EIOPA’s Supervisory Statement Solvency II: Application of the proportionality principle in the supervision of the Solvency Capital Requirement

EIOPA identified potential divergences in the supervisory practices concerning the supervision of the SCR calculation of immaterial sub-modules.

EIOPA agrees that in case of immaterial SCR sub-modules the principle of proportionality applies regarding the supervisory review process, but considers it is important to guarantee supervisory convergence as divergent approaches could lead to supervisory arbitrage.

EIOPA is of the view that the consistent implementation of the proportionality principle is a key element to ensure supervisory convergence for the supervision of the SCR. For this purpose the following key areas should be considered:

Proportionate approach

Supervisory authorities may allow undertakings, when calculating the SCR at the individual undertaking level, to adopt a proportionate approach towards immaterial SCR sub-modules, provided that the undertaking concerned is able to demonstrate to the satisfaction of the supervisory authorities that:

  1. the amount of the SCR sub-module is immaterial when compared with the total basic SCR (BSCR);
  2. applying a proportionate approach is justifiable taking into account the nature and complexity of the risk;
  3. the pattern of the SCR sub-module is stable over the last three years;
  4. such amount/pattern is consistent with the business model and the business strategy for the following years; and
  5. undertakings have in place a risk management system and processes to monitor any evolution of the risk, either triggered by internal sources or by an external source that could affect the materiality of a certain submodule.

This approach should not be used when calculating SCR at group level.

An SCR sub-module should be considered immaterial for the purposes of the SCR calculation when its amount is not relevant for the decision-making process or the judgement of the undertaking itself or the supervisory authorities. Following this principle, even if materiality needs to be assessed on a case-by-case basis, EIOPA recommends that materiality is assessed considering the weight of the sub-modules in the total BSCR and

  • that each sub-module subject to this approach should not represent more than 5% of the BSCR
  • or all sub-modules should not represent more than 10% of the BSCR.

For immaterial SCR sub-modules supervisory authorities may allow undertakings not to perform a full recalculation of such a sub-module on a yearly basis taking into consideration the complexity and burden that such a calculation would represent when compared to the result of the calculation.

Prudent calculation

For the sub-modules identified as immaterial, a calculation of the SCR submodule using inputs prudently estimated and leading to prudent outcomes should be performed at the time of the decision to adopt a proportionate approach. Such calculation should be subject to the consent of the supervisory authority.

The result of such a calculation may then be used in principle for the next three years, after which a full calculation using inputs prudently estimated is required so that the immateriality of the sub-module and the risk-based and proportionate approach is re-assessed.

During the three-year period the key function holder of the actuarial function should express an opinion to the administrative, management or supervisory body of the undertaking on the outcome of immaterial sub-module used for calculating SCR.

Risk management system and ORSA

Such a system should be proportionate to the risks at stake while ensuring a proper monitoring of any evolution of the risk, either triggered by internal sources such as a change in the business model or business strategy or by an external source such as an exceptional event that could affect the materiality of a certain sub-module.

Such a monitoring should include the setting of qualitative and quantitative early warning indicators (EWI), to be defined by the undertaking and embedded in the ORSA processes.

Supervisory reporting and public disclosure

Undertakings should include information on the risk management system in the ORSA Report. Undertakings should include structured information on the sub-modules for which a proportionate approach is applied in the Regular Supervisory Reporting and in the Solvency and Financial Condition Report (SFCR), under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement”.

Supervisory review process

The approach should be implemented in the context of on-going supervisory dialogue, meaning that the supervisory authority should be satisfied and agree with the approach taken and be kept informed in case of any material change. Supervisory authorities should inform the undertakings in case there is any concern with the approach. In case the supervisory authority has any concern the approach should not be implemented or might be implemented with additional safeguards as agreed between the supervisory authority and the undertaking.

In some situations supervisory authorities may require a full calculation following the requirements of the Delegated Regulation and using inputs prudently estimated.

Example : Supervisory reporting and public disclosure

Undertakings should include information on the risk management system referred to in the previous paragraphs in the ORSA Report.

Undertakings should include structured information on the sub-modules for which a proportionate approach is applied in the Regular Supervisory Reporting, under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement” (RSR), including at least the following information:

  1. identification of the sub-module(s) for which a proportionate approach was applied;
  2. amount of the SCR for such a sub-module in the last three years before the application of proportionate approach, including the current year;
  3. the date of the last calculation performed following the requirements of the Delegated Regulation using inputs prudently estimated; and
  4. early warning indicators identified and triggers for a calculation following the requirements of the Delegated Regulation and using inputs prudently estimated.

Undertakings should also include structured information on the sub-modules for which a proportionate approach is applied in the Solvency and Financial Condition Report, under the section “E.2 Capital Management – Solvency Capital Requirement and Minimum Capital Requirement” (SFCR), including at least the identification of the submodule(s) for which a proportionate calculation was applied.

