Saturday, 12 September 2015

EIOPA's Bernadino with keynote speech - D'ohs and Don'ts...

Solvency II implementation
- Homer called it...
The latest pit stop on the Solvency II Last Legs tour was in the picturesque, almost-an-anagram, Slovenia, where EIOPA's gaffer joined a throng of hearty souls to deliver a keynote speech last week.

Given that the outside world is seemingly becoming more sensititve to the ensuing changes (at least from a capital adequacy perspective), it has been noticeable that EIOPA's speeches have become heavier in practical tone rather than the flabbier ethereal tones of yesteryear. In particular, conduct risks, conflicts of interest and the importance of an effective second pillar to counter the aggression and self interest of distribution arms/firms have all become prominent features of what is being touted as the Solvency II benefits package. Given what it has cost, we'd better deliver it!

Back to the speech, a few basic soundbites are littered throughout, which might benefit your training packs for the home stretch;

  • Solvency II is "EIOPA's top priority", 
  • It is a "pretty good starting point", rather than perfect, is "...a must and a true game changer", and "brings a new risk culture"
  • It is "a tool to foster a true risk culture in the organisation"
  • "It is clear that Solvency II will bring more awareness and transparency on the true risk profile of certain business models"
  • It will deliver "intelligent and effective regulation which does not stifle innovation"
A couple of open-ended questions emerge from the text itself;
  • Does Solvency II only "encourage" firms to define their risk profiles and risk appetites, as opposed to compel it?
  • Is the Solvency II take on ORSA really "best practice at international level" - seems fair, but does anyone else want a shot at the title!
  • Why is "overall solvency needs" constantly accompanied by bunny ears - if these guys aren't convinced by the term, what hope does the industry have of driving it into the glossary!
  • Is it just executives who need to know that ORSA is a "cultural change", as opposed to NEDs, non C-suite senior management and wider stakeholders. Institutional investors would surely benefit a 101 class, given their demonstrable views on what SCR coverage ratios mean for the plausibility of some firm's strategies, and while Sr. Bernadino comments that "...effort needs to be made" to explain SCR volatility on p8, a dawn chorus with Karel van Hulle on how "ridiculous" the outside world's expectations are doesn't even qualify as an hors d'ouevre.
  • That risk culture provides " appropriate balance with the natural sales driven culture" - EIOPA have alluded to this before, but never quite as explicitly as this. If the Risk function's job is predominantly to counter sales activity, can it ever be seen as value adding?
And a couple of specific themes are given special treatment for everyone's benefit;

Prudent Person Principle and the investment strategy of insurers
  • PPP emphasised as not giving insurers a freebie to hit the roulette tables with their asset book, and will be "...closely monitored".
  • Current environment encourages aggressive monitoring, with the "search for yield" quote now ubiquitous in supervisory speeches which touch on macro matters.
  • "Asset risk calibration in Solvency II should not be used to privilege or incentive any specific asset class" - not convinced on this front, given the remit of your friendly local CIO must contain an element of maximising gains within appetite, and the calibration can surely influence that.
Product availability
  • "Solvency II does not intend to unduly penalise specific products" - evidently does though, hence the sprint to the door from Ergo et al in the guaranteed interest rate product space (not unduly though to be fair, given the Teutonic pleas for transitional mercy!)
ORSA and Risk Culture
  • The section somewhat labours the point on coverage of all risks, assessment of all mitigation techniques, and the role of the Board in driving the associated cultural changes, but I guess given the geographical location of the speech, some of the nearby countries may benefit from the encore un foi approach - no names naturally...
  • "Capital will never cover up for the lack of proper governance"
  • "ORSA is based on the companies' DNA - their strategy"
  • "The key role in the implementation of ORSA belongs to the top management"
  • "It is up to the Boards to set, communicate and enforce a strong risk culture..."
Insurers and Supervisors in general
  • Talks of Risk Functions needing the correct skills to assess risks in asset classes - is there an implication here that functions will be light on quantitative skills post-2016?
  • Squares the circle of prudential and conduct risks on p7, talking of mitigating conduct risks "since inception" in one's product development, design and marketing processes.
  • That Solvency II "...requires an increased degree of supervisory judgement" in order to intervene at the right time, and the new supervisory requirements represent " upgrade in the quality of supervision". I'm sure some countries might take that as something of a slight, given the maturity of their existing processes, but probably fair for the majority.
Plenty of fuel for your respective Board and Senior Management briefing fires, so go forth and propogate!

