable for a property risk analysis as regards energy efficiency will be available in future.
Non-Life Underwriting and Climate Change Adaptation
The expected growth in physical risk exposures and insurance claims due to climate change will increase risk-based premium levels over time, potentially impairing the mid- to long-term affordability and availability of insurance products with coverage against climate-related hazards. Moreover, the increased frequency and severity of natural disasters and extreme weather events associated with climate change can make it more difficult for insurers to predict the likelihood of future losses accurately and to price insurance products appropriately.
Climate-related adaptation measures are defined as structural and non-structural measures and services that are implemented by (re)insurance undertakings or policyholders ex-ante to a loss event, which reduce the policyholder’s physical risk exposure to climate-related hazards through
lowering the frequency of climate-related losses or
lowering the intensity of climate-related losses in an underwriting pool.
Climate-related adaptation measures can differ substantially regarding their form and ability to protect against climate-related hazards. Specific examples of climate-related adaptation measures discussed in the insurance context comprise:
measures related to a building’s structure like water-resistive walls, windows and doors or non-return valves on main sewer pipes against flood risk,
external building measures such as sandbags against flood risk,
heat- and fire-resistive construction materials for buildings against exterior fire exposures,
the irrigation of crop fields against drought risk and heat waves and
non-structural measures such as forecasting and warning systems (e.g., SMS) to enable policyholders to protect their goods in advance of severe weather events.
From a risk-based perspective, a clear link between climate-related adaptation measures and insurance premiums is given, as adaptation measures aim to reduce the policyholders’ physical risk exposures and insured losses associated with climate change, and thereby contribute directly to reducing the actuarial fair premium of an insurance contract. In contrast, climate-related mitigation measures focus on actions to reduce greenhouse gas emissions, for which a direct risk-based link to the actuarial fair premium does not necessarily exist. For instance, while motor insurance products focusing on electric vehicles contribute to reducing the emission levels associated with an underwriting pool, the lower emission levels do not directly affect the loss profile of the underwriting pool in terms of the frequency and intensity of claims. Therefore, climate-related mitigation measures are excluded from the scope of this analysis.
The prudential requirements for non-life underwriting risks in Solvency II’s Standard Formula comprise three main modules:
the premium – refers to future claims arising during and after the period of the solvency assessment (covered but not incurred, e.g., in relation to the provision for unearned premiums) – and reserve – refers to past risks and claims that have already materialized (provision for outstanding claims) – risk module,
the catastrophe module – potential losses from extreme and rare tail events, which are expected to happen more frequently and becoming more intense due to climate change – and
the lapse – instantaneous loss of 40% of the in-force business – risk module.
As per EIOPA, Particularly the first two modules can be considered materially sensitive to climate change and its impact on the frequency and intensity of severe weather- and natural catastrophe events. This statement can be challenged as we believe that increasing non affordability of insurance might well have an impact on lapse risk and feed-back on the consultation paper might well add it as being material.
Premium Risk
Premium risk in the Standard Formula is treated by means of a factor-based approach. In particular, the standard deviation of the underwriting pool’s loss ratio, which basically relates to the ratio of claims incurred to premiums earned, is driving the premium risk from a prudential perspective. The capital charge is determined to be consistent with the 99.5% percentile of the loss ratio’s distribution to cover unexpected shocks to the claims and premiums of the insurance undertaking in a given year.
Since climate change and its impact on physical risks materializes dynamically over time, for instance due to the dependance on changes in (global) temperature levels which in turn depend on greenhouse gas emission levels, historic data might not be an appropriate predictor of future trends, making it difficult for insurers to accurately predict the likelihood of future claims.
Climate-related adaptation measures can reduce the frequency and severity of weather- and climate-related losses in an underwriting pool and thereby smooth the claim’s distribution and lower the standard deviation of the loss ratio. In that regard, the risk of mispricing insurance policies due to climate change could be reduced, as the adaptation measures limit the potential for claims realizing in a given year to deviate materially from the expected outcome on which the premium level of the underwriting pool has been set before. The volume measure in terms of the net premiums earned is the second factor in the Standard Formula to determine premium risk from a prudential perspective and can be interpreted as a measure to scale the overall level of premium risk and the corresponding capital charge for the individual insurance undertaking. As the premium level of an underwriting pool is based on the expected volume of claims in a given year, the volume measure covers the expected losses.
Reserve Risk
Reserve risk captures the risk that the absolute level of claims provisions for an underwriting pool could be mis-estimated, i.e., that reserves are not sufficient to settle down the claims that occurred already in the past. As for premium risk, reserve risk is supposed to cover small to medium loss events and not tail events.
The prudential reserve risk is measured by means of a volume measure (net provisions for claims outstanding) and a parameter for standard deviation for the claim payments. Climate-related adaptation measures are expected to reduce the volume measure in terms of the net provisions for claims outstanding. Hence, the expected effect of adaptation measures on insurance reserves will be captured by the volume measure. The variation of costs to settle down claims that have already occurred in the past, however, does not seem to be materially affected by the fact of implementing climate-related adaptation measures in insurance products. Therefore, it is not expected that climate-related adaptation measures will have an impact on the standard deviation parameter driving reserve risk and is therefore studied only qualitatively.
Natural Catastrophe Risk
Under Solvency II, undertakings can take the risk reducing effect of climate-related adaptation measures into account when applying a suitable internal natural catastrophe model for estimating the corresponding capital requirements, but not under the Standard Formula. However, the effects of climate-related adaptation measures on the solvency capital requirements for natural catastrophe risk are difficult to predict, as they depend substantially on the catastrophe model used, the climate-related hazard considered, the risk characteristics of the adaptation measure modelled and the localisation of the risk exposure. Moreover, for example large-scale and expensive adaptation measures like flood-resistant walls might raise materially the value of a building, and thereby raise the sum insured, which in turn will raise the corresponding solvency capital requirement for natural catastrophe risk.
EIOPA focus un Premium Risk
Given the early stage of the EU insurance market regarding the implementation of adaptation measures in insurance products, particularly since current measures usually implemented are rather small-scale measures less effective against tail events captured by the natural catastrophe risk charge, but more effective against small and medium loss events captured by the premium risk charge EIOPA focuses its quantitative analysis on premium risk. Reserve risk and natural catastrophe risk are studied by means of qualitative questions that have been raised in the data collection with insurance undertakings in 2022. Future work could look more deeply into the quantitative influence of adaptation measures on the solvency capital requirements for natural catastrophe risk given further market progress in implementing adaptation measures in insurance products has been achieved providing sufficient data as regards their impact on claims related to tail events.
In order to study the influence of climate-related adaptation measures on premium risk, the annual loss ratios are calculated, both for portfolios with and without adaptation measures based on the 33 responses including data for 15 million policyholders of EIOPA’s 2022 consultation. Data is grouped into three main categories of climate-related adaptation measures for illustrative reasons:
Hail nets, tempered glass and garages, which have a conceptually similar effect against hail risk – referred to as the “Hail protection”-group
Weather warning systems (e.g. SMS, e-mail, etc.) – referred to as the “Warning systems”-group
Other adaptation measures (e.g. building codes) – referred to as the “other adaptation”-group
Standard deviation on Premium Risk
EIOPA’s Summary and Policy Recommendation
The sample for the analysis is very small, as it comprises only eleven underwriting pools. The EU insurance market is at a relatively early stage regarding the implementation of climate-related adaptation measures as defined in this exercise, which naturally limits the amount of potential data to be studied. In this regard, the Standard Formula’s requirement of at least five years of data for the assessment of the standard deviation parameter further constrained the scope of underwriting pools eligible for the analysis. Therefore, it is likely that the data sample studied does not fully capture the effects of adaptation measures, particularly in context of potential variations in terms of adaptation measures, climate perils, spatial exposures, etc.
At this stage, EIOPA does not recommend changing the prudential treatment of premium risk in context of climate-related adaptation measures. Due to the importance of climate-related risk prevention to ensure the long-term availability and affordability of non-life insurance products, EIOPA suggests a repetition of the analysis, provided that the availability of data has improved resulting from further market developments in this regard. In addition, an extension of the prudential analysis to the solvency capital requirements for natural catastrophe risk is suggested.
Social Risks and Impacts from a Prudential Perspective
EIOPA provides an initial analysis of the Pillar II and III requirements under Solvency II, to identify potential areas for further work. Given the material lack of social-related data and risk models regarding the social aspects of investment and underwriting activities of insurers, EIOPA did not conduct a Pillar I-related assessment in response to the mandate.
Social sustainability factors.
Social sustainability factors are commonly referred to in respect of “social and employee matters, respect for human rights, and anti-corruption and anti-bribery matters”.
SFDR (Sustainable Finance Disclosure Regulation) lists the following families of factors also used in the ESRS (European Sustainable Reporting Standards):
Social Impacts
The SFDR social adverse impacts include aspects as gender pay gaps between female and male employees, lack of workplace accident prevention policies, human rights policy or of a diligence process to identify, prevent, mitigate and address adverse human rights impacts.
The Social Taxonomy Report issued by the Platform on Sustainable Finance identifies as examples of socially harmful economic activity the involvement with certain kinds of weapons or the production and marketing of cigarettes.
Social Risks
Social risks refer to (financial) risks including those deriving from dependencies on human and social resources and those affecting working conditions and living standards, communities and consumers / end-users.
Social risks can arise from (macro-level) socio-economic developments as well as from entities or individual behaviour.
They can transmit into society
directly (e.g. events causing unemployment, health or security issues (such as pandemics, cyber threats)),
indirectly (‘second order’, e.g. rising price levels leading to financial distress, the risk of unemployment spreading into health or safety risks) and
through spill-over impacts (‘contagion’) affecting, for example, the financial system (e.g. unemployment leading to mortgage defaults, resulting in increased mortgage insurance pay outs and causing potential financial sector stability issues).
These risks can then transmit into risks for (re)insurance activities. For example, economic difficulties could lead to a decrease in the ability of citizens and companies to insure themselves or to pay their premiums.
Social Transition and Physical Risks
Social transition risk can result from the misalignment of economic activities with changes in policy, technology, legal requirements or consumer preferences which aim at addressing social negative impacts, such as for example inadequate working conditions or discrimination.
While social risks are primarily non-physical in nature, they can also give rise to physical / mental health consequences, especially when they affect working, safety and living conditions. Social risks related to inequality, discrimination, or human rights abuses can also for example lead to social conflicts which may have physical consequences in the form of property damage resulting from violence.
Social Risks for Insurers from a Prudential Perspective
Social risks can translate into prudential risks in the form of underwriting, market, operational (incl. legal) or reputational risks.
Pillar I Prudential Treatment
To perform a quantitative analysis to assess the potential for dedicated capital charges related to social risks, in line with risk- and evidence-based principles, would require large (international) consensus on appropriate definitions of risk channels as well as comprehensive and granular data on social risk factors in conjunction with appropriate risk models, which are not available to date. Hence, EIOPA does not conduct a Pillar I-related analysis in response to the expected mandate.
Pillar II Prudential Treatment
This chapter of EIOPA’s consultation clearly favours ORSA as being today’s most appropriate tool to deal with Social Risk Management. We agree with this initial strategy as it will enable regulators to build a real framework potentially impacting Pillar I and III within the next two to three years. However, based on the recent experience with ORSA, it would be useful to guide (re)insurance undertakings once the first ORSA reports including these issues filed to NCA. A Dry Run ORSA including these new criteria – like the one we experienced prior to 2016 – could be a good strategy to meet expectations.
High level social risk materiality assessment
(Re)insurers can conduct a high level (qualitative) social risk materiality assessment based on exposure to geographies, sectors or lines of business. The materiality of the exposure would form a proxy to vulnerability and materiality of the risk, in a first step of a risk materiality assessment.
Social risk – geographical exposure. For example, the Allianz social risk index118 identifies countries that are most vulnerable to systemic social risk. Indicators providing measures for social inequality or development can also provide indications on geographical exposure to social risks, such as the World Bank’s World Development Indicators featuring among others social indicators on labor, health, gender; the Gini index measures the distribution of income across a population; the UNDP human development indicator summarizes achievement in key dimensions of human development across countries.
Social risk – sectoral exposure. The exposure of assets or liabilities to economic activities in ‘high social risk sectors’. For example, the Business and Human Rights Navigator (UN Global Compact) can help mapping exposure to sectors at high risk of relying on child labour, forced labour, or sectors negatively impacting on equal treatment (incl. restrictions to freedom of association) or on working conditions (inadequate occupational safety and health, living wage, working time, gender equality, heavy reliance on migrant workers) or have negative impacts on indigenous people. For these issues, the Navigator identifies industry-specific risk factors, aiming to illustrate the issue for certain sectors such as agriculture, fashion & apparel, mining, travel & tourism. The navigator also identifies due diligence steps that companies can take to eliminate the specific social risks in their operations and supply chains. Information on the social sustainability of the economic activity the insurer is underwriting or investing in, can be sourced from companies’ corporate reporting on social risks and impacts under the Corporate Sustainability Reporting Directive (CSRD), as will be implemented by the European Sustainability Reporting Standards.