An example of structured information to be included in the regular supervisory report in line with Article 311(6) of the Delegated Regulation is as follows:

Proportionality EIOPA

This proportionate approach should also be reflected in the quantitative reporting templates to be submitted. In this case the templates would reflect the amounts used for the last full calculation performed.

Click here to access EIOPA’s Supervisory Statement

Outsourcing to the Cloud: EIOPA’s Contribution to the European Commission FinTech Action Plan

In the European financial regulatory landscape, the purchase of cloud computing services falls within the broader scope of outsourcing.

The credit institutions, investment firms, payment institutions and the e-money institutions have multiple level 1 and level 2 regulations that discipline their use of outsourcing (e.g. MIFID II, PSD2, BRRD). There are also level 3 measures: CEBS Guidelines on Outsourcing, representing the current guiding framework for outsourcing activities within the European banking sector.

Additional “Recommendations on cloud outsourcing” were issued on December 20, 2017 by the European Banking Authority (EBA) and entered into force on July 1, 2018. They will be repealed by the new guidelines on Outsourcing Arrangements (level 3) which have absorbed the text of the Recommendations.

For the (re)insurance sector, the current Regulatory framework of Solvency II (level 1 and level 2) discipline outsourcing under Articles 38 and 49 of the Directive and Article 274 of the Delegated Regulations. The EIOPA guidelines 60-64 on System of Governance provide level 3 principle based guidance.

On the basis of a survey conducted by the National Supervisory Authorities (NSAs), cloud computing is not extensively used by (re)insurance undertakings: it is most extensively used by newcomers, within a few market niches and by larger undertakings mostly for non-critical functions.

Moreover, as part of their wider digital transformation strategies many European large (re)insurers are expanding their use of the cloud.

As to applicable regulation, cloud computing is considered as outsourcing and the current level of national guidance on cloud outsourcing for the (re)insurance sector is not homogenous. Nonetheless, most NSAs (banking and (re)insurance supervisors at the same time) declare that they are considering the EBA Recommendations as a reference for the management of cloud outsourcing.

Under the steering of its InsurTech TaskForce, EIOPA will develop its own Guidelines on Cloud Outsourcing. The intention is that the Guidelines on Cloud Outsourcing (the “guidelines”) will be drafted during the first half of 2019, issued then for consultation and finalised by the end of the year.

During the process of drafting the Guidelines, EIOPA will organize a public roundtable on the use of cloud computing by (re)insurance undertakings. During the roundtable, representative from the (re)insurance industry, cloud service providers and the supervisory community will discuss views and approaches to cloud outsourcing in a Solvency II and post-EBA Recommendations environment.

Furthermore, in order to guarantee a cross-industry harmonization within the European
financial sector, EIOPA has agreed with the other two ESAs:

  • to continue keeping the fruitful alignment kept so far; and
  • to start – in the second part of 2019 – a joint market monitoring activity aimed at developing policy views on how cloud outsourcing in the finance sector should be treated in the future.

This should take into account the increasing use of the cloud and the potential for large cloud service providers to be a single point of failure.

Overview of Cloud Computing

Cloud computing allows users to access on-demand, shared configurable computing resources (such as networks, servers, storage, applications and services) hosted by third parties on the internet, instead of building their own IT infrastructure.

According to the US National Institute of Standards and Technology (NIST), cloud computing is: “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

The ISO standard of 2014 defines cloud computing as a: “paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand”. It is composed of

  • cloud computing roles and activities,
  • cloud capabilities types and cloud service categories,
  • cloud deployment models and
  • cloud computing cross cutting aspects”.

The European Banking Authority (EBA) Recommendations of 2017 – very close to NIST definition – defines the cloud services as: “Services provided using cloud computing, that is, a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Shared responsibility framework

The cloud provider and cloud customer share the control of resources in a cloud system. The cloud’s different service models affect their control over the computational resources and, thus, what can be done in a cloud system. Compared to traditional IT systems, where one organization has control over the whole stack of computing resources and the entire life-cycle of the systems, cloud providers and cloud customers collaboratively

  • design,
  • build,
  • deploy, and
  • operate

cloud based systems.

The split of control means that both parties share the responsibilities in providing adequate protections to the cloud-based systems. The picture below shows, as “conceptual model”, the different level of sharing responsibilities between the cloud provider and the cloud customer.

These responsibilities contribute to achieve a compliant and secure computing environment. It has to be noted that, regardless the service provided by the cloud provider:

  • Ensuring that the data and its classification are done correctly and that the solution is compliant with regulatory obligations is the responsibility of the customer (e.g. in case of data theft the cloud customer is responsible towards the damaged parties or the customer is responsible to ensure – e.g. with specific contractual obligations – that the provider observe certain compliance requirements such as give the competent authorities access and audit rights);
  • Physical security is the one responsibility that is wholly owned by cloud service providers when using cloud computing.

The remaining responsibilities and controls are shared between customers and cloud providers according to the outsourcing model. However, the responsibility (in a supervisory sense) remains with the customers. Some responsibilities require the cloud provider and customer to manage and administer the responsibility together including auditing of their domains. For example, identity & access management when using a cloud provider’s active directory services could require that the configuration of services such as multi-factor authentication is up to the customer, but ensuring effective functionality is the responsibility of the cloud provider.

