EIOPA reviews the use of Big Data Analytics in motor and health insurance

Publié le par hanswillertbleuazurconsultingeu

Data processing has historically been at the very core of the business of insurance undertakings, which is rooted strongly in data-led statistical analysis. Data has always been collected and processed to

  • inform underwriting decisions,
  • price policies,
  • settle claims
  • and prevent fraud.

There has long been a pursuit of more granular data-sets and predictive models, such that the relevance of Big Data Analytics (BDA) for the sector is no surprise.

In view of this, and as a follow-up of the Joint Committee of the European Supervisory Authorities (ESAs) cross-sectorial report on the use of Big Data by financial institutions,1 the European Insurance and Occupational Pensions Authority (EIOPA) decided to launch a thematic review on the use of BDA specifically by insurance firms. The aim is to gather further empirical evidence on the benefits and risks arising from BDA. To keep the exercise proportionate, the focus was limited to motor and health insurance lines of business. The thematic review was officially launched during the summer of 2018.

A total of 222 insurance undertakings and intermediaries from 28 jurisdictions have participated in the thematic review. The input collected from insurance undertakings represents approximately 60% of the total gross written premiums (GWP) of the motor and health insurance lines of business in the respective national markets, and it includes input from both incumbents and start-ups. In addition, EIOPA has collected input from its Members and Observers, i.e. national competent authorities (NCAs) from the European Economic Area, and from two consumers associations.

The thematic review has revealed a strong trend towards increasingly data-driven business models throughout the insurance value chain in motor and health insurance:

  • Traditional data sources such as demographic data or exposure data are increasingly combined (not replaced) with new sources like online media data or telematics data, providing greater granularity and frequency of information about consumer’s characteristics, behaviour and lifestyles. This enables the development of increasingly tailored products and services and more accurate risk assessments.

EIOPA BDA 1

  • The use of data outsourced from third-party data vendors and their corresponding algorithms used to calculate credit scores, driving scores, claims scores, etc. is relatively extended and this information can be used in technical models.

EIOPA BDA 2

  • BDA enables the development of new rating factors, leading to smaller risk pools and a larger number of them. Most rating factors have a causal link while others are perceived as being a proxy for other risk factors or wealth / price elasticity of demand.
  • BDA tools such as such as artificial intelligence (AI) or machine learning (ML) are already actively used by 31% of firms, and another 24% are at a proof of concept stage. Models based on these tools are often cor-relational and not causative, and they are primarily used on pricing and underwriting and claims management.

EIOPA BDA 3

  • Cloud computing services, which reportedly represent a key enabler of agility and data analytics, are already used by 33% of insurance firms, with a further 32% saying they will be moving to the cloud over the next 3 years. Data security and consumer protection are key concerns of this outsourcing activity.
  • Up take of usage-based insurance products will gradually continue in the following years, influenced by developments such as increasingly connected cars, health wearable devices or the introduction of 5G mobile technology. Roboadvisors and specially chatbots are also gaining momentum within consumer product and service journeys.

EIOPA BDA 4

EIOPA BDA 5

  • There is no evidence as yet that an increasing granularity of risk assessments is causing exclusion issues for high-risk consumers, although firms expect the impact of BDA to increase in the years to come.

In view of the evidence gathered from the different stake-holders, EIOPA considers that there are many opportunities arising from BDA, both for the insurance industry as well as for consumers. However, and although insurance firms generally already have in place or are developing sound data governance arrangements, there are also risks arising from BDA that need to be further addressed in practice. Some of these risks are not new, but their significance is amplified in the context of BDA. This is particularly the case regarding ethical issues with the fairness of the use of BDA, as well as regarding the

  • accuracy,
  • transparency,
  • auditability,
  • and explainability

of certain BDA tools such as AI and ML.

Going forward, in 2019 EIOPA’s InsurTech Task Force will conduct further work in these two key areas in collaboration with the industry, academia, consumer associations and other relevant stakeholders. The work being developed by the Joint Committee of the ESAs on AI as well as in other international fora will also be taken into account. EIOPA will also explore third-party data vendor issues, including transparency in the use of rating factors in the context of the EU-US insurance dialogue. Furthermore, EIOPA will develop guidelines on the use of cloud computing by insurance firms and will start a new workstream assessing new business models and ecosystems arising from InsurTech. EIOPA will also continue its on-going work in the area of cyber insurance and cyber security risks.

Click here to access EIOPA’s detailed Big Data Report

EIOPA’s Insurance Stress Test 2018 Recommendations

Publié le par hanswillertbleuazurconsultingeu

Introduction

During the course of 2018, EIOPA carried out a European-wide stress test (ST) in accordance with Articles 21(2)(b) and 32 of Regulation (EU) 1094/2010 of 24 November 2010 of the European Parliament and of the Council (hereafter the ‘Regulation’).

The Recommendations contained in this document are issued in accordance with Article 21(2)(b) of the Regulation in order to address issues identified in the stress test.

EIOPA will support National Competent Authorities (NCAs) and undertakings through guidance and other measures if needed.

The 2018 Stress Test results showed that on aggregate the insurance sector is sufficiently capitalised to absorb the combination of shocks prescribed in the three scenarios. However, it also confirms the significant sensitivity to market shocks for the European insurance sector with Groups being vulnerable

  • not only to low yields and longevity risk,
  • but also to a sudden and abrupt reversal of risk premia, combined with an instantaneous shock to lapse rates and claims inflation.

The exercise further reveals potential transmission channels of the tested shocks to insurers’ balance sheets. For instance, in the YCU scenario the assumed claim inflation shock leads to a net increase in the liabilities of those Groups more exposed to non-life business through claims inflation. Finally, both the YCD and YCU scenario have similar negative impact on post-stress SCR ratios.

As outlined in the Executive Summary of the 2018 Insurance Stress Test Report, further analyses of the results are required by EIOPA and the NCAs to obtain a deeper understanding of the risks and vulnerabilities of the sector.

In order to follow-up on the main vulnerabilities, EIOPA is issuing the present Recommendations related to the 2018 stress test exercise.

Recommendation 1
NCAs should strengthen the supervision of the Groups identified as facing greater exposure to Yield Curve Up and/or Yield Curve Down scenarios. This affects, in particular, those Groups where transitional measures have a greater impact.

Recommendation 2
NCAs should carefully review and, where necessary, challenge the capital and risk management strategies of the affected Groups. In particular:

  • NCAs should require Groups to clarify the impact of the stress test in terms of capital and risk management.
  • For the affected Groups, stress test scenarios similar to YCU and YCD should be properly considered in the risk management framework, including the ORSAs.
  • Review the risk appetite framework for the affected Groups.

Recommendation 3
NCAs should evaluate the potential management actions to be implemented by the affected Groups. In particular:

  • NCAs should require Groups to indicate the range of actions based on the results of the stress testing.
  • NCAs should assess if the actions identified are realistic in such stress scenarios.
  • NCAs should consider any eventual second-round effects.

Recommendation 4
NCAs should further contribute to enhance the stress test process.

Recommendation 5
NCAs should enhance cooperation and information exchange with other relevant Authorities, such as the ECB/SSM or other national authorities, concerning the stress test results of the affected insurers which form part of a financial conglomerate.

EIOPA ST

Click here to access EIOPA’s Recommendations

EIOPA’s Supervisory Statement Solvency II: Application of the proportionality principle in the supervision of the Solvency Capital Requirement

Publié le par hanswillertbleuazurconsultingeu

EIOPA identified potential divergences in the supervisory practices concerning the supervision of the SCR calculation of immaterial sub-modules.

EIOPA agrees that in case of immaterial SCR sub-modules the principle of proportionality applies regarding the supervisory review process, but considers it is important to guarantee supervisory convergence as divergent approaches could lead to supervisory arbitrage.

