EIOPA: Peer review assessing how National Competent Authorities (NCAs) supervise and determine whether an insurer’s set­ting of key functions fulfils the legal requirements of Solvency II

The main task of the European Insurance and Occupational Pensions Authority (EIOPA) is to

  • enhance supervisory convergence,
  • strengthen consumer protection
  • and preserve financial stability.

In the context of enhancing supervisory convergence and in accordance with its mandate, EIOPA regularly conducts peer reviews, working closely with national competent authorities (NCAs), with the aim of strengthening both the convergence of supervisory practices across Europe and the capacity of NCAs to conduct high-quality and effective supervision.

In line with its mandate, the outcome of peer reviews, including identified best practices, are to be made public with the agreement of the NCAs that have been subject to the review.

BACKGROUND AND OBJECTIVES

Enhancing the governance system of insurers is one of the major goals of Solvency II (SII). The four key functions (risk management, actuarial, compliance and internal audit) as required under the SII regulation are an essential part of the system of governance. These key functions are expected to be operationally independent to ensure an effective and robust internal control environment within an insurer and support high quality of decision making by the management. At the same time it is also important that these governance requirements are not overly burdensome for small and medium-sized insurers. Therefore SII allows NCAs to apply the principle of proportionality in relation to compliance with key function holder requirements for those insurers.

Under SII, insurers may combine key functions in one holder. However, such combinations have to be justified by the principle of proportionality and insurers need to properly address the underlying conflicts of interest. Holding a key function should generally not be combined with administrative, management or supervisory body (AMSB) membership or with operational tasks because of their controlling objective. Thus, these combinations should rather occur in exceptional cases, taking into account a risk-based approach and the manner in which the insurer avoids and manages any potential conflict of interest.

This peer review assesses how NCAs supervise and determine whether an insurer’s setting of key functions fulfils the legal requirements of SII with a particular emphasis on proportionality. The peer review examines practices regarding:

  • combining key functions under one holder;
  • combining key functions with AMSB membership or with carrying out operational tasks;
  • subordination of one key function under another key function;
  • split of one key function among several holders;
  • assessment of the fitness of key function holders; and
  • outsourcing of key functions.

The period examined under the scope of this peer review was 2016 but also covered supervisory practices executed before 2016 in the preparatory stage of SII. The peer review was conducted among NCAs from the European Economic Area (EEA) on the basis of EIOPA’s Methodology for conducting Peer Reviews (Methodology).

Detailed information was gathered in the course of the review. All NCAs completed an initial questionnaire. This was followed by fieldwork comprising visits to 8 NCAs and 30 conference calls.

MAIN FINDINGS

The review showed that NCAs in general apply the principle of proportionality and that they have adopted similar approaches.