Friday, 28 August 2015

UK Senior Insurance Managers Regime - just be natural...

The PRA’s Supervisory Statement on Strengthening Individual Accountability in Insurance (SS35/15) has been released, not that far apart from their demolition job on Co-op Bank’s system of governance, which demonstrated something of an absence of such accountability across all three lines of defence, quite a feat!

While the Banking industry have been catered for on this topic with a few more bells and whistles, most noticeably by including an element of criminal liability  for their senior management (thanks Fred!), the approach for insurers and banks is supposed to be largely consistent.
The doc itself rather awkwardly references multiple sections of the incoming PRA Rulebook which, as yet at least, doesn’t exist as a conventional reference site, though it is due for release in “the summer” (the PRA subsequently released the new site 3 days after I published this post - that'll teach me!). It still pays to fish through the appendices of old Consultation Papers to get the materials cross referenced in this Supervisory Statement (here for most of them, from p44)
SIMF Interviews - "Next"...
I did cover this topic when the consultation paper first hit the table, and for those of a nervous disposition, the PRA have since produced a nice one-pager summarising what you need to know in the context of Approved Persons, Solvency II etc here (and done so much better than me, I hasten to add!). In addition, the transitional map from CF-XX to SIMF-YY is already available here.

I had a look through (largely ignoring the Group and Third Country specifics) to see if there was anything new and exciting since the consultation, and naturally there isn't! That said, the industry feedback received is detailed here (section 2), while I noted a few things below for my own benefit;
  • PRA not concerned about individuals located overseas, unless they are involved in strategic implementation, as opposed to strategy formulation (2.11).
  • Alerting to potential PRA blocking of SIMF applications where someone wishes to wear more than one hat, citing the obvious CEO & Chair example (2.15)
  • Persons allowed to do the same function in more than one firm - targeted perhaps at the floating actuary contignent who do the CF12 job for a few firms?
  • Awkwardly try to accommodate SIMF job-sharing, but lean towards discouraging it in the text (2.17-2.19)
  • List a few examples of what firms might consider to be "Key Functions" over and above those named in the Solvency II legislation, being particularly keen on Investments (2.25 and 2.27)
  • On the list of 11 Prescribed Responsibilities, they do their best to keep the NED world out of assuming any of them (2.40)!
  • Some attempt to informally restrict Chairpersons from filling their time with multiple other roles and responsibilities (2.44)
  • A timely reference, given the Co-op Bank Final Notice, to ensuring that Boards understand the Threshold Conditions (p12-13) and Fundamental Rules.
The Individual Conduct Standards (from p16) all seem fair at face value, with a bit of devil in the details, such as;
  • Key function holders being told (3.19) to not only meet the letter of the prevailing regulatory system, but also not to engage in "...creative compliance or regulatory arbitrage" - spoilsports!
  • Expectations that Key Function holders "take reasonable steps" to ensure that the business has sufficient systems of control, even if they delegate some, or indeed most, of the associated tasks themselves (3.20-3.22).
  • That should you breach any of the Conduct Standards, it materially affects your fitness and/or propriety, and therefore the PRA expect to be notified
Finally, to clear up that age-old debate, the PRA clarified in 2.4 that it "...does not expect persons other than natural persons to be approved for a SIMF". Anyone with career ambitions had better lay off the Botox and Bronzing then...

Wednesday, 26 August 2015

PRA Final Notice on Co-op Bank - "cautious", with blurry lines...