EIOPA is of the view that the consistent implementation of the proportionality principle is a key element to ensure supervisory convergence for the supervision of the SCR. For this purpose the following key areas should be considered:

Proportionate approach

Supervisory authorities may allow undertakings, when calculating the SCR at the individual undertaking level, to adopt a proportionate approach towards immaterial SCR sub-modules, provided that the undertaking concerned is able to demonstrate to the satisfaction of the supervisory authorities that:

  1. the amount of the SCR sub-module is immaterial when compared with the total basic SCR (BSCR);
  2. applying a proportionate approach is justifiable taking into account the nature and complexity of the risk;
  3. the pattern of the SCR sub-module is stable over the last three years;
  4. such amount/pattern is consistent with the business model and the business strategy for the following years; and
  5. undertakings have in place a risk management system and processes to monitor any evolution of the risk, either triggered by internal sources or by an external source that could affect the materiality of a certain submodule.

This approach should not be used when calculating SCR at group level.

An SCR sub-module should be considered immaterial for the purposes of the SCR calculation when its amount is not relevant for the decision-making process or the judgement of the undertaking itself or the supervisory authorities. Following this principle, even if materiality needs to be assessed on a case-by-case basis, EIOPA recommends that materiality is assessed considering the weight of the sub-modules in the total BSCR and

  • that each sub-module subject to this approach should not represent more than 5% of the BSCR
  • or all sub-modules should not represent more than 10% of the BSCR.

For immaterial SCR sub-modules supervisory authorities may allow undertakings not to perform a full recalculation of such a sub-module on a yearly basis taking into consideration the complexity and burden that such a calculation would represent when compared to the result of the calculation.

Prudent calculation

For the sub-modules identified as immaterial, a calculation of the SCR submodule using inputs prudently estimated and leading to prudent outcomes should be performed at the time of the decision to adopt a proportionate approach. Such calculation should be subject to the consent of the supervisory authority.

The result of such a calculation may then be used in principle for the next three years, after which a full calculation using inputs prudently estimated is required so that the immateriality of the sub-module and the risk-based and proportionate approach is re-assessed.

During the three-year period the key function holder of the actuarial function should express an opinion to the administrative, management or supervisory body of the undertaking on the outcome of immaterial sub-module used for calculating SCR.

Risk management system and ORSA

Such a system should be proportionate to the risks at stake while ensuring a proper monitoring of any evolution of the risk, either triggered by internal sources such as a change in the business model or business strategy or by an external source such as an exceptional event that could affect the materiality of a certain sub-module.

Such a monitoring should include the setting of qualitative and quantitative early warning indicators (EWI), to be defined by the undertaking and embedded in the ORSA processes.

Supervisory reporting and public disclosure

Undertakings should include information on the risk management system in the ORSA Report. Undertakings should include structured information on the sub-modules for which a proportionate approach is applied in the Regular Supervisory Reporting and in the Solvency and Financial Condition Report (SFCR), under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement”.

Supervisory review process

The approach should be implemented in the context of on-going supervisory dialogue, meaning that the supervisory authority should be satisfied and agree with the approach taken and be kept informed in case of any material change. Supervisory authorities should inform the undertakings in case there is any concern with the approach. In case the supervisory authority has any concern the approach should not be implemented or might be implemented with additional safeguards as agreed between the supervisory authority and the undertaking.

In some situations supervisory authorities may require a full calculation following the requirements of the Delegated Regulation and using inputs prudently estimated.

Example : Supervisory reporting and public disclosure

Undertakings should include information on the risk management system referred to in the previous paragraphs in the ORSA Report.

Undertakings should include structured information on the sub-modules for which a proportionate approach is applied in the Regular Supervisory Reporting, under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement” (RSR), including at least the following information:

  1. identification of the sub-module(s) for which a proportionate approach was applied;
  2. amount of the SCR for such a sub-module in the last three years before the application of proportionate approach, including the current year;
  3. the date of the last calculation performed following the requirements of the Delegated Regulation using inputs prudently estimated; and
  4. early warning indicators identified and triggers for a calculation following the requirements of the Delegated Regulation and using inputs prudently estimated.

Undertakings should also include structured information on the sub-modules for which a proportionate approach is applied in the Solvency and Financial Condition Report, under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement” (SFCR), including at least the identification of the submodule(s) for which a proportionate calculation was applied.

An example of structured information to be included in the regular supervisory report in line with Article 311(6) of the Delegated Regulation is as follows:

Proportionality EIOPA

This proportionate approach should also be reflected in the quantitative reporting templates to be submitted. In this case the templates would reflect the amounts used for the last full calculation performed.

Click here to access EIOPA’s Supervisory Statement

Systemic Risk and Macroprudential Policy in Insurance (EIOPA)

Publié le par hanswillertbleuazurconsultingeu

In its work, EIOPA followed a step-by-step approach seeking to address the following questions in a sequential way:

  1. Does insurance create or amplify systemic risk?
  2. If yes, what are the tools already existing in the Solvency II framework, and how do they contribute to mitigate the sources of systemic risk?
  3. Are other tools needed and, if yes, which ones could be promoted?

Each paper published addresses one of the questions above. The publication of the three EIOPA papers on systemic risk and macroprudential policy in insurance has constituted an important milestone by which EIOPA has defined its policy stance and laid down its initial ideas on several relevant topics.

This work should now be turned into a specific policy proposal for additional macroprudential tools or measures where relevant and possible as part of the review of Directive 2009/138/EC (the ‘Solvency II5 Review’). For this purpose, and in order to gather the views of stakeholders, EIOPA is publishing this Discussion Paper on systemic risk and macroprudential policy in insurance, which focuses primarily on the third paper, i.e. on potential new tools and measures. Special attention is devoted to the four tools and measures specifically highlighted in the recent European Commission’s Call for Advice to EIOPA.

The financial crisis has shown the need to further consider the way in which systemic risk is created and/or amplified, as well as the need to have proper policies in place to address those risks. So far, most of the discussions on macroprudential policy have focused on the banking sector due to its prominent role in the recent financial crisis.

Given the relevance of the topic, EIOPA initiated the publication of a series of three papers on systemic risk and macroprudential policy in insurance with the aim of contributing to the debate and ensuring that any extension of this debate to the insurance sector reflects the specific nature of the insurance business.

EIOPA followed a step-by-step approach, seeking to address the following questions:

  • Does insurance create or amplify systemic risk? In the first paper entitled ‘Systemic risk and macroprudential policy in insurance’, EIOPA identified and analysed the sources of systemic risk in insurance and proposed a specific macroprudential framework for the sector. If yes, what are the tools already existing in the current framework, and how do they contribute to mitigate the sources of systemic risk? In the second paper, ‘Solvency II tools with macroprudential impact’, EIOPA identified, classified and provided a preliminary assessment of the tools or measures already existing within the Solvency II framework, which could mitigate any of the systemic risk sources that were previously identified.
  • Are other tools needed and, if yes, which ones could be promoted? The third paper carried out an initial assessment of other potential tools or measures to be included in a macroprudential framework designed for insurers. EIOPA focused on four categories of tools (capital and reservingbased tools, liquidity-based tools, exposure-based tools and pre-emptive planning). The paper focuses on whether a specific instrument should or should not be further considered. This is an important aspect in light of future work in the context of the Solvency II review.

The publication of the three EIOPA papers on systemic risk and macroprudential policy in insurance constitutes an important milestone by which EIOPA has defined its policy stance and laid down its initial ideas on several relevant topics. It should be noted that the ESRB (2018) has also identified a shortlist of options for additional provisions, measures and instruments, which reaches broadly similar conclusions as EIOPA.

EIOPA’s work should now be turned into a specific policy proposal for additional macroprudential tools or measures where relevant and possible as part of the Solvency II Review. For this purpose, and in order to gather the views of stakeholders, EIOPA is publishing this Discussion Paper on systemic risk and macroprudential policy in insurance.

