EIOPA Insurance Risk Dashboard: Risk exposures for the European insurance sector – July 2019

Risk exposures for the European insurance sector remain overall stable.

Macro and market risks are now at a high level due to a further decline in swap rates and lower returns on investments in 2018 which put strain on those life insurers offering guaranteed rates. The low interest rate environment remains a key risk for the insurance sector.

Credit risks continue at medium level with broadly stable CDS spreads for government and corporate bonds.

Profitability and solvency risks increased due to lower return on investments for life insurers observed in year-end 2018 data; SCR ratios are above 100% for most undertakings in the sample even when excluding the impact of the transitional measures.

Market perceptions were marked by a performance of insurers’ stocks broadly in line with overall equity markets, while median CDS spreads have slightly increased. No change was observed in insurers’ external ratings and rating outlooks.

RD 719 1

Macro risks are now at a high level. Since the April 2019 assessment, swap rates have further declined for all the currencies considered (EUR, GBP, CHF, USD). The indicator on credit-to-GDP gaps has deteriorated due to a more negative gap in the Euro area. Key policy rates remained unchanged and the rate of expansion of major central banks’ (CB) balance sheets is now close to zero. Recent monetary policy decisions suggest that some degree of monetary accomodation is still to be expected for the forseeable future.

Credit risks remained stable at medium level. Since the previous assessment, spreads have remained broadly stable for all corporate bond segments except financials (unsecured). The average credit quality of insurers’ investments remained broadly stable, corresponding to an S&P rating between AA and A, while the share of below investment grade assets remains limited.

Market risks are now at a high level. Volatility of the largest asset class, bonds, remained broadly stable compared to the January’s assessment, whereas equity market volatility spiked in June 2019. Newly available annual information shows a decline in the spread of investment returns over the guaranteed rates to negative values in 2018, mainly due to lower investment returns. The mismatch between the duration of assets and liabilities remained broadly stable in the same period.

Liquidity and funding risks remained stable at medium level. Liquidity indicators have remained broadly unchanged since the previous quarter, while funding indicators such as the average ratio of coupons to maturity and the average multiplier for catastrophe bond issuance increased.

Profitability and solvency risks remain at medium level but show an increasing trend. This is mainly due to newly available data on the return on investments for life solo undertakings, which was considerably lower in 2018 than in the preceding year. SCR ratios are above 100% for the majority of insurers in the sample even when excluding the impact of the transitional measures on technical provisions and interest rates. The proportion of Tier 1 capital in total own funds remains high across the whole distribution and the share of expected profit in future premiums in eligible own funds is below 15% for most undertakings in the sample.

Interlinkages and imbalances risks remained at medium level in Q1-2019. A minor increase is observed for exposures to banks, while the opposite is true for exposures to other financial institutions. An increase has been reported in the share of premiums ceded to reinsurers.

Insurance risks remained constant at a medium level. Median premium growth of life and non-life business remains positive and a reduction has been reported in insurance groups’ loss ratios and cat loss ratios.

Market perceptions remained constant at medium level. Insurance groups stocks’ performance was broadly in line with the overall market. Median insurers’ CDS spreads have increased, while external ratings have remained unchanged.

RD 719 2

Click here to access EIOPA’s Risk Dashboard July 2019

EIOPA : Sound Regulation in an Evolving Landscape

Regulation is only effective for as long as it remains relevant. While EIOPA is evolving into a supervisory-focused organisation, it pays close attention to how regulation is applied and how effective it remains, with a view to reinforcing cross-sectoral consistency and improving fairness and transparency and with a focus on better and smart regulation.

INSURANCE

  • SOLVENCY II REVIEW

Since the successful implementation of Solvency II Directive in 2016, EIOPA played an important role in monitoring its consistent implementation and during 2018 was able to provide valuable input into preparations for its review.

EIOPA provided advice to the European Commission on the review of the Solvency Capital Requirement based on an in-depth analysis of 29 different elements of the Standard Formula. The advice focused on increasing proportionality, removing unjustified constraints to financing the economy and removing technical inconsistencies.

EIOPA proposed further simplifications and reduced the burden to insurers by:

  • Further simplifying calculations for a number of sub-modules of the Solvency Capital Requirement (SCR) such as natural, man-made and health catastrophes, in particular fire risk and mass accident;
  • Simplifying the use of external credit ratings in the calculation of the SCR (an issue especially relevant for small insurers);
  • Reducing the burden of the treatment of lookthrough to underlying investments;
  • Developing simplifications in the assessment of lapse and counterparty default risks;
  • Recommending the use of undertaking specific parameters for reinsurance stop-loss treaties.

Furthermore, one of the major technical inconsistencies found related to the calculation of interest rate risk, which did not capture very low or even negative interest rates. EIOPA recommended to adjust the methodology using a method already adopted by internal model users and, given the material impact on capital requirements, suggested to implement it gradually over three years.

EIOPA also carried out an analysis of the loss-absorbing capacity of deferred taxes practices. In face of the evidence of wide diversity, especially concerning the projection of future profits, EIOPA proposed a set of key principles that will ensure greater convergence and level playing field, while maintaining a certain degree of flexibility.

Finally, EIOPA analysed the treatment and the evidence available on unrated debt and unlisted equity and proposed criteria for a more granular treatment, namely with the use of financial ratios.

In some areas, the analysis of recent developments did not provide for sufficient reasons to change. This is, for example, the case of mortality and longevity risks and the cost of capital in the calculation of the risk margin. The evolution of financial markets does not justify a change in the cost of capital: the decrease in interest rates has not lead to a decrease in the cost of raising equity.

EIOPA1

  • REPORTING ON THE IMPLEMENTATION OF SOLVENCY II

In 2018, EIOPA published a number of reports related to different aspects of Solvency II.

  • Report on group supervision and capital management

In response to a European Commission’s request for information, EIOPA submitted its Report on Group Supervision and Capital Management of (Re)Insurance Undertakings and specific topics related to Freedom to Provide Services (FoS) and Freedom of Establishment (FoE) under the Solvency II Directive. The report concluded that overall the Solvency II Group supervision regime was operating satisfactorily. The tools developed by EIOPA to further strengthen group supervision and supervision of cross-border issues contributed to further convergence of practices of NCAs’ supervisory practices.