"Two straws please"...
The PRA published a Final Notice last week regarding the numerous shortcomings of a UK bank over the last few years, which included the news of a colossal £121m fine which the PRA would have levied if the entity wasn't still losing wedge faster than a mojito in a cement mixer.

I'm sure some of us chortled at the Chrystal Methodist headlines a couple of years ago when the Non-Executive Chair of the UK's Co-operative Bank had his numerous vices sold to the highest tabloid bidder by a rented acquaintance. I covered some of the initial fallout on here, themed mostly around reputational risk and fit and proper persons, given the exponential effects of the exposé on the ultimate failure of the Group in its form at the time.

A document covering part of Co-op's demise, specifically its Bank, was released last week by the PRA,

The PRA's Final Notice to the Co-op Bank is issued publicly, and highlights where the firm breached what were at the time the FSA's Principles for Business, replaced since the PRA/FCA divorce by the PRA's Fundamental Rules.

Included in the Final Notice on this matter was a number of matters which risk practitioners should be salivating over, given the failures which led to this punishment include
  • Inappropriate culture,
  • Internal control framework failures,
  • Ineffective risk management policies, and, the jackpot,
  • A "three lines of defence" model "...flawed in both design and operation"!
The activities demonstrating this include a woeful suite of incomplete management information, three horrendously chancy accounting interpretations benefiting the balance sheet at the expense of real-world accuracy, and a suite of defensive line failures, all of which are followed through in forensic detail.

I have sectioned my notes below for my own use, particularly given the PRA goes on something of a limb here and provide usable definitions for certain terms which I suspect many practitioners would benefit from reading. The PRA (and EIOPA) generally try to dodge requests for definitions, so while the peg is square and the hole is round, it might be as good as you get!

Definitions and expressions
  • Three lines of defence - "This is a system which relies on there being an opportunity at three complementary and independent levels to identify and correct any control failures". 
  • Second line of defence - "Second line functions should support and challenge the management of risks firm-wide, by expressing views within a firm on the appropriateness of the level of risks being run"
  • The above is supplemented by the following: "Responsibility for risk should not be delegated to risk management and control functions" - amen brother!
  • Third line of defence - "Internal Audit should provide independent assurance over firms' internal controls, risk management and governance"
  • Risk Appetite - "A firm's stated risk appetite is an important factor in determining whether a firm's risk and control framework is commensurate with [the] nature of its business, and should be both integral to a firm's strategy and at the heart of its risk management system" - not far off a direct quote from last year's Approach Paper on Banking Supervision (p22), though it has moved from "foundation" to "heart" in this Final Notice. I know what I prefer to build on!
  • "Clearly-defined strategy" - they list "well-defined objectives, responsibilities and milestones" as expected
  • Policies - "The establishment of appropriate policies [and procedures] governing the conduct of a firm's activities is an essential component in the exercise of appropriate organisation and control of a firm's business"
  • "Good risk management culture" (p7) - interestingly an expression most bodies have avoided using, preferring "sound" to "good". They later go on to talk of culture more generically in terms of "right" and "inappropriate" (p33).
  • Interestingly, Co-op Bank never refer to operating "3LOD" until their 2012 Annual Report (p56 for the boilerplate and clearly untrue definitions), so any deficiencies in the model before that year might be for a good reason!
  • First line management oversight was seen as "inadequate" and "inappropriate" (p12)
  • Their second line managers "...repeatedly voiced concerns" about headcount (p29), which weren't addressed until the back end of the period under scrutiny. Hard to think post-2007 it would be hard to justify reinforcing that area of the business, which perhaps says a lot about the entity's culture. 
  • Second line not monitoring adherence to policies (p29) - quite hard to conceive of nobody in the second line doing this!
  • A clear distinction made more than once between "Risk Management Framework Policies" and "adequate policies and procedures" relating to operational matters (p5)
  • Some of the failure to follow 'internal policies' seems to have been sponsored by the acquisition of the Britannia book - perhaps a natural by-product of M&A activity, where the cultures and modus operandi clash (p21)
  • Second line criticised for not providing proper "independent challenge" - happy to see this, given the focus tends to be on second line oversight, which always feels like a bit of a jib-job.
  • Third line giving the business credit for proposed remedial action in its audit reports (p31) - even taking this into account, they were rolling over around 30% of recommended actions in their reports as "overdue"!
  • Head of Internal Audit reported to the Head of Risk
  • An implication that one may be permitted shortcomings in one's internal control framework, providing one's culture is "appropriate" (p5). 
  • An interesting slant on reputational risk emerges from one of the accounting interpretations used, specifically that while assuming a particular accounting treatment (on the Leek notes in this case) which benefits the entity at the expense of counterparty might benefit the immediate balance sheet, the long-term effect on being able to raise new capital must be considered (p16)
  • External Auditors using a 1-to-7 scale to assess how punitive/liberal the accounting treatments used by clients are. These assessments have bitten this particular client on the bum, given the PRA quote them in the document in the context of whether they align with a "cautious" risk taker!
Open ended questions
  • Is "cautious" a realistic appetite for risk at Entity level? More importantly, if one has a "cautious" risk appetite, is one obliged to manage its capital "cautiously"?
  • Management information was criticised for not being "sufficiently forward looking" - should it be (as opposed to mostly summarising positions at a point in time)?
  • Is the PRA allocating resources to firms based on their Risk Appetite Statements (p13)?
  • Is it possible for non-Accounting experts working in the second line to identify just how many ropey interpretations of UK GAAP/IFRS are being applied to a balance sheet? Is it plausible to leave such work to external audit firms who couldn't have a more vested interest in the grey areas of such legislation? The artificial boosting of the balance sheet listed in this notice would be subtle enough to trick an accountant or two I'd bet!
  • Can quant risks be effectively managed in a separate team from the qualitative world? Appreciating there is a shockingly blurry line in Co-op Bank's approach (p29), it certainly feels like Solvency II pressures might lead to similar pressures on the staffing front, particularly for modellers and small/medium sized firms where staff may wear more than one hat.