This Discussion paper is based on the three papers previously published. They therefore back its content. Interested readers are recommended to consult them for further information or details. Relevant references are included in each of the sections.

EIOPA has included questions on all three papers. The majority of the questions, however, revolve around the third paper on additional tools or measures, which is more relevant in light of the Solvency II review.

The Discussion paper primarily focuses on the “principles” of each tool, trying to explain their rationale. As such, it does not address the operational aspects/challenges of each tool (e.g. calibration, thresholds, etc.) in a comprehensive manner. Similar to the approach followed with other legislative initiatives, the technical details could be addressed by means of technical standards, guidelines or recommendations, once the relevant legal instrument has been enacted.

Definitions

EIOPA provided all relevant definitions in EIOPA (2018a). It has to be noted, however, that there is usually no unique or universal definition for all these concepts. EIOPA’s work did not seek to fill this gap. Instead, working definitions are put forward in order to set the scene and should therefore be considered in the context of this paper only.

  • Financial stability and systemic risk are two strongly related concepts. Financial stability can be defined as a state whereby the build-up of systemic risk is prevented.
  • Systemic risk means a risk of disruption in the financial system with the potential to have serious negative consequences for the internal market and the real economy.
  • Macroprudential policy should be understood as a framework that aims at mitigating systemic risk (or the build-up thereof), thereby contributing to the ultimate objective of the stability of the financial system and, as a result, the broader implications for economic growth.
  • Macroprudential instruments are qualitative or quantitative tools or measures with system-wide impact that relevant competent authorities (i.e. authorities in charge of preserving the stability of the financial system) put in place with the aim of achieving financial stability.

In the context of this paper, these concepts (i.e. tools, instruments and measures) are used as synonyms.

The macroprudential policy approach contributes to the stability of the financial system — together with other policies (e.g. monetary and fiscal) as well as with microprudential policies. Whereas microprudential policies primarily focus on individual entities, the macroprudential approach focuses on the financial system as a whole.

It should be taken into account that, in some cases, the borders between microprudential policies and macroprudential consequences are blurring. That means, for example, that instruments that may have been designed as microprudential instrument may also have macroprudential consequences.

There are different institutional models for the implementation of macroprudential policies across EU, in some cases involving different parties (e.g. ministries, supervisors, etc.). This paper adopts a neutral approach by referring to the generic concept of the ‘relevant authority in charge of the macroprudential policy’, which should encompass the different institutional models existing across jurisdictions. Sometimes a simplified term such as ‘the authorities’ or ‘the competent authorities’ is used.

Systemic risk in insurance

While a common understanding of the systemic relevance of the banking sector has been reached, the issue is still debated in the case of the insurance sector. In order to contribute to this debate, EIOPA developed a conceptual approach to illustrate the dynamics in which systemic risk in insurance can be created or amplified.

Main elements of EIOPA’s conceptual approach to systemic risk

  • Triggering event: Exogenous event that has an impact on one or several insurance companies and may initiate the whole process of systemic risk creation. Examples are macroeconomic factors (e.g. raising unemployment), financial factors (e.g. yield movements) or non-financial factors (e.g. demographic changes or cyber-attacks).
  • Company risk profile: The result of the collection of activities performed by the insurance company. The activities will determine: a) the specific features of the company reflecting the strategic and operational decisions taken; and b) the risk factors that the company is exposed to, i.e. the potential vulnerabilities of the company.
  • Systemic risk drivers: Elements that may enable the generation of negative spill-overs from one or more company-specific stresses into a systemic effect, i.e. they may turn a company specific-stress into a system wide stress.
  • Transmission channels. Contagion channels that explain the process by which the sources of systemic risk may affect financial stability and/or the real economy. EIOPA distinguishes five main transmission channels: a) Exposure channel; b) Asset liquidation channel; c) Lack of supply of insurance products; d) Bank-like channel; and e) Expectations and information asymmetries
  • Sources of systemic risk: they result from the systemic risk drivers and their transmission channels. They are direct or indirect externalities whereby insurance imposes a systemic threat to the wider system. These direct and indirect externalities lead to three potential sources’ categories of systemic risks which are not mutually exclusive, i.e. entity-based related source, activity-based related source and behaviour-based related source.

In essence and as depicted in Figure 1, the approach developed by EIOPA considers that a ‘triggering event’ initially has an impact at entity level, affecting one or more insurers through their ‘risk profile’. Potential individual or collective distresses may generate systemic implications, the relevance of which is determined by the presence of different ‘systemic risk drivers’ embedded in the insurance companies.

EIOPA Sys Risk

In EIOPA’s view, systemic events could be generated in two ways.

  1. The ‘direct’ effect, originated by the failure of a systemically relevant insurer or the collective failure of several insurers generating a cascade effect. This systemic source is defined as ‘entity-based’.
  2. The ‘indirect’ effect, in which possible externalities are enhanced by engagement in potentially systemic activities (activity-based sources) or the widespread common reactions of insurers to exogenous shocks (behaviour-based source).

Potential externalities generated via direct and indirect sources are transferred to the rest of the financial system and to the real economy via specific channels (i.e. the transmission channel) and could induce changes in the risk profile of insurers, eventually generating potential second-round effects.

The following table provides an overview of possible examples of triggering events, risk profile, systemic risk drivers and transmission channels. It should therefore not be considered as a comprehensive list of elements.

EIOPA MacroPrud

Potential macroprudential tools and measures to enhance the current framework

In its third paper, EIOPA (2018c) carried out an analysis focusing on four categories of tools:

a) Capital and reserving-based tools;

b) Liquidity-based tools;

c) Exposure-based tools; and

d) Pre-emptive planning.

EIOPA also considers whether the tools should be used for enhanced reporting and monitoring or as intervention power. Following this preliminary analysis, EIOPA concluded the following :

EIOPA Other tools

Example: Enhancement of the ORSA 

Description. In an ORSA, an insurer is required to consider all material risks that may have an impact on its ability to meet its obligations to policyholders. In doing this a forward looking perspective is also required. Although conceived at first as a microprudential tool, this tool could be enhanced to take the macroprudential perspective also into account.

Potential contribution to mitigate systemic risk. The enhancement of ORSA could help in mitigating two of the sources of systemic risk identified.

Proposal. This measure is proposed for further consideration for enhanced reporting and monitoring purposes.

Operational aspects. A description of all relevant operational aspects is carried out in EIOPA (2018c). In essence, the idea is to supplement the microprudential approach by assigning certain roles and responsibilities to the relevant authority in charge of the macroprudential policy (see Figure below). This authority could carry out three different tasks:

  1. Aggregation of information;
  2. Analysis of the information; and
  3. Provision of certain information or parameters to supervisors to channel macroprudential concerns.

Supervisors would then request undertakings to include in their ORSAs particular macroprudential risks.

Issues for consideration: In order to make the ORSA operational from a macroprudential point of view, the following would be needed:

  • A clarification of the role of the risk management function in order to include macroprudential concerns.
  • The inclusion of a new paragraph in Article 45 of the Solvency II directive explicitly referring to the macroprudential dimension and the need to consider the macroeconomic situation and potential sources of systemic risk as followup of their assessment on whether the company complies on a continuous basis with the Solvency II regulatory capital requirements.
  • Clarification that a follow-up is expected after input from supervisors, namely from authorities in charge of the macroprudential policy. On a risk-based approach this might imply the request of specific information in terms of nature, scope, format and point in time, where justified by likelihood or impact of materialisation of a certain source of systemic risk.

Furthermore, a certain level of harmonisation of the structure and content of the ORSA report would be needed, which would enable the identification of the relevant sections by the authorities in charge of macroprudential policies. This, however, would mean a change in the current approach followed with regard to the ORSA.