SUMMARY RESULTS OF THE COMPARATIVE ANALYSIS

  • Supervisory framework: Approximately half of NCAs use written supervisory guidance for the application of the principle of proportionality. Larger NCAs in particular use written supervisory guidance in order to ensure consistency of their supervisory practice among their supervisory staff.
  • Approach of NCAs: Most NCAs have a similar approach. NCAs assess the insurers’ choice of key function holders at the time of initial notification regarding the key function holder’s appointment. If any concerns are noted at this stage, for example regarding combinations or fitness, NCAs generally challenge and discuss these issues with the insurer, rather than issuing formal administrative decisions.
  • Combining key functions in one holder: This occurs in almost all countries. The most frequent combinations are between risk management and actuarial functions and between risk management and compliance functions. Combinations are most commonly used by smaller insurers but are also seen in large insurers. EIOPA has identified the need to draw the attention of NCAs to the need to challenge combinations more strongly, especially when they occur in bigger, more complex insurers, and to ensure that adequate mitigation measures are in place to warrant a robust system of governance.
  • Holding the internal audit function and other key functions: The combination of the internal audit function with other key functions occurs in 15 countries, although the frequency of such combinations is relatively low. Moreover, there were cases of the internal audit function holder also carrying out operational tasks which could lead to conflicts of interest and compromise the operational independence of the internal audit function. It is important to emphasise that the legal exemption of Article 271 of the Commission Delegated Regulation EU (2015/35) does not apply to the combination with operational tasks.
  • Combining a key function holder with AMSB membership: Most NCAs follow a similar and comprehensive approach regarding the combination of key function holder and AMSB member. In this regard, NCAs accept such cases only if deemed justified under the principle of proportionality. This peer review shows that two NCAs request or support combinations of AMSB member and the risk management function holder regardless of the principle of proportionality in order to strengthen the knowledge and expertise regarding risk management within the AMSB.
  • Combining key function holders (excluding internal audit function holder) with operational tasks: In nearly all countries combinations of risk management, actuarial and compliance key function holders with operational tasks occur, but such combinations generally occur rarely or occasionally. However, several NCAs do not have a full market overview of such combinations with operative tasks. Adequate mitigating measures are essential to reduce potential conflicts of interest when key function holders also carry out operational tasks. The most common combinations are the compliance function holder with legal director and the risk management function holder with finance director.
  • Splitting a key function between two holders: About half of the NCAs reported cases where more than one individual is responsible for a particular key function (‘split of key function holder’). The most common split concerns the actuarial function (split between life and non-life business). NCAs should monitor such splits in order to maintain appropriate responsibility and accountability among key function holders.
  • Subordination of a key function holder to another key function holder or head of operational department: This is observed in half of the countries reviewed. An organisational subordination can be accepted, but there needs to be a direct ‘unfiltered’ reporting line from the subordinated key function holder to the AMSB. In cases of subordination, conflicts of interest have to be mitigated and operational independence needs to be ensured including the mitigating measures concerning the remuneration of the subordinated key function holders.
  • Fitness of key function holders: Most NCAs assess the fitness of the key function holder at the time of initial notification and apply the principle of proportionality. Several NCAs did not systematically assess the key function holders appointed before 2016. These NCAs are advised to do so using a risk-based approach.
  • Outsourcing of key function holders: Most NCAs have observed outsourcing of key function holders. According to the proportionality principle, an AMSB member may also be a designated person responsible for overseeing and monitoring the outsourced key function. Eight NCAs make a distinction between intra-group and extra-group outsourcing and six NCAs do not require a designated person in all cases, which may give rise to operational risks.

BEST PRACTICES

Through this peer review, EIOPA identified four best practices.

  • When NCAs adopt a structured proportionate approach based on the nature, scale and complexity of the business of the insurer regarding their supervisory assessment of key function holders and combination of key function holders at the time of initial notification and on an ongoing basis. The best practice also includes supervisory documentation and consistent and uniform data submission requirements (for example an electronic data submission system for key function holder notification). This best practice has been identified in Ireland and the United Kingdom.
  • When an NCA has a supervisory panel set up internally which discusses and advises supervisors about complex issues regarding the application of the proportionality principle in governance requirements regarding key functions. This best practice has been identified in the Netherlands.
  • When assessing the combination of key function holder with AMSB member, EIOPA considers the following as best practice for NCAs:
    • To publicly disclose the NCA’s expectations that controlling key functions should generally not be combined with operational functions for example with the membership of the AMSB. Where those cases occur, NCAs should clearly communicate their expectation that the undertaking ensures that it is aware of possible conflicts of interest arising from such a combination and manages them effectively.
    • To require from insurers that main responsibilities as a member of the AMSB do not lead to a conflict of interest with the tasks as a key function holder.
    • To assess whether the other AMSB members challenge the key function holder also being an AMSB member.

This best practice has been identified in Lithuania.

  • When NCAs apply a risk-based approach for the ongoing supervision that gives the possibility to ensure the fulfilment of fitness requirements of KFHs at all times by holding meetings with key function holders on a regular scheduled basis as part of an NCA’swork plan (annual review plan). The topics for discussion for those meetings can vary, depending for example on actual events and current topics. This best practice has been identified in Ireland and the United Kingdom.

These best practices provide guidance for a more systematic approach regarding the application of the principle of proportionality as well as for ensuring consistent and effective supervisory practice within NCAs.

