Embed Size (px)
Citation preview
Title
WHITE PAPER
Solvency II Compliance and beyond: The essential steps for insurance firms
ii
ContentsIntroduction ........................................................................................................... 1
Step 1 – Data Management ............................................................................... 1
Step 2 – Risk Calculations ................................................................................... 3
Solvency Capital Requirement (SCR) .......................................................................3
Minimum Capital Requirement (MCR) .....................................................................4
Step 3 – ORSA ....................................................................................................... 4
Step 4 – Reporting ................................................................................................ 4
Solvency and Financial Condition Report (SFCR) ..................................................4
Regular Supervisory Report (RSR) .............................................................................5
Quantitative Reporting Templates (QRT) .................................................................6
Solvency II Compliance and Beyond ............................................................... 7
How SAS Can Help .............................................................................................. 8
SAS® Firmwide Risk for Solvency II ..........................................................................8
SAS® Capital Planning and Management ...............................................................8
SAS® Model Risk Management .................................................................................8
Conclusion ............................................................................................................. 8
IntroductionThe largest transformation of European insurance legislation to date, Solvency II, took effect on Jan. 1, 2016. Designed to introduce a harmonized, EU-wide insurance regula-tory regime to protect policyholders and minimize market disruption, the legislation sets stronger requirements for capital adequacy, risk management and disclosure.
The challenges of meeting Solvency II requirements have been incredibly complex, regardless of whether insurers are using their own internal capital model or the Solvency II standard formula. Embedding new solvency capital models, data manage-ment processes and reporting systems into day-to-day business, across multiple business lines and subsidiaries, is a complicated and sophisticated task.
Ensuring Solvency II compliance has been a long and difficult journey for many insur-ance companies. However, simply adhering to Solvency II shouldn’t be viewed as the finishing line. In fact, it’s just the first step of a journey toward a comprehensive risk management destination. This white paper maps out the essential steps that insurance companies need to complete to ensure Solvency II compliance – and beyond – with the ability to support enterprise risk management.
Step 1 – Data ManagementData management – or more precisely, managing the quality and consistency of data – is fundamental to Solvency II compliance. The directive requires data to be accurate, traceable, timely and consistent across actuarial, risk and financial functions. For many insurance companies, the mix of different legacy systems has led to disjointed data, posing a serious challenge to data reconciliation.
Data quality is paramount for any system that operates for the sole purpose of producing valuable business information. No insurance company can be sure that its economic and/or regulatory capital calculations are accurate and reliable if the supporting data is not cleansed and validated according to defined business rules. Hence insurers need to build flexible IT platforms and data management frameworks that both enable them to be compliant now and provide a solid foundation for future innovation.
To support a repeatable data management process for Solvency II and enterprise risk management, we recommend that insurers follow these six distinct stages, run iteratively and often.
1
Embedding new solvency capital models, data manage-ment processes and reporting systems into day-to-day business, across multiple business lines and subsidiaries, is a complicated and sophisticated task.
2
Plan• Stage 1 – Define the Solvency II business terms and identify the required data
sources.
• Stage 2 – Conduct data profiling to discover what your current data contains.
Act• Stage 3 – Design business rules for checking your data to ensure it is valid and
complete.
• Stage 4 – Execute these business rules and data quality services by embedding them into your operational systems and monitor what is happening as they are executed.
Monitor• Stage 5 – Measure and monitor the actual state of your data against what is expected
and how it trends over time. Trigger tasks to improve your data as needed.
• Stage 6 – Make the required updates and improvements to your data, systems and processes to make things better.
An essential component of Solvency II and other risk management legislations is trace-ability of the data. However, a fully auditable end-to-end process is a challenge. Your insurance company needs to assemble a solid IT infrastructure that enables users to quickly see and understand how data was acquired, transformed, integrated and used within the risk calculations and reports. This is critical, especially when working with auditors and regulatory bodies who want to see the process, not just the final result.