EIOPA Outs

Summary of Key Takeaways and EIOPA’s Answer to the European Commission

The key takeaways of the analysis carried out and described within this document are the following:

  1. cloud computing is mostly used extensively by newcomers, by a niche of the market and by larger undertakings mostly for non-critical function. However, as part of their wider digital transformation strategies many European large (re)insurers are expanding their use of the cloud;
  2. the current Regulatory framework of Solvency II (level 1 and level 2) appears to be sound to discipline the outsourcing to the cloud by the current outsourcing provisions (Articles 38 and 49 of the Directive and Article 274 of the Delegated Regulations);
  3. cloud computing is a fast developing service so in order for its regulation to be efficient it should be principle-based rather than attempting at regulating all (re)insurance-related aspects of it;
  4. cloud computing services used by (re)insurance undertakings are aligned to the one used by banking sector. The risks arising from the usage of cloud computing by (re)insurance undertakings appear to be, generally, aligned to the risks bear by the banking players with few minor (re) insurance specificities;
  5. both banking and (re)insurance regulations discipline cloud computing by their current outsourcing provisions. Under these, banking and (re)insurance institutions are required to classify whether the cloud services they receive are „critical or important“. The most common approach is to classify cloud computing on a case-by-case approach – similarly to the other services – on the basis of the service / process / activity / data outsourced;
  6. the impact of cloud computing on the (re)insurance market is assessed differently among jurisdictions: due to the complexity and the high level of technicality of the subject, some jurisdictions have planned to issue (or already issued) national guidance directly applicable to the (re)insurance market on cloud outsourcing;
  7. from the gap analysis carried out, the EBA Recommendations are more specific on the subject (e.g. the specific requirements to build a register of all the cloud service providers) and, being built on shared common principles, can be applied to the wide Solvency II regulations on outsourcing, reflecting their status at level 3;
  8. to provide legal transparency to the market participants (i.e. regulated undertakings and service providers) and to avoid potential regulatory arbitrage, EIOPA should issue guidance on cloud outsourcing aligned with the EBA Recommendations and, where applicable, the EBA Guidelines on outsourcing arrangements with minor amendments.

Click here to access EIOPA’s detailed Contribution Paper

EIOPA: Peer review assessing how National Competent Authorities (NCAs) supervise and determine whether an insurer’s set­ting of key functions fulfils the legal requirements of Solvency II

The main task of the European Insurance and Occupational Pensions Authority (EIOPA) is to

  • enhance supervisory convergence,
  • strengthen consumer protection
  • and preserve financial stability.

In the context of enhancing supervisory convergence and in accordance with its mandate, EIOPA regularly conducts peer reviews, working closely with national competent authorities (NCAs), with the aim of strengthening both the convergence of supervisory practices across Europe and the capacity of NCAs to conduct high-quality and effective supervision.

In line with its mandate, the outcome of peer reviews, including identified best practices, are to be made public with the agreement of the NCAs that have been subject to the review.

BACKGROUND AND OBJECTIVES

Enhancing the governance system of insurers is one of the major goals of Solvency II (SII). The four key functions (risk management, actuarial, compliance and internal audit) as required under the SII regulation are an essential part of the system of governance. These key functions are expected to be operationally independent to ensure an effective and robust internal control environment within an insurer and support high quality of decision making by the management. At the same time it is also important that these governance requirements are not overly burdensome for small and medium-sized insurers. Therefore SII allows NCAs to apply the principle of proportionality in relation to compliance with key function holder requirements for those insurers.

Under SII, insurers may combine key functions in one holder. However, such combinations have to be justified by the principle of proportionality and insurers need to properly address the underlying conflicts of interest. Holding a key function should generally not be combined with administrative, management or supervisory body (AMSB) membership or with operational tasks because of their controlling objective. Thus, these combinations should rather occur in exceptional cases, taking into account a risk-based approach and the manner in which the insurer avoids and manages any potential conflict of interest.

This peer review assesses how NCAs supervise and determine whether an insurer’s setting of key functions fulfils the legal requirements of SII with a particular emphasis on proportionality. The peer review examines practices regarding:

  • combining key functions under one holder;
  • combining key functions with AMSB membership or with carrying out operational tasks;
  • subordination of one key function under another key function;
  • split of one key function among several holders;
  • assessment of the fitness of key function holders; and
  • outsourcing of key functions.

The period examined under the scope of this peer review was 2016 but also covered supervisory practices executed before 2016 in the preparatory stage of SII. The peer review was conducted among NCAs from the European Economic Area (EEA) on the basis of EIOPA’s Methodology for conducting Peer Reviews (Methodology).

Detailed information was gathered in the course of the review. All NCAs completed an initial questionnaire. This was followed by fieldwork comprising visits to 8 NCAs and 30 conference calls.