Click here to access EIOPA’s detailed Discussion Paper 2019

 

Outsourcing to the Cloud: EIOPA’s Contribution to the European Commission FinTech Action Plan

Publié le par hanswillertbleuazurconsultingeu

In the European financial regulatory landscape, the purchase of cloud computing services falls within the broader scope of outsourcing.

The credit institutions, investment firms, payment institutions and the e-money institutions have multiple level 1 and level 2 regulations that discipline their use of outsourcing (e.g. MIFID II, PSD2, BRRD). There are also level 3 measures: CEBS Guidelines on Outsourcing, representing the current guiding framework for outsourcing activities within the European banking sector.

Additional “Recommendations on cloud outsourcing” were issued on December 20, 2017 by the European Banking Authority (EBA) and entered into force on July 1, 2018. They will be repealed by the new guidelines on Outsourcing Arrangements (level 3) which have absorbed the text of the Recommendations.

For the (re)insurance sector, the current Regulatory framework of Solvency II (level 1 and level 2) discipline outsourcing under Articles 38 and 49 of the Directive and Article 274 of the Delegated Regulations. The EIOPA guidelines 60-64 on System of Governance provide level 3 principle based guidance.

On the basis of a survey conducted by the National Supervisory Authorities (NSAs), cloud computing is not extensively used by (re)insurance undertakings: it is most extensively used by newcomers, within a few market niches and by larger undertakings mostly for non-critical functions.

Moreover, as part of their wider digital transformation strategies many European large (re)insurers are expanding their use of the cloud.

As to applicable regulation, cloud computing is considered as outsourcing and the current level of national guidance on cloud outsourcing for the (re)insurance sector is not homogenous. Nonetheless, most NSAs (banking and (re)insurance supervisors at the same time) declare that they are considering the EBA Recommendations as a reference for the management of cloud outsourcing.

Under the steering of its InsurTech TaskForce, EIOPA will develop its own Guidelines on Cloud Outsourcing. The intention is that the Guidelines on Cloud Outsourcing (the “guidelines”) will be drafted during the first half of 2019, issued then for consultation and finalised by the end of the year.

During the process of drafting the Guidelines, EIOPA will organize a public roundtable on the use of cloud computing by (re)insurance undertakings. During the roundtable, representative from the (re)insurance industry, cloud service providers and the supervisory community will discuss views and approaches to cloud outsourcing in a Solvency II and post-EBA Recommendations environment.

Furthermore, in order to guarantee a cross-industry harmonization within the European
financial sector, EIOPA has agreed with the other two ESAs:

  • to continue keeping the fruitful alignment kept so far; and
  • to start – in the second part of 2019 – a joint market monitoring activity aimed at developing policy views on how cloud outsourcing in the finance sector should be treated in the future.

This should take into account the increasing use of the cloud and the potential for large cloud service providers to be a single point of failure.

Overview of Cloud Computing

Cloud computing allows users to access on-demand, shared configurable computing resources (such as networks, servers, storage, applications and services) hosted by third parties on the internet, instead of building their own IT infrastructure.

According to the US National Institute of Standards and Technology (NIST), cloud computing is: “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

The ISO standard of 2014 defines cloud computing as a: “paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand”. It is composed of

  • cloud computing roles and activities,
  • cloud capabilities types and cloud service categories,
  • cloud deployment models and
  • cloud computing cross cutting aspects”.

The European Banking Authority (EBA) Recommendations of 2017 – very close to NIST definition – defines the cloud services as: “Services provided using cloud computing, that is, a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Shared responsibility framework

The cloud provider and cloud customer share the control of resources in a cloud system. The cloud’s different service models affect their control over the computational resources and, thus, what can be done in a cloud system. Compared to traditional IT systems, where one organization has control over the whole stack of computing resources and the entire life-cycle of the systems, cloud providers and cloud customers collaboratively

  • design,
  • build,
  • deploy, and
  • operate

cloud based systems.

The split of control means that both parties share the responsibilities in providing adequate protections to the cloud-based systems. The picture below shows, as “conceptual model”, the different level of sharing responsibilities between the cloud provider and the cloud customer.

These responsibilities contribute to achieve a compliant and secure computing environment. It has to be noted that, regardless the service provided by the cloud provider:

  • Ensuring that the data and its classification are done correctly and that the solution is compliant with regulatory obligations is the responsibility of the customer (e.g. in case of data theft the cloud customer is responsible towards the damaged parties or the customer is responsible to ensure – e.g. with specific contractual obligations – that the provider observe certain compliance requirements such as give the competent authorities access and audit rights);
  • Physical security is the one responsibility that is wholly owned by cloud service providers when using cloud computing.

The remaining responsibilities and controls are shared between customers and cloud providers according to the outsourcing model. However, the responsibility (in a supervisory sense) remains with the customers. Some responsibilities require the cloud provider and customer to manage and administer the responsibility together including auditing of their domains. For example, identity & access management when using a cloud provider’s active directory services could require that the configuration of services such as multi-factor authentication is up to the customer, but ensuring effective functionality is the responsibility of the cloud provider.

EIOPA Outs

Summary of Key Takeaways and EIOPA’s Answer to the European Commission

The key takeaways of the analysis carried out and described within this document are the following:

  1. cloud computing is mostly used extensively by newcomers, by a niche of the market and by larger undertakings mostly for non-critical function. However, as part of their wider digital transformation strategies many European large (re)insurers are expanding their use of the cloud;
  2. the current Regulatory framework of Solvency II (level 1 and level 2) appears to be sound to discipline the outsourcing to the cloud by the current outsourcing provisions (Articles 38 and 49 of the Directive and Article 274 of the Delegated Regulations);
  3. cloud computing is a fast developing service so in order for its regulation to be efficient it should be principle-based rather than attempting at regulating all (re)insurance-related aspects of it;
  4. cloud computing services used by (re)insurance undertakings are aligned to the one used by banking sector. The risks arising from the usage of cloud computing by (re)insurance undertakings appear to be, generally, aligned to the risks bear by the banking players with few minor (re) insurance specificities;
  5. both banking and (re)insurance regulations discipline cloud computing by their current outsourcing provisions. Under these, banking and (re)insurance institutions are required to classify whether the cloud services they receive are „critical or important“. The most common approach is to classify cloud computing on a case-by-case approach – similarly to the other services – on the basis of the service / process / activity / data outsourced;
  6. the impact of cloud computing on the (re)insurance market is assessed differently among jurisdictions: due to the complexity and the high level of technicality of the subject, some jurisdictions have planned to issue (or already issued) national guidance directly applicable to the (re)insurance market on cloud outsourcing;
  7. from the gap analysis carried out, the EBA Recommendations are more specific on the subject (e.g. the specific requirements to build a register of all the cloud service providers) and, being built on shared common principles, can be applied to the wide Solvency II regulations on outsourcing, reflecting their status at level 3;
  8. to provide legal transparency to the market participants (i.e. regulated undertakings and service providers) and to avoid potential regulatory arbitrage, EIOPA should issue guidance on cloud outsourcing aligned with the EBA Recommendations and, where applicable, the EBA Guidelines on outsourcing arrangements with minor amendments.