The report also highlighted a number of gaps in the regulatory framework, including issues related to the application of Solvency II requirements for determining scope of insurance groups subject to Solvency II group supervision, the application of certain of these provisions governing the calculation of group solvency in particular where several methods are used, the definition and supervision of intra-group transactions, or the application of governance requirements at group level.

Further, EIOPA’s report emphasised that effective supervision of insurance groups will benefit from a harmonised approach on a number of areas, for example, early intervention, recovery and resolution and the assessment of group own funds.

  • Second annual report on the use of capital addons under Solvency II

In December 2018, EIOPA published its second annual report on the use of capital add-ons by NCAs according to Article 52 of Solvency II. The objective was to contribute to a higher degree of supervisory convergence in the use of capital add-ons between supervisory authorities and to highlight any concerns regarding the capital add-ons framework. In general, the capital add-on appears to be a good and positive measure to adjust the Solvency Capital Requirement to the risks of the undertaking, when the application of other measures, for example the development of an internal model, is not adequate.

  • Third annual report on the use of limitations and exemptions from reporting under Solvency II

This report, published in December 2018, addresses the proportionality principle on the reporting requirements, from which the limitations and exemptions on reporting – as foreseen in Article 35 of the Solvency II Directive – are just one of the existing proportionality tools. Reporting requirements also reflect a natural embedded proportionality and in addition, risk-based thresholds were included in the reporting Implementing Technical Standard (ITS).

  • Third annual report on the use and impact of long-term guarantee measures and measures on equity risk

This is a regular report published in accordance with Article 77f(1) of the Solvency II Directive. This year’s report also included an analysis on risk management aspects in view of the specific requirements for LTG measures set out in Article 44 and 45 of the Directive as well as an analysis of detailed features and types of guarantees of products with long-term guarantees.

This report shows that – as in previous years – most of the measures, in particular the volatility adjustment and the transitional measures on technical provisions are widely used. The average Solvency Capital Requirement (SCR) ratio of undertakings using the voluntary measures is 231 % and would drop to 172 % if the measures were not applied. This confirms the importance of the measures for the financial position of (re)insurance undertakings.

  • INVESTIGATING ILLIQUID LIABILITIES

The treatment of long-term insurance business remains a hotly debated issue. In particular, it has been discussed whether the risks of long-term insurance business and the associated investments backing those long-term insurance business are adequately reflected. The illiquidity characteristics of liabilities may contribute to the ability of insurers to mitigate short-term volatility by holding assets throughout the duration of the commitments, even in times of market stress.

To explore any new evidence on the features of liabilities, especially concerning their illiquidity characteristics, a dedicated EIOPA Project Group on illiquid liabilities was set up with the following main goals:

  1. To identify criteria of liquidity characteristics for the liabilities and measures for insurers’ ability to invest over the long term;
  2. To explore the link between the characteristics of liabilities and the management of insurers’ assets;
  3. To analyse whether the current treatment in the regulatory regime appropriately addresses the risks associated with the long-term nature of the insurance business.

Following a request for information from the European Commission on asset and liability management, EIOPA launched a request for feedback on illiquid liabilities in autumn and held a roundtable with interested stakeholders in December to discuss the submitted responses on illiquidity measurements and asset liability management practices.

  • ANALYSIS OF THE INTERNATIONAL FINANCIAL REPORTING STANDARDS (IFRS) 17 INSURANCE CONTRACTS

Following the publication of International Financial Reporting Standards (IFRS) 17 Insurance Contracts by the International Accounting Standards Board (IASB), EIOPA assessed its potential effects on financial stability and the European public good, on product design, supply and demand of insurance contracts, and the practical implementation in light of the applicable inputs and processes for Solvency II.

EIOPA concluded that the introduction of IFRS 17 can be described as positive paradigm shift compared to its predecessor IFRS 4 Insurance Contracts, bringing increased transparency, comparability and additional insights on insures’ business models. EIOPA, however, noted a few reservations regarding concepts that may affect comparability and relevance of IFRS 17 financial statements.

PENSIONS

EIOPA promotes greater transparency in the European pensions sector. In support of this aim, EIOPA is working to enhance the information available to consumers and supporting pension providers by making clear the expectations, justifications and decisions linked with the information they provide, in particular to prospective members, members and beneficiaries as laid out in Articles 38 – 44 of the EU Directive on the activities and supervision of institutions for occupational retirement provision (IORP II).

  • REPORT ON THE PENSION BENEFIT STATEMENT: GUIDANCE AND PRINCIPLESBASED PRACTICES IMPLEMENTING IORP II

The report presents the outcomes of NCA exchanges of views and assessments of current practices for the implementation of the IORP II Pensions Benefit Statement (PBS) requirement. Based on this investigation, several principles have been identified that will facilitate clear understanding and comparability of statements.

Two proposals are now in further development: a basic PBS and an advanced PBS (containing more detailed information) to meet the PBS goals. These proposals will, as far as possible, take account of the behavioral approach principle be subject to further consumer testing.

  • DECISION ON THE CROSS-BORDER COLLABORATION OF NCAS WITH RESPECT TO IORP II DIRECTIVE

This Decision, published in November 2018, replaces the former Budapest Protocol which had to be revised as a result of the new IORP II Directive. The Decision introduces new rules to improve the way occupational pension funds are governed, to enhance information transparency to pension savers and to clarify the procedures for carrying out cross-border transfers and activities.

The Decision also describes different situations and possibilities for NCAs to exchange information about cross-border activities in relation to the ‘fit and proper’ assessment and the outsourcing of key functions, both new provisions of the IORP II Directive in addition to the cross-border transfer.

PRESERVING FINANCIAL STABILITY

As part of EIOPA’s mandate to safeguard financial stability, EIOPA works to identify trends, potential risks and vulnerabilities that could have a negative effect on the pension and insurance sectors across Europe.