MAIN FINDINGS

The review showed that NCAs in general apply the principle of proportionality and that they have adopted similar approaches.

SUMMARY RESULTS OF THE COMPARATIVE ANALYSIS

  • Supervisory framework: Approximately half of NCAs use written supervisory guidance for the application of the principle of proportionality. Larger NCAs in particular use written supervisory guidance in order to ensure consistency of their supervisory practice among their supervisory staff.
  • Approach of NCAs: Most NCAs have a similar approach. NCAs assess the insurers’ choice of key function holders at the time of initial notification regarding the key function holder’s appointment. If any concerns are noted at this stage, for example regarding combinations or fitness, NCAs generally challenge and discuss these issues with the insurer, rather than issuing formal administrative decisions.
  • Combining key functions in one holder: This occurs in almost all countries. The most frequent combinations are between risk management and actuarial functions and between risk management and compliance functions. Combinations are most commonly used by smaller insurers but are also seen in large insurers. EIOPA has identified the need to draw the attention of NCAs to the need to challenge combinations more strongly, especially when they occur in bigger, more complex insurers, and to ensure that adequate mitigation measures are in place to warrant a robust system of governance.
  • Holding the internal audit function and other key functions: The combination of the internal audit function with other key functions occurs in 15 countries, although the frequency of such combinations is relatively low. Moreover, there were cases of the internal audit function holder also carrying out operational tasks which could lead to conflicts of interest and compromise the operational independence of the internal audit function. It is important to emphasise that the legal exemption of Article 271 of the Commission Delegated Regulation EU (2015/35) does not apply to the combination with operational tasks.
  • Combining a key function holder with AMSB membership: Most NCAs follow a similar and comprehensive approach regarding the combination of key function holder and AMSB member. In this regard, NCAs accept such cases only if deemed justified under the principle of proportionality. This peer review shows that two NCAs request or support combinations of AMSB member and the risk management function holder regardless of the principle of proportionality in order to strengthen the knowledge and expertise regarding risk management within the AMSB.
  • Combining key function holders (excluding internal audit function holder) with operational tasks: In nearly all countries combinations of risk management, actuarial and compliance key function holders with operational tasks occur, but such combinations generally occur rarely or occasionally. However, several NCAs do not have a full market overview of such combinations with operative tasks. Adequate mitigating measures are essential to reduce potential conflicts of interest when key function holders also carry out operational tasks. The most common combinations are the compliance function holder with legal director and the risk management function holder with finance director.
  • Splitting a key function between two holders: About half of the NCAs reported cases where more than one individual is responsible for a particular key function (‘split of key function holder’). The most common split concerns the actuarial function (split between life and non-life business). NCAs should monitor such splits in order to maintain appropriate responsibility and accountability among key function holders.
  • Subordination of a key function holder to another key function holder or head of operational department: This is observed in half of the countries reviewed. An organisational subordination can be accepted, but there needs to be a direct ‘unfiltered’ reporting line from the subordinated key function holder to the AMSB. In cases of subordination, conflicts of interest have to be mitigated and operational independence needs to be ensured including the mitigating measures concerning the remuneration of the subordinated key function holders.
  • Fitness of key function holders: Most NCAs assess the fitness of the key function holder at the time of initial notification and apply the principle of proportionality. Several NCAs did not systematically assess the key function holders appointed before 2016. These NCAs are advised to do so using a risk-based approach.
  • Outsourcing of key function holders: Most NCAs have observed outsourcing of key function holders. According to the proportionality principle, an AMSB member may also be a designated person responsible for overseeing and monitoring the outsourced key function. Eight NCAs make a distinction between intra-group and extra-group outsourcing and six NCAs do not require a designated person in all cases, which may give rise to operational risks.

BEST PRACTICES

Through this peer review, EIOPA identified four best practices.

  • When NCAs adopt a structured proportionate approach based on the nature, scale and complexity of the business of the insurer regarding their supervisory assessment of key function holders and combination of key function holders at the time of initial notification and on an ongoing basis. The best practice also includes supervisory documentation and consistent and uniform data submission requirements (for example an electronic data submission system for key function holder notification). This best practice has been identified in Ireland and the United Kingdom.
  • When an NCA has a supervisory panel set up internally which discusses and advises supervisors about complex issues regarding the application of the proportionality principle in governance requirements regarding key functions. This best practice has been identified in the Netherlands.
  • When assessing the combination of key function holder with AMSB member, EIOPA considers the following as best practice for NCAs:
    • To publicly disclose the NCA’s expectations that controlling key functions should generally not be combined with operational functions for example with the membership of the AMSB. Where those cases occur, NCAs should clearly communicate their expectation that the undertaking ensures that it is aware of possible conflicts of interest arising from such a combination and manages them effectively.
    • To require from insurers that main responsibilities as a member of the AMSB do not lead to a conflict of interest with the tasks as a key function holder.
    • To assess whether the other AMSB members challenge the key function holder also being an AMSB member.

This best practice has been identified in Lithuania.