Social risk – insurance lines of business exposure. Some insurance lines of business may be particularly exposed to social risks. For example, the PSI ESG Underwriting Guide for Life and Health Insurance123 and the Geneva Association’s heat map of potential ESG risks in property and casualty underwriting124 identify social factors that may (negatively/positively affect) health or life and non-life insurance risks. Social adversity and lifestyle behaviour is known to affect health and with it, potential health insurance claims. Workers’ compensation claims are likely to be at risk of an employer’s poor work force policies. Other social/societal factors, such as housing insecurity or lack of education can influence (in)directly the outcome of workers’ compensation claims.
Practices for Mitigating Social Risks & Impacts: The Investment Strategy and Decisions
Limiting investment in or divesting from socially non-sustainable activities/companies: The exclusion of an investee harming social objectives from the investment portfolio can follow the identification of a socially harmful activity, based on two sources: internationally agreed conventions (e.g., certain kinds of weapons) or research on the detrimental effects of certain activities (e.g., detrimental effect of tobacco use). Thresholds for investments in such companies can be set, or exclusions from investments in these sectors pursued. Minimum social safeguards can serve as a guiding principle.
Impact investing and stewardship:
The (impact) investment strategy would direct investments at economic activities aiming to achieve explicitly social goals. For example, the funding of health research, through targeted investments in dedicated undertakings or investment in financial literacy programs may contribute to social objectives to improve living standards or access to relevant products to secure financial safety.
Engagement and voting on sustainability matters (as part of a stewardship approach) can aim to influence firms of which (re)insurers are shareholders. This supposes the (re)insurer can persuade the investee to act on social objectives and requires a certain degree of influence or leverage that the (re)insurer can reasonably exercise. (Re)insurers can use their engagement and voting rights to improve performance of those companies against the social objectives.
A ‘best-in-class strategy’ would consist in selecting investee companies with excellent social performance, regardless of the sector which they belong to. Such an investment approach can support companies to transition to a more socially sustainable business model. (Re)insurers can seek to ensure that those firms they invest in measure up to social objectives, especially in ‘high risk’ sectors, ensuring, for example that they provide appropriate wages, or that they operate safe working environments.
Such risk mitigating or adaptation actions can be informed by considering the SFDR principal adverse impacts of the investee companies’ activities. The so-called ‘minimum social safeguards’ as referred to in the Taxonomy Regulation can also provide a minimum standard for implementing a social prudent person principle for investments, in line with Solvency II.
Practices for Mitigating Social Risks & Impacts: The Underwriting Strategy and Decisions
Limiting underwriting of socially non-sustainable activities: Similar to investments, insurers could opt not to insure companies (belonging to a sector) known for unsustainable or harmful social practices in its own operations or value chain, or negatively impacting communities or consumers.
Impact underwriting and services: Through targeted underwriting activity, products and services, insurers could bring additional social benefits that directly contribute to the realization of social objectives for end-users and consumers as well as for affected communities (directly or through the value chain). There may be scope for insurers, through their underwriting strategy and decisions, to incentivize policyholders to manage losses arising from social risks. This may be through the provision of services or the potential reduction of premia for risk reducing measures taken by the policyholder, consistent with actuarial risk-based principles. Via underwriting, insurers could also ensure their product offerings and distribution practices consider the demands and needs of a diverse range of clients. Through their underwriting they need to ensure exclusions do not unfairly target and discriminate consumers with non-normative traits and/or vulnerable consumers.
For example:
The integration of social risk mitigants into, for example, surety bond underwriting for infrastructure projects can also contribute to reducing losses from underwriting due to social risks.
Risk mitigants can be part of underwriting conditions for workers’ compensation policies requiring companies to impact on the health of their workers through the pay they provide, the security of contracts they offer, and through the provision of benefits such as sick pay, parental leave, health insurance and other health-related schemes.
The establishment of sectoral risk sharing capacities at local, regional or national level, where applicable with government involvement, can contribute to social risk mitigation, for example by improving risk assessment for communities and societies and reducing losses from socio-economic risk events.
Pillar III Prudential Treatment
Considering the nascent reporting requirements on social risks and impacts under SFDR and CSRD, EIOPA is not proposing at this stage to develop additional (prudential Pillar III) reporting or disclosurerequirements regarding social risks and impacts in Solvency II. Further analysis would be required as to whether quantitative prudential reporting requirements could inform the corresponding prudential treatment of (re)insurers assets and liabilities.
On 10 November 2022, the European Parliament voted to adopt a new EU regulation on digital operational resilience for the financial sector (DORA). With obligations under DORA coming into effect late in 2024 or early 2025 at the latest, in this briefing we take a closer look at its impact and consider what the regulation will mean for firms, their senior managers and operations and what firms should be doing now in preparation for day one compliance.
What is DORA?
Aimed at harmonising national rules around operational resilience and cybersecurity regulation across the EU, DORA establishes uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide services related to information communication technologies (ICT), such as cloud platforms or data analytics services.
DORA creates a regulatory framework on digital operational resilience whereby all in-scope firms need to make sure that they can withstand, respond to, and recover from, all types of ICT-related disruptions and threats. ICT is defined broadly to include digital and data services provided through ICT systems to one or more internal or external users, on an ongoing basis.
DORA forms part of the EU’s Digital Finance Package (DFP), which aims to develop a harmonised European approach to digital finance that fosters technological development and ensures financial stability and consumer protection. The DFP also includes legislative proposals on markets in cryptoassets (MiCA), distributed ledger technology and a digital finance strategy.
Who will need to comply with DORA?
DORA will apply to financial entities, including:
credit institutions,
payment institutions,
e-money institutions,
investment firms,
cryptoasset service providers (authorised under MiCA) and issuers of asset-referenced tokens,
central securities depositories,
central counterparties,
trading venues,
trade repositories,
managers of alternative investment funds and management companies,
data reporting service providers,
insurance and reinsurance undertakings,
insurance intermediaries,
reinsurance intermediaries and ancillary insurance intermediaries,
institutions for occupational retirement pensions,
credit rating agencies,
administrators of critical benchmarks,
crowdfunding service providers and
securitisation repositories (Financial Entities).
DORA will also apply to ICT third-party service providers which the European Supervisory Authorities (the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), acting through their Joint Committee) (ESAs) designate as « critical » for Financial Entities (Critical ICT Third-Party Providers) through a newly established oversight framework.
The ESAs would make this designation based on a set of qualitative and quantitative criteria, including:
the systemic impact on the stability, continuity or quality of financial services in the event that the ICT third-party provider faced a large-scale operational failure to provide its services;
the systemic character or importance of Financial Entities that rely on the ICT third-party service provider;
the degree of reliance of those Financial Entities on the services provided by the ICT third-party service provider in relation to critical or important functions of those Financial Entities; and
the degree of substitutability of the ICT third-party service provider.
Any ICT third-party service provider not designated as critical would have the option to voluntarily « opt in » to the oversight. The ESAs may not make a designation in relation to certain excluded categories of ICT third–party service providers, including where Financial Entities are providing ICT services
to other Financial Entities,
to ICT third–party service providers delivering services predominantly to the entities of their own group or
to those providing ICT services solely in one Member State to financial entities that are active only in that Member State.
What are the key obligations?
DORA introduces targeted rules on ICT risk management capability, reporting and testing, in a way which enables Financial Entities to withstand, respond to and recover from ICT incidents. In principle, some of the requirements imposed by DORA, such as for ICT risk management, are already reflected to a certain extent in existing EU guidance (for example, the EBA Guidelines on ICT and security risk management).
The proposals include requirements relating to:
ICT risk management
DORA sets out key principles around internal controls and governance structures. A Financial Entity’s management body will be expected to be responsible for defining, approving, overseeing and being continuously accountable for a firm’s ICT risk management framework as part of its overall risk management framework. As part of the ICT risk management framework, Financial Entities need to maintain resilient ICT systems, revolving around specific functions in ICT risk management such as
identification of risks,
protection and prevention,
detection,
response and recovery and
stakeholder communication.
Reporting of ICT-related incidents
DORA aims to create a consistent incident reporting mechanism, including a management process to detect, manage and notify ICT-related incidents. Incidents deemed « major » would need to be reported to competent authorities within strict time frames, including initial notifications « without delay » on the same day or next day by using mandatory reporting templates. In some cases, communication to service users or customers may be required.
Testing
As part of the ICT risk management framework, DORA requires Financial Entities to adopt a robust and comprehensive digital operational resilience testing programme covering ICT tools, systems and processes. Certain Financial Entities must carry out advanced testing of their ICT tools, systems and processes at least every three years using threat-led penetration tests.
Information sharing
DORA contains provisions which should facilitate the sharing, among Financial Entities, of cyber threat information and intelligence, including
indicators of compromise,
tactics,
techniques and procedures,
cyber security alerts and
configuration tools
to strengthen digital operational resilience.
Localisation
Financial Entities will only be permitted to make use of the services of a third-country Critical ICT Third-Party Provider if such provider establishes a subsidiary in the EU within 12 months following its designation as a Critical ICT Third-Party Provider.
A simplified set of ICT risk framework requirements will apply to certain Financial Entities, including small and non-interconnected investment firms and payment institutions exempted under the Second Payment Services Directive. Such entities will need to comply with a reduced set of requirements under DORA, including the requirement to put in place and maintain a sound and documented risk management framework that details the mechanisms and measures aimed at a quick, efficient and comprehensive management of all ICT risks, including for the protection of relevant physical components and infrastructures.
What should firms be doing now to prepare?
Although it is not expected that DORA will apply to in-scope entities until late 2024 (see below), firms should now begin considering the steps that they will need to take to ensure day one compliance. These include:
Scope out impact
Taking a risk-based approach reflective of their size, nature, scale and the complexity of their services and operations, Financial Entities should begin to scope out the impact of DORA on their business. Firms should carry out a comprehensive gap analysis of their existing ICT-risk management processes against the new requirements introduced by DORA to identify any aspects of their existing processes that will be impacted by the new requirements and develop detailed implementation plans setting out the steps that will need to be taken to effect relevant changes. As part of this, Financial Entities should ensure that they have in place appropriate:
(i) capabilities to enable a strong and effective ICT risk management environment;
(ii) mechanisms and policies for handling all ICT-related incidents and reporting major incidents; and
(iii) policies for the testing of ICT systems, controls and processes and the management of ICT third-party risk.
This process will be iterative as some of the more detailed requirements of DORA will be further developed through technical standards to be published by the ESAs in due course.
Critical ICT Third-Party Providers
Critical ICT Third-Party Providers will be required to have in place comprehensive, sound and effective rules, procedures, mechanisms and arrangements to manage the ICT risks which they may pose to Financial Entities. Although DORA provides that the designation mechanism (pursuant to which the ESAs may designate an ICT third-party service provider as « critical ») must not be used until the Commission has adopted a delegated act specifying further details on the criteria to be used in making such an assessment (to be adopted within 18 months after the date on which DORA enters into force), it is expected that certain categories of providers, such as cloud computing service providers who provide ICT services to Financial Entities, will be designated as Critical Third-Party Providers.
Consequently, such providers may wish to begin the task of benchmarking their existing systems, controls and processes against existing guidelines, such as the EBA Guidelines on ICT and security risk management and Guidelines on outsourcing arrangements, to the extent required, to identify areas that require further investment and maturity. They will also need to consider whether new and existing contracts give them sufficient flexibility to comply with new regulatory rules, orders and directions, even if this would otherwise be inconsistent with their contractual obligations. As set out above, certain categories of ICT third-party service providers are expressly excluded from the designation mechanism, including Financial Entities providing ICT services to other Financial Entities, ICT intra-group service providers and ICT third-party service providers providing ICT services solely in one Member State to Financial Entities that are only active in that Member State.
Third Country Critical ICT – Third-Party Providers – Subsidiarisation
The EU subsidiarisation requirement that will apply to third country Critical ICT Third-Party Providers is one that will necessitate early engagement between such providers and the Financial Entities that they serve. While it is not clear what role the EU subsidiary must play in the provision of services to the relevant Financial Entity (e.g. whether the provider must act as contractual counterparty), Recital 58 of DORA indicates that the requirement to set up a subsidiary in the EU does not prevent ICT services and related technical support from being provided from facilities and infrastructures located outside the EU. Nevertheless, where a relevant third country ICT third-party provider that is likely to be designated as « critical » indicates that it does not intend to establish a subsidiary in the EU, even following a designation as such by the ESAs, Financial Entities may wish to commence the process of identifying alternative providers, since they will not be permitted to obtain ICT services from a third country Critical ICT Third-Party Provider that fails to establish a subsidiary in the EU within 12 months following its designation as critical.