Click here to access EIOPA’s detailed Contribution Paper

2018 EIOPA Insurance Stress Test report

Publié le par hanswillertbleuazurconsultingeu

Executive Summary

  1. The 2018 insurance stress test is the fourth European-wide exercise initiated and coordinated by EIOPA. As in previous exercises, the main objective is to assess the resilience of the European insurance sector to specific adverse scenarios with potential negative implications for the stability of the European financial markets and the real economy. Hence, it cannot be considered as a pass-or-fail or capital exercise for the participating groups. In total 42 (re)insurance groups, representing a market coverage of around 75% based on total consolidated assets, participated. As this exercise is based on group level information, no country results are provided in the report.
  2. The exercise tests the impact of a prolonged low yield environment (Yield Curve Down – YCD – scenario) as well as of a sudden reversal of risk premia (Yield Curve Up – YCU – scenario), which are currently identified as key risks across financial sectors. In the YCD scenario, market shocks are complemented by a longevity shock. In the YCU scenario, market shocks are combined with an instantaneous shock to lapse rates and claims inflation. The market shocks prescribed in the YCD and YCU scenarios are severe but plausible and were developed in cooperation with the ESRB, based on past market observations. Additionally, a natural catastrophe (NC) scenario tests the resilience of insurers to a potential materialisation of a set of catastrophe losses over Europe.
  3. Groups were requested to calculate their post-stress financial position by applying the same models used for their regular Solvency II reporting. The use of LTG and transitional measures was taken into account and the impact of these measures had to be reported separately. Restrictions were prescribed in order to accommodate for the instantaneous nature of the shocks and the static balance sheet approach. In particular, the impact of the transitional measure on technical provisions was held constant in the post-stress situation and potential management actions to mitigate the impact of the scenarios were not allowed.
  4. The novelty of this year’s exercise is the assessment of the post-stress capital position of the participants, with an estimate of the post-stress Solvency Capital Requirement (SCR). Given the operational and methodological challenges related to the recalculation of the group SCR, participating groups were allowed to use approximations and simplifications as long as a fair reflection of the direction and magnitude of the impact was warranted.
  5. In the pre-stress (baseline) situation, participating groups have an aggregate assets over liabilities (AoL) ratio of 109.5% (the ratio ranges from 103.0% to 139.5% for participating groups). Overall, the participating groups are adequately capitalised with an aggregate baseline SCR ratio of 202.4%, indicating that they hold approximately twice as much capital than what is required by regulation.
  6. In the YCU scenario, the aggregate AoL ratio drops from 109.5% to 107.6%, corresponding to a drop of 32.2% in the excess of assets over liabilities (eAoL). Without the use of LTG and transitional measures the impact would be more severe, corresponding to a drop in AoL ratio to 105.1% (53.1% in the eAoL) with 3 groups reporting an AoL ratio below 100% (accounting for approximately 10% of total assets in the sample). The impact of the YCU scenario is driven by a significant drop in the value of assets (-12.8% for government bonds, -13.0% for corporate bonds and -38.5 % for equity holdings). Overall, the losses on the asset side outweigh the gains on the liability side. Technical Provisions (TP) decrease by 17.0%, attributed mainly to a decrease in life TP (-14.5%) due to the reduced portfolio (instantaneous lapse shock) and the increased discounting curve (upwards shock to the swap curves). However, an increase in TP was observed for those groups focusing mainly on non-life business. In this case, the impact of the claims inflation shock on the non-life portfolio leads to an increase in the TP, outweighing the beneficial effect of the increased discounting curve due to shorter-term liabilities.
  7. The capital position is materially affected in the YCU scenario, but the poststress aggregate SCR ratio remains at satisfactory levels of 145.2% corresponding to a drop of 57.2 percentage points. However, 6 groups report a post-stress SCR ratio below 100%. This is mainly driven by a significant decrease (-29.9%) in eligible own funds (EOF) following the shocks to the asset portfolio that are not fully compensated by the reduction of the TP, while the SCR decreases only slightly (-2.3%). LTG and transitional measures play a significant role in the post-stress capital position. Without the application of the transitional measures the aggregate SCR ratio drops by an additional 14.3 percentage points to 130.9%, while in case both LTG and transitional measures are removed, the SCR ratio drops to 86.6%, with 21 groups reporting a ratio below 100%. This finding confirms the importance of the aforementioned measures for limiting the impact of short-term market movements on the financial position of insurers, as expected by their design.
  8. In the YCD scenario, the aggregate AoL ratio decreases from 109.5% to 106.7%, corresponding to a drop in eAoL of 27.6%. Again, the impact is more severe without the use of LTG and transitional measures. The aggregate AoL ratio would drop to 104.8% in that case, corresponding to a decrease of 47.7% in eAoL, with 3 groups reporting an AoL ratio below 100% (accounting for approximately 10% of total assets in the sample). The impact of the YCD scenario can be mainly attributed to an increase in the TP on the liability side (+2.1%), driven by the increase of the life TP (+6.1%) due to the reduction of the discounting curve and the longevity shock. Total assets show a decrease (-0.8%) due to the drop in value of assets held for unit-linked contracts and equity holdings (-14.7%) which is partly offset by the increase in value of the fixed income assets (+3.1% government bonds and +2.3% corporate bonds). This scenario confirms that the European insurance industry is vulnerable to a prolonged low yield environment, also at group level.
  9. The aggregate SCR ratio in the YCD scenario drops by 64.9 percentage points, but remains at 137.4% after shock, although 7 participating groups report a ratio below 100%. The decrease in SCR ratio is driven by a material decrease in EOF (-23.5%) and a significant increase in SCR (+12.7%), both mainly due to higher technical provisions. The LTG and transitional measures partly absorb the negative impact of the prescribed shocks. Without the application of the transitional measures the SCR ratio drops to 124.1%, while excluding both LTG and transitional measures leads to an aggregate SCR ratio of 85.4%, with 20 participating groups reporting a ratio below 100%.
  10. In the NC scenario, participating groups report a drop of only 0.3 percentage points in the aggregate AoL ratio. The limited impact of the NC scenario on the participating groups is mainly due to the reinsurance treaties in place, with 55% of the losses transferred to reinsurers. The most affected participants are therefore reinsurers and those direct insurers largely involved in reinsurance activities. Furthermore, it should be noted that the losses are ceded to a limited number of counterparties, highlighting a potential concentration of risk. The high resilience of the groups to the series of natural catastrophes is confirmed by the limited decrease in aggregate eAoL (-2.7%). Without the LTG and transitional measures, the eAoL would decrease by 15.1% compared to the baseline.
  11. Overall, the stress test exercise confirms the significant sensitivity to market shocks for the European insurance sector. The groups seem to be vulnerable to not only low yields and longevity risk, but also to a sudden and abrupt reversal of risk premia combined with an instantaneous shock to lapse rates and claims inflation. The exercise further reveals potential transmission channels of the tested shocks to insurers’ balance sheets. For instance, in the YCU scenario the assumed inflation shock leads to a net increase in the liabilities of those groups more exposed to non-life business through claims inflation. Finally, both the YCD and YCU scenario have similar negative impact on post-stress SCR ratios.
  12. Further analysis of the results will be undertaken by EIOPA and by the National Competent Authorities (NCAs) to obtain a deeper understanding of the risks and vulnerabilities of the sector. Subsequently, EIOPA will issue recommendations on relevant aspects where appropriate. The responses received on the cyber risk questionnaire that are not part of this report, will be evaluated and discussed in future EIOPA publications.
  13. This exercise marks an important step in the reassessment of capital requirements under adverse scenarios and provides a valuable basis for continuous dialogue between group supervisors and the participating groups on the identified vulnerabilities. EIOPA is planning to further work on refining its stress test methodology in order to fully capture the complexity of the reassessment of capital requirements under adverse scenarios. EIOPA expects that participants use the acquired experience to foster their abilities to produce high quality data and to enhance their corresponding risk management capabilities. NCAs are expected to oversee and promote these improvements.

AoL without LTG Transition

SCR With and without LTC Transition

NC Reinsurance

Click here to access the EIOPA 2018 Insurance Stress Test Report

 

EIOPA: Peer review assessing how National Competent Authorities (NCAs) supervise and determine whether an insurer’s set­ting of key functions fulfils the legal requirements of Solvency II

Publié le par hanswillertbleuazurconsultingeu

The main task of the European Insurance and Occupational Pensions Authority (EIOPA) is to

  • enhance supervisory convergence,
  • strengthen consumer protection
  • and preserve financial stability.