  • When NCAs apply a risk-based approach for the ongoing supervision that gives the possibility to ensure the fulfilment of fitness requirements of KFHs at all times by holding meetings with key function holders on a regular scheduled basis as part of an NCA’swork plan (annual review plan). The topics for discussion for those meetings can vary, depending for example on actual events and current topics. This best practice has been identified in Ireland and the United Kingdom.

These best practices provide guidance for a more systematic approach regarding the application of the principle of proportionality as well as for ensuring consistent and effective supervisory practice within NCAs.

EIOPA NCA KFH

Click here to access EIOPA’s full report on its Peer Review

 

The Prudential Regulation Authority’s approach to insurance supervision

UK’s Insurance Supervisory Body PRA just published a very interesting paper describing it’s purpose and it’s working principles. Even if Bexit will exclude PRA from EIOPA associated supervisory bodies, this paper should be considered as being landmark as most of the EIOPA associated bodies didn’t go this way of transparency and methodology yet, despite EIOPA having set a framework at least for some of these issues, crucial for insurers to manage thair risk and capital requirements.

« We, the Prudential Regulation Authority (PRA), as part of the Bank of England (‘the Bank’), are the UK’s prudential regulator for deposit-takers, insurance companies, and designated investment firms.

This document sets out how we carry out our role in respect of insurers. It is designed to help regulated firms and the market understand how we supervise these institutions, and to aid accountability to the public and Parliament. The document acts as a standing reference that will be revised and reissued in response to significant legislative and other developments which result in changes to our approach.

This document serves three purposes.

  1. First, it aids accountability by describing what we seek to achieve and how we intend to achieve it.
  2. Second, it communicates to regulated insurers what we expect of them, and what they can expect from us in the course of supervision.
  3. Third, it is intended to meet the statutory requirement for us to issue guidance on how we intend to advance our objectives.

It sits alongside our requirements and expectations as published in the PRA Rulebook and our policy publications.

EU withdrawal

Our approach to advancing these objectives will remain the same as the UK withdraws from the EU. Our main focus is on trying to ensure that the transition to our new relationship with the EU is as smooth and orderly as possible in order to minimise risks to our objectives.

Our approach to advancing our objectives

To advance our objectives, our supervisory approach follows three key principles – it is:

  1. judgement-based;
  2. forward-looking; and
  3. focused on key risks.

Across all of these principles, we are committed to applying the principle of proportionality in our supervision of firms.

PRA1

Identifying risks to our objectives

The intensity of our supervisory activity varies across insurers. The level of supervision principally reflects our judgement of an insurer’s potential impact on policyholders and on the stability of the financial system, its proximity to failure (as encapsulated in the Proactive Intervention Framework (PIF), which is described later), its resolvability and our statutory obligations. Other factors that play a part include the type of business carried out by the insurer and the complexity of the insurer’s business and organisation.

Our risk framework

We take a structured approach when forming our judgements. To do this we use a risk assessment framework. The risk assessment framework for insurers is the same as for banks, but is used in a different way, reflecting our additional objective to contribute to securing appropriate policyholder protection, the different risks to which insurers are exposed, and the different way in which insurers fail.

Much of our proposed approach to the supervision of insurers is designed to deliver the supervisory activities which the UK is required to carry out under Solvency II.

The key features of Solvency II are:

  • market-consistent valuation of assets and liabilities;
  • high quality of capital;
  • a forward-looking and risk-based approach to setting capital requirements;
  • minimum governance and effective risk management requirements;
  • a rigorous approach to group supervision;
  • a Ladder of Intervention designed to ensure intervention by us in proportion to the risks that a firm’s financial soundness poses to its policyholders;
  • and strong market discipline through firm disclosures.

Some insurers fall outside the scope of the Solvency II Directive (known as non-Directive firms), mainly due to their size. These firms should make themselves familiar with the requirements for non-Directive firms.

PRA2

Supervisory activity

This section describes how, in practice, we supervise insurers, including information on our highest decision-making body and our approach to authorising new insurers. As part of this, it describes the Proactive Intervention Framework (PIF) and our high-level approach to using our legal powers. For UK insurers, our assessment covers all entities within the consolidated group.

PRA3

Proactive Intervention Framework (PIF)

Supervisors consider an insurer’s proximity to failure when drawing up a supervisory plan. Our judgement about proximity to failure is captured in an insurer’s position within the PIF.

Judgements about an insurer’s proximity to failure are derived from those elements of the supervisory assessment framework that reflect the risks faced by an insurer and its ability to manage them, namely, external context, business risk, management and governance, risk management and controls, capital, and liquidity. The PIF is not sensitive to an insurer’s potential impact or resolvability.