Companies that consider they are likely to be classified as Critical ICT Third-Party Providers that do not already have an establishment or subsidiary located in the EU should begin to consider now which Member State would be most appropriate to establish a new subsidiary in, taking into account their business operations and the various applicable legal requirements.
Documentation impact
As noted above, DORA sets out core contractual rights in relation to several elements in the performance and termination of contracts with a view to enshrine certain minimum safeguards underpinning the ability of Financial Entities to monitor effectively all risk emerging at ICT third-party level. Some contractual requirements set out in DORA are mandatory and will need to be included in contracts, if not already reflected. Others take the form of principles and recommendations and may require negotiation between the relevant parties. Early mapping and engagement in this respect will be important. Additionally, parties may wish to consider benchmarking their existing contractual arrangements against relevant requirements set out in DORA, as well as existing standard contractual clauses developed by EU institutions.
For example, Recital 55 of DORA notes that « the voluntary use of contractual clauses developed by the Commission for cloud computing services may provide comfort for Financial Entities and ICT third-party providers by enhancing the level of legal certainty on the use of cloud computing services in full alignment with requirements and expectations set out by the financial services regulation ».
As the industry awaits more detailed technical standards to be developed and published by the relevant ESAs, as well as DORA compromise/Level 1 text, in-scope entities may consider using existing guidelines such as the EBA Guidelines on ICT and security risk management and Guidelines on outsourcing arrangements as useful benchmarking tools in preparation for day one compliance.
How does DORA interact with NIS2?
The second iteration of the Security of Network and Information Systems Directive (NIS2) aims to strengthen security requirements and provide further harmonisation of Member States’ cybersecurity laws, replacing the original NIS Directive of 2016 (NIS1). Its timeline is similar to that for DORA, with a provisional agreement among EU institutions reached in May 2022, and its adoption confirmed in a European Parliament plenary session vote on 10 November 2022. NIS2 significantly extends the scope of NIS1 by adding new sectors, including « digital providers » such as social media platforms and online marketplaces, for example, but importantly also introduces uniform size criteria for assessing whether certain financial institutions (and other entities) fall within its scope. NIS2 sets out cybersecurity risk management and reporting obligations for relevant organisations, as well as obligations on cybersecurity information sharing, so there is some overlap in coverage with DORA.
However, this has been addressed during the legislative process to ensure that financial entities will have full clarity on the different rules on digital operational resilience that they need to comply with when operating within the EU. NIS2 specifically provides that any overlap will be addressed by DORA being considered as lex specialis (ie a more specific law that will override the more general NIS2 provisions).
How does DORA compare with international developments?
The introduction of DORA in the EU reflects a global focus on operational resilience and strengthening cybersecurity standards in the wake of ever-increasing digitalisation of financial services and increasingly sophisticated cyber incidents. For example, in March 2021, the Basel Committee on Banking Supervision issued its Principles for operational resilience, as well as an updated set of Principles for the sound management of operational risk (PSMOR), which aim to make banks better able to withstand, adapt to and recover from severe adverse events.
In October 2022, following a G20 request, the Financial Stability Board (FSB) published a consultation on Achieving Greater Convergence in Cyber Incident Reporting, recognising that timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability and with a view to ensuring that financial institutions operating across borders are not subject to multiple conflicting regimes. The FSB proposals include recommendations to address the challenges to achieving greater international convergence in cyber incident reporting, work on establishing common terminologies related to cyber incidents and a proposal to develop a common format for incident reporting exchange.
Following its departure from the EU, the UK has introduced a Financial Services and Markets Bill (the UK Bill) which includes proposals to regulate cloud service providers and other critical third parties supplying services to UK regulated firms and financial market infrastructures. HM Treasury would have powers to designate service suppliers as ‘critical’ and the UK regulators would have new powers to directly oversee designated suppliers, which would be subject to new minimum resilience standards. While the proposals have the same ambitions as, and there are similarities with, the requirements under DORA, there are a number of key differences between them.
For example, the proposed enforcement regime under DORA for Critical ICT Third-Party Providers is very different from the equivalent regime proposed by the UK Bill. Under DORA, the ESAs will be designated as « Lead Overseers », but with the power only to make ‘recommendations’ to Critical ICT Third-Party Providers, in contrast to the ability for UK regulators to make rules applying to, or to give directions to, critical third parties subject to the UK Bill, with the ability to issue sanctions for non-compliance. Under DORA, non-compliance by a Critical ICT Third-Party Provider with recommendations gives the Lead Overseer the ability to notify and publicise such non-compliance and « as a last resort » the option to require Financial Entities to temporarily suspend services provided by such provider until the relevant risks identified in the recommendations have been addressed.
This means that the liability and contractual issues for Critical ICT Third-Party Providers providing services in the EU will be different than for those providing services in the UK, and that contracts for each will need to be considered and negotiated carefully.
Next steps and legislative timeline
Following adoption of DORA by the European Parliament plenary session on 10 November 2022, the regulation is now passing through the final technical stages of the formal procedure for European legislation. The text still needs to be formally approved by the Council of the EU before being published in the Official Journal, which is expected in December 2022 or January 2023.
DORA will come into effect on the twentieth day following the day on which it is published in the Official Journal. It will apply, with direct effect, 24 months from the date on which it enters into force. Therefore, it is expected that DORA will apply to in-scope firms from late 2024 or early 2025 at the latest.
Initiating your company’s commitment to reporting its environmental, social, and governance (ESG) metrics can prove a daunting task. But keep in mind: It’s a marathon, not a sprint.
“You don’t have to be perfect on Day 1, Your suppliers and stakeholders want to see progress.”
If your company is at this stage—perhaps bracing for the climate-related disclosure rule proposal put forward by the Securities and Exchange Commission (SEC) in March—a roadmap for getting your ESG efforts off the ground could look like this:
Transparency and annual reporting: “Start by identifying all the things your company is doing on ESG and build a baseline, that will give you an indication of how mature your program is today. Most likely you’re doing a lot already.”
Peer benchmarking: Where are your competitors in their ESG journeys? Have any of them experienced public success or failure you can learn from? From this exercise, your company can set realistic expectations of where it wants to be to keep pace with the competitive landscape.
Materiality assessment: “Understanding the materiality drivers for your industry or industries, depending on how your company is structured, is helpful”. The Sustainability Accounting Standards Board (SASB) offers a materiality map that provides guidance for 77 different industries. “Having something at the bottom doesn’t mean it’s not important and you stop doing it, but it helps you focus on the top tier, those are the items you need to set public goals on.” External materiality assessments also add credibility. »
Strategy framework: You know what your peers are doing, you know what’s important to the company and its investors— now is when you build out your strategy. “What does ESG mean for us?” “What are we trying to achieve?” ESG means different things for different companies, but “there’s also some fundamental truths about what ESG is and how and who ESG is serving—the stakeholders involved in your business.” Particularly for compliance professionals, serving shareholders is a natural strategic goal to build around.
Goal setting/resetting: During the peer benchmarking stage, you might note some of the milestones your competitors are striving toward. Their goals can help shape your own. “Do you want to be with the group where you’re just managing expectations, or do you want to compete or lead? It doesn’t happen overnight; you have to go through it step-by-step and build your goals for the long term to move the needle on this. If you’re setting carbon-neutral or net-zero deadlines, be realistic. “Put something out there that is achievable but not too easy”.
Implementing and measuring: This is the most important step because “it’s not in your hands anymore, You have to depend on your cross-functional teams … they will be the ones doing the work and implementing the initiatives.” Legal, human resources, operations, and other departments each have a part to play. You set up a dashboard to track how it was progressing on its key performance indicators on a quarterly basis. “We didn’t wait until the annual report to find out how we did”.
Improvement and adjustment: ESG reporting is a cycle, as evidenced by the arrow in the roadmap image. Going through these steps each year will help ensure a business is tailoring its objectives to continue to serve the most important piece of the puzzle. “This (ESG) is about the people, this is not about the processes, procedures, or requirements. It’s about the people—inspiring the people, collaborating cross-functionally, getting that momentum. That will help you move a lot faster.”
ESG: Adapting businesses should look beyond what is financially material
Environmental, as many would expect, covered climate-related elements, including carbon, energy, water, waste, and circularity. Diversity and inclusion, workplace safety, data privacy and protection, and customers and community fell under social. Governance claimed ethical business practices, board structure, disclosures and reporting, and executive compensation.
While ESG is comprised of just three words, it represents a lot more, encompassing many aspects of how businesses can operate efficiently, ethically, and more financially sound. “Sometimes you have to take out some of the buzzwords that cause people to lock in to certain thinking and open it up. One way to do that is to call it strategic nonfinancial materiality.”
It’s important to think of sustainability initiatives in terms of strategic nonfinancial materiality when it comes to the “tragedy of the commons,” a popular term in environmental science. “When we come across something we can use with no associated cost, we historically 100 percent of the time overuse and mismanage it. If something is common, we manage to mess it up.”
Examples of this include the atmosphere, oceans, and low earth orbit. Prudent corporations can innovate their thinking by getting ahead of an issue and “band[ing] together with industry [or] with other people who use those commons.” One way to think about this, is the term “double materiality,” which is often associated with the European Union’s Nonfinancial Reporting Directive. Double materiality calls for companies to consider their impact on society and the environment in addition to how sustainability issues affect the company.
“In the United States, we’re very well focused on financial materiality.” Also worth considering is “dynamic materiality,” a term utilized by the World Economic Forum that encourages companies to track certain factors year-over-year that might not be material now but could be in the future as the environment changes rapidly.
“These are dynamically material risks. You may still not know anything about them, but it is important to track them potentially as emerging risks, so, innovate how you look at not just what’s a snapshot material now but what are those things that are likely to be material soon.”
Regarding social, it’s suggested to contemplate news stories over the last few years that have changed how we deal with employees as an example. “They didn’t happen in a continuity, one day you weren’t talking about it, the next day it was on the front page and didn’t go off. Those are dynamically material things that drastically change, and you should be able to look for them.”
The Securities and Exchange Commission’s (SEC) proposed climate-related disclosure rule released in March puts forward a similar process, asking companies “to report items that aren’t financially material but are risks nonetheless. This is new, and it’s going to affect the assurance functions,” including
internal audit,
enterprise risk management,
and trade compliance.
“Assurance functions rely on governance and rules, and as we do this, we are going to expand that governance. When you do, you can expand assurance.”
Under the SEC’s proposal, assurance—first limited, then reasonable—is required for Scope 1 and 2 greenhouse gas emissions disclosures outside of the financial statements for accelerated and large accelerated filers. There is no initial attestation requirement for Scope 3 disclosures, which are also subject to a safe harbor provision for affected registrants.
Regarding internal audit, “Maybe we can apply more automation [and] more data analytics to those areas. There is going to be more governance and rigor applied. Maybe more of our creative aspects and our more human and complex audits can go to other places because if greenhouse gas emissions are going to be extremely rigorized, similar to financials, maybe that can be a robotic process automation.”
Hidden Opportunities of Aligning Ethics and Compliance with ESG
ESG is rapidly evolving from grass-roots activism into a top down, board-driven mandate. It’s no mystery why, given that ESG assets make up a third of total global assets under management and are expected to surpass $50 trillion by 2025. ESG investing (also known as “impact investing”) was born of a growing awareness that long-term financial performance of businesses is inextricably intertwined with environmental, social, and governance factors. It has gained considerable traction as research suggests that companies with high ESG ratings tend to outperform their counterparts.
As a result, companies are moving beyond “check the box” ESG disclosures, to instead build out substantive ESG programs, identify appropriate quantitative and qualitative metrics to measure and validate their ESG initiatives, and distinguish themselves with “AAA” ESG ratings. Corporations are devoting significant capital, time, and resources to embedding environmental, social and governance factors into their business strategies and preparing annual ESG disclosures. Because ethics and compliance is so tightly woven into the social and governance elements of ESG, ethics and compliance officers are uniquely poised to support this broader effort in a number of ways.
THE OVERLAP BETWEEN E&C AND ESG
While ESG is strongly associated with environmental initiatives such as lowering carbon footprint, social and governance factors have achieved equal prominence. “Social” and “governance” define a company’s corporate citizen persona—or how it behaves—which is the heart and soul of ethics and compliance and, increasingly, a key factor in market valuation.
Ensuring a company behaves responsibly and ethically is both the mission of a Chief Ethics and Compliance Officer and the purpose of an ESG program. CECOs therefore have oversight of much of the infrastructure that supports social responsibility and prevents corruption, such as
internal controls,
Code of Conduct and policies,
workplace health and safety,
data protection and privacy,
whistleblower hotlines, workforce training,
and prevention of fraud, bribery and money laundering.
Ethics and compliance is mission critical because it is the reputational guardian of the company, the first line of defense against ethical fading. Thanks in large part to the lightning speed of today’s news cycle and the instantaneous impact of social media, corporate malfeasance scandals can have massive immediate impact on reputation and by extension valuation. It’s not unusual for news of bad corporate behavior to be accompanied by an immediate 20-30% drop in market cap. For a $3 billion company, that can equate to a one-day loss of $1 billion.