A good data management strategy is a prerequisite for meeting Solvency II regulations. However, an excellent strategy not only ensures Solvency II compliance, it can help increase risk awareness and improve confidence in the financial stability of any insur-ance organization.
PlanBusiness Owner and Data Integration Expert
Define the Solvency II business terms and sources.
Data Quality Analyst Discover what the data contains by profiling to understand actual data quality issues.
ActBusiness Owner and Data Quality Analyst
Design business rules to check data and design and use data quality services to improve data.
Data Integration Expert Embed the data quality services and business rule monitoring into your operational systems and data integration processes.
MonitorData Steward and Business Owner
Measure and monitor actual vs. expected, track trends, allocate tasks and publish data quality measurements.
Data Integration Expert and Data Quality Analyst
Remediate and update systems and processes.
Figure 1: Solvency II data management process.
Discover
DefineControl
Evaluate
Execute Design
Monitor
Act
Plan
3
Step 2 – Risk CalculationsMeasuring and managing all types of material risks is not just about regulatory compli-ance; it also informs business strategy, planning and operational decision making. In the past, insurers have used numerous, separate actuarial models to calculate capital requirements and project cash flow for individual products or subsidiaries. This siloed approach has meant that balance sheets – and therefore regulatory capital – have not always truly reflected all of the risk undertaken by the business such as market, credit, underwriting, liquidity and operational risk.
Solvency II uses a three-pillar structure that covers both quantitative elements and quali-tative aspects that influence the risk standing of an insurer. Pillar 1 outlines the quantita-tive requirements; Pillar 2, the supervisory activities; and Pillar 3 the reporting and public disclosure requirements.
The quantitative requirements (Pillar 1) of the Solvency II legislation define two key risk measures: solvency capital requirement and minimum capital requirement.
Solvency Capital Requirement (SCR)This risk-based capital requirement guarantees the minimum capital required to maintain appropriate policyholder protection and is a key solvency control level. The SCR reflects a level of capital that enables an insurer to absorb significant unforeseen losses. When an insurer does not meet the SCR, it will be required to increase the amount of capital necessary to cover the SCR based on a definitive and realizable plan, approved by the insurer’s supervisor.
1 2 3
• Standard Model Approach• Internal Models• Group Solvency
Quantitative RequirementsQualitative Requirementsand Regulation
Market Discipline andTransparency
• ORSA Process• Capital Planning• Risk Management Processes• Risk Governance, Compliance
• Groupwide Reporting• External & Internal Reporting
Requirements• SFCR, RSR, QRT
Solvency II
Approach
Risk Identification
andAssessment
RiskMitigation
and ControlReporting
andMonitoring
Decision Making
and Strategy
FreeAssets
Mar
ket
Valu
e o
f A
sset
s
CapitalRequirement(SCR/MCR)
Technical Provisions
• Market Risk• Default Risk• Operational
Risk• Underwriting
Risk
Figure 2: Solvency II three-pillar structure.
4
Minimum Capital Requirement (MCR)The MCR indicates a level of capital below which ultimate supervisory action is initiated if an attempted recovery has been deemed unsuccessful. This action may result either in closing the insurer to new business and runoff of the existing book of business, or transferring the portfolio to another insurance company. The MCR is calculated quar-terly, and the confidence levels are set between 25 percent and 45 percent of the SCR.
Insurers must develop a central risk calculation “engine” that will analyze risks and calcu-late capital requirements in line with both Solvency II and company strategy, taking into account all quantifiable risks that an insurer may encounter, including underwriting risk, market risk, credit risk, liquidity risk and operational risk.
Step 3 – ORSAOwn Risk and Solvency Assessment (ORSA) is aimed at enhancing insurer awareness and understanding significant risks and interdependencies, as well as the impact of these risks on each company’s available capital and its own view of capital needs.