In the context of enhancing supervisory convergence and in accordance with its mandate, EIOPA regularly conducts peer reviews, working closely with national competent authorities (NCAs), with the aim of strengthening both the convergence of supervisory practices across Europe and the capacity of NCAs to conduct high-quality and effective supervision.

In line with its mandate, the outcome of peer reviews, including identified best practices, are to be made public with the agreement of the NCAs that have been subject to the review.

BACKGROUND AND OBJECTIVES

Enhancing the governance system of insurers is one of the major goals of Solvency II (SII). The four key functions (risk management, actuarial, compliance and internal audit) as required under the SII regulation are an essential part of the system of governance. These key functions are expected to be operationally independent to ensure an effective and robust internal control environment within an insurer and support high quality of decision making by the management. At the same time it is also important that these governance requirements are not overly burdensome for small and medium-sized insurers. Therefore SII allows NCAs to apply the principle of proportionality in relation to compliance with key function holder requirements for those insurers.

Under SII, insurers may combine key functions in one holder. However, such combinations have to be justified by the principle of proportionality and insurers need to properly address the underlying conflicts of interest. Holding a key function should generally not be combined with administrative, management or supervisory body (AMSB) membership or with operational tasks because of their controlling objective. Thus, these combinations should rather occur in exceptional cases, taking into account a risk-based approach and the manner in which the insurer avoids and manages any potential conflict of interest.

This peer review assesses how NCAs supervise and determine whether an insurer’s setting of key functions fulfils the legal requirements of SII with a particular emphasis on proportionality. The peer review examines practices regarding:

  • combining key functions under one holder;
  • combining key functions with AMSB membership or with carrying out operational tasks;
  • subordination of one key function under another key function;
  • split of one key function among several holders;
  • assessment of the fitness of key function holders; and
  • outsourcing of key functions.

The period examined under the scope of this peer review was 2016 but also covered supervisory practices executed before 2016 in the preparatory stage of SII. The peer review was conducted among NCAs from the European Economic Area (EEA) on the basis of EIOPA’s Methodology for conducting Peer Reviews (Methodology).

Detailed information was gathered in the course of the review. All NCAs completed an initial questionnaire. This was followed by fieldwork comprising visits to 8 NCAs and 30 conference calls.

MAIN FINDINGS

The review showed that NCAs in general apply the principle of proportionality and that they have adopted similar approaches.

SUMMARY RESULTS OF THE COMPARATIVE ANALYSIS

  • Supervisory framework: Approximately half of NCAs use written supervisory guidance for the application of the principle of proportionality. Larger NCAs in particular use written supervisory guidance in order to ensure consistency of their supervisory practice among their supervisory staff.
  • Approach of NCAs: Most NCAs have a similar approach. NCAs assess the insurers’ choice of key function holders at the time of initial notification regarding the key function holder’s appointment. If any concerns are noted at this stage, for example regarding combinations or fitness, NCAs generally challenge and discuss these issues with the insurer, rather than issuing formal administrative decisions.
  • Combining key functions in one holder: This occurs in almost all countries. The most frequent combinations are between risk management and actuarial functions and between risk management and compliance functions. Combinations are most commonly used by smaller insurers but are also seen in large insurers. EIOPA has identified the need to draw the attention of NCAs to the need to challenge combinations more strongly, especially when they occur in bigger, more complex insurers, and to ensure that adequate mitigation measures are in place to warrant a robust system of governance.
  • Holding the internal audit function and other key functions: The combination of the internal audit function with other key functions occurs in 15 countries, although the frequency of such combinations is relatively low. Moreover, there were cases of the internal audit function holder also carrying out operational tasks which could lead to conflicts of interest and compromise the operational independence of the internal audit function. It is important to emphasise that the legal exemption of Article 271 of the Commission Delegated Regulation EU (2015/35) does not apply to the combination with operational tasks.
  • Combining a key function holder with AMSB membership: Most NCAs follow a similar and comprehensive approach regarding the combination of key function holder and AMSB member. In this regard, NCAs accept such cases only if deemed justified under the principle of proportionality. This peer review shows that two NCAs request or support combinations of AMSB member and the risk management function holder regardless of the principle of proportionality in order to strengthen the knowledge and expertise regarding risk management within the AMSB.
  • Combining key function holders (excluding internal audit function holder) with operational tasks: In nearly all countries combinations of risk management, actuarial and compliance key function holders with operational tasks occur, but such combinations generally occur rarely or occasionally. However, several NCAs do not have a full market overview of such combinations with operative tasks. Adequate mitigating measures are essential to reduce potential conflicts of interest when key function holders also carry out operational tasks. The most common combinations are the compliance function holder with legal director and the risk management function holder with finance director.
  • Splitting a key function between two holders: About half of the NCAs reported cases where more than one individual is responsible for a particular key function (‘split of key function holder’). The most common split concerns the actuarial function (split between life and non-life business). NCAs should monitor such splits in order to maintain appropriate responsibility and accountability among key function holders.
  • Subordination of a key function holder to another key function holder or head of operational department: This is observed in half of the countries reviewed. An organisational subordination can be accepted, but there needs to be a direct ‘unfiltered’ reporting line from the subordinated key function holder to the AMSB. In cases of subordination, conflicts of interest have to be mitigated and operational independence needs to be ensured including the mitigating measures concerning the remuneration of the subordinated key function holders.
  • Fitness of key function holders: Most NCAs assess the fitness of the key function holder at the time of initial notification and apply the principle of proportionality. Several NCAs did not systematically assess the key function holders appointed before 2016. These NCAs are advised to do so using a risk-based approach.
  • Outsourcing of key function holders: Most NCAs have observed outsourcing of key function holders. According to the proportionality principle, an AMSB member may also be a designated person responsible for overseeing and monitoring the outsourced key function. Eight NCAs make a distinction between intra-group and extra-group outsourcing and six NCAs do not require a designated person in all cases, which may give rise to operational risks.

BEST PRACTICES

Through this peer review, EIOPA identified four best practices.

  • When NCAs adopt a structured proportionate approach based on the nature, scale and complexity of the business of the insurer regarding their supervisory assessment of key function holders and combination of key function holders at the time of initial notification and on an ongoing basis. The best practice also includes supervisory documentation and consistent and uniform data submission requirements (for example an electronic data submission system for key function holder notification). This best practice has been identified in Ireland and the United Kingdom.
  • When an NCA has a supervisory panel set up internally which discusses and advises supervisors about complex issues regarding the application of the proportionality principle in governance requirements regarding key functions. This best practice has been identified in the Netherlands.
  • When assessing the combination of key function holder with AMSB member, EIOPA considers the following as best practice for NCAs:
    • To publicly disclose the NCA’s expectations that controlling key functions should generally not be combined with operational functions for example with the membership of the AMSB. Where those cases occur, NCAs should clearly communicate their expectation that the undertaking ensures that it is aware of possible conflicts of interest arising from such a combination and manages them effectively.
    • To require from insurers that main responsibilities as a member of the AMSB do not lead to a conflict of interest with the tasks as a key function holder.
    • To assess whether the other AMSB members challenge the key function holder also being an AMSB member.

This best practice has been identified in Lithuania.

  • When NCAs apply a risk-based approach for the ongoing supervision that gives the possibility to ensure the fulfilment of fitness requirements of KFHs at all times by holding meetings with key function holders on a regular scheduled basis as part of an NCA’swork plan (annual review plan). The topics for discussion for those meetings can vary, depending for example on actual events and current topics. This best practice has been identified in Ireland and the United Kingdom.

These best practices provide guidance for a more systematic approach regarding the application of the principle of proportionality as well as for ensuring consistent and effective supervisory practice within NCAs.