WHY SHOULD CECOS ALIGN WITH ESG?
It’s early days for ESG, relatively speaking, and best practices for building, quantifying, and disclosing ESG programs are rapidly evolving. As companies move towards transparency and begin walking the talk by aligning corporate culture to the stated ESG values, the historical function of E&C rolls up naturally to support these efforts. Opportunities abound for ethics and compliance leaders who join the challenge to improve their company’s ESG report card:
Board visibility: Boards have come to recognize that robust ESG programs not only attract investors, but also offer a framework to mitigate business risk and future proof the company. Boards are now dedicating agenda time to embedding ESG into company strategy and risk mitigation. As a result, the head or coordinator of a company’s ESG program often reports to the board.
More funding: A traditional ethics and compliance framework is often insufficient to meet the broader mandate of ESG. The top accounting and consulting firms are investing in building capability and capacity for ESG advisory services, and CECOs should be doing likewise internally. By tying ethics and compliance programming to ESG, E&C officers can tap into a bigger budget pool.
Organizational clout: ESG planning and disclosure requires holistic engagement across the organization. By ensuring ethics and compliance is a strong complement of, and contributor to, the high-visibility high-value ESG initiative, CECOs can break organizational silos and increase the intrinsic value of ethics and compliance (and their roles) in the process.
The development of decision-relevant climate change risk assessment with a holistic approach requires an exploratory, iterative and adaptive process that will take time. A holistic approach considers physical, transition and litigation risks and their interactions at different time horizons in the short and long term. It considers both sides of the balance sheet, as well as interactions across business functions and decision feedback loops to assess the materiality of risks and develop potential actions to address them. Importantly, some re/insurers that have advanced further in this iterative process have found it beneficial to anchor the assessment in overarching decision areas that link both sides of the balance sheet. While re/insurers in all business lines have started exploring the materiality of physical and transition climate change risks on each side of the balance sheet, for life & health re/insurers in particular, more research is required to assess the attributions and materiality of climate change to their underwriting exposures – including longevity, mortality and morbidity –over various time horizons. As research in this field progresses, the ability both to assess life & health re/insurer liability exposures and perform more holistic assessments will improve.
An analysis of regulatory developments since June 2021 and a survey conducted by The Geneva Association reveal that the regulatory and supervisory priorities and approaches are increasingly aligned with earlier GA task force recommendations related to climate change risk assessment and scenario analysis.
Responses from 11 regulatory bodies to a Geneva Association Survey shed light on the regulatory objectives and priorities that can help guide climate change risk assessment exercises within and across jurisdictions. Our analysis has revealed the top four regulatory priorities:
policyholder protection,
the insurer’s financial health,
corporate governance and strategy,
the insurability/affordability of insurance solutions,
financial stability,
raising risk awareness,
addressing data/risk assessment services and environmental stewardship.
Company boards and executive management need to consider the following four key issues to drive the process towards a more holistic approach that would produce decision-useful information:
Board oversight and executive management buy-in for company-wide engagement, along with appropriate resource allocation to build these capabilities, are important;
The coordination and execution of climate change risk assessment require an internally established, company-specific mandate with clear accountability;
Central to this process is the development of overarching decision-relevant questions for the board and the C-suite (a list based on the GA survey of regulatory and standard-setting bodies is included);
Company-relevant business use cases should be designed and utilised to guide the iterations of climate change risk assessment.
A 10-step template provided in this report can help companies design business use cases to frame the analysis, engage experts from relevant business functions across the balance sheet, and mine and utilise the same data and tools across the company. It is important to start simple by exploring the impacts of each climate change risk type, on each side of the balance sheet, considering short- and long-term time horizons. With each iteration, companies can build up the level of complexity by assessing the interactions of physical, transition and litigation risks and exploring how these risks are manifested within and across business functions. Of note:
This process should consider internal business functions and their interactions as well as external drivers that impact issues relevant to the business use case, by risk type and time horizon;
Materiality analysis is at the heart of climate change risk assessment, allowing focus on the areas most impacted by climate change risks and identifying priorities for a deeper dive and resource allocation;
As part of the design and implementation of business use cases, the company should seek to identify metrics to measure and monitor the risks and track the impacts of the measures taken to manage them;
This resource-intensive process will take time and present challenges that will need to be addressed, ranging from overtime and the availability of data for the given region to internal experience and expertise, and the availability of best practices. In this report, we offer three examples of business use cases to demonstrate these points.
The use of forward-looking scenario analysis needs to be further explored, depending on the issue being considered. Scenario analysis is a tool for conducting a forward-looking assessment of risks and opportunities, where the company can systematically explore individual or combined factors and make strategic decisions in the face of significant uncertainties. Scenario analysis may be used for a range of applications, for example:
Testing the resilience of a company’s business model to climate change-related risks;
Assessing the implications of possible actions a company can take;
Stress-testing the company’s business model under extremely adverse conditions.
Through strong industry collaboration, re/insurers should conduct an analysis of existing data challenges, gaps and needs, and define priority areas and requirements for the future development of tools. More work is required by re/insurers and regulatory bodies to identify gaps in data, to converge on best practices and build a robust toolbox for forward-looking climate change risk analyses. Since 2021, several organisations have offered an assessment of the gaps in climate change risk data and tools in the current landscape, with a focus on certain applications or segments in the financial sector. The journey towards a holistic approach could lead re/insurers to address such gaps over time, not least in emissions data, asset locations and supply chain data. Note that life & health re/insurers still face challenges when it comes to identifying the types of data that would allow the extraction of climate change attribution and liability exposures.
Importantly, company leadership should seek to harmonise and align their net-zero target-setting activities using ‘inside-out’ analysis with efforts to assess the resilience of their business model to climate change risks using ’outside-in’ approaches for developing viable targets, transition strategy and plans. In fact, a growing number of critics are calling out the misalignment of net-zero pledges with what the companies can actually deliver and the possibility of greenwashing, which could lead to potential reputational and climate litigation risks or even regulatory action.
Robust intra- and inter-sectoral collaboration is the only way to expedite the development and convergence of good practices, meaningful baseline requirements for decision-useful climate change risk assessments and disclosures that would allow for cross-company comparisons. To this end, we acknowledge and deeply appreciate the growing proactive collaboration and engagement across the insurance industry and with key regulatory and standard-setting bodies in the financial sector.
Context
In 2020, The Geneva Association (GA) launched its task force on climate change risk assessment with the aim of advancing and accelerating the development of holistic methodologies and tools for conducting forward-looking climate change risk assessment. These efforts have intended not only to support primary insurance and reinsurance companies and regulatory bodies with innovation in this area, but also to demonstrate the benefits of industry-level collaboration to help expedite the development and convergence of best practices.
In its first two reports, the GA task force highlighted the complexities associated with the development of forward-looking climate change risk assessment methodologies and tools. It stressed the need to develop methodologies for holistic climate change risk modelling and scenario analysis for both sides of the balance sheet, using a combination of qualitative and quantitative approaches. The GA task force also highlighted the implications of physical and transition risks for the insurance industry, with a focus on the challenges of quantitative scenario analysis approaches. The conclusion was that the prescriptive quantitative regulatory exercises to date, which were conducted to raise awareness, have outlived their purpose. More specifically, these resource-intensive exercises do not provide decision-useful information given the significant uncertainties associated with the transition to a carbon-neutral economy (e.g. uncertainties associated with public policy, market and technology risks). Finally, the GA task force called on regulatory bodies to clarify their regulatory objectives and explain how their exercises would deliver decision-useful information. It also stressed the need for convergence on baseline regulatory requirements for analysis and reporting across jurisdictions. To this end, it encouraged stronger collaboration between regulatory bodies within and across jurisdictions, as well as with the insurance industry, to enable the sharing of lessons learned and access to broader expertise, in the aim of expediting the convergence of best practices.
Since June 2021, there have been several developments on the policy, technology, regulatory and scientific fronts, with implications for companies’ climate change risk assessment.
The evolving regulatory landscape for climate change risk assessment
Between June 2021 and May 2022, certain regulators launched new initiatives and published guidelines. A synthesis of these developments reveals the need for regulatory bodies to:
Acknowledge the limitations of current tools, models and data for long-term quantitative scenario analysis (as evidence, the 2021 Bank of England Climate Biennial Exploratory Scenarios experiment concluded that projections of climate change losses are uncertain; the view that scenario analysis is still in its infancy, with notable data gaps; and the increasing recognition among some regulatory bodies that quantitative approaches can and should be complemented with qualitative assessments, especially over a longer time horizon);
Stress the need to consider multiple scenarios representing different plausible pathways of transition or physical risks, and expand benchmark scenarios (typically NGFS) with sectoral and geographical granularity considerations;
Recognise the principle of proportionality, with expectations linked to the size and organisational complexity of the company;
Stress the importance of materiality in supervisory expectations for quantitative assessments as well as robust governance of climate change risks, with a need for transparency, particularly in relation to re/insurer investments in carbon-intensive sectors.
As of July 2022, there are still variations in the approaches used by regulators. Regulators agree, however, that this could impede comparisons across companies and jurisdictions as well as the ability to assess broader systemic economic and social impacts. Importantly, the International Association of Insurance Supervisors (IAIS) is working on promoting a globally consistent supervisory response to climate change, with a focus on three areas:
standards,
data
and scenario analysis,
by providing guidance to regulatory bodies. The Financial Stability Board (FSB) is also issuing guidance on supervisory and regulatory approaches across borders and sectors to address market fragmentation and potential sources of systemic risk. Finally, the development of a global baseline for sustainability reporting standards with a focus on climate change, by the ISSB, aims to translate them further into harmonised inter-jurisdictional standards.
Strategic importance of aligning inside-out and outside-in climate risk assessment approaches
Companies are conducting two types of climate risk assessment:
Inside-out analysis: This includes assessing the impact of the company’s actions on the climate by setting their climate targets (e.g. net zero targets) based on a variety of science-based approaches, such as those introduced by the UN Net-Zero Asset Owner Alliance (UN NZAOA) and the Science-Based Targets initiative (SBTi). For example, the UN-convened Net-Zero Alliances uses 1.5°C-compatible pathways, which may be far more ambitious than what companies and the real economy can deliver. In fact, the UN NZAOA has warned that the global economy does not move as is required by science, leading to a widening gap between companies’ climate targets and the real economy. Net-zero targets need to take this widening gap into account as this misalignment could lead to other financial and non-financial risks for the company, including reputation risk. This is further exacerbated by the fact that climate science is still evolving.
Outside-in analysis: This involves assessing the resilience of the company’s business model to climate change risks, which is the focus of this report. It is important to emphasise that the development of the company’s strategy, transition plan and related actions cannot be done solely using inside-out analysis. Conducting outside-in analysis is critical, enabling the company to assess not only the impacts of climate change risks and their interactions, but also the implications of the possible range of activities under different scenarios on the firm’s business model. Of note, the inside-out view puts greater emphasis on ‘impact’ – which has a clear political component and should be grounded in materiality assumptions, which is the central objective of the outside-in analysis.
In summary, companies should seek to harmonise and align inside-out with outside-in climate change risk assessment efforts (Figure 1). In fact, a growing number of critics are calling out the misalignment of net-zero pledges by the financial sector, in light of their already committed investments in carbon-intensive sectors for the years to come. Critics are also raising the possibility of greenwashing, which could lead to potential climate litigation risk. Regarding the latter, some regulators are developing KPIs to assess and monitor the existence and level of greenwashing as part of their efforts to incorporate climate change factors into their regulatory mandate.
Global disruptions and an increasingly complex macroeconomic outlook will be key elements of the strategic environment for the foreseeable future. For leaders, the only certainty is that waiting for clarity is a losing move. The best organizations know how to turn uncertainty into opportunity. Their playbook relies on two critical elements:
a shared and clear view of the world and the strategic challenges/opportunities it presents
and a resilient and adaptable plan to win.
A view of the world
Today’s global disruptions (e.g., geopolitical tensions, supply chain and economic headwinds (e.g., soaring inflation, rising interest rates, decelerating growth, and currency fluctuations)) have created a complex, once in a generation, competitive environment with significant variations across geographic areas and sectors.
Navigating this unprecedented complexity requires business leaders to develop a dynamic perspective not only on the most likely scenarios for how their operating and economic environments will evolve, but also on the distinct opportunities and risks these scenarios present for their organizations.
This research shows that “winners” in economic uncertainty do not just sit back and wait for recovery instead, they are proactive and turn ambiguity into opportunity.