Wednesday, 12 August 2015

Insurance Banana Skins in 2015 - PwC and CSFI

PwC and the CSFI guys have teamed up for another Insurance Banana Skins publication, a particularly useful doc for the BAU Risk world, and one which I have covered on the blog in years gone by (well, 2011's and 2013's anyway).

In particular, I always found it useful as a means of digging out the kinds of awkward cross-bred expressions which would invariably end up rolling out of 75-year-old INEDs’ mouths at the next Risk Committee meeting, probably due to someone trying to sell insurance cover for it, or a business journal doing a centre spread about it. On this basis, I was delighted to see “Cyber Risk” given prominence this time around, which is the highest new entry, and apparently a “new risk” - here’s the sales forum, and here’s the HBR white paper!

Sarcasm aside, given this pulled in over 800 responses from around the globe, and across the distribution and provision side of the industry, the content is worth poring over and briefing colleagues on if this is your day job. There are also plenty of quotes from the great and good wrapped up inside as well.

I’ve only jumped on a few of the findings below;
  • Regulation remains the top risk for the 3rd survey running, and for the 4th out of the 5 actually held. It did take a ‘world’s end’ scenario for investment returns to knock it off the top in 2009 though, which suggests that those surveyed are happy to bleat about regulatory concerns, regardless of the rest of the exogenous threats to insurance firms.
  • Much of the top ten is focused on investments and returns, whether it be interest ratesinvestment performance or guarantees.
  • Governance and management of insurance companies seen as an area of declining risk – does it therefore warrant the Banking industry-inspired whip that SIMR is about to introduce in the UK?
  • Similarly, Business Practices, incorporating misselling, is falling down the list – not sure a UK-only survey would be so generous!
  • Cyber Risk itself was only #6 on the list for Life Companies, while #1 for Non-Life – wonder why the guys who are selling cover rate it so highly? Of more interest, North America had it as #1 “by some margin” – this suggests the wave will be coming across the Atlantic in the next 12 months (a nice precursor of how that will emerge here)! It is written up nicely however, with cloud storage, and the richness of data held on customers, being elements which make insurers prime targets. It doesn’t dwell on the proliferation of legacy systems in insurers however, which always felt to me a good reason for criminals to ‘have a crack’.
  • Europe considered the interest rate environment, regulation and guarantees to be the top 3 banana skins, which given the aggressive tailoring applied to Solvency II in the drafting stages to negate country-specific difficulties in these areas (MA/VA/Transitionals), is no surprise.
Oh, to have a day job again…