EIOPA NCA KFH

Click here to access EIOPA’s full report on its Peer Review

 

The Prudential Regulation Authority’s approach to insurance supervision

Publié le par hanswillertbleuazurconsultingeu

UK’s Insurance Supervisory Body PRA just published a very interesting paper describing it’s purpose and it’s working principles. Even if Bexit will exclude PRA from EIOPA associated supervisory bodies, this paper should be considered as being landmark as most of the EIOPA associated bodies didn’t go this way of transparency and methodology yet, despite EIOPA having set a framework at least for some of these issues, crucial for insurers to manage thair risk and capital requirements.

« We, the Prudential Regulation Authority (PRA), as part of the Bank of England (‘the Bank’), are the UK’s prudential regulator for deposit-takers, insurance companies, and designated investment firms.

This document sets out how we carry out our role in respect of insurers. It is designed to help regulated firms and the market understand how we supervise these institutions, and to aid accountability to the public and Parliament. The document acts as a standing reference that will be revised and reissued in response to significant legislative and other developments which result in changes to our approach.

This document serves three purposes.

  1. First, it aids accountability by describing what we seek to achieve and how we intend to achieve it.
  2. Second, it communicates to regulated insurers what we expect of them, and what they can expect from us in the course of supervision.
  3. Third, it is intended to meet the statutory requirement for us to issue guidance on how we intend to advance our objectives.

It sits alongside our requirements and expectations as published in the PRA Rulebook and our policy publications.

EU withdrawal

Our approach to advancing these objectives will remain the same as the UK withdraws from the EU. Our main focus is on trying to ensure that the transition to our new relationship with the EU is as smooth and orderly as possible in order to minimise risks to our objectives.

Our approach to advancing our objectives

To advance our objectives, our supervisory approach follows three key principles – it is:

  1. judgement-based;
  2. forward-looking; and
  3. focused on key risks.

Across all of these principles, we are committed to applying the principle of proportionality in our supervision of firms.

PRA1

Identifying risks to our objectives

The intensity of our supervisory activity varies across insurers. The level of supervision principally reflects our judgement of an insurer’s potential impact on policyholders and on the stability of the financial system, its proximity to failure (as encapsulated in the Proactive Intervention Framework (PIF), which is described later), its resolvability and our statutory obligations. Other factors that play a part include the type of business carried out by the insurer and the complexity of the insurer’s business and organisation.

Our risk framework

We take a structured approach when forming our judgements. To do this we use a risk assessment framework. The risk assessment framework for insurers is the same as for banks, but is used in a different way, reflecting our additional objective to contribute to securing appropriate policyholder protection, the different risks to which insurers are exposed, and the different way in which insurers fail.

Much of our proposed approach to the supervision of insurers is designed to deliver the supervisory activities which the UK is required to carry out under Solvency II.

The key features of Solvency II are:

  • market-consistent valuation of assets and liabilities;
  • high quality of capital;
  • a forward-looking and risk-based approach to setting capital requirements;
  • minimum governance and effective risk management requirements;
  • a rigorous approach to group supervision;
  • a Ladder of Intervention designed to ensure intervention by us in proportion to the risks that a firm’s financial soundness poses to its policyholders;
  • and strong market discipline through firm disclosures.

Some insurers fall outside the scope of the Solvency II Directive (known as non-Directive firms), mainly due to their size. These firms should make themselves familiar with the requirements for non-Directive firms.

PRA2

Supervisory activity

This section describes how, in practice, we supervise insurers, including information on our highest decision-making body and our approach to authorising new insurers. As part of this, it describes the Proactive Intervention Framework (PIF) and our high-level approach to using our legal powers. For UK insurers, our assessment covers all entities within the consolidated group.

PRA3

Proactive Intervention Framework (PIF)

Supervisors consider an insurer’s proximity to failure when drawing up a supervisory plan. Our judgement about proximity to failure is captured in an insurer’s position within the PIF.

Judgements about an insurer’s proximity to failure are derived from those elements of the supervisory assessment framework that reflect the risks faced by an insurer and its ability to manage them, namely, external context, business risk, management and governance, risk management and controls, capital, and liquidity. The PIF is not sensitive to an insurer’s potential impact or resolvability.

The PIF is designed to ensure that we put into effect our aim to identify and respond to emerging risks at an early stage. There are five PIF stages, each denoting a different proximity to failure, and every insurer sits in a particular stage at each point in time. When an insurer moves to a higher PIF stage (ie as we determine the insurer’s viability has deteriorated), supervisors will review their supervisory actions accordingly. Senior management of insurers will be expected to ensure that they take appropriate remedial action to reduce the likelihood of failure and the authorities will ensure appropriate preparedness for resolution. The intensity of supervisory resources will increase if we assess an insurer has moved closer to breaching Threshold Conditions, posing a risk of failure and harm to policyholders.

An insurer’s PIF stage is reviewed at least annually and in response to relevant, material developments. (…) »

Click here to access PRA’s detailed paper

EIOPA: Potential macroprudential tools and measures to enhance the current insurance regulatory framework

Publié le par hanswillertbleuazurconsultingeu

The European Insurance and Occupational Pensions Authority (EIOPA) initiated in 2017 the publication of a series of papers on systemic risk and macroprudential policy in insurance. So far, most of the discussions concerning macroprudential policy have focused on the banking sector. The aim of EIOPA is to contribute to the debate, whilst taking into consideration the specific nature of the insurance business.

With this purpose, EIOPA has followed a step-by-step approach, seeking to address the following questions:

  • Does insurance create or amplify systemic risk?
  • If yes, what are the tools already existing in the current framework, and how do they contribute to mitigate the sources of systemic risk?
  • Are other tools needed and, if yes, which ones could be promoted?

While the two first questions were addressed in previous papers, the purpose of the present paper is to identify, classify and provide a preliminary assessment of potential additional tools and measures to enhance the current framework in the EU from a macroprudential perspective.

EIOPA carried out an analysis focusing on four categories of tools:

  1. Capital and reserving-based tools;
  2. Liquidity-based tools;
  3. Exposure-based tools; and
  4. Pre-emptive planning.

EIOPA also considers whether the tools should be used for enhanced reporting and monitoring or as intervention power. Following this preliminary analysis, EIOPA concludes the following (Table 1):

Table 1 Macro

It is important to stress that the paper essentially focuses on whether a specific instrument should or should not be further considered. This is an important aspect in light of future work in the context of the Solvency II review. As such, this work should be understood as a first step of the process and not as a formal proposal yet. Furthermore, EIOPA is aware that the implementation of tools also has important challenges. In this respect this report provides an overview of tools, main conclusions and observations, stressing also the main challenges.

Table 2 puts together the findings of all three papers published by EIOPA by linking

  1. sources of systemic risk and operational objectives (first paper),
  2. tools already available in the current framework (second paper)
  3. and other potential tools and measures to be further considered (current paper).

Table 2 Papers

The first paper, ‘Systemic risk and macroprudential policy in insurance’ aimed at identifying and analysing the sources of systemic risk in insurance from a conceptual point of view and at developing a macroprudential framework specifically designed for the insurance sector.

The second paper, ‘Solvency II tools with macroprudential impact’, identified, classified and provided a preliminary assessment of the tools or measures already existing within the Solvency II framework, which could mitigate any of the sources of systemic risk.

This third paper carries out an initial assessment of potential tools or measures to be included in a macroprudential framework designed for insurers, in order to mitigate the sources of systemic risk and contribute to the achievement of the operational objectives.

It covers six main issues:

  1. Identification of potential new instruments/measures. The tools will be grouped according to the following blocks:
    • Capital and reserving-based tools
    • Liquidity-based tools
    • Exposure-based tools
    • Pre-emptive planning
  2. Way in which the tools in each block contribute to achieving one or more of the operational objectives identified in previous papers.
  3. Interaction with Solvency II.
  4. Individual description of all the tools identified for each of the blocks. The following classification will be considered:
    • Enhanced reporting and monitoring tools and measures. They provide supervisors and other authorities with additional relevant information about potential risks and vulnerabilities that are or could be building up in the system. Authorities could then implement an array of measures to address them both at micro and macroprudential level (see annex for an inventory of powers potentially available to national supervisory authorities (NSAs)).
    • Intervention powers. These powers are currently not available as macroprudential tools. They are more intrusive and intervene more severely in the management of the companies. Examples could be additional buffers, limits or restrictions. They are only justified where the existing measures may not suffice to address the sources of systemic risk identified.
  5. Preliminary analysis per tool.
  6. Preliminary conclusion.