A plan to win
There is no “one size fits all” solution to today’s complex strategic challenges. But this research suggests that the best companies do two things well in crafting their unique plans to win:
First, they have a clear understanding of their strategic starting point that takes into account nuanced and deaveraged perspectives on the economic and operational stability of the markets in which they operate as well as on their own organizations’ financial strength (e.g., profit volatility, free cash flow to debt ratio) ultimately falling into four high level starting point archetypes
And second, they embed a “dynamic strategy” mindset into their planning, comprising three elements:
Sensing: Observing trends, defining and monitoring critical uncertainties, and outlining a set of scenarios against which to assess business decisions
Adapting: Building operational and financial stability by shaping and reshaping strategies based on market trends and data driven forecasts
Thriving: Moving rapidly from assessment to action to seize growth opportunities and strengthen competitive advantage
Increasing uncertainty driven by a set of global disruptions and exacerbated by macroeconomic headwinds needs to be met head on.
Dramatic shifts in inflation drivers vary across regions and countries with energy emerging as one of the strongest drivers
Different sectors are affected differently by macro uncertainties
Sectors like agriculture are typically less vulnerable to business cycle shifts, while other sectors (e.g., media, tech, fashion) tend to be more affected. But this varies by recession depending on drivers.
Some sectors (e.g., retail), which were less vulnerable in the early 2000s recessions, are showing greater vulnerability in the current environment.
Top performers in economic uncertainty do not just wait for recovery; instead, they build competitive advantage and turn ambiguity into a source of opportunity.Business leaders must balance contrasting priorities amid strong macroeconomic headwindsUnderstanding the “starting point” is critical to successfully navigate this uncertainty
With the current disruptions and uncertainties, it is imperative for business leaders to reevaluate:
The stability of their portfolio against economic downturns & market disruption
The internal financial stability to cope with uncertainty
Each business context is distinct, but four starting-point archetypes can help leaders understand the moves most relevant for their organizations.
How to navigate uncertainty: Enhance resilience and secure clear pathway for sustained growthThe time to act is now
Take 3 key steps to navigate uncertainty and win in a downturn:
Sensing macroeconomic and disruptive trends to shape (and reshape) future scenarios that guide strategic decisions
Adapting business and functional strategies in response to new insights and to market, economic, and competitive developments
Thriving by building competitive advantage to turn adversity into opportunity
Actions should be based on the specific business context.
EXECUTIVE SUMMARY AND POLICY ACTIONS The recovery associated with the receding pandemic has slowed as a result of the Russian aggression in Ukraine. It has contributed to high inflation and is damaging the economic outlook, which led to increased financial market risks across the board. The economic and financial impact of the invasion has been felt globally, alongside enormous humanitarian consequences. Prices in energy and commodity markets have risen to record highs. Production and logistics costs have risen and household purchasing power has weakened. After a long period characterized by very low inflation and interest rates, policy rates are being raised in response to high inflation. The resulting higher financing costs and lower economic growth may put pressure on the government, and on corporate and household debt refinancing. It will likely also have negative impact on the credit quality of financial institution loan portfolios. Financial institutions are moreover faced with increased operational challenges associated with heightened cyber risks and the implementation of sanctions against Russia. The financial system has to date been resilient despite the increasing political and economic uncertainty.
In light of the above risks and uncertainties, the Joint Committee advises national competent authorities, financial institutions and market participants to take the following policy actions:
Financial institutions and supervisors should continue to be prepared for a deterioration in asset quality in the financial sector. In light of persistent risks that have been amplified by the Russian invasion and a deteriorating macroeconomic outlook, combined with a build-up of medium-term risks with high uncertainty, supervisors should continue to closely monitor asset quality, including in real estate lending, in assets that have benefitted from previous support measures related to the pandemic, and in assets that are particularly vulnerable to rising inflation and to high energy- and commodity prices.
The impact on financial institutions and market participants more broadly from further increases in policy rates and the potential for sudden increases in risk premia should be closely monitored. Inflationary pressures coupled with uncertainty on risk premia adjustment raise concerns over potential further market adjustments. Rising interest rates and yields are expected to improve the earnings outlook for banks given their interest rate sensitivity. They could also reduce the valuation of fixed income assets, and result in higher funding costs and operating costs, which might affect highly indebted borrowers’ abilities to service their loans. Credit risks related to the corporate and banking sector also remain a primary concern for insurers and for the credit quality of bond funds. High market volatility stemming from the above economic and geopolitical situation could also raise short-term concerns and disruptions for market infrastructures.
Financial institutions and supervisors should be aware and closely monitor the impact of inflation risks. The economic consequences of the Russian aggression mainly channel through energy and commodity markets, trade restrictions due to sanctions and the possible fragmentation of the global economy. Financial fragmentation, including fragmentation of funding costs, could threaten financial stability and put pressure on price stability. Inflation is not only relevant from a risk perspective, but is expected to reflect also on the actual benefits and pensions, inflationary trends should be taken into account in the product testing, product monitoring and product review phases. Financial institutions and regulators should make extra efforts to ensure investor awareness on the effects of inflation on real returns of assets, and how these can vary across different types of assets.
Supervisors should continue to monitor risks to retail investors some of whom buy assets, in particular crypto-assets and related products, without fully realizing the high risks involved. Some retail investors may not be fully aware of the long-term effects of rising inflation on their assets and purchasing power. In the context of growing retail participation and significant volatility in crypto-assets and related products, retail investors should be aware of the risks stemming from these. The recent events and subsequent sell-off of crypto assets raises concerns on the appropriate assessment of the risks and the developments of this market segment going forward and requires particular attention of financial institutions and supervisors. Where disclosures are ineffective, these risks are compounded.
Financial institutions and supervisors should continue to carefully manage environmental related risks and cyber risks. They should ensure that appropriate technologies and adequate control frameworks are in place to address threats to information security and business continuity, including risks stemming from increasingly sophisticated cyber-attacks.
1 MARKET DEVELOPMENTS The Russian invasion and inflationary pressures have significantly impacted the risk environment of EU securities markets. Recoveries in most equity indices from the beginning of 2022 came to a halt, following the March 2020 market stress, with global equity indices broadly declining (in 1H22: Europe -18%, China -8%, US -20%). This was mostly linked to energy costs and lower trade flows due to the Russian invasion, supply-side bottlenecks linked to the continued effects of the COVID-19 pandemic and the tightening of credit conditions for firms. At the same time, volatility as measured by the European volatility index VSTOXX rose in early March (41%) to about half the levels of March 2020. In Europe, more energy intensive sectors, such as consumer discretionary (-31% YTD), industrials (-29%), and technology (-36%), saw larger price falls than other sectors. Price-earnings ratios tumbled, though they remained above 10-year historical averages (at 3% EU and 9% US respectively). The decreases partly reflect lower earnings expectations for the future, due to the potential long term effects of the pandemic and the impacts of higher long-term interest rates.
Fixed income markets were characterized by investor expectations of slower economic growth, higher inflation and a less accommodating interest rate environment. Despite a short-lived fall right after the invasion, EU sovereign bond yields rose in 1H22 to levels unseen since 2016 with significant news-flow related volatility (IT +213bps, GR +230bps, DE +150bps). As of end-June, spreads to the Bund also widened, e.g. for Italy (1.9%, +70bps) and Spain (1.1%, +39bps). Corporate bond markets showed sensitivity to the evolving outlook, recording significant selloffs across all rating categories and reduced liquidity. Investment grade (IG) bonds experienced a peak-to-trough fall of 15% (August 2021 to May 2022), nearly twice that of the pandemic, and declined by 12% in the year to June. High-yield (HY) bonds performed slightly worse (‑15%) but their peak-tot rough losses were lower than during the pandemic. Credit spreads widened on concerns that the slowdown could weigh on firms’ debt capacity. Significant spreads upswings were also seen in February with the invasion, and in May and June as rates hikes occurred in the US and were announced for the EA.
The crypto-asset market experienced a continued sell-off in 2Q22 in line with the decline of traditional financial assets (especially tech equities) with which Bitcoin (BTC) shares a close (40%) correlation. The collapse of crypto-asset TerraUSD in May and the pausing of customer withdrawals by crypto-asset Celsius in June, added to the shift in investor sentiment away from these assets, sending BTC price to an 18-month low. In May, the largest algorithmic stablecoin (third largest overall), TerraUSD, failed to maintain its peg to the USD after its underlying decentralised finance (DeFi) protocol, Anchor, suffered a confidence run on its deposits. The combination of the sharp fall in crypto-asset prices, and the demise of the Anchor protocol linked to TerraUSD, caused the total value of assets ‘locked’ (deposited) in DeFi smart contracts to fall from over EUR 186bn at the start of May to EUR 62bn by June. In another development in June, centralized finance (CeFi) lending platform, Celsius, halted customer withdrawals of deposits, signaling that it had liquidity issues or a deeper insolvency problem. This coincided with a 21% fall in the Bitcoin price and led Binance to temporarily suspend Bitcoin withdrawals from its exchange. The Celsius token price had fallen by 94% since the start of 2022 with market speculation that it could sell a sizeable stake in crypto asset Ethereum to avoid collapse.
The turmoil triggered by the Russian invasion also affected environmental, social and governance (ESG) markets. In 1Q22, EU ESG equity funds had net outflows of EUR 5bn, compared with average inflows of EUR 11bn per quarter in 2021. ESG bond issuance volumes fell 29% from the start of the year to June, as compared with the same period in 2021. In the banking sector, ESG bond issuance as a share of total bond issuance decreased compared to 2021, though they often enjoy higher subscription levels than non-ESG bonds, allowing banks to pay lower risk premia on new issuances. Despite this, some fundamental factors driving the rise of ESG investing remain in place. Most importantly, investor preferences continue to shift towards sustainable investments, with portfolio allocations increasingly tilted towards ESG investments. Similarly, issuance of ESG bonds by EU corporates remained on par with early 2021, supported by a rapid expansion of the sustainability-linked bond market. This contrasts with a 32% fall in broader EU corporate bond issuance.
2 DEVELOPMENTS IN THE FINANCIAL SECTOR In 1H22, European investment funds faced heightened volatility in securities markets given the increasingly uncertain economic outlook and the expected increase in interest rates. The performance of most EU fund categories dropped significantly, from a 12-month average monthly performance of 1.6% for equity funds in December 2021 to 0.9% in June 2022. In the meantime, the performance of bond funds turned negative (-0.7%). In contrast, commodity funds outperformed the sector in 1Q22, reflecting the surge in commodity prices following the Russia’s invasion of Ukraine and the sanctions on Russia, before slightly receding, to 2.1%, in end-June. Equity fund flows were also negative (-0.9%). Declining performance led to redemption requests with net outflows in 1H22 totalling 1.6% of the net asset value (NAV) of the fund sector. Bond funds were particularly affected (-4.8% NAV) due to negative performance (-0.7%) and exposures to growing credit and interest risks. Commodity funds experienced outflows (-5.8%), albeit from a low base and only in 2Q22, when their performance declined. MMFs funds also experienced substantial outflows ( -9.2% NAV exceeding the -4.6% NAV observed during COVID-19 stress). MMFs denominated in all currencies experienced outflows, though USD MMFs experienced higher returns (1.1% average monthly performance) than EUR denominated MMFs (-0.1%). While MMFs may generally benefit from a flight-to-quality during uncertain market conditions, investors currently appear to be turning away from fixed-income funds in general. Outflows were partly driven by the expected increase in interest rates. In contrast, real estate funds (1.7% of NAV) and mixed funds (1% of NAV) recorded inflows in 1H22.
The European insurance sector entered 2022 in good shape notwithstanding the adverse developments since the COVID-19 outbreak. During 2021, gross written premiums (GWP) for the life business grew (y-o-y) quite substantially (+14%), while growth was lower for the non-life business (8%). The positive change has partially been driven by the previous reduction in GWP throughout 2020 during the pandemic; although GWP remain still below pre-Covid levels, in particular for life business. The good performance of financial markets and the high returns obtained during 2021 pushed insurer’s profitability up to the levels reached back in 2019, with a median return on assets standing at 0.57% in 4Q21 (0.38% in 4Q20).
At the beginning of 2022 insurers’ capital buffers on aggregate were solid with a median SCR ratio of 216%. An improvement was observed for life insurers while a slight decline was observed for non-life insurers. As the risk-free interest rate increased throughout 2021, due to the long maturities of life insurers’ liabilities the value of technical provision decreased relatively more than the value of assets, with a positive effect on net capital. This contributed to an increase the median SCR ratio for life insurers, from 216% to 225%. However, the SCR ratio did not reach the high levels observed at the end of 2019 (236%). On the other hand, the median SCR ratio for non-life insurers slightly decreased from 218% towards 211%. This might be driven by the increase in claims negatively affecting the liabilities of some representative undertakings, combined with the fact that asset values declined more than liabilities when interest rates increased given that non-life insurers tend to be characterized by a positive duration gap. Likewise, the financial position of EEA IORPs displayed a recovery in 2021. The total amount of assets grew to EUR 2,713 bn in 4Q21 (From EUR 2,491 bn. in 4Q20), while liabilities remained more or less unchanged. Similarly, the Excess of Assets over Liabilities exhibited a positive trend.