One of the key requirements of ORSA is that companies conduct an annual forward-looking assessment. The result is a report that includes all material risks to which the insurer is exposed or may be exposed to in the future (e.g., “emerging risks”), and that it must manage to arrive at its appropriate risk profile and risk appetite. The goal is not only to demonstrate that the company’s current capital needs are appropriate, but also that its future capital needs will be met over a specified assessment time frame (usually three to five years). The report also allows regulators to get an enhanced view of an insurer’s ability to withstand financial stress.
Many industry leaders consider Solvency II and ORSA to be transformational for the insurance industry, as these regulations represent an opportunity for insurance compa-nies to demonstrate that they fully understand their own risk exposures, covering both their assets and liabilities.
Step 4 – ReportingFor many insurers, reporting is the final hurdle to Solvency II compliance – and could be considered the most important because insurers are under pressure to increase the quantity and quality of board-level reporting. Greater transparency, through public disclosure and reporting requirements, is one of the central foundations of Solvency II. Insurers are expected to produce more reports than ever – such as capital calculation and risk management results – quarterly and annually, for internal, regulatory and market scrutiny. The reporting requirements are detailed in Pillar 3 of the Solvency II Directive. Essentially, they comprise three main components described below.
Solvency and Financial Condition Report (SFCR)This publicly available report is produced annually containing qualitative and quantita-tive information. The purpose of the SFCR is to ensure a minimum standard of disclo-sure, leading to greater transparency not only for policyholders, but also for investors, intermediaries and other interested third parties. This report must be approved by the
5
insurer’s management board and should be made available electronically. The informa-tion and format required for the SFCR is standardized to make it easier for supervisors, policyholders and other third parties to compare one insurer with another, improving market transparency.
Regular Supervisory Report (RSR)This is a private report that is communicated only to the insurer’s appropriate supervisor. The RSR expands on the SFCR’s disclosures using a similar, prescribed structure, but this time presenting the information differently as part of the ongoing supervisory dialogue with the insurer. The Solvency II Directive stipulates that the RSR must be produced every three years, but at supervisory discretion, may be produced as often as annually.
The RSR requires information relating to the following areas, which are not required in the SFCR:
• The business and risk strategies, including the insurer’s continuity plan.
• Legal and regulatory issues affecting the insurer.
• Variance against plan rather than prior reporting period.
• Future anticipated solvency needs, underwriting performance projections and changes in risk exposure.
• Significant additional disclosure explaining the results of the internal models.
Figure 3: ORSA reporting dashboard.
6
Quantitative Reporting Templates (QRT)Based on the EIOPA 2.1.0 taxonomy, insurers have to adhere to 182 quantitative reporting templates (QRTs) for various submissions (annual, quarterly, solo, group), resulting in more than 500 reports. These reports cover the many different aspects of Solvency II – from minimum capital requirement, solvency capital requirement, technical provisions, to assets and own funds. In addition, the regulations stipulate that reports are created, approved by senior management and available electronically over shorter time periods. Initially the reports must be made available within 10 weeks after the end of the reporting period, reducing to six weeks within a few years.
As a general rule EIOPA plans one taxonomy release per year and aims to minimize the number of taxonomy publications. However, while it is expected that in regular years (most of the years) only one taxonomy release will occur, the Data Point Model and the XBRL taxonomy are planned to be updated up to twice a year.
Managing separate reporting systems for regulatory, financial and management purposes will not be practical or cost-efficient, especially If some of the results need to be reconciled (i.e., with IFRS). Insurers must save time and money by integrating their existing reporting system with their Solvency II implementations to produce consistent, timely and relevant information for all stakeholders. And while running the daily business optimally, upcoming financial standards, future regulations and regulatory updates will also need to be considered in order not to disrupt any execution of the business strategies.
Figure 4: Regulatory reports (QRT) and validation.