EIOPA NCA KFH

Click here to access EIOPA’s full report on its Peer Review

 

The Prudential Regulation Authority’s approach to insurance supervision

UK’s Insurance Supervisory Body PRA just published a very interesting paper describing it’s purpose and it’s working principles. Even if Bexit will exclude PRA from EIOPA associated supervisory bodies, this paper should be considered as being landmark as most of the EIOPA associated bodies didn’t go this way of transparency and methodology yet, despite EIOPA having set a framework at least for some of these issues, crucial for insurers to manage thair risk and capital requirements.

« We, the Prudential Regulation Authority (PRA), as part of the Bank of England (‘the Bank’), are the UK’s prudential regulator for deposit-takers, insurance companies, and designated investment firms.

This document sets out how we carry out our role in respect of insurers. It is designed to help regulated firms and the market understand how we supervise these institutions, and to aid accountability to the public and Parliament. The document acts as a standing reference that will be revised and reissued in response to significant legislative and other developments which result in changes to our approach.

This document serves three purposes.

  1. First, it aids accountability by describing what we seek to achieve and how we intend to achieve it.
  2. Second, it communicates to regulated insurers what we expect of them, and what they can expect from us in the course of supervision.
  3. Third, it is intended to meet the statutory requirement for us to issue guidance on how we intend to advance our objectives.

It sits alongside our requirements and expectations as published in the PRA Rulebook and our policy publications.

EU withdrawal

Our approach to advancing these objectives will remain the same as the UK withdraws from the EU. Our main focus is on trying to ensure that the transition to our new relationship with the EU is as smooth and orderly as possible in order to minimise risks to our objectives.

Our approach to advancing our objectives

To advance our objectives, our supervisory approach follows three key principles – it is:

  1. judgement-based;
  2. forward-looking; and
  3. focused on key risks.

Across all of these principles, we are committed to applying the principle of proportionality in our supervision of firms.

PRA1

Identifying risks to our objectives

The intensity of our supervisory activity varies across insurers. The level of supervision principally reflects our judgement of an insurer’s potential impact on policyholders and on the stability of the financial system, its proximity to failure (as encapsulated in the Proactive Intervention Framework (PIF), which is described later), its resolvability and our statutory obligations. Other factors that play a part include the type of business carried out by the insurer and the complexity of the insurer’s business and organisation.

Our risk framework

We take a structured approach when forming our judgements. To do this we use a risk assessment framework. The risk assessment framework for insurers is the same as for banks, but is used in a different way, reflecting our additional objective to contribute to securing appropriate policyholder protection, the different risks to which insurers are exposed, and the different way in which insurers fail.

Much of our proposed approach to the supervision of insurers is designed to deliver the supervisory activities which the UK is required to carry out under Solvency II.

The key features of Solvency II are:

  • market-consistent valuation of assets and liabilities;
  • high quality of capital;
  • a forward-looking and risk-based approach to setting capital requirements;
  • minimum governance and effective risk management requirements;
  • a rigorous approach to group supervision;
  • a Ladder of Intervention designed to ensure intervention by us in proportion to the risks that a firm’s financial soundness poses to its policyholders;
  • and strong market discipline through firm disclosures.

Some insurers fall outside the scope of the Solvency II Directive (known as non-Directive firms), mainly due to their size. These firms should make themselves familiar with the requirements for non-Directive firms.

PRA2

Supervisory activity

This section describes how, in practice, we supervise insurers, including information on our highest decision-making body and our approach to authorising new insurers. As part of this, it describes the Proactive Intervention Framework (PIF) and our high-level approach to using our legal powers. For UK insurers, our assessment covers all entities within the consolidated group.

PRA3

Proactive Intervention Framework (PIF)

Supervisors consider an insurer’s proximity to failure when drawing up a supervisory plan. Our judgement about proximity to failure is captured in an insurer’s position within the PIF.

Judgements about an insurer’s proximity to failure are derived from those elements of the supervisory assessment framework that reflect the risks faced by an insurer and its ability to manage them, namely, external context, business risk, management and governance, risk management and controls, capital, and liquidity. The PIF is not sensitive to an insurer’s potential impact or resolvability.