The European banking sector entered 2022 with relatively strong capital- and liquidity positions. The capital ratio (CET1 fully loaded) is, at 15.0% in 1Q22, at the same level as it was before the pandemic broke out (in 4Q19). Yet the capital ratio was 50bps lower than in the previous quarter, mainly driven by rising risk weighted assets (RWA). After a steadily rise in previous quarters, the liquidity coverage ratio (LCR) also slightly deteriorated in 1Q22. A reported LCR ratio of 168.1% in 1Q22 (174.8% in 4Q21) was nevertheless still substantial.
EU banks are facing additional challenges to asset quality and profitability while pandemic-related vulnerabilities continue to loom. Deteriorating economic prospects, high uncertainties and high inflation with a phasing-out of accommodative monetary policy are affecting the outlook for EU banking sector. Loan portfolios with pre-existing vulnerabilities from disruptions caused by the pandemic may also be further affected in a slower economic recovery. Accordingly, 45% banks responding to the EBA’s spring 2022 risk assessment questionnaire (RAQ) indicated their plans to maintain their overlays related to the pandemic to cover potential losses that may materialize in the next quarters, while 35% of banks indicated plan to release them fully or partially. Supervisors should continue to closely monitor the adequacy of banks’ provisions.
The NPL ratio further improved in the first quarter of the year (to 1.9%), mainly driven by decreasing volumes of non-performing loans (NPL). However, rising cost of risks and an increasing share of loans allocated under Stage 2 under IFRS points to slightly deteriorating asset quality. The quality of loans under previous support measures related to the pandemic continues to show signs of deterioration and also requires vigilance. The total volume of loans with expired EBA-compliant moratoria reached EUR 649bn in 1Q22, a 7.8% decline compared to the previous quarter. The volume of subject to public guarantee schemes (PGS) stood at EUR 366bn in 1Q22, almost unchanged compared to the previous quarter. The NPL ratio of loans under expired moratoria and of loans subject to PGS is, at 6.1% and 3.5% in 1Q22, respectively, substantially higher than the overall NPL ratio, and has increased further since 4Q21. PGS loans are mostly concentrated to a few countries only. The allocation of Stage 2 under IRFS 9 for loans under previous support measures is, at 24.5% for loans under expired moratoria and 22.7% for loans subject to PGS, substantially higher than stage 2 allocations for all loans and advances (9.1% in 1Q22). In spite of their slight deterioration in 1Q22, EU banks’ capital and liquidity positions nevertheless provide, for the time being, sufficient cushioning in banks’ balance sheets should the economic situation deteriorate further, or heightened market volatility persist.
Positive operating trends were observed for European banks in 1Q 2022, with a profitability of 6.6% return on equity (ROE) achieved under difficult market conditions, though this is lower than the 7.7% ROE reported in the previous year (1Q21) and lower than the 7.3% ROE of the previous quarter. The contraction can be explained mainly by rising contributions to deposit guarantees schemes and resolutions funds in some countries and various one-off effects, whereas net operating income improved. In 1Q21, lending growth offset a slight decline in net interest margins (NIM) and led to improved net interest income (NII). Net trading income also increased, supported by market volatility. Overall increasing net operating income also outweighed the impact of rising inflation on operating expenses in the first quarter of 2021.
3 IMPACT OF RU-UA WAR ON THE EUROPEAN FINANCIAL SECTORS Securities markets experienced volatility with some key commodity markets strongly impacted by the Russian invasion and sanctions. Bond yields rose in response to the increasing inflation and anticipated higher rates, while equity markets were volatile and experienced periodic sell-offs. Such volatility can create short-term risks on financial markets. Margin calls on derivatives related to commodities can create liquidity strains for counterparties, as was witnessed by the calls for emergency liquidity assistance for energy traders and the London Metal Exchange suspending nickel trading for five trading days in early March. While commodity derivatives markets in the EU are of limited size relative to EU derivative markets as a whole, these markets create sensitive interlinkages between commodity producing or processing companies, commodity traders, banks acting as intermediaries in the clearing process, central counterparties, and other financial institutions.
The Russian invasion negatively affected credit rating agencies’ (CRA) credit outlook for EEA30 debt. The number of corporate downgrades grew relative to upgrades over 1H22, with a jump in downgrades around the time of the invasion. Russian and Ukrainian ratings were mainly affected, with a series of downgrades in late February and March among both corporates and sovereigns. By mid-April CRAs had withdrawn their Russian ratings in response to the EU measures banning the rating of Russian debt and the provision of rating services to Russian clients. In addition, sanctions have made it difficult for Russia to make sovereign coupon payments. In this context, Russia defaulted on some debt payments due in late June.
Direct impacts of the invasion on investment funds were limited. Exposures to both Russian and Ukrainian counterparties were EUR 50bn (below 0.5% of EU fund assets as of end-January 2022). Some fund exposures were higher, with 300 funds holding over 5% of their portfolios in Russian and Ukrainian assets (total EUR 225bn). The massive fall in prices and liquidity of Russian financial instruments led to serious valuation issues for exposed EU funds. In 1H22, 100 Russia-exposed EU funds (EUR 15bn in combined assets) temporarily suspended redemptions. However, funds with material Russian exposures before the invasion account for a very small share of the EU fund population (less than 0.1% of the EU industry). A number of ETFs tracking Russian benchmarks also suspended share creation. While direct impacts of the Russian invasion on funds, such as losses, were limited, existing risks were amplified by the invasion and the deteriorating macroeconomic outlook. Credit, valuation and liquidity risks remained elevated in the bond fund sector, linked to multiple factors. Bond fund exposures to credit risk stayed elevated, especially for HY funds. The credit quality of the portfolio of HY funds remained close to an average rating between BB- and B+ (5-year low). The likelihood of credit risk materialization also increased with the deteriorating macroeconomic environment and rising interest rates, as visible in the higher credit spreads. In comparison, liquidity risk remained steady for corporate bond funds. Based on asset quality and cash holdings, portfolio liquidity remained stable in 1H22.
EU insurers’ exposure to assets issued in Russia, Ukraine and Belarus is also limited. These assets amount to EUR 8.3 bn, less than 0.1% of the total investment of the sector. The exposure to Russia is EUR 6.3 bn, which is 0.066% of total investments and the asset exposure to Ukraine is EUR 1.8 bn, 0.019% of total Investments. The exposure to Belarus is negligible. Most of the investments in Russia are through investment funds (84% of total investments). Within funds, the largest asset classes are represented by sovereign bonds and equities associated to unit linked portfolios. A large share of investments to Russia, Ukraine and Belarus (42%) is in index- and unit-linked portfolios, whose risk is born directly by policyholders.
EU insurers have limited activities in the Russian, Ukrainian and Belarusian markets. A small number of EEA groups are active in those countries through subsidiaries. Their size in terms of total assets is minimal if compared to the total assets of the groups. In terms of liability portfolios exposures are also limited. Total technical provision in Russia, Ukraine and Belarus is EUR 0.36 bn., mostly concentrated in the life business.
With regards to IORPs, asset exposures are also limited, at EUR 7.5 bn. (0.23% of total investments). In absolute numbers this is similar to the exposure of the insurance sector. It is worth noting that the size of the IORPs total investment is smaller with respect to the insurance sector.
In the banking sector, direct exposure to Russia and Ukraine appears limited on an EU level and country level. In 1Q22, exposures of the EU/EEA banking sector were at EUR 75.3bn (ca. 0.3% of total assets) towards Russian counterparties, at EUR 10.0bn towards Ukrainian counterparties, and at EUR 2.0bn towards Belorussian counterparties, slightly decreasing towards the three countries compared to the previous quarter. However, exposures are concentrated in a few countries, and a few banks report an up to 10% share of their exposures towards Russia and Ukraine. Some banks also booked substantive provisions related to their exposure to Russia and related to the deteriorating economic environment in the first quarter of this year.
While immediate, first round implications from the Russian invasion appear contained for financial institutions across sectors, the possibility of second round effects is a source of concern. The invasion, heightened uncertainties and inflation are not only weighing on economic prospects, but also affect consumer- and business confidence. Exposures of economic sectors more sensitive to rising energy- and commodity prices require attention across sectors.
In the insurance sector, second-round effects could emerge via exposures to sectors which, in turn, are highly exposed to the current crisis. Losses in these sectors could have spill-over effects through losses on investments. Two areas could be the most relevant: the exposures of insurers to the banking sector and the exposure to sectors of the economy that are more sensitive to energy and gas prices. Insurers have significant holdings of bank assets, and in this context also hold a significant amount of assets issued by banks that are assumed to be more vulnerable to the evolution of the current crisis. The exposure of EEA insurers to those banks is estimated to only a total amount of EUR 55 bn (0.57% to total investments). Furthermore, insurers have significant asset exposure to sectors sensitive to energy and gas prices.6 The total exposures sum to EUR 174 bn, which includes almost 3% of the equity portfolio of insurers and 7.5% of corporate bond holdings.
In the banking sector, second-round effects could emerge via deteriorating asset quality and further increasing provisioning needs in a deteriorating economic environment. Fee and commission income might also be affected. Banks’ securities portfolios might moreover be negatively affected as fair value declines when interest rates rise. The worsening economic outlook has already resulted in slightly deteriorating early warning indicators for asset quality. The cost of risk increased to 0.51% in 1Q22, a 4bps increase compared to the previous quarter, as borrowers’ debt servicing capacity might be affected by lower economic growth. The increase was mainly driven by the numerator, i.e. by increasing allowances for credit losses. Also, the share of loans allocated under Stage 2 under IFRS increased in 1Q22 and 4Q21, and it another early-warning indicator pointing to slightly deteriorating asset quality. Responses to the EBA RAQ moreover indicate that a majority of banks expect asset quality to deteriorate.
In line with the deteriorating economic outlook and heightened market- and interest rate volatility, bank funding conditions have worsened since the Ukrainian war started and since interest rates increased. Wholesale bank debt spreads have widened for debt and capital instruments across the capital ladder, and particularly for subordinated instruments. Interest rates for bank debt instruments have risen substantially across durations, albeit from extremely low levels. Since the beginning of the war, bank debt issuance activity has been mainly focused on issuing covered bonds, amid challenging market conditions and as banks have begun to roll over expiring long-term central bank funding facilities. Bank funding conditions are likely to stay more challenging while volatility persists and as interest rates continue to rise. Yet current ample liquidity buffers should allow banks to withstand further periods of market turmoil for the time being. In the medium-term, the substitution of expiring extraordinary central bank funding with other sources of funding could prove challenging for some banks.
In spite of positive operating trends in 1Q2022, the outlook for EU bank profitability is subdued. The deteriorating economic environment might affect lending growth and might result in lower loan- and payment-related fee income. Inflationary pressure, higher provisioning needs for expected deteriorating asset quality, costs related to digital transformation and higher compliance costs, e.g. related to the enforcement of sanctions will all likely affect costs, and may offset operating cost savings achieved. While rising rates may have a positive impact on interest income, rising funding costs might also offset additional income from asset repricing.
4 INFLATION AND INTEREST RATE RISKS The Russian aggression and the sanctions applied contributed to inflation pressures via the resulting supply shocks in energy, food and metals commodities, which added to the supply chain bottlenecks related to the pandemic. Higher energy prices particularly contribute to inflation, widely increasing input and distribution costs. In terms of investment impacts, inflation directly lowers real returns. Inflation changes relative attractiveness of assets both across asset classes and within asset classes. Higher inflation reduces the values of existing assets with fixed returns, such as (most) bonds. By reducing short-term growth, higher rates lower profitability and typically reduce equity values. However, if a rate rise is expected to be effective in increasing long-term growth, it can also increase equity values. Inflation has indirect impacts through its effects on actual and anticipated monetary policy, especially interest rate rises, to reduce demand and bring inflation down. Higher interest rates increase returns on savings and raise borrowing and refinancing costs, reducing debt sustainability. Variable-rate loans face higher debt servicing costs, raising credit risk, including for securitizations backed by variable-rate loans.
In the investment fund sector, interest rate risk increased in a context of rising inflation expectations. Fund portfolios with a longer duration will see their value fall, as inflation drives rates up. However, adjustments are already being made in some funds. Bond fund portfolio durations fell in 1H22, remaining higher for Government (7.6 years, down from 8.6 years) and IG bond funds (6.5 years, down from 7.3 years) than for HY funds (4.3 years, down from 4.8 years). Based on current duration, a 100bps increase of in yield could have a potential impact of -7% on bond fund NAV, about EUR 270bn, which could lead to significant fund outflows. In the MMF sector, funds also significantly reduced the weighted average maturity of their portfolios from 44 days to 30 days (a 3-year low) to lower interest rate risk and improve resilience to a rate rise.