The PIF is designed to ensure that we put into effect our aim to identify and respond to emerging risks at an early stage. There are five PIF stages, each denoting a different proximity to failure, and every insurer sits in a particular stage at each point in time. When an insurer moves to a higher PIF stage (ie as we determine the insurer’s viability has deteriorated), supervisors will review their supervisory actions accordingly. Senior management of insurers will be expected to ensure that they take appropriate remedial action to reduce the likelihood of failure and the authorities will ensure appropriate preparedness for resolution. The intensity of supervisory resources will increase if we assess an insurer has moved closer to breaching Threshold Conditions, posing a risk of failure and harm to policyholders.

An insurer’s PIF stage is reviewed at least annually and in response to relevant, material developments. (…) »

Click here to access PRA’s detailed paper

EIOPA: Potential macroprudential tools and measures to enhance the current insurance regulatory framework

The European Insurance and Occupational Pensions Authority (EIOPA) initiated in 2017 the publication of a series of papers on systemic risk and macroprudential policy in insurance. So far, most of the discussions concerning macroprudential policy have focused on the banking sector. The aim of EIOPA is to contribute to the debate, whilst taking into consideration the specific nature of the insurance business.

With this purpose, EIOPA has followed a step-by-step approach, seeking to address the following questions:

  • Does insurance create or amplify systemic risk?
  • If yes, what are the tools already existing in the current framework, and how do they contribute to mitigate the sources of systemic risk?
  • Are other tools needed and, if yes, which ones could be promoted?

While the two first questions were addressed in previous papers, the purpose of the present paper is to identify, classify and provide a preliminary assessment of potential additional tools and measures to enhance the current framework in the EU from a macroprudential perspective.

EIOPA carried out an analysis focusing on four categories of tools:

  1. Capital and reserving-based tools;
  2. Liquidity-based tools;
  3. Exposure-based tools; and
  4. Pre-emptive planning.

EIOPA also considers whether the tools should be used for enhanced reporting and monitoring or as intervention power. Following this preliminary analysis, EIOPA concludes the following (Table 1):

Table 1 Macro

It is important to stress that the paper essentially focuses on whether a specific instrument should or should not be further considered. This is an important aspect in light of future work in the context of the Solvency II review. As such, this work should be understood as a first step of the process and not as a formal proposal yet. Furthermore, EIOPA is aware that the implementation of tools also has important challenges. In this respect this report provides an overview of tools, main conclusions and observations, stressing also the main challenges.

Table 2 puts together the findings of all three papers published by EIOPA by linking

  1. sources of systemic risk and operational objectives (first paper),
  2. tools already available in the current framework (second paper)
  3. and other potential tools and measures to be further considered (current paper).

Table 2 Papers

The first paper, ‘Systemic risk and macroprudential policy in insurance’ aimed at identifying and analysing the sources of systemic risk in insurance from a conceptual point of view and at developing a macroprudential framework specifically designed for the insurance sector.

The second paper, ‘Solvency II tools with macroprudential impact’, identified, classified and provided a preliminary assessment of the tools or measures already existing within the Solvency II framework, which could mitigate any of the sources of systemic risk.

This third paper carries out an initial assessment of potential tools or measures to be included in a macroprudential framework designed for insurers, in order to mitigate the sources of systemic risk and contribute to the achievement of the operational objectives.

It covers six main issues:

  1. Identification of potential new instruments/measures. The tools will be grouped according to the following blocks:
    • Capital and reserving-based tools
    • Liquidity-based tools
    • Exposure-based tools
    • Pre-emptive planning
  2. Way in which the tools in each block contribute to achieving one or more of the operational objectives identified in previous papers.
  3. Interaction with Solvency II.
  4. Individual description of all the tools identified for each of the blocks. The following classification will be considered:
    • Enhanced reporting and monitoring tools and measures. They provide supervisors and other authorities with additional relevant information about potential risks and vulnerabilities that are or could be building up in the system. Authorities could then implement an array of measures to address them both at micro and macroprudential level (see annex for an inventory of powers potentially available to national supervisory authorities (NSAs)).
    • Intervention powers. These powers are currently not available as macroprudential tools. They are more intrusive and intervene more severely in the management of the companies. Examples could be additional buffers, limits or restrictions. They are only justified where the existing measures may not suffice to address the sources of systemic risk identified.
  5. Preliminary analysis per tool.
  6. Preliminary conclusion.

Four initial remarks should be made.

  1. First, although in several instances the measures and instruments are originally microprudential in nature, they could also be implemented as macroprudential instruments, if a systemically important institution or set of institutions or the whole market are targeted.
  2. Secondly, analysing potential changes on the long-term guarantees (LTG) measures and measures on equity risk that were introduced in the Solvency II directive, although out of the scope of this paper, could contribute to further enhance the framework from a macroprudential perspective. The focus of this paper is essentially on new tools, leaving aside the analysis of potential changes in the current LTG measures and measures on equity risk, which will be carried out in the context of the Solvency II review by 1 January 2021.
  3. Thirdly, when used as a macroprudential tool, the decision process may differ, given that there are different institutional models for the implementation of macroprudential policies across EU countries, in some cases involving different parties (e.g. ministries, supervisors, etc.). This paper seeks to adopt a neutral approach by referring to the concept of the ‘relevant authority in charge of the macroprudential authority’, which should encompass the different institutional models existing across jurisdictions.
  4. Fourthly, there seems to be no single solution when it comes to the level of application of each tool (single vs. group level).