The PIF is designed to ensure that we put into effect our aim to identify and respond to emerging risks at an early stage. There are five PIF stages, each denoting a different proximity to failure, and every insurer sits in a particular stage at each point in time. When an insurer moves to a higher PIF stage (ie as we determine the insurer’s viability has deteriorated), supervisors will review their supervisory actions accordingly. Senior management of insurers will be expected to ensure that they take appropriate remedial action to reduce the likelihood of failure and the authorities will ensure appropriate preparedness for resolution. The intensity of supervisory resources will increase if we assess an insurer has moved closer to breaching Threshold Conditions, posing a risk of failure and harm to policyholders.

An insurer’s PIF stage is reviewed at least annually and in response to relevant, material developments. (…) »

Click here to access PRA’s detailed paper

How the Distinct Roles of Internal Audit and the Finance Function Drive Good Governance

How the Distinct Roles of Internal Audit and the Finance Function Drive Good Governance

Effective governance involves many individuals and departments throughout an organization, including the Board of Directors, executive management, finance, and internal audit, among others. Yet each of these groups has a different set of skills and responsibilities. To successfully identify and manage risk, they must come together to create and maintain a sound system of corporate governance.

The insights shared here by 11 governance experts offer important perspective as to how finance and internal audit collaborate to support corporate governance, despite their distinct and separate missions.

Interviewees provided perceptions and experiences and shared best practices, as well as challenges, that they have encountered on their quest to achieve effective governance. These contributors come from organizations around the world that differ in size, industry, and management configurations. Several experienced governance from within both the finance function and internal audit.

A few shared perceptions include:

  • The Board of Directors is responsible for setting the proper tone for the organization;
  • It is critical to purposefully develop a consistent culture throughout the organization, driven by the CEO and senior management; and
  • Communication and coordination across complementary functions is vital.

Keys To Achieving Good Governance

There are many different definitions of governance. According to The Institute of Internal Auditors (hereafter The IIA), governance is “the combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives.

The International Federation of Accountants (hereafter IFAC) uses a slightly different definition which focuses more on the creation of strategic objectives and stakeholder value, “Governance is to create and optimize sustainable organizational success and stakeholder value, balancing the interests of the various stakeholders. It comprises arrangements put in place to ensure that organizations define and achieve intended outcomes.

Both definitions suggest that good governance and the achievement of organizational success are not the responsibility of the Board alone, but rather the outcome of a mosaic of organizational policies, processes, and cross-functional interactions.

When asked to provide the key objectives of governance, interviewees shared a number of different perspectives. Most frequently, good governance was defined as representing the interests of stakeholders by setting appropriate objectives and driving a culture that supports them.

Three LoD

Click here to acces IFAC and IIA’s detailed article

Front Office Risk Management Technology

A complex tangle of embedded components

Over the past three decades, Front Office Risk Management (FORM) has developed in a piecemeal way. As a result of historical business drivers and the varying needs of teams focused on different products within banks, FORM systems were created for individual business silos, products and trading desks. Typically, different risk components and systems were entwined and embedded within trading systems and transaction processing platforms, and ran on different analytics, trade capture and data management technology. As a result, many banks now have multiple, varied and overlapping FORM systems.

Increasingly, however, FORM systems are emerging as a fully fledged risk solution category, rather than remaining as embedded components inside trading systems or transactional platforms (although those components still exist). For many institutions FORM, along with the frontoffice operating environment, has fundamentally changed following the global financial crisis of 2008. Banks are now dealing with a wider environment of systemically reduced profitability in which cluttered and inefficient operating models are no longer sustainable, and there are strong cost pressures for them to simplify their houses.

Equally, a more stringent and prescriptive regulatory environment is having significant direct and indirect impacts on front-office risk technology. Because of regulators’ intense scrutiny of banks’ capital management, the front office is continuously and far more acutely aware of its capital usage (and cost), and this is having a fundamental impact on the way the systems it uses are evolving. The imperative for risk-adjusted pricing means that traditional trading systems are struggling to cope with the growing importance of and demand for Valuation Adjustment (xVA) systems at scale. Meanwhile, regulations such as the Fundamental Review of the Trading Book (FRTB) will have profound implications for frontoffice risk systems.