As a period of low inflation and low interest rate is coming to an abrupt end, medium-term risks for asset managers are considerable. Impacts on performance and fund flows are likely to vary across asset classes. For example, the recent US increase in rates led to significant reallocation across fund types from bond funds (-4.7% NAV in 1H22) towards funds offering some form of protection against higher rates. To-date, this contrasts with the EU. In 1H22, US cumulative flows into funds offering protection against higher inflation or rates, such as inflation-protected funds (EUR 1.5bn), loan funds (EUR 13.9bn) and commodity funds (EUR 16.3bn), outpaced their EU equivalents.
Inflation can have a significant impact on borrowers and retail investors. It can heighten vulnerabilities of debtors exposed to flexible lending rates, or where low interest rates on their loans will expire in the near term, including in mortgage lending. Inflation can also have large effects on real returns on savings and investments of retail investors both in the immediate term as well as in the long term. Retail investors may be unaware of inflation or not pay enough attention to its effects on their assets and purchasing power. Consumers can suffer from behavioral biases, such as money illusion or exponential growth bias, that can lead to insufficient saving and investing. Moreover, when inflation is rising, the effects of insufficient saving on long-term wealth become more pronounced.
Insurer positions are affected by inflation on both on the asset and liabilities side typically negative net effects for the non-life segment. On the asset side, insurer investments whose market prices are sensitive to inflation will see a direct or indirect impact through movements of the interest rates. On the liability side, inflation affects insurers through higher costs of claims. This is mostly relevant for non-life lines of business, because non-life guarantees are in nominal terms; crucially, insurers’ build-up provisions for future claims payments and in doing so they must make assumptions today about future price developments. Life insurers are less affected by costs of claims, these typically have liabilities in nominal terms, i.e. claims do not increase with the price development; this is because potential future benefits are often stipulated at inception. Higher general costs can have negative profitability implication for both life and non-life. Finally, the sensitivity on inflation and to interest rate depends also crucially on the duration gap of the undertakings: those with positive duration gaps are more likely to be negatively affected by inflation than those with negative long duration gap, such as life insurers.
On the liability side, the price development relevant for claims expenses, i.e. claims inflation, is particularly important for insurers. Claims inflation tends to outpace the general inflation rate, claims cost depends only to a small extent on inflation as measured by the Harmonized Index of Consumer Prices (HICP); the reason is that the goods for which insurers pay are significantly different from those which consumers buy. Moreover, claims of insurers encompass various costs, not just costs of goods and services. For Europe, there are no time series available on estimates of future claims inflation; each insurer makes its own business line specific forecast.
Developments in the term structure and risk premia, which remain uncertain, are also having an impact on the net effect on insurer positions, through their exposure to interest rate sensitive assets and the duration of their liabilities. A potential increase in long-term rates would be accompanied by a repricing of the risk premia, and the negative impact on the asset side would not be limited to the fixed income assets but would be reflected to other asset classes through the reduction of market prices. A similar scenario was tested in the EIOPA 2018 Stress Test exercise (Yield Curve Up scenario). This showed relatively high resilience of the insurance sector as a result of the solid capital buffers of the sector in aggregate.
Insurance products can be sensitive to inflation, policyholders and pension beneficiaries face the risk of inflation eroding the real value of their benefits. This ultimately depends on the particular features and details of each contract sold. In the traditional business case of nominal interest rate guarantees, higher inflation than expected (relative to that already factored in the guarantees) has a negative impact in real terms for the policyholder, while contracts with profit sharing may help policyholder returns. In case of unit-linked policies, the policyholder can select the underlying assets from a range of investments e.g. mutual funds. The allocation could involve assets that provide inflation protection or not. Crucially, it requires policyholder financial knowledge/literacy to navigate through the complex dynamics of how investments affect their benefits. In the last years, the share of unit-linked in the life segment continues to increase, now reaching a peak of 39% since the introduction of Solvency II reporting, notwithstanding the considerable differences in the popularity of unit-linked products that remain across countries.
In the banking sector, increasing interest rates are usually expected to have a positive impact on interest income and on net interest margins (NIMs). Accordingly, a vast majority of banks responding to the spring 2022 EBA RAQ expect a positive impact on their profitability from rising interest rates with a repricing of assets. Both banks and analysts are optimistic about the impact of rising rates, and 85% of banks responding to the RAQ expect rising rates to have a positive impact on their profitability. However, analysts also expect an increase in provisions and impairments (at 80%, compared to 15% in the previous RAQ). Since 2014 NIMs have steadily decreased in the very low interest rate environment, and have remained nearly stable since Q1 2021 (1.25% in Q2 2022).
In spite of positive expectations, historic episodes of rising interest rates globally, as well as bank profitability trends in some European countries with an earlier cycle of increasing interest rates offer some indication that NIM may not improve substantially with rising interest rates. Expectations for a substantively positive impact on profitability may be overly optimistic. For example, during periods of stagflation in the USA between 1971 and 1973 and between 1976 and 1980, the sensitivity of NIM to interest rate rises was negligible. Disclosures from banks’ interest rate risks in the banking book (IRRBB) indicate that a parallel shift up of the yield curve positively affects NII for most banks. Yet, while about half of banks disclosing their IRRBB assume that a 200bp parallel rise of the yield curve will add at least a 10% to their NII, a majority of banks assume a negative net impact on their economic value of equity (EVE), a long-term measure of their interest rate risk.
On the liabilities’ side, bank funding costs have increased considerably in line with rising interest rates, which affects profitability. In the next months, analysts expect a broad-based increase in funding costs, including for deposits. Banks, particularly those relying more on wholesale funding, may be affected by a potential substantial increase in funding costs that could even offset positive effects from asset repricing. Banks that need to further build up their loss absorbing capacity could be particularly affected, as a majority of banks consider pricing as main constraint to issuing instruments eligible for MREL. In line with rising inflation, EU banks’ operating costs are also expected to increase further and have already increased substantially in 1Q22.
While general expectations suggest that banks will benefit from a repricing of assets amid rising interest rates, increasing rates might also affect borrower ability to service their debt, and could thus affect asset quality. Coupled with a deteriorating economic outlook, the rising interest rate environment risks in resulting in a reversal of the long-term trend of declining NPL in the banking sector. Rising rates could also contribute to adjustments to the already high real estate valuations in Europe, while the high levels of real estate exposure of EU banks has been identified as a risk. Monetary tightening might also impact lending growth, when, e.g., tightening is accompanied by lower GDP growth, and so could affect interest income.
5 DIGITAL RELATED RISKS The Russian war in Ukraine and the increasingly volatile geopolitical environment have heightened cybersecurity risks. The frequency of cyber incidents impacting all sectors of activity, as measured by publicly available data, increased significantly in the first quarter of 2022 compared to the same quarter of last year. The potential for escalation involving cyberattacks remains, and a successful attack on a major financial institution or on a critical infrastructure could spread across the entire financial system. Potential consequences also grow ever more far-reaching as the digitalization trend of the financial sector continues. These include disruptions to business continuity, as well as impact on reputation and, in extreme scenarios, liquidity and financial stability. Potential cyberattacks might not be limited to the financial sector only, but also to consumers. In a severe scenario, access to basic services could be impaired, including financial services, and personal data could be compromised.
The sharp market sell-off in May and June 2022 once again demonstrated the extremely volatile and speculative nature of many crypto-assets and related products and the high risks involved for investors, as highlighted in the recent joint-ESAs Warning. The collapse of the Terra ecosystem in May exposed fragilities in stable coins markets, which if left unmanaged, could have ripple effects with negative implications for financial stability, calling for a swift implementation of the Markets in Crypto Assets (MiCA) proposed regulation.
The current geopolitical situation underscores the relevance of the legislation on digital operational resilience (DORA). DORA, which builds on the ESAs Joint Advice in the area of information and communication technology (ICT), is expected to enter into force in early 2023. On 10 May 2022 co-legislators reached a provisional political agreement on its final text. DORA aims to establish a comprehensive framework on digital operational resilience for EU financial entities, and consolidate and upgrade ICT risk requirements spread over various financial services legislation (e.g. PSD2, MiFID, NIS). The geopolitical situation has highlighted some of the risks that DORA will address and underscores the importance of the legislation. The ESAs will be working closely together on the many joint deliverables and new tasks under DORA to help implement the legislation. Moreover, the ESAs, in cooperation with NCAs, have launched a high-level exercise (covering a sample of financial entities) to obtain a better understanding of the exposure of the financial sector to ICT third party providers. The exercise will help authorities and entities to prepare for the forthcoming DORA regime for oversight of critical third-party providers of ICT services.
Digitalization and cyber risks are currently assessed as high and show an increasing trend for the financial sector. In the banking sector, cyber risks are assessed to be very high by both banks and supervisors. The insurance, banking and markets sectors likewise remain on high alert. Since the beginning of the war, cyber-related incidents and disruptions beyond Ukraine and Russia have been rather limited to date, but related risks nevertheless remain unabatedly high. Cyber negative sentiment in the insurance sector, measured as the frequency of negative cyber terms pronounced during insurers’ earning calls, indicates an increased concern in the first quarter of 2022. From an insurance cyber underwriting perspective, cyber-related claims are increasing alongside a growth in the frequency and sophistication of cyber-attacks across financial sectors. In response to increasing cyber-attacks, cyber insurers are strengthening the wording to protect them against losses and could eventually also adjust pricing. Insurers seem to have pushed up attempts to tighten policies and to clarify coverage in the case of a retaliation by Russia and its allies in response to sanctions – the so-called war exclusion, which dictates that losses caused by armed conflict are usually not compensated. In this context, clear communication and disclosure to policyholders on the scope of the coverage and level of protection offered by insurance policies is crucial, in order to avoid a mismatch between their expectations and the actual coverage provided.
Supervisors aim at enhancing monitoring of cyber-related risk framework due to the increased relevance of digitalization and cyber risks. ESMA has recently facilitated increased information-sharing among its competent authorities to ensure supervisors receive timely updates on cyber incidents to inform their work. Turning to the insurance sector, EIOPA has produced exploratory indicators that rely on supervisor responses to the EIOPA Insurance Bottom-Up Survey and on publicly available external data. They will be improved once new supervisory data becomes available. To establish an adequate assessment and mitigation tools to address potential systemic cyber and extreme risks, throughout 2022 and 2023 EIOPA will be working on improving its methodological framework for bottom-up insurance stress tests, including cyber risk.
Aligning IT strategies with business strategies has been a mantra for CIOs for quite a few years. Yet, despite the apparent straightforward nature of the endeavor, many CIOs struggle to achieve that alignment. The rapid rise of digital technologies and transformation has significantly raised the bar — now, CIOs must find synergies and multiplier effects, not just business alignment, and that has a big impact on the creation of IT strategies.
IT strategy logically flows from the enterprise business vision, mission, goals, and strategies — especially digital business strategies. Collectively, they should anchor and guide IT strategy development. Yet IT strategy should also inform business strategy by presenting new and unexpected opportunities and capabilities. CIOs and strategy development stakeholders must cycle back and forth between business and IT strategies to maximize synergies.
CIOs need to find new process-driven approaches to formulating strategy in the new world where technology is found in every aspect of the business. An effective strategy development process is inclusive of all stakeholders,
reliably identifies the most critical business needs and opportunities,
objectively assesses the current state of IT and the enterprise,
surfaces and vets all salient IT strategic initiatives and opportunities,
explains how business and IT success will be measured,
and engages and motivates all those who must embrace, support, and execute the strategy.
This study lays out a process for creating IT strategy. It explains how CIOs can envision and develop new IT strategies, identifies key activities and actions for each step, and provides advice on ensuring effectiveness and adoption of an IT strategy.
Stage 1: Lay Groundwork for New IT Strategy Development Under the duress of executive pressure to transform IT, CIOs may be tempted to jump into formulating new IT strategies without laying the proper groundwork. Like IT itself, however, IT strategy development must extend beyond the boundaries of the IT organization as digital business concerns pervade all aspects of the business, its partners, and its customers. That means that a diverse set of organizations and stakeholders will necessarily be involved in creating new IT strategies. Taking the time to prepare and get all necessary stakeholders onboard, will, however, reduce friction and lead to a faster effort with better results. The groundwork stage is intended to set the stage for all subsequent strategy work.
Key Activities
Identify, contact, and recruit all salient stakeholders. F. Edward Freeman’s work on the Stakeholder Theory lists employees, environmentalists, suppliers, governments, community organizations, owners, media, customers, and competitors. Additional stakeholders would include LOB executives, CIO direct reports, and key partner representatives. Team members must be willing and able to devote the necessary time for the duration of their involvement.
Build trusting relationships among all stakeholders, and gain support for the strategy effort.
Educate nontechnical stakeholders on essentials of digital technologies and digital business and operating models.
Conduct workshops to learn about and select key tools and practices, such as agile, design thinking, value streams, and lean start-up, that can help create a structured framework.
Agree on a strategy development process and governance and oversight for the process.
Define the purpose and desired outcomes for the IT strategy development process.
Review existing IT and enterprise vision, mission, strategy, and goals.
Review IT spend across the entire enterprise.