Tuesday, 11 August 2015

"Dear Deidre" - Cross border insurance flogging under General Good provisions

One for giggles more than anything else. The other day I spotted a response from Lord Hill, the esteemed EC Commissioner for Financial Stability, to a question arising from Deidre Clune, a relatively new Irish member of the European Parliament.

Good question, wrong Deidre...
Specifically, the question related to a Maltese-licenced insurer which hit the skids back in 2014, with the CBoI's summary information here. It seemingly only wrote business in Ireland (hence I suspect it was cheekily named after Ireland's TV sports channel to aid sales!), and therefore left every White Van Man/Woman without cover, until Ireland's Insurance Compensation Fund stepped in.

A few things stood out about this exchange;
  • The then prospective MEP used the incident as political currency in the election campaign - "Vote me in, and I'll personally fix the EU insurance industry...", she almost said!
  • That Ireland, the log-term epicentre of EU cross-border distribution and birthplace of Quinn (which almost turned over the UK White-Vanners back in 2010), would have the brass to nibble at the hand that feeds it! Only 3 months ago, the CBoI's Sylvia Cronin was warning of a likely "...increase in cross-border activity", and at the same time EIOPA's Sr. Bernadino left a not-too-subtle hint that "In the specific case of the Irish insurance market, special attention needs to be devoted to the fulfilment of the general good provisions of host countries by the companies selling cross-border."
  • That it took 6 months to get an answer to Deidre's very basic question (at least according to her first public mention of a response in this media article). It took an extra two months for that answer to be published formally.
  • That in that article she was reported to believe that the measures spelled out by Lord Hill were to "...prevent this from happening again" (as opposed to enhance policyholder protection while facilitating orderly failures when they occur, etc etc). To be clear though, that is quoting the article, not the member!
Does anyone think that now, even after EIOPA's efforts to-date, that supervisory colleges will be effective enough to prevent these kind of events, or do we just buy local and hope for the best?

2015 FTSE Interim Reporting and Solvency II costs - forewarned and forearmed?

Solvency II costs - impressed?
I always liked to keep an eye on the FTSE lads’ Interim and Full Year pronouncements on the Solvency II front back in the day, but given the legslative delays and sporadic cost reporting over the last couple of years, plus the internal model hokey-cokey, disclosures on the topic have been “Slim Pickens” to say the least.

For those interested, the sweep I did last year is here, and while a few of the firms featured have attempted to expand out, they have largely disclosed the same information as last year (Boiler-plate disclosures? Never!).