As a result of these direct and indirect regulatory pressures, several factors are changing the frontoffice risk technology landscape:

  • The scale and complexity involved in data management.
  • Requirements for more computational power.
  • The imperative for integration and consistency with middle-office risk systems.

Evolving to survive

As banks recognize the need for change, FORM is slowly but steadily evolving. Banks can no longer put off upgrades to systems that were built for a different era, and consensus around the need for a flexible, cross-asset, externalized front-office risk system has emerged.

Over the past few years, most Tier 1 and Tier 2 banks have started working toward the difficult goal of

  • standardizing,
  • consolidating
  • and externalizing

their risk systems, extracting them from trading and transaction processing platforms (if that’s where they existed). These efforts are complicated by the nature of FORM – specifically that it cuts across several functional areas.

Vendors, meanwhile, are struggling with the challenges of meeting the often contradictory nature of front-office demands (such as the need for flexibility vs. scalability). As the frontoffice risk landscape shifts under the weight of all these demand-side changes, many leading vendors have been slow to adapt to the significant competitive challenges. Not only are they dealing with competition from new market entrants with different business models, in many instances they are also playing catch-up with more innovative Tier 1 banks. What’s more, the willingness to experiment and innovate with front-office risk systems is now filtering down to Tier 2s and smaller institutions across the board. Chartis is seeing an increase in ‘build and buy’ hybrid solutions that leverage open-source and open-HPC2 infrastructure.

The rapid development of new technologies is radically altering the dynamics of the market, following several developments:

  • A wave of new, more focused tools.
  • Platforms that leverage popular computational paradigms.
  • Software as a Service (SaaS) risk systems.

More often than not, incumbent vendors are failing to harness the opportunities that these technologies and new open-source languages bring, increasing the risk that they could become irrelevant within the FORM sector. Chartis contends that, as the market develops, the future landscape will be dominated by a combination of agile new entrants and existing players that can successfully transform their current offerings. Vendors have many different strategies in evidence, but the evolution required for them to survive and flourish has only just begun.

With that in mind, we have outlined several recommendations for vendors seeking to stay relevant in the new front-office risk environment:

  • Above all, focus on an open, flexible environment.
  • Create consistent risk data and risk factor frameworks.
  • Develop highly standardized interfaces.
  • Develop matrices and arrays as ‘first-class constructs’.
  • Embrace open-source languages and ecosystems.
  • Consider options such as partnerships and acquisitions to acquire the requisite new skills and technology capabilities in a relatively short period of time.

Chartis

Click here to access Chartis’ Vendor Spotlight Report

Anlalytics Behind The Perfect Risk Score & Predictive Model

We are living in a progressively more connected world where smarter products and changing consumer expectations are disrupting nearly every industry. While the connected world is data intensive, complex to manage and challenging to harness, the opportunities for generating more value and new propositions are nearly endless.

Octo Telematics has invested in the development of algorithms and analytical tools to help our industry partners maximize opportunities from the connected world – and we continue to do so today. Through actionable intelligence based on the accurate analysis of data, industry partners can differentiate their products and services with innovative customer experiences.

In building globally recognized analytical capabilities to serve the global insurance marketplace, Octo Telematics acquired the usage-based insurance (UBI) assets of Willis Towers Watson, including its market-leading DriveAbility® solution. DriveAbility aggregates and analyses granular telematics and insurance data to provide an industry-leading driving score and assist insurers to design, score, issue and bind telematics-based insurance policies. It also facilitates relationships between stakeholders including automotive OEMs, telecommunication companies and insurers to present convenient, personalized insurance offers to customers using pre-analyzed driving data. Today, a strategic alliance with Willis Towers Watson on additional opportunities continues to enhance both companies’ suite of products and services.

Historically, insurance companies have made underwriting and pricing decisions based on static risk factors that are largely proxies for how, how much, when and where a vehicle is operated. By leveraging actual driving data, data scientists can build telematics-based risk scores that are significantly more predictive than any risk factor used by insurance companies today.