  • 2018 INSURANCE STRESS TEST

EIOPA published the results of its stress test of the European insurance sector in December 2018. This exercise assessed the participating insurers’ resilience to the three severe but plausible scenarios: a yield curve up shock combined with lapse and provisions deficiency shocks; a yield curve down shock combined with longevity stress; and a series of natural catastrophes.

EIOPA2

In total, 42 European (re)insurance groups participated representing a market coverage of around 75 % based on total consolidate assets. EIOPA published for the first time the post-stress estimation of the capital position (Solvency Capital Requirement ratio) of major EU (re)insurance groups.

Overall, the stress test confirmed the significant sensitivity to market shocks combined with specific shocks relevant for the European insurance sector. On aggregate, the sector is adequately capitalised to absorb the prescribed shocks. Participating groups demonstrated a high resilience to the series of natural catastrophes tested, showing the importance of the risk transfer mechanisms, namely reinsurance, in place.

An additional objective of this exercise, stemming from recommendations from the European Court of Auditors, was to increase transparency in order to reinforce market discipline by requesting the voluntary disclosure of a list of individual stress test indicators by the participating groups. Since EIOPA does not have the power to impose the disclosure of individual results, participating groups were asked for their voluntary consent to the publication of a list of individual stress test indicators. Only four of the 42 participating groups provided such consent.

  • RISK DASHBOARD

EIOPA publishes a risk dashboard on a quarterly basis and a financial stability report twice a year. In the December 2018 report, EIOPA concluded:

  1. the persistent low yield environment remains challenging for insurers and pension funds;
  2. the risk of a sudden reassessment of risk premia has become more pronounced over recent months amid rising political and policy uncertainty;
  3. interconnectedness with banks and domestic sovereigns remains high for European insurers, making them susceptible to potential spillovers;
  4. some European insurers are significantly exposed in their investment portfolios to climate-related risks and real estate.
  • FINANCIAL STABILITY REPORT

EIOPA published two reports on the financial stability of the insurance and occupational pensions sector in 2018.

In general the persistent low yield environment remains challenging for both the insurance and pension fund sector, which continues to put pressure on profitability and solvency. However, towards the end of the year, as noted in the December report, the risk of a sudden reassessment of risk premia became more pronounced. This is largely due to rising political uncertainty and trade tensions, concerns over debt sustainability and the gradual normalisation of monetary policy. In the short run a sudden increase in yields driven by rising risk premia could significantly affect the financial and solvency position of insurers and pension funds as the investment portfolios could suffer large losses only partly offset by lower liabilities. In this regard, the high degree of interconnectedness with banks and domestic sovereigns of insurers could lead to potential spillovers in case a sudden reassessment of risk premia materialise.

While overall the insurance sector remains adequately capitalised, profitability is under increased pressure in the current low yield environment. The Solvency Capital Requirement ratio for the median company is 225 % for life and 206 % for non-life insurance sector, although significant disparities remain across undertakings and countries.

In the European occupational pension fund sector, total assets increased for the euro area and cover ratios slightly improved. However, the current macroeconomic environment and ongoing low interest rates continue to pose significant challenges to the sector, with the weighted return on assets considerably down in 2017.

  • ENHANCED INFORMATION AND STATISTICS

EIOPA continuously works to improve the availability and quality of available information and statistics on insurance and pensions.

  • Solvency II information

For the insurance sector, EIOPA publishes high-quality insurance statistics at both solo and group level. The statistics are based on Solvency II information from regulatory reporting and their regular publication demonstrates EIOPA’s commitment to transparency. Over the past year, through the increased availability of Solvency II data EIOPA has been able to increase the coverage of its statistics. In June 2018, for the first time, the Authority published further insight into the assets of solo (re)insurance undertakings at country level.

  • Decision on EIOPA’s regular information requests towards NCAs regarding provision of occupational pensions information

In April 2018, the Authority published its decision regarding the submission of occupational pension information. The decision defined a single framework for the reporting of occupational pension information that facilitates reporting processes. As a result, EIOPA will receive the information required to carry out appropriate monitoring and assessment of market developments, as well as in-depth economic analyses of the occupational pension market. The requirements were developed in close cooperation with the European Central Bank in order to minimise the burden on the industry and will apply as of 2019.

  • Pensions information taxonomy

In November 2018, EIOPA published the eXtensible Business Reporting Language (XBRL) Taxonomy applicable for reporting of information on IORPs. It provides NCAs with the technical means for the submission to EIOPA of harmonised information of all pension funds in the European Economic Area. Developed in close collaboration with the European Central Bank (ECB), it allows for integrated technical templates and means to report via a single submission both the information required by EIOPA and the ECB.

CRISIS PREVENTION

In addition to regular financial stability tools, EIOPA undertooka number of additional activities in 2018 related to crisis prevention.

  • Development of a macroprudential framework for insurance

With the aim of contributing to the overall debate on systemic risk and macroprudential policy, over the last year, EIOPA has published a series of reports that extend the debate to the insurance sector and, more specifically, the characteristics of that sector. These reports cover the following:

  1. Systemic risk and macroprudential policy in insurance;
  2. Solvency II tools with macroprudential impact; and
  3. Other potential macroprudential tools and measures to enhance the current framework.

As a next step, EIOPA will consult on concrete proposals to include macroprudential elements in the upcoming review of Solvency II.

  • Analysis of the causes and early identification of failures and near misses in insurance

In July 2018, EIOPA published ‘Failures and near misses in insurance: Overview of the causes and early identification’ as the first in a series aimed at enhancing supervisory knowledge of the prevention and management of insurance failures. The report’s findings are based on information contained in EIOPA’s database of failures and near misses, covering the period from 1999 to 2016, including sample data of 180 affected insurance undertakings in 31 European countries.

The report focuses on an examination of the causes of failure in insurance, as well as the assessment of the reported early identification signals. It also examines the underlying concepts ‘failure’ and ‘near miss’ as well as providing further information on EIOPA’s database, established in 2014.