However, a few of the great and good have chirped up some extras about Solvency II on the home straight, none more revealing than the Canary-supporting egg-chasers at AvivaThey dished up the basics as a matter of  course;
  • Solvency II costs of £46m for the half year (£39m for last half year)
  • Submitted Solvency II internal model in June and expect approval in December. – must be a good one, Hannover Re-style!
  • Currently operating within our expected Solvency II target range, regardless of any changes in economic capital surplus quantum and composition driven by Solvency II
The InsuranceERM lads expanded on that, having presumably dialled in to associated conference call! In a suit-and-tie version of Surprise Surprise (R.I.P Cilla), the CEO shocked listeners with the following statements;
  • "[Solvency II] has taken an inordinate amount of management time and I'd really like that time back"
  • "It has cost us in the region of £400m [$620m]. This figure does not impress me one little bit…” – to my shame I did do the countback on published costs, as if a CEO couldn’t count to £400m, and it does add up!
  • Solvency II costs of £14m for the half year (same as last half-year)
  • “…application for Internal Model approval under Solvency II has been submitted and we target a positive outcome by year end
  • "…current Internal Model for Solvency II shows higher coverage ratios than our ECA model.”
Old Mutual does its best to treat the SAM/Solvency II imposters the same in its reporting, but in recent times has been light on our side. There was a bit more in the bag this time round though, particularly;
  • "Based on the current underlying timetable and regulation of Solvency II, we estimate the total cost of completion will be up to £20 million, of which £10 million will be incurred in H2 2015, and the balance running into H1 2016".
  • "The Solvency II regime will introduce a different lens through which to look at Group capital. It will use a more conservative 1 in 200 stress scenario in determining capital requirements and apply a more rules-based determination of capital fungibility and transferability"
  • Given their tone on the “inherent conservatism” of Solvency II and their loving gazes at the existing FGD treatment of capital fungibility, can we read some indifference to their current treatment as a Group by the PRA, perhaps?
  • "During July 2015, we completed our initial reporting to regulators under the interim arrangements of Solvency II"
I suppose the biggest surprises continue to be the (potential) absence of compulsion to internally model for entities such as Old Mutual (confirmed as “out” of IMAP on p82 here). Given the PRA’s pronouncements on Standard Formula appropriateness and capital add-ons, you might expect them to be marched down the aisle before too long.

Standard Life,perhaps betraying where their strategic priorities lie (nicely covered here), did little more than state that they will “remain strong” on the capital front – nothing on costs, nothing on implications, and nothing on modelling (though they confirm here that they are “in” apparently!). “In”, but on the naughty step perhaps, or is the topic just unworthy of comment?

L&G were happy to talk technical, rather than cry about hundreds and millions of pounds of spilt milk – their release touched on the following;
  • Implementing a ‘capital-lite’ model for bulk annuity new business, by reinsuring out some of the risk (light detail here and here, more detail on p5 of the interims).
  • Solvency II internal model is being reviewed by the PRA, and “…It is anticipated that our Solvency II internal model will be approved in Q4 2015, ready for use on the Solvency II go live date - 1 January 2016”
  • Also have applications in for the use of transitionals, matching adjustments and using deduction and aggregation for its American business
  • “We expect the final outcome of Solvency II to result in a lower Group capital surplus and solvency ratio than the Economic Capital basis. Our Economic Capital model has not been reviewed by the Prudential Regulatory Authority (PRA), nor will it be.”
  • "We note recent clarification from the PRA to the effect that transitional capital will count as Tier One capital, including for assessments of dividend-paying capacity". This is particularly piquant given Sam Woods’ coverage of the “dividend” issue a few weeks ago when trying to reassure a room full of analysts that the insurance sector isn’t a busted flush from an investment perspective!
A busy reporting week for sure, with seemingly no horror stories come at the top-end of the UK Insurance Industry...Including a post-script from the Pru today.

They have revealed a miniscule spend of £17m on Solvency II costs in the year-to-date (against £28m for all of last year), as well as a few nuggets in the same vein as the competition;
  • "...we submitted our Solvency II internal model applications to the Prudential Regulation Authority in June 2015"
  • "We continue to seek opportunities to transfer longevity risk to reinsurers or to the capital markets and have transacted when terms are sufficiently attractive and aligned with our risk management framework."
  • "We also noted at the time that certain aspects of our economic capital methodology are different to those required under Solvency II and that the outcome under Solvency II would be lower than our reported economic capital level. This remains the case." - same issue as Old Mutual, one presumes?
They even dropped a Solvency II slide into this morning's presentation pack (slide 28). Interesting that they go to the trouble of highlighting that the transitionals and risk margin "broadly offset" on the UK Life book, as well as their distinct gripes in their Asian and US businesses. 