Create/adopt an agile approach to formulating the IT strategy.
One of the biggest mistakes CIOs can make in formulating an IT strategy is to use ad hoc, nonsystematic approaches that attempt to match technology solutions with highly visible problems.
Modern IT strategies are complex, have multitudes of interdependencies and diverse and powerful stakeholders, and have a material impact on the success or failure of the business. Strategy development is one of the most critical responsibilities — one that requires rigor and a structured approach and processes.
Above all, the IT strategy formulation process needs to be agile, as business environments are continually shifting. A strategy that only adjusts on an annual basis runs the risk at any point in time of being mistargeted. The process needs to continually sense changes in the business ecosystem and prompt decisions about possible changes to the strategy.
Stage 2: Determine Key Business Drivers and Forces IT strategies are intended to move businesses forward by
creating new products and services,
attracting and retaining customers,
entering new markets,
and solving business problems.
In that context, key issues and business drivers are those that constrain the business from moving forward or present opportunities to grow and succeed.
Business and IT strategies exist in a messy world of shifting business, social, technological, economic, and geopolitical forces. Those forces and dynamics make up the business context in which the IT strategy must function and succeed and form the basis for identifying key drivers that will shape and help decide what key initiatives need to be prioritized.
Key drivers are quite individualized to a given business. But they can include
technology emergence and evolution;
global competition and challenges;
competition in the form of new business and/or operating models;
shifting customer and market dynamics — personal, social, and cultural;
geopolitical and regulatory shifts and uncertainties;
environmental and climate impacts;
and threats to privacy and security.
Key Activities
Compile and review trends, disruptions, and forecasts in business, technology, environmental, geopolitical, social, regulatory, and other salient arenas.
Identify the most important forces and drivers that will impact the enterprise and IT.
Describe how the selected drivers will help define the desired future state of the enterprise.
Prioritize and map drivers to time frames in which drivers are expected to be active.
Describe responses that will be needed from the enterprise and IT.
Time phase responses based on projected time frames.
While there may be a multitude of key issues, CIOs need to work with business leaders to select only those that truly move the needle for the business. It’s been said that, when everything is a priority, nothing is a priority and that is true when it comes to IT strategy. IT and LOB executives will have to subordinate the agendas of their own organizations to focus on the drivers that offer the most potential for business benefit to the enterprise. Selecting the most important drivers is critical, as the selected set will define the focus of successive stages of strategy development and the strategy itself.
Stage 3: Assess Current State of the Enterprise, IT, and Business Ecosystem This stage requires an objective assessment of the IT organization, the enterprise, and its ecosystem for attributes and characteristics that could positively or negatively impact the formulation and execution of IT strategies. IT and LOB executives need to have frank discussions about « the good, the bad, and the ugly » aspects of IT and the enterprise. Business leaders can ill afford to launch into implementing strategies that their organizations, markets, and customers are not ready for. The following table provides key facets of IT, enterprises, and ecosystems that should be assessed.
Note that some of the attributes are more germane and important to the IT strategy and others are less so — the goal is not an exhaustive assessment but one that captures the current states that are most important to strategy development. The current state assessment is critical as it is the basis for identifying work that’s needed to reach the desired future state. A flawed or incomplete assessment will result in missed opportunities, failed initiatives, and potential derailment of IT transformation.
Key Activities
Assemble necessary data, market and customer intelligence, and ecosystem intelligence to underpin analysis and decision making.
Identify the most salient and important attributes for assessment.
Create an assessment framework and scoring system.
Describe the current states of the business and IT, using SWOT or other frameworks to assess relative competitiveness and readiness to execute business and IT strategies.
Assess the viability and currency of the existing business strategy.
The current state assessment requires at least a basic framework that identifies the most salient attributes to keep stakeholders from getting too far down in the weeds. The intent is not to put every aspect of IT and the business under a microscope but instead to select attributes of both organizations that need to be addressed by the IT strategy. In support of that aim, the assessment should include a simple scoring system to measure importance (high, medium, low) of each selected attribute and the relative current state (strength, weakness, neutral). And the current state assessment should reflect the viewpoints of employees, managers, customers, partners, and the business’ ecosystem.
Step 4: Define the Future State and Key Initiatives This stage focuses on defining what IT and the enterprise need to look like in the future over one-, two and three-year time frames and the strategic initiatives that will help IT assist the business in achieving that state. In describing the future state and initiatives, it’s critical to find the balance between pragmatic business problem-solving and innovative, aspirational efforts that will engage and motivate stakeholders.
As we noted previously, an agile approach that emphasizes learning and refinement in an iterative staged approach will create more adaptive strategies. Design thinking is another discipline that helps the strategy team frame (or reframe) problems and their solutions from the customers’ perspective to make sure that a prospective initiative and its outcome are important for the target audience. Finally, value streams can be used to help in understanding how a given strategy or initiative creates value and what components are necessary to construct the streams.
Collectively, the tools and practices should be employed in a series of workshops that distill the drivers, issues, and needs identified in the earlier stages of work into prioritized strategic initiatives comprising the IT strategy. Each workshop should focus on one initiative and involve only the stakeholders that are germane to that initiative.
In defining strategic initiatives, the strategy teams should start with a desired business outcome and initiative and then work through the value streams that produce that outcome. Supporting the value streams are IT capabilities:
data,
technology,
talent,
processes,
and governance
necessary to deliver a given outcome. For example, a desired outcome or initiative focused on generating new revenue from appliance service data would require new IT capabilities (sub-initiatives) in data/analytics, product development, digital platforms, and new business model development.
Key Activities
Distill drivers and issues into focused business problems, challenges, and opportunities.
Create and run workshops to brainstorm initiatives and solutions that can address identified business drivers, problems, and needs. Start with divergent thinking to create a wide assortment of potential solutions, moving to convergent thinking to winnow down the solution set.
Evaluate solutions based on constraints including budgets, financial viability, legacy culture and processes, talent availability, and other factors that may obviate some solutions.
« Test » the top solution initiatives with those who will implement or be affected by the initiatives.
Refine based on feedback or reexamine the original drivers and issues to ensure that they are relevant and important.
As powerful digital technologies have become core to business success, IT strategy development has become a « chicken and egg question »: technology or business — which comes first? The answer is « both. » Business needs, strategies, and models obviously drive technology strategies and adoption and will always be the dominant force in setting IT strategy at large enterprises. Yet, without cloud, data/analytics, and machine learning technologies, new business and operating models such as those employed by Uber, Lyft, Google, and others simply could not exist. Business strategies need to be the starting point and anchor for IT strategies, but at times, they will be shaped, if not driven, by new and emerging technologies.
Stage 5: Determine Metrics and KPI Success Measures In the spirit of the old saying that « you can’t manage what you don’t measure, » this stage focuses on identifying key metrics and KPIs to measure the success (or lack thereof) of the IT strategy and specific strategic initiatives. Embedding top-level KPIs and metrics in the strategy is a means to ensure they become integral to the execution of the strategy — not an afterthought. It also helps ensure that the same stakeholders that define the strategy and initiatives identify the most meaningful metrics. And the metrics themselves are important to help fine-tune initiatives and target those that aren’t succeeding.
Key Activities
Discuss how metrics and KPIs will be used and who will manage them.
Discuss what strategy success looks like and whether there are thresholds of attainment.
Start with desired business outcomes for each initiative, and identify key dimensions that measure performance.
Identify metrics and KPIs that measure the outcomes in terms that will be useful to the CIO and LOB executives to fix problems or sunset initiatives that aren’t effective.
It’s important to favor outcome or impact measures (e.g., sales growth, process cost reduction) over activity measures (e.g., website visits, projects completed) as the former measure the health and the viability of IT and the business while the latter often turn into vanity metrics. Also important is creating metrics that help assess the success of IT strategy implementation and the business outcomes that result from execution.
Step 6: Package and Communicate the IT Strategy Having formulated their IT strategy, it’s easy for CIOs and key stakeholders to think that the heavy lifting is done — all that’s left is to tell the rest of the company what the strategy is and then let the execution begin. Unfortunately, that is a surefire recipe for creating an IT strategy that is ignored, discounted, or unmoored. There are many possible reasons for nonsupport, including
lack of understanding of the strategy and why it’s important,
competing or conflicting interests and objectives on the part of executives,
and failure to embrace and take ownership of execution.
Another simple reason is that the strategy lacks « stickiness » — it isn’t memorable and hence is quickly forgotten. Strategies can be made stickier by using themes to describe initiatives. Instead of « digitally transforming CX, » think « creating memorable customer moments, » or instead of « improving business intelligence capabilities, » think « uncovering insights that score business success. » Finally, IT strategy must be presented in the context of the enterprise business strategy and should clearly flow from and support that strategy.
Key Activities
Identify all target audiences for the strategy and their top-level interests.
Create a communication strategy and plan.
Craft stories for each theme and initiative that tie IT initiatives to enterprise vision, mission, goals, and strategies.
Clearly identify the roles each target audience will play — enactor, supporter, contributor, or beneficiary.
CIOs and strategy team members should create different versions of documents and presentations for each significant target audience. Viewers should feel like their unique interests and needs were considered and addressed in the formulation of strategies. Also important is to create stories that explain the strategy using « day in the life » or similar narratives instead of dry descriptive material.
Summary Of Findings Overview of big tech’s activities in quantum Big tech’s quantum activity is ramping up quickly
Google, Microsoft, Amazon, IBM, and Intel are all developing their own quantum computing hardware. Big tech companies have been behind several breakthroughs in the space.
In July 2021, Microsoft’s venture arm took part in a $450M round to PsiQuantum—the most well-funded quantum computing startup in the world.
Cloud is a key area of quantum competition for big tech
Google, Microsoft, Amazon, and IBM have all launched quantum computing services on their cloud platforms.
Startups have partnered with big tech companies to offer remote access to a broad range of quantum computers.
What’s next?
Big tech forges ahead with quantum advances. Google, Microsoft, Amazon, IBM, and Intel all have ambitious quantum roadmaps.
Expect rising qubit counts and more frequent demonstrations of commercial applications.
Watch for quantum computing to become a hot geopolitical issue, especially for US-China relations.
Expect big tech companies, including China-based Baidu and Alibaba, to be drawn deeper into political debates.
In the US, government efforts to rein in big tech could be countered by officials nervous about keeping up with countries racing ahead with quantum technology.
Other big tech players could join the fray.
Facebook and Apple have not announced quantum tech initiatives, but both will be monitoring the space and have business lines that could benefit from quantum computing.
THEME #1: GOOGLE IS BUILDING CUTTING-EDGE QUANTUM TECHNOLOGY
Alphabet has a software-focused quantum team called Sandbox that is dedicated to applying quantum technology to near-term enterprise use cases. Sandbox operates mostly in stealth mode; however, recent job postings and past comments from its leadership indicate that its work includes:
Quantum sensors —There are hints that Sandbox is working on a hypersensitive magnetism-based diagnostic imaging platform, possibly an MEG system for reading brain activity, that combines quantum-based sensitivity gains (tens of thousands of times more sensitive than typical approaches) with quantum machine learning to disentangle a signal from background noise to boost sensitivity. This could allow for more precise scans or for cheaper, more flexible deployments of magnetic-based imaging devices for use beyond hospital settings, as well as improved access in lower-income countries.
Post-quantum cryptography (PQC)—Quantum computers threaten much of the encryption used on the internet. Post-quantum cryptography will defend against this. Expect Sandbox’s work to be focused on helping enterprises transition to PQC and making Alphabet’s sprawling online services quantum-safe.
Distributed computing —This tech allows computers to coordinate processing power and work together on problems. Sandbox’s work here may focus on integrating near-term quantum computers into distributed computing networks to boost overall capabilities. Another approach would be to use quantum optimization algorithms to help manage distributed networks more efficiently.
THEME #2: GOOGLE HAS MADE SCIENTIFIC BREAKTHROUGHS
THEME #3: GOOGLE COULD BENEFIT FROM A QUANTUM AI RIPPLE EFFECT
THEME #1: MICROSOFT IS POSITIONING ITSELF AS AN EARLY QUANTUM CLOUD LEADER
THEME #2: MICROSOFT WANTS ITS OWN QUANTUM HARDWARE
THEME #3: MICROSOFT IS A POST-QUANTUM CRYPTOGRAPHY PIONEER
THEME #1: AMAZON SEES QUANTUM COMPUTERS AS KEY TO THE FUTURE OF AWS
THEME #2: AMAZON IS DEVELOPING ITS OWN QUANTUM HARDWARE
THEME #3: AMAZON’S CURRENT BUSINESS LINES COULD BE GIVEN A BIG BOOST BY QUANTUM COMPUTERS
THEME #1: IBM IS GOING AFTER THE FULL QUANTUM COMPUTING STACK
THEME #2: IBM POSITIONS ITSELF AS THE ESSENTIAL QUANTUM COMPUTING PARTNER FOR ENTERPRISES
bleu-azur-consulting.eu 