To get the full value from telematics, data scientists must have the right data and employ different techniques than those used for traditional actuarial analysis. Done correctly, insurers can create a score that provides

  • double-digit lift,
  • optimizes the lift above and beyond traditional factors
  • and identifies factors that cause accidents to happen.

Failure to follow best practices for model development will result in sub-optimal lift that makes the business case less compelling. Lift is just one factor that should be considered. To be truly effective, any risk score should also be transparent, cost-effective, flexible, implementable and acceptable to regulatory bodies. Even the most predictive scores may not be effective if they fail one or more of these categories.

Octo

Click here to access OCTO’s White Paper

Les besoins verticaux définissent la marche à suivre pour les transformations de produits numériques et les stratégies

Les initiatives de transformation numérique se déroulent différemment selon les secteurs verticaux et les entreprises, en fonction des besoins métiers en jeu. Lorsque les entreprises subissent des transformations numériques, elles se concentrent souvent sur

  • les processus informatiques,
  • les ventes et le marketing

avant le développement des produits. Cependant, ce rapport expliquera aux DSI et aux directeurs de la technologie comment les entreprises de différents secteurs verticaux utilisent l’organisation produits comme catalyseur de leur transformation numérique, et comment cette décision améliore leurs relations avec les clients.

Principales conclusions

Les sociétés de produits physiques se concentrent sur l’IoT

Pour les organisations produits physiques, l’étape évidente vers une entreprise numérique consiste souvent à connecter des produits et des actifs. Il s’agit d’une tâche complexe qui nécessite

  • une infrastructure technologique intégrée,
  • une grande compétence dans la connectivité et l’Internet des objets (IoT),
  • ainsi qu’une logique claire sur la façon dont les produits connectés répondront aux besoins de leurs clients.

Les sociétés de services construisent des plates-formes numériques orientées client

Les entreprises du secteur des services basculeront vers le commerce numérique grâce à des plateformes numériques axées sur la clientèle. Ces projets doivent être

  • faciles à utiliser,
  • évolutifs
  • et intégrés aux partenaires de l’écosystème

afin de créer de la valeur pour les clients.

Diapositive1

Cliquez ici pour accéder à l’analyse détaillée de Forrester

Taking Digital Regulatory Reporting from Concept to Reality

In its Digital Regulatory Reporting (DRR) project, the U.K. Financial Conduct Authority (FCA), in conjunction with the Bank of England, has invited financial institutions to explore ways to work smarter on these activities by delegating much of the hard work to technology. Success in the endeavour, as the FCA put it, “opens up the possibility of a model driven and machine readable regulatory environment that could transform and fundamentally change how the financial services industry understands, interprets and then reports regulatory information.

Part of the project’s work program was a twoweek “TechSprint,” held in November 2017, that was intended to test the feasibility of fully automated regulatory reporting with straightthrough processing of regulatory submissions. Among the anticipated benefits, accruing to financial institutions and regulators alike, are

  • greater accuracy in data submissions
  • and reduced time, cost and overall effort in generating them.

The TechSprint demonstrated that DRR could be accomplished under such controlled testing conditions and provided a proof of concept. Since then the program has held an extended pilot, as well as industry-led roundtable discussions bringing industry experts together, to try to determine whether and how DRR could be scaled up and put into practice in the real world.

The chief aim of the roundtables is to go over issues – legal, technological and regulatory – that could facilitate or impede the introduction of DRR. Participants in the latest and final one, held in London in June and hosted by Wolters Kluwer, seemed intent on contemplating the limitations of the concept: attempting to identify what a system might be able to do by acknowledging what it most likely will not be able to do.

One thorny matter that was highlighted involves a potential conflict between DRR, which participants generally agreed would be most effective following hard and fast rules – ideally by using a standardized model encompassing many supervisory frameworks employed across multiple jurisdictions – and the principles-based supervisory architecture that has evolved since the global financial crisis. If a substantial portion of the reporting process is handed over to machines, will management judgment be forced to take a back seat in matters of risk management, compliance and overall governance? Put another way, how compatible would DRR be with postcrisis supervisory architecture if interpretation of regulations by bankers is deemed a feature of the latter and a bug of the former?

Diapositive1

Click here to access Wolters Kluwers detailed analysis