...and another post-script from Royal London (so I have everything on one page!)
  • Royal London will use the Solvency II standard formula approach initially and will consider seeking approval for its internal capital model in due course
  • We expect to meet the new Capital requirements without material adverse impact on policyholders but there are significant details which remain to be clarified about the new regime. It is possible the outcome from Solvency II will require insurance companies to hold more regulatory capital than is currently required. If Royal London was required to hold significantly increased capital, then the levels of Royal London Profit Share we are able to allocate to our participating members may need to be restricted

...and two more post scripts: firstly Admiral
  • "Admiral is developing an internal economic capital model which will be used to calculate regulatory capital requirements following approvals from the Group's regulators in the UK and Gibraltar. Such approval is not likely to be sought or granted before 2017."
  • "The Group's regulatory capital from January 2016 will, therefore, be based on the Solvency II Standard Formula, with a capital add-on agreed by the PRA to reflect recognised limitations in the Standard Formula with regards to Admiral Group's business (predominantly in respect of profit commission arrangements in co- and reinsurance agreements and risks arising from actual and potential Periodic Payment Order (PPO) claims)."
  • "The level of capital add-on and resulting Group capital requirement from January 2016 is expected to be confirmed by the PRA in the final quarter of 2015."
...and secondly Phoenix
  • "...submitted its application for regulatory approval of its Internal Model in June 2015"
  • "...Group capital position under Solvency II expected to be in excess [of current surplus]
  • "Over 2015, clarity on Solvency II regulations has improved but uncertainties remain in relation to the Group's IMAP and other Solvency II-related applications"

Wednesday, 24 June 2015

CRO Forum on Risk Culture - comin' from the body heat?

Risk Culture
- need another hero?
A subject which is gathering more steam than Tina Turner's windows, Risk Culture has been given the kid gloves treatment by the CRO Forum in their paper, Sound Risk Culture in the Insurance Industry.

They say at the start that the topic has become "prominent in regulatory circles", which given EIOPA appear to be wining and dining the subject (here and here in the last couple of weeks alone), is something of an understatement. Their increased interest has no doubt been fuelled by the FSB's work on the subject from a year ago. In addition, the Financial Reporting Council took a shine to the topic in its last update of guidelines in late 2014 (point 27 in particular), while cultural failings have turned the FCA into a modern day Robin Hood (speech from inception time here).

As well as fiddling around the edges of definition, the paper expands on a few examples of where cultural change can be driven from, stealing from a few other industries (aviation in particular) and a couple of insurers (Zurich receiving particular attention).

They fundamental base they work from is pretty fair:
  • No "good" or "bad" culture, hence they talk about practices that encourage a "sound" risk culture throughout. Given that ropey culture does not necessarily prevent the achievement of strategic goals, this smart.
  • No "one-size-fits-all" concept of Risk Culture (i.e. don't look for one in this paper!)
That said, the definition used for the purposes of the paper from the NN Group CRO is actually a pretty good one - "shared philosophy of managing uncertainty" etc - though it does suggest that a failure in risk culture might simply be someone not sharing the philosophy, which I suspect is where a lot of your more pragmatic colleagues sit!