Click here to access EIOPA’s 2018 Annual Report

EIOPA reviews the use of Big Data Analytics in motor and health insurance

Data processing has historically been at the very core of the business of insurance undertakings, which is rooted strongly in data-led statistical analysis. Data has always been collected and processed to

  • inform underwriting decisions,
  • price policies,
  • settle claims
  • and prevent fraud.

There has long been a pursuit of more granular data-sets and predictive models, such that the relevance of Big Data Analytics (BDA) for the sector is no surprise.

In view of this, and as a follow-up of the Joint Committee of the European Supervisory Authorities (ESAs) cross-sectorial report on the use of Big Data by financial institutions,1 the European Insurance and Occupational Pensions Authority (EIOPA) decided to launch a thematic review on the use of BDA specifically by insurance firms. The aim is to gather further empirical evidence on the benefits and risks arising from BDA. To keep the exercise proportionate, the focus was limited to motor and health insurance lines of business. The thematic review was officially launched during the summer of 2018.

A total of 222 insurance undertakings and intermediaries from 28 jurisdictions have participated in the thematic review. The input collected from insurance undertakings represents approximately 60% of the total gross written premiums (GWP) of the motor and health insurance lines of business in the respective national markets, and it includes input from both incumbents and start-ups. In addition, EIOPA has collected input from its Members and Observers, i.e. national competent authorities (NCAs) from the European Economic Area, and from two consumers associations.

The thematic review has revealed a strong trend towards increasingly data-driven business models throughout the insurance value chain in motor and health insurance:

  • Traditional data sources such as demographic data or exposure data are increasingly combined (not replaced) with new sources like online media data or telematics data, providing greater granularity and frequency of information about consumer’s characteristics, behaviour and lifestyles. This enables the development of increasingly tailored products and services and more accurate risk assessments.

EIOPA BDA 1

  • The use of data outsourced from third-party data vendors and their corresponding algorithms used to calculate credit scores, driving scores, claims scores, etc. is relatively extended and this information can be used in technical models.

EIOPA BDA 2

  • BDA enables the development of new rating factors, leading to smaller risk pools and a larger number of them. Most rating factors have a causal link while others are perceived as being a proxy for other risk factors or wealth / price elasticity of demand.
  • BDA tools such as such as artificial intelligence (AI) or machine learning (ML) are already actively used by 31% of firms, and another 24% are at a proof of concept stage. Models based on these tools are often cor-relational and not causative, and they are primarily used on pricing and underwriting and claims management.

EIOPA BDA 3

  • Cloud computing services, which reportedly represent a key enabler of agility and data analytics, are already used by 33% of insurance firms, with a further 32% saying they will be moving to the cloud over the next 3 years. Data security and consumer protection are key concerns of this outsourcing activity.
  • Up take of usage-based insurance products will gradually continue in the following years, influenced by developments such as increasingly connected cars, health wearable devices or the introduction of 5G mobile technology. Roboadvisors and specially chatbots are also gaining momentum within consumer product and service journeys.

EIOPA BDA 4

EIOPA BDA 5

  • There is no evidence as yet that an increasing granularity of risk assessments is causing exclusion issues for high-risk consumers, although firms expect the impact of BDA to increase in the years to come.

In view of the evidence gathered from the different stake-holders, EIOPA considers that there are many opportunities arising from BDA, both for the insurance industry as well as for consumers. However, and although insurance firms generally already have in place or are developing sound data governance arrangements, there are also risks arising from BDA that need to be further addressed in practice. Some of these risks are not new, but their significance is amplified in the context of BDA. This is particularly the case regarding ethical issues with the fairness of the use of BDA, as well as regarding the

  • accuracy,
  • transparency,
  • auditability,
  • and explainability

of certain BDA tools such as AI and ML.

Going forward, in 2019 EIOPA’s InsurTech Task Force will conduct further work in these two key areas in collaboration with the industry, academia, consumer associations and other relevant stakeholders. The work being developed by the Joint Committee of the ESAs on AI as well as in other international fora will also be taken into account. EIOPA will also explore third-party data vendor issues, including transparency in the use of rating factors in the context of the EU-US insurance dialogue. Furthermore, EIOPA will develop guidelines on the use of cloud computing by insurance firms and will start a new workstream assessing new business models and ecosystems arising from InsurTech. EIOPA will also continue its on-going work in the area of cyber insurance and cyber security risks.

Click here to access EIOPA’s detailed Big Data Report

EIOPA’s Insurance Stress Test 2018 Recommendations

Introduction

During the course of 2018, EIOPA carried out a European-wide stress test (ST) in accordance with Articles 21(2)(b) and 32 of Regulation (EU) 1094/2010 of 24 November 2010 of the European Parliament and of the Council (hereafter the ‘Regulation’).

The Recommendations contained in this document are issued in accordance with Article 21(2)(b) of the Regulation in order to address issues identified in the stress test.

EIOPA will support National Competent Authorities (NCAs) and undertakings through guidance and other measures if needed.

The 2018 Stress Test results showed that on aggregate the insurance sector is sufficiently capitalised to absorb the combination of shocks prescribed in the three scenarios. However, it also confirms the significant sensitivity to market shocks for the European insurance sector with Groups being vulnerable

  • not only to low yields and longevity risk,
  • but also to a sudden and abrupt reversal of risk premia, combined with an instantaneous shock to lapse rates and claims inflation.

The exercise further reveals potential transmission channels of the tested shocks to insurers’ balance sheets. For instance, in the YCU scenario the assumed claim inflation shock leads to a net increase in the liabilities of those Groups more exposed to non-life business through claims inflation. Finally, both the YCD and YCU scenario have similar negative impact on post-stress SCR ratios.

As outlined in the Executive Summary of the 2018 Insurance Stress Test Report, further analyses of the results are required by EIOPA and the NCAs to obtain a deeper understanding of the risks and vulnerabilities of the sector.

In order to follow-up on the main vulnerabilities, EIOPA is issuing the present Recommendations related to the 2018 stress test exercise.

Recommendation 1
NCAs should strengthen the supervision of the Groups identified as facing greater exposure to Yield Curve Up and/or Yield Curve Down scenarios. This affects, in particular, those Groups where transitional measures have a greater impact.