Concerning the different proposed monitoring tools, in the follow-up work, the structure and content of the additional data requirements should be defined. This should then be followed by an assessment of the potential burden of collecting this information from undertakings.

It is important to stress that this paper essentially focuses on whether a specific instrument should or should not be further considered. This is an important aspect in light of future work in the context of the Solvency II review. As such, this work should be understood as a first step of the process and not as a formal proposal yet.

Figure ORSA

Click here to access EIOPA’s detailed discussion paper

Failures and near misses in insurance – Overview of the causes and early identification

General approach

The approach to dealing with failures of financial institutions has witnessed significant changes since the eruption of the financial crisis in 2008, both from the crisis prevention and the crisis management perspective. A changing perspective in the interpretation of the causes, early identification and corrective measures used in the context of (near) failures may create difficulties when trying to compare past failures with current ones, particularly with the advent of recovery and resolution frameworks in finance.

EIOPA has developed its own conceptual approach, which is followed throughout this report. It should be stressed that there is not a conceptual approach which is universally agreed. The aim of the present chapter is to explain the approach followed by EIOPA, in order to achieve a common understanding and support the classification of the different cases of insurance failures and near misses.

This chapter focuses on the following two issues:

  • The definition of the concepts of “failure” and “near miss”, which are essential to understanding the database construction process and the scope of the cases to be included.
  • The need to have a common understanding of the framework for crisis prevention and management, as well as the recovery and resolution tools to be used.

In terms of crisis prevention and management, the fundamental approach followed by EIOPA can be understood as part of a continuum of supervisory activities. Illustration 1 below summarizes the whole process: During business as usual, and in the normal stages of supervision, an initial problem can be identified, and insurers may seek to implement measures to overcome the problem. Supervisors would, in turn, normally intensify supervision and follow-up more closely on the developments of the insurer. Should the initial problem become a real financial threat (e.g. being in breach of, or about to breach, solvency capital requirements) the insurer enters into a new stage, which is linked to an increased risk of failure, i.e. a near miss situation. In this context, the insurer should trigger certain recovery actions to restore its financial position, while supervisors can intervene more intrusively. In general, there should be a reasonable prospect of recovery if effective and credible measures are implemented. Nevertheless, if the situation of distress is extremely severe and the measures taken do not yield the expected results, the insurer enters into resolution.

Eventually, the insurer (or parts of it) is (are) wound-up and exits the market.

EIOPA - Resolution

Near miss

In the context of this report, a near miss is defined as a case where an insurer faces specific financial difficulties (for example, when the solvency requirements are breached or likely to be breached) and the supervisor feels it necessary to intervene or to place the insurer under some form of special measures.

The elements to identify a near miss are the following:

  • The insurer is still in operation under its original form;
  • Nevertheless it is subject to a severe financial distress to an extent that the supervisory authority deems it necessary to intervene; and
  • In the absence of this intervention, the insurer will not survive in its current form and may eventually go into resolution or be wound-up.

Underlying is the idea of success of the measures taken. As such, it should not involve public money or policyholders’ loss.

In other words, a near miss presupposes that the supervisory intervention, either directly (e.g. replacing the management) or indirectly (e.g. request for an increase in capital), contributed in a clear way to overcome the insurer’s financial distress and bring it back to a “business-as-usual” environment. Shareholders generally keep their rights and could potentially oppose any of the measures undertaken.

On a day-to-day basis, insurers and NSAs might have to take different actions that require a certain degree of coordination. A “near miss” in the sense described in this report should be distinguished from these type of situations. Near misses only refer to cases where severe problems were detected or reported and supervisory measures were necessary to ensure the viability of the insurer.

Near misses actually constitute an area of particular interest for this report. In effect, their correct reporting and analysis would allow valuable lessons to be learned from successfully managed distress situations – prospective failure of an insurer and supervisory actions that permitted recovery.

Insurance failure

A failure, for the purposes of the present database, exists from the moment when an insurer is no longer viable or likely to be no longer viable, and has no reasonable prospect of becoming so.

The processes of winding-up/liquidation, which are usually initiated after insolvency, either on a balance sheet basis (the insurer’s liabilities are greater than its assets) or cash-flow basis (the insurer is unable to pay its debts as they fall due), are also encompassed within the definition of failure for the purposes of the database. Failure is thus triggered by “non-viability”.

The failed insurer ceases to operate in its current form. Shareholders generally lose some or all of their rights and cannot oppose to the measures taken by the authority in charge of resolution, which has formally taken over the reins from the supervisory authority.

For classification purposes, any case is considered as a failure (regardless of the final result of the intervention) when:

  • Private external support (e.g. by means of an insurance guarantee system (IGS)) has been received.
  • Public funds by taxpayers were needed for policyholders’ protection or financial stability reasons.
  • Policyholders have suffered any type of loss, be it in financial terms or in a deterioration of their insurance coverage.