7
Solvency II Compliance and BeyondSolvency II compliance is not the end of the process; in fact, it’s simply starting. Insurance companies will begin to look beyond Solvency II, invest in enterprise-class technology and integrate risk management within their core business processes. These insurers can expect significant business benefits. For example, this technology approach enables insurance executives to gain knowledge and feed it into their decision-making processes for more efficient business strategies and operations. You can expect to:
• Increase return on capital. Optimizing business strategies on the basis of the risk-capital-return tradeoff leads to selection of most suitable strategies. As an insurer, you can also better allocate capital to profitable business, which leads to better-quality growth. And lastly, you can reallocate capital and risk capacity to take advan-tage of emerging opportunities.
• Reduce volatility. Ongoing monitoring of risks and active management of those risks will help reduce volatility. For example, proactive management of risk expo-sures helps your company carefully select risks that are within the appetite of management. You can also better anticipate risks using forward-looking analyses and take steps to mitigate unwanted risks. Ultimately, understanding how economic risk factors affect the balance sheet results in better risk management actions.
• Achieve better management of risks and allocation of risk-based capital charges for lower premiums and higher sales. Optimization of your investment strategy results in better investment performance and higher returns to policyholders. At the same time, hedging investment and insurance risks leads to better performance.
In addition to Solvency II, another directive will change the face of the insurance industry – IFRS 4 Phase II, issued by the International Accounting Standards Board (IASB). Solvency II has been implemented several years ahead of these reporting stan-dards. However, for insurers, it makes business sense to take a coordinated approach for the implementation of both directives, due to the significant overlaps in the require-ments for Solvency II and IFRS 4 Phase II. While there is no requirement for consistency between regulatory and financial reporting, there are significant overlaps in both the measurement and disclosure requirements contained in IFRS 4 Phase II and Solvency II frameworks.
8
How SAS Can HelpThe SAS approach to Solvency II is a flexible framework leading companies through the minefield of data, existing models, economic capital standard models, operationalized risk and reporting. Our framework delivers consistency and auditability, which greatly eases the path to compliance.
SAS® Firmwide Risk for Solvency II SAS Firmwide Risk for Solvency II performs complex calculations to anticipate risks, then initiate control measures to maintain solvency ratios that satisfy regulatory require-ments. A single solution lets you calculate standard model MCR and SCR requirements, as well as create regulatory and management reports for Solvency II compliance. And the solution’s flexible framework grows along with you to meet evolving risk analysis needs. At its foundation, the solution has an extensible risk analytics framework to support other regulatory regimes. It also supports an internal model approach for risk analysis, providing insurance companies with additional business benefit.
SAS® Capital Planning and ManagementSAS Capital Planning and Management creates an integrated environment to assess and project capital for insurance companies. It summarizes data and offers custom reports to different capital planning users to align business planning processes and capital projections with income statements and balance sheets. It supports both the qualitative and quantitative aspects of the ORSA.
SAS® Model Risk ManagementSAS Model Risk Management includes centralized model inventory and model assess-ment capabilities. It enables enterprise-level oversight throughout the model life cycle, and it provides model status reporting across all risk categories for internal and external stakeholders. The solution supports enterprise-level model governance, including validation processes of insurers’ internal capital models according to the Solvency II Directive (and similar regulations) as well as the increased use of models in the insur-ance industry to support decisions or measure performance.
ConclusionFor the last 30 years, insurance companies have been bombarded with new and increasingly diverse regulations, all designed to validate that insurers are financially stable. The regulation of the insurance industry has recently been regarded as an unnecessary hindrance to the dynamism of economies and the natural tendency of firms to innovate and expand.
Solvency II and other insurance regulations demand a more comprehensive approach to risk management. Insurance companies need to anticipate the regulatory and risk changes ahead and deal with them efficiently and proactively. Insurers who have the systems and processes that help them adapt swiftly to change will realize significant competitive advantages, including lower compliance costs, less intrusive regulatory supervision, and greater peace of mind for their board members.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2016, SAS Institute Inc. All rights reserved. 107663_G39030.1016
To contact your local SAS office, please visit: sas.com/offices