Recommendation 2
NCAs should carefully review and, where necessary, challenge the capital and risk management strategies of the affected Groups. In particular:

  • NCAs should require Groups to clarify the impact of the stress test in terms of capital and risk management.
  • For the affected Groups, stress test scenarios similar to YCU and YCD should be properly considered in the risk management framework, including the ORSAs.
  • Review the risk appetite framework for the affected Groups.

Recommendation 3
NCAs should evaluate the potential management actions to be implemented by the affected Groups. In particular:

  • NCAs should require Groups to indicate the range of actions based on the results of the stress testing.
  • NCAs should assess if the actions identified are realistic in such stress scenarios.
  • NCAs should consider any eventual second-round effects.

Recommendation 4
NCAs should further contribute to enhance the stress test process.

Recommendation 5
NCAs should enhance cooperation and information exchange with other relevant Authorities, such as the ECB/SSM or other national authorities, concerning the stress test results of the affected insurers which form part of a financial conglomerate.

EIOPA ST

Click here to access EIOPA’s Recommendations

EIOPA’s Supervisory Statement Solvency II: Application of the proportionality principle in the supervision of the Solvency Capital Requirement

EIOPA identified potential divergences in the supervisory practices concerning the supervision of the SCR calculation of immaterial sub-modules.

EIOPA agrees that in case of immaterial SCR sub-modules the principle of proportionality applies regarding the supervisory review process, but considers it is important to guarantee supervisory convergence as divergent approaches could lead to supervisory arbitrage.

EIOPA is of the view that the consistent implementation of the proportionality principle is a key element to ensure supervisory convergence for the supervision of the SCR. For this purpose the following key areas should be considered:

Proportionate approach

Supervisory authorities may allow undertakings, when calculating the SCR at the individual undertaking level, to adopt a proportionate approach towards immaterial SCR sub-modules, provided that the undertaking concerned is able to demonstrate to the satisfaction of the supervisory authorities that:

  1. the amount of the SCR sub-module is immaterial when compared with the total basic SCR (BSCR);
  2. applying a proportionate approach is justifiable taking into account the nature and complexity of the risk;
  3. the pattern of the SCR sub-module is stable over the last three years;
  4. such amount/pattern is consistent with the business model and the business strategy for the following years; and
  5. undertakings have in place a risk management system and processes to monitor any evolution of the risk, either triggered by internal sources or by an external source that could affect the materiality of a certain submodule.

This approach should not be used when calculating SCR at group level.

An SCR sub-module should be considered immaterial for the purposes of the SCR calculation when its amount is not relevant for the decision-making process or the judgement of the undertaking itself or the supervisory authorities. Following this principle, even if materiality needs to be assessed on a case-by-case basis, EIOPA recommends that materiality is assessed considering the weight of the sub-modules in the total BSCR and

  • that each sub-module subject to this approach should not represent more than 5% of the BSCR
  • or all sub-modules should not represent more than 10% of the BSCR.

For immaterial SCR sub-modules supervisory authorities may allow undertakings not to perform a full recalculation of such a sub-module on a yearly basis taking into consideration the complexity and burden that such a calculation would represent when compared to the result of the calculation.

Prudent calculation

For the sub-modules identified as immaterial, a calculation of the SCR submodule using inputs prudently estimated and leading to prudent outcomes should be performed at the time of the decision to adopt a proportionate approach. Such calculation should be subject to the consent of the supervisory authority.

The result of such a calculation may then be used in principle for the next three years, after which a full calculation using inputs prudently estimated is required so that the immateriality of the sub-module and the risk-based and proportionate approach is re-assessed.

During the three-year period the key function holder of the actuarial function should express an opinion to the administrative, management or supervisory body of the undertaking on the outcome of immaterial sub-module used for calculating SCR.

Risk management system and ORSA

Such a system should be proportionate to the risks at stake while ensuring a proper monitoring of any evolution of the risk, either triggered by internal sources such as a change in the business model or business strategy or by an external source such as an exceptional event that could affect the materiality of a certain sub-module.

Such a monitoring should include the setting of qualitative and quantitative early warning indicators (EWI), to be defined by the undertaking and embedded in the ORSA processes.

Supervisory reporting and public disclosure

Undertakings should include information on the risk management system in the ORSA Report. Undertakings should include structured information on the sub-modules for which a proportionate approach is applied in the Regular Supervisory Reporting and in the Solvency and Financial Condition Report (SFCR), under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement”.

Supervisory review process

The approach should be implemented in the context of on-going supervisory dialogue, meaning that the supervisory authority should be satisfied and agree with the approach taken and be kept informed in case of any material change. Supervisory authorities should inform the undertakings in case there is any concern with the approach. In case the supervisory authority has any concern the approach should not be implemented or might be implemented with additional safeguards as agreed between the supervisory authority and the undertaking.

In some situations supervisory authorities may require a full calculation following the requirements of the Delegated Regulation and using inputs prudently estimated.

Example : Supervisory reporting and public disclosure

Undertakings should include information on the risk management system referred to in the previous paragraphs in the ORSA Report.

Undertakings should include structured information on the sub-modules for which a proportionate approach is applied in the Regular Supervisory Reporting, under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement” (RSR), including at least the following information:

  1. identification of the sub-module(s) for which a proportionate approach was applied;
  2. amount of the SCR for such a sub-module in the last three years before the application of proportionate approach, including the current year;
  3. the date of the last calculation performed following the requirements of the Delegated Regulation using inputs prudently estimated; and
  4. early warning indicators identified and triggers for a calculation following the requirements of the Delegated Regulation and using inputs prudently estimated.

Undertakings should also include structured information on the sub-modules for which a proportionate approach is applied in the Solvency and Financial Condition Report, under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement” (SFCR), including at least the identification of the submodule(s) for which a proportionate calculation was applied.

An example of structured information to be included in the regular supervisory report in line with Article 311(6) of the Delegated Regulation is as follows:

Proportionality EIOPA

This proportionate approach should also be reflected in the quantitative reporting templates to be submitted. In this case the templates would reflect the amounts used for the last full calculation performed.