The following are examples of resolution tools that may be used by authorities in a case of failure:

  • Sale of all or part of the insurers’ business to a private purchaser. A particular case is the transfer of an insurers’ portfolio, moving all or part of its business to another insurer without the consent of each and every policyholder.
  • Discontinue the writing of new business and continue administering the existing contractual policy obligations for inforce business (run-off).
  • Set-up a bridge institution as a temporary public entity to which all or part of the business of the insurer is transferred in order to preserve its critical functions.
  • Separate toxic assets from good assets establishing an asset management vehicle (i.e. a “bad insurer” similar to the concept used in banking) wholly owned by one or more public authorities for managing and running-down those assets in an orderly manner.
  • Restructure, limit or write down liabilities (including insurance and reinsurance liabilities) and allocate losses following the hierarchy of claims.

This also includes the bail-in of liabilities when they are by converted into equity.

  • Closure and orderly liquidation of the whole or part of a failing insurer.
  • Withdrawal of authorisation.

Lastly, it should be mentioned that the flow of events shown in Illustration 1 does not necessarily take place in a sequential way. For example, there could be cases in which an insurer goes directly into resolution. Thus, what is relevant for the classification of a particular case is whether the insurer recovers (which would then be considered as a near miss or as a case resolution/return to market if some kind of resolution action/tool is used) or has to be fully resolved and/or liquidated.

EIOPA - Sharma Risks

Click here to access EIOPA’s detailed report

A Transformation in Progress – Perspectives and approaches to IFRS 17

The International Financial Reporting Standard 17 (IFRS 17) was issued in May 2017 by the International Accounting Standards Board (IASB) and has an effective date of 1st January 2021. The standard represents the most significant change in financial reporting for decades, placing greater demand on legacy accounting and actuarial systems. The regulation is intended to increase transparency and provide greater comparability of profitability across the insurance sector.

IFRS 17 will fundamentally change the face of profit and loss reporting. It will introduce a new set of Key Performance Indicators (KPIs), and change the way that base dividend or gross payments are calculated. To give an example, gross premiums will no longer be recorded under profit and loss. This is just one of the wide-ranging shifts that insurers must take on board in the way they structure their business to achieve the best possible commercial outcomes.

In early 2018 SAS asked 100 executives working in the insurance industry to share their opinions about the standard and strategies for compliance. The research shed light on the sector’s sentiment towards the regulation, challenges and opportunities that IFRS 17 presents, along with the steps organisations are taking to achieve compliance. The aims of the study were to better understand the views of the industry and how insurers are preparing to implement the standard. The objective was to share an unbiased view of the peer group’s analysis of, and approach to, tackling the challenges during the adjustment period. The information garnered is intended to help inform insurers’ decision-making during the early stages of their own projects, helping them arrive at the best-placed strategy for their business.

This report reveals the findings of the survey and provides guidance on how organisations might best achieve compliance. It provides a subjective, datadriven view of IFRS 17 along with valuable market context for insurance professionals who are developing their own strategies for tackling the new standard.

SAS’ research indicates that UK insurers do not underestimate the cost of IFRS 17 or the level of change it will likely introduce. Overall, 97 per cent of survey respondents said that they expected the standard to increase the cost and complexity of operating in insurance.

Companies will need to

  • introduce a new system of KPIs
  • and make changes in management information reports

to monitor performance under the revised profitability metrics. Forward looking strategic planning will also need to incorporate potential volatility and any ramifications within the insurance industry. To achieve this, firms will need to ensure the main parties involved co-operate and work together in a more integrated way.

The cost of these measures will, of course, differ considerably between organisations of different sizes, specialisms and complexities. However, the cost of compliance also greatly depends on

  • the approach taken by decision-makers,
  • the partners they choose
  • and the solutions they select.

Perhaps more instructive is that 90 per cent believe compliance costs will be greater than those demanded by the Solvency II Directive, aimed at insurers retaining strong financial buffers so they can meet claims from policyholders.

The European Commission estimated that it cost EU insurers between £3 and £4 billion to implement Solvency II, which was designed to standardise what had been a piecemeal approach to insurance regulations across the EU. Almost half (48 per cent) predict that IFRS 17 will cost substantially more.

Respondents are preparing for major alterations to their current accounting and actuarial systems, from minor upgrades all the way to wholesale replacements. Data management systems will be the prime target for review, with 84 per cent of respondents planning to either make additional investment (25 per cent), upgrade (34 per cent), or replace them (25 per cent). Finance, accounting and actuarial systems will also see significant innovation, as 83 per cent and 81 per cent respectively prepare for significant investment.

The use of analytics appears to be the most divisive area for insurers. While 27 per cent of participants are confident they will need to make no changes to their analytics systems or processes, 28 per cent plan to replace them entirely. A majority of 71 per cent still expect to make at least some reform.

IFRS17

IFRS17 2

Click here to access SAS’ Whitepaper