Four initial remarks should be made.

  1. First, although in several instances the measures and instruments are originally microprudential in nature, they could also be implemented as macroprudential instruments, if a systemically important institution or set of institutions or the whole market are targeted.
  2. Secondly, analysing potential changes on the long-term guarantees (LTG) measures and measures on equity risk that were introduced in the Solvency II directive, although out of the scope of this paper, could contribute to further enhance the framework from a macroprudential perspective. The focus of this paper is essentially on new tools, leaving aside the analysis of potential changes in the current LTG measures and measures on equity risk, which will be carried out in the context of the Solvency II review by 1 January 2021.
  3. Thirdly, when used as a macroprudential tool, the decision process may differ, given that there are different institutional models for the implementation of macroprudential policies across EU countries, in some cases involving different parties (e.g. ministries, supervisors, etc.). This paper seeks to adopt a neutral approach by referring to the concept of the ‘relevant authority in charge of the macroprudential authority’, which should encompass the different institutional models existing across jurisdictions.
  4. Fourthly, there seems to be no single solution when it comes to the level of application of each tool (single vs. group level).

Concerning the different proposed monitoring tools, in the follow-up work, the structure and content of the additional data requirements should be defined. This should then be followed by an assessment of the potential burden of collecting this information from undertakings.

It is important to stress that this paper essentially focuses on whether a specific instrument should or should not be further considered. This is an important aspect in light of future work in the context of the Solvency II review. As such, this work should be understood as a first step of the process and not as a formal proposal yet.

Figure ORSA

Click here to access EIOPA’s detailed discussion paper

Failures and near misses in insurance – Overview of the causes and early identification

Publié le par hanswillertbleuazurconsultingeu

General approach

The approach to dealing with failures of financial institutions has witnessed significant changes since the eruption of the financial crisis in 2008, both from the crisis prevention and the crisis management perspective. A changing perspective in the interpretation of the causes, early identification and corrective measures used in the context of (near) failures may create difficulties when trying to compare past failures with current ones, particularly with the advent of recovery and resolution frameworks in finance.

EIOPA has developed its own conceptual approach, which is followed throughout this report. It should be stressed that there is not a conceptual approach which is universally agreed. The aim of the present chapter is to explain the approach followed by EIOPA, in order to achieve a common understanding and support the classification of the different cases of insurance failures and near misses.

This chapter focuses on the following two issues:

  • The definition of the concepts of “failure” and “near miss”, which are essential to understanding the database construction process and the scope of the cases to be included.
  • The need to have a common understanding of the framework for crisis prevention and management, as well as the recovery and resolution tools to be used.

In terms of crisis prevention and management, the fundamental approach followed by EIOPA can be understood as part of a continuum of supervisory activities. Illustration 1 below summarizes the whole process: During business as usual, and in the normal stages of supervision, an initial problem can be identified, and insurers may seek to implement measures to overcome the problem. Supervisors would, in turn, normally intensify supervision and follow-up more closely on the developments of the insurer. Should the initial problem become a real financial threat (e.g. being in breach of, or about to breach, solvency capital requirements) the insurer enters into a new stage, which is linked to an increased risk of failure, i.e. a near miss situation. In this context, the insurer should trigger certain recovery actions to restore its financial position, while supervisors can intervene more intrusively. In general, there should be a reasonable prospect of recovery if effective and credible measures are implemented. Nevertheless, if the situation of distress is extremely severe and the measures taken do not yield the expected results, the insurer enters into resolution.

Eventually, the insurer (or parts of it) is (are) wound-up and exits the market.

EIOPA - Resolution

Near miss

In the context of this report, a near miss is defined as a case where an insurer faces specific financial difficulties (for example, when the solvency requirements are breached or likely to be breached) and the supervisor feels it necessary to intervene or to place the insurer under some form of special measures.

The elements to identify a near miss are the following:

  • The insurer is still in operation under its original form;
  • Nevertheless it is subject to a severe financial distress to an extent that the supervisory authority deems it necessary to intervene; and
  • In the absence of this intervention, the insurer will not survive in its current form and may eventually go into resolution or be wound-up.

Underlying is the idea of success of the measures taken. As such, it should not involve public money or policyholders’ loss.

In other words, a near miss presupposes that the supervisory intervention, either directly (e.g. replacing the management) or indirectly (e.g. request for an increase in capital), contributed in a clear way to overcome the insurer’s financial distress and bring it back to a “business-as-usual” environment. Shareholders generally keep their rights and could potentially oppose any of the measures undertaken.

On a day-to-day basis, insurers and NSAs might have to take different actions that require a certain degree of coordination. A “near miss” in the sense described in this report should be distinguished from these type of situations. Near misses only refer to cases where severe problems were detected or reported and supervisory measures were necessary to ensure the viability of the insurer.

Near misses actually constitute an area of particular interest for this report. In effect, their correct reporting and analysis would allow valuable lessons to be learned from successfully managed distress situations – prospective failure of an insurer and supervisory actions that permitted recovery.

Insurance failure

A failure, for the purposes of the present database, exists from the moment when an insurer is no longer viable or likely to be no longer viable, and has no reasonable prospect of becoming so.

The processes of winding-up/liquidation, which are usually initiated after insolvency, either on a balance sheet basis (the insurer’s liabilities are greater than its assets) or cash-flow basis (the insurer is unable to pay its debts as they fall due), are also encompassed within the definition of failure for the purposes of the database. Failure is thus triggered by “non-viability”.

The failed insurer ceases to operate in its current form. Shareholders generally lose some or all of their rights and cannot oppose to the measures taken by the authority in charge of resolution, which has formally taken over the reins from the supervisory authority.

For classification purposes, any case is considered as a failure (regardless of the final result of the intervention) when:

  • Private external support (e.g. by means of an insurance guarantee system (IGS)) has been received.
  • Public funds by taxpayers were needed for policyholders’ protection or financial stability reasons.
  • Policyholders have suffered any type of loss, be it in financial terms or in a deterioration of their insurance coverage.

The following are examples of resolution tools that may be used by authorities in a case of failure:

  • Sale of all or part of the insurers’ business to a private purchaser. A particular case is the transfer of an insurers’ portfolio, moving all or part of its business to another insurer without the consent of each and every policyholder.
  • Discontinue the writing of new business and continue administering the existing contractual policy obligations for inforce business (run-off).
  • Set-up a bridge institution as a temporary public entity to which all or part of the business of the insurer is transferred in order to preserve its critical functions.
  • Separate toxic assets from good assets establishing an asset management vehicle (i.e. a “bad insurer” similar to the concept used in banking) wholly owned by one or more public authorities for managing and running-down those assets in an orderly manner.
  • Restructure, limit or write down liabilities (including insurance and reinsurance liabilities) and allocate losses following the hierarchy of claims.

This also includes the bail-in of liabilities when they are by converted into equity.

  • Closure and orderly liquidation of the whole or part of a failing insurer.
  • Withdrawal of authorisation.

Lastly, it should be mentioned that the flow of events shown in Illustration 1 does not necessarily take place in a sequential way. For example, there could be cases in which an insurer goes directly into resolution. Thus, what is relevant for the classification of a particular case is whether the insurer recovers (which would then be considered as a near miss or as a case resolution/return to market if some kind of resolution action/tool is used) or has to be fully resolved and/or liquidated.

EIOPA - Sharma Risks

Click here to access EIOPA’s detailed report