Click here to access EIOPA’s Supervisory Statement

Systemic Risk and Macroprudential Policy in Insurance (EIOPA)

In its work, EIOPA followed a step-by-step approach seeking to address the following questions in a sequential way:

  1. Does insurance create or amplify systemic risk?
  2. If yes, what are the tools already existing in the Solvency II framework, and how do they contribute to mitigate the sources of systemic risk?
  3. Are other tools needed and, if yes, which ones could be promoted?

Each paper published addresses one of the questions above. The publication of the three EIOPA papers on systemic risk and macroprudential policy in insurance has constituted an important milestone by which EIOPA has defined its policy stance and laid down its initial ideas on several relevant topics.

This work should now be turned into a specific policy proposal for additional macroprudential tools or measures where relevant and possible as part of the review of Directive 2009/138/EC (the ‘Solvency II5 Review’). For this purpose, and in order to gather the views of stakeholders, EIOPA is publishing this Discussion Paper on systemic risk and macroprudential policy in insurance, which focuses primarily on the third paper, i.e. on potential new tools and measures. Special attention is devoted to the four tools and measures specifically highlighted in the recent European Commission’s Call for Advice to EIOPA.

The financial crisis has shown the need to further consider the way in which systemic risk is created and/or amplified, as well as the need to have proper policies in place to address those risks. So far, most of the discussions on macroprudential policy have focused on the banking sector due to its prominent role in the recent financial crisis.

Given the relevance of the topic, EIOPA initiated the publication of a series of three papers on systemic risk and macroprudential policy in insurance with the aim of contributing to the debate and ensuring that any extension of this debate to the insurance sector reflects the specific nature of the insurance business.

EIOPA followed a step-by-step approach, seeking to address the following questions:

  • Does insurance create or amplify systemic risk? In the first paper entitled ‘Systemic risk and macroprudential policy in insurance’, EIOPA identified and analysed the sources of systemic risk in insurance and proposed a specific macroprudential framework for the sector. If yes, what are the tools already existing in the current framework, and how do they contribute to mitigate the sources of systemic risk? In the second paper, ‘Solvency II tools with macroprudential impact’, EIOPA identified, classified and provided a preliminary assessment of the tools or measures already existing within the Solvency II framework, which could mitigate any of the systemic risk sources that were previously identified.
  • Are other tools needed and, if yes, which ones could be promoted? The third paper carried out an initial assessment of other potential tools or measures to be included in a macroprudential framework designed for insurers. EIOPA focused on four categories of tools (capital and reservingbased tools, liquidity-based tools, exposure-based tools and pre-emptive planning). The paper focuses on whether a specific instrument should or should not be further considered. This is an important aspect in light of future work in the context of the Solvency II review.

The publication of the three EIOPA papers on systemic risk and macroprudential policy in insurance constitutes an important milestone by which EIOPA has defined its policy stance and laid down its initial ideas on several relevant topics. It should be noted that the ESRB (2018) has also identified a shortlist of options for additional provisions, measures and instruments, which reaches broadly similar conclusions as EIOPA.

EIOPA’s work should now be turned into a specific policy proposal for additional macroprudential tools or measures where relevant and possible as part of the Solvency II Review. For this purpose, and in order to gather the views of stakeholders, EIOPA is publishing this Discussion Paper on systemic risk and macroprudential policy in insurance.

This Discussion paper is based on the three papers previously published. They therefore back its content. Interested readers are recommended to consult them for further information or details. Relevant references are included in each of the sections.

EIOPA has included questions on all three papers. The majority of the questions, however, revolve around the third paper on additional tools or measures, which is more relevant in light of the Solvency II review.

The Discussion paper primarily focuses on the “principles” of each tool, trying to explain their rationale. As such, it does not address the operational aspects/challenges of each tool (e.g. calibration, thresholds, etc.) in a comprehensive manner. Similar to the approach followed with other legislative initiatives, the technical details could be addressed by means of technical standards, guidelines or recommendations, once the relevant legal instrument has been enacted.

Definitions

EIOPA provided all relevant definitions in EIOPA (2018a). It has to be noted, however, that there is usually no unique or universal definition for all these concepts. EIOPA’s work did not seek to fill this gap. Instead, working definitions are put forward in order to set the scene and should therefore be considered in the context of this paper only.

  • Financial stability and systemic risk are two strongly related concepts. Financial stability can be defined as a state whereby the build-up of systemic risk is prevented.
  • Systemic risk means a risk of disruption in the financial system with the potential to have serious negative consequences for the internal market and the real economy.
  • Macroprudential policy should be understood as a framework that aims at mitigating systemic risk (or the build-up thereof), thereby contributing to the ultimate objective of the stability of the financial system and, as a result, the broader implications for economic growth.
  • Macroprudential instruments are qualitative or quantitative tools or measures with system-wide impact that relevant competent authorities (i.e. authorities in charge of preserving the stability of the financial system) put in place with the aim of achieving financial stability.

In the context of this paper, these concepts (i.e. tools, instruments and measures) are used as synonyms.

The macroprudential policy approach contributes to the stability of the financial system — together with other policies (e.g. monetary and fiscal) as well as with microprudential policies. Whereas microprudential policies primarily focus on individual entities, the macroprudential approach focuses on the financial system as a whole.

It should be taken into account that, in some cases, the borders between microprudential policies and macroprudential consequences are blurring. That means, for example, that instruments that may have been designed as microprudential instrument may also have macroprudential consequences.

There are different institutional models for the implementation of macroprudential policies across EU, in some cases involving different parties (e.g. ministries, supervisors, etc.). This paper adopts a neutral approach by referring to the generic concept of the ‘relevant authority in charge of the macroprudential policy’, which should encompass the different institutional models existing across jurisdictions. Sometimes a simplified term such as ‘the authorities’ or ‘the competent authorities’ is used.

Systemic risk in insurance

While a common understanding of the systemic relevance of the banking sector has been reached, the issue is still debated in the case of the insurance sector. In order to contribute to this debate, EIOPA developed a conceptual approach to illustrate the dynamics in which systemic risk in insurance can be created or amplified.

Main elements of EIOPA’s conceptual approach to systemic risk

  • Triggering event: Exogenous event that has an impact on one or several insurance companies and may initiate the whole process of systemic risk creation. Examples are macroeconomic factors (e.g. raising unemployment), financial factors (e.g. yield movements) or non-financial factors (e.g. demographic changes or cyber-attacks).
  • Company risk profile: The result of the collection of activities performed by the insurance company. The activities will determine: a) the specific features of the company reflecting the strategic and operational decisions taken; and b) the risk factors that the company is exposed to, i.e. the potential vulnerabilities of the company.
  • Systemic risk drivers: Elements that may enable the generation of negative spill-overs from one or more company-specific stresses into a systemic effect, i.e. they may turn a company specific-stress into a system wide stress.
  • Transmission channels. Contagion channels that explain the process by which the sources of systemic risk may affect financial stability and/or the real economy. EIOPA distinguishes five main transmission channels: a) Exposure channel; b) Asset liquidation channel; c) Lack of supply of insurance products; d) Bank-like channel; and e) Expectations and information asymmetries
  • Sources of systemic risk: they result from the systemic risk drivers and their transmission channels. They are direct or indirect externalities whereby insurance imposes a systemic threat to the wider system. These direct and indirect externalities lead to three potential sources’ categories of systemic risks which are not mutually exclusive, i.e. entity-based related source, activity-based related source and behaviour-based related source.

In essence and as depicted in Figure 1, the approach developed by EIOPA considers that a ‘triggering event’ initially has an impact at entity level, affecting one or more insurers through their ‘risk profile’. Potential individual or collective distresses may generate systemic implications, the relevance of which is determined by the presence of different ‘systemic risk drivers’ embedded in the insurance companies.

EIOPA Sys Risk

In EIOPA’s view, systemic events could be generated in two ways.

  1. The ‘direct’ effect, originated by the failure of a systemically relevant insurer or the collective failure of several insurers generating a cascade effect. This systemic source is defined as ‘entity-based’.
  2. The ‘indirect’ effect, in which possible externalities are enhanced by engagement in potentially systemic activities (activity-based sources) or the widespread common reactions of insurers to exogenous shocks (behaviour-based source).

Potential externalities generated via direct and indirect sources are transferred to the rest of the financial system and to the real economy via specific channels (i.e. the transmission channel) and could induce changes in the risk profile of insurers, eventually generating potential second-round effects.

The following table provides an overview of possible examples of triggering events, risk profile, systemic risk drivers and transmission channels. It should therefore not be considered as a comprehensive list of elements.

EIOPA MacroPrud

Potential macroprudential tools and measures to enhance the current framework

In its third paper, EIOPA (2018c) carried out an analysis focusing on four categories of tools:

a) Capital and reserving-based tools;

b) Liquidity-based tools;

c) Exposure-based tools; and

d) Pre-emptive planning.

EIOPA also considers whether the tools should be used for enhanced reporting and monitoring or as intervention power. Following this preliminary analysis, EIOPA concluded the following :

EIOPA Other tools

Example: Enhancement of the ORSA 

Description. In an ORSA, an insurer is required to consider all material risks that may have an impact on its ability to meet its obligations to policyholders. In doing this a forward looking perspective is also required. Although conceived at first as a microprudential tool, this tool could be enhanced to take the macroprudential perspective also into account.

Potential contribution to mitigate systemic risk. The enhancement of ORSA could help in mitigating two of the sources of systemic risk identified.

Proposal. This measure is proposed for further consideration for enhanced reporting and monitoring purposes.

Operational aspects. A description of all relevant operational aspects is carried out in EIOPA (2018c). In essence, the idea is to supplement the microprudential approach by assigning certain roles and responsibilities to the relevant authority in charge of the macroprudential policy (see Figure below). This authority could carry out three different tasks:

  1. Aggregation of information;
  2. Analysis of the information; and
  3. Provision of certain information or parameters to supervisors to channel macroprudential concerns.

Supervisors would then request undertakings to include in their ORSAs particular macroprudential risks.

Issues for consideration: In order to make the ORSA operational from a macroprudential point of view, the following would be needed:

  • A clarification of the role of the risk management function in order to include macroprudential concerns.
  • The inclusion of a new paragraph in Article 45 of the Solvency II directive explicitly referring to the macroprudential dimension and the need to consider the macroeconomic situation and potential sources of systemic risk as followup of their assessment on whether the company complies on a continuous basis with the Solvency II regulatory capital requirements.
  • Clarification that a follow-up is expected after input from supervisors, namely from authorities in charge of the macroprudential policy. On a risk-based approach this might imply the request of specific information in terms of nature, scope, format and point in time, where justified by likelihood or impact of materialisation of a certain source of systemic risk.

Furthermore, a certain level of harmonisation of the structure and content of the ORSA report would be needed, which would enable the identification of the relevant sections by the authorities in charge of macroprudential policies. This, however, would mean a change in the current approach followed with regard to the ORSA.

Click here to access EIOPA’s detailed Discussion Paper 2019

 

Outsourcing to the Cloud: EIOPA’s Contribution to the European Commission FinTech Action Plan

In the European financial regulatory landscape, the purchase of cloud computing services falls within the broader scope of outsourcing.

The credit institutions, investment firms, payment institutions and the e-money institutions have multiple level 1 and level 2 regulations that discipline their use of outsourcing (e.g. MIFID II, PSD2, BRRD). There are also level 3 measures: CEBS Guidelines on Outsourcing, representing the current guiding framework for outsourcing activities within the European banking sector.

Additional “Recommendations on cloud outsourcing” were issued on December 20, 2017 by the European Banking Authority (EBA) and entered into force on July 1, 2018. They will be repealed by the new guidelines on Outsourcing Arrangements (level 3) which have absorbed the text of the Recommendations.

For the (re)insurance sector, the current Regulatory framework of Solvency II (level 1 and level 2) discipline outsourcing under Articles 38 and 49 of the Directive and Article 274 of the Delegated Regulations. The EIOPA guidelines 60-64 on System of Governance provide level 3 principle based guidance.

On the basis of a survey conducted by the National Supervisory Authorities (NSAs), cloud computing is not extensively used by (re)insurance undertakings: it is most extensively used by newcomers, within a few market niches and by larger undertakings mostly for non-critical functions.

Moreover, as part of their wider digital transformation strategies many European large (re)insurers are expanding their use of the cloud.

As to applicable regulation, cloud computing is considered as outsourcing and the current level of national guidance on cloud outsourcing for the (re)insurance sector is not homogenous. Nonetheless, most NSAs (banking and (re)insurance supervisors at the same time) declare that they are considering the EBA Recommendations as a reference for the management of cloud outsourcing.

Under the steering of its InsurTech TaskForce, EIOPA will develop its own Guidelines on Cloud Outsourcing. The intention is that the Guidelines on Cloud Outsourcing (the “guidelines”) will be drafted during the first half of 2019, issued then for consultation and finalised by the end of the year.

During the process of drafting the Guidelines, EIOPA will organize a public roundtable on the use of cloud computing by (re)insurance undertakings. During the roundtable, representative from the (re)insurance industry, cloud service providers and the supervisory community will discuss views and approaches to cloud outsourcing in a Solvency II and post-EBA Recommendations environment.

Furthermore, in order to guarantee a cross-industry harmonization within the European
financial sector, EIOPA has agreed with the other two ESAs:

  • to continue keeping the fruitful alignment kept so far; and
  • to start – in the second part of 2019 – a joint market monitoring activity aimed at developing policy views on how cloud outsourcing in the finance sector should be treated in the future.

This should take into account the increasing use of the cloud and the potential for large cloud service providers to be a single point of failure.

Overview of Cloud Computing

Cloud computing allows users to access on-demand, shared configurable computing resources (such as networks, servers, storage, applications and services) hosted by third parties on the internet, instead of building their own IT infrastructure.

According to the US National Institute of Standards and Technology (NIST), cloud computing is: “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

The ISO standard of 2014 defines cloud computing as a: “paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand”. It is composed of

  • cloud computing roles and activities,
  • cloud capabilities types and cloud service categories,
  • cloud deployment models and
  • cloud computing cross cutting aspects”.

The European Banking Authority (EBA) Recommendations of 2017 – very close to NIST definition – defines the cloud services as: “Services provided using cloud computing, that is, a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Shared responsibility framework

The cloud provider and cloud customer share the control of resources in a cloud system. The cloud’s different service models affect their control over the computational resources and, thus, what can be done in a cloud system. Compared to traditional IT systems, where one organization has control over the whole stack of computing resources and the entire life-cycle of the systems, cloud providers and cloud customers collaboratively

  • design,
  • build,
  • deploy, and
  • operate

cloud based systems.

The split of control means that both parties share the responsibilities in providing adequate protections to the cloud-based systems. The picture below shows, as “conceptual model”, the different level of sharing responsibilities between the cloud provider and the cloud customer.

These responsibilities contribute to achieve a compliant and secure computing environment. It has to be noted that, regardless the service provided by the cloud provider:

  • Ensuring that the data and its classification are done correctly and that the solution is compliant with regulatory obligations is the responsibility of the customer (e.g. in case of data theft the cloud customer is responsible towards the damaged parties or the customer is responsible to ensure – e.g. with specific contractual obligations – that the provider observe certain compliance requirements such as give the competent authorities access and audit rights);
  • Physical security is the one responsibility that is wholly owned by cloud service providers when using cloud computing.

The remaining responsibilities and controls are shared between customers and cloud providers according to the outsourcing model. However, the responsibility (in a supervisory sense) remains with the customers. Some responsibilities require the cloud provider and customer to manage and administer the responsibility together including auditing of their domains. For example, identity & access management when using a cloud provider’s active directory services could require that the configuration of services such as multi-factor authentication is up to the customer, but ensuring effective functionality is the responsibility of the cloud provider.

EIOPA Outs

Summary of Key Takeaways and EIOPA’s Answer to the European Commission

The key takeaways of the analysis carried out and described within this document are the following:

  1. cloud computing is mostly used extensively by newcomers, by a niche of the market and by larger undertakings mostly for non-critical function. However, as part of their wider digital transformation strategies many European large (re)insurers are expanding their use of the cloud;
  2. the current Regulatory framework of Solvency II (level 1 and level 2) appears to be sound to discipline the outsourcing to the cloud by the current outsourcing provisions (Articles 38 and 49 of the Directive and Article 274 of the Delegated Regulations);
  3. cloud computing is a fast developing service so in order for its regulation to be efficient it should be principle-based rather than attempting at regulating all (re)insurance-related aspects of it;
  4. cloud computing services used by (re)insurance undertakings are aligned to the one used by banking sector. The risks arising from the usage of cloud computing by (re)insurance undertakings appear to be, generally, aligned to the risks bear by the banking players with few minor (re) insurance specificities;
  5. both banking and (re)insurance regulations discipline cloud computing by their current outsourcing provisions. Under these, banking and (re)insurance institutions are required to classify whether the cloud services they receive are „critical or important“. The most common approach is to classify cloud computing on a case-by-case approach – similarly to the other services – on the basis of the service / process / activity / data outsourced;
  6. the impact of cloud computing on the (re)insurance market is assessed differently among jurisdictions: due to the complexity and the high level of technicality of the subject, some jurisdictions have planned to issue (or already issued) national guidance directly applicable to the (re)insurance market on cloud outsourcing;
  7. from the gap analysis carried out, the EBA Recommendations are more specific on the subject (e.g. the specific requirements to build a register of all the cloud service providers) and, being built on shared common principles, can be applied to the wide Solvency II regulations on outsourcing, reflecting their status at level 3;
  8. to provide legal transparency to the market participants (i.e. regulated undertakings and service providers) and to avoid potential regulatory arbitrage, EIOPA should issue guidance on cloud outsourcing aligned with the EBA Recommendations and, where applicable, the EBA Guidelines on outsourcing arrangements with minor amendments.

Click here to access EIOPA’s detailed Contribution Paper