There are a number of sound inclusions throughout;
  • Emphasising the links between risk culture and conduct risk currently being force-fed to the industry by EIOPA (p3)
  • The chart on p6 showing survey results of essential elements of risk culture - senior management and Boards leading by example is evidently seen as more important than risk-based remuneration, despite the legislative attention the latter receives (including this week in the UK).
  • Zurich's internal 10 question survey on culture assessment - contains the gorgeous expression "organisational humility", as well as bringing some of the granular risk culture elements onto the table, such as treatment of whistleblowers.
  • Highlighting the "common phenomenon" of management teams containing people with the same personal attitudes - could benefit the creation of a "shared philosophy" without necessarily any of the benefits.
  • The illustration of NN Group's "Risk Culture Dashboard" (p11) - I don't have preference for it either way, but it does illustrate how much effort one can direct towards risk cultural identification, assessment and monitoring, which begs the question "is there that much value in it?" They seem to like it as a way of covenying the concept in the business in any case.
  • Pages 13-14 provide some good brain candy for those who have ambitions to educate or brief their colleagues on risk cultural matters. Zurich's "we are all risk managers" campaign looks like it probably has legs (more on it here).
There are a couple of mildly objectionable parts within;
  • Concepts of "Risk Vision" and "holistic" dropped in early doors and littered throughout, as well as a few extras such as "risk perspective" - the kind of obtuse terminologies which serve to divorce Risk functions from their colleagues
  • That firms should have a "clear vision" for their risk culture - why would something as opaque as culture be expected to be "clear". They don't even define it as a term in the paper!
  • Concerned that risk culture is "...only practiced by risk specialists" currently - how can this be if risk culture is " element that influences and is influence by various forces"?
  • Tha an organisation's corporate culture and risk culture "must be linked" - how are they not one and the same thing?
  • That Risk Appetite Statements are "effectively part of the business strategy" - as opposed to "actually"?
  • Use of the term Risk Profile as if it is unquantifiable, specifically that a firms who learn from their mistakes rather than chastise those who make them "tend to have a better risk profile". Not clever.

Tuesday, 16 June 2015

ORSA's Head? International Actuarial Association on ORSA Value

Unknown unknowns
- just say it one more time...
A rather verbose piece from the International Actuarial Association, or AAI if you are inclined comme ça, on Delivering Value From ORSA. Always worth a glance over these at this stage of proceedings, regardless of which side of the Atlantic you are currently rocking (with both Canada and the States keeping noisy on the topic in recent weeks).

As one might expect from a publication from an actuarial representative body (and one which aims to cover all IAIS bases, rather than the specificities of US/Canada/EU ORSA), it struggles for semblance once it needs to cover non-quant, and is therefore heavily flannelized.

The definition used by the IAA is:
ORSA provides a declaration of the company’s assessment of its position in terms of profit, risk and capital, both now and in the future, under different scenarios and relative to the company’s appetite to risk.
The purpose of the paper is to provide Board members with "insight into the value of the ORSA Process", which is a noble aim in itself, and a few nice touches can be found throughout, in particular:

  • The word “profit” features on virtually every page, almost unheard of in the EIOPA Guideline world where being able to “enhance the management of the undertaking” is King. Heaven forbid anyone makes a quid or two out of it!
  • The coverage of how insurance companies tend to profile risk is clean and rational (p3).
  • The concept of mitigation through company policies, overseen by good governance structures, as opposed to either holding capital or purchasing mitigation, is also expressed with clarity.
  • A company’s risk appetite, once determined by management and approved by the board, can be treated as a budget”. Lovely concept, though it needs more flesh to provide the 'insight on ORSA Process value' that the paper is intended to.

A few contradictions emerge in the document;

  • ORSA “needs to consider and be consistent with an insurance company’s business strategy” – does the process not need to as good as set it? Indeed, they go on to say on page 2 “The true value of ORSA can only be realized when ORSA becomes integral to management’s strategic decision making”!
  • Does ORSA “help build/maintain risk awareness throughout the company” – it would be a struggle to say it could do that any further than the relevant staff which EIOPA ultimately allude to. 
  • Concept of “Solvency Risk Profile” is borderline unintelligible (p3)
  • Terminologically, the section on risk appetite and risk profile on p3 is heavily quant-based, and feels country miles away from similar materials published by the CRO Forum a few weeks back. Specifically, it talks of “acceptable levels” of solvency risk, “minimum and maximum bands”, and that in aggregate across risk categories “This band of acceptable risk is referred to as the risk appetite”. Given it doesn't appear to veer to far away from the FSB's take on Risk Appetite, perhaps this is more of a step forward than EIOPA's 2013 back pass to the AMSB on the matter (p59-60)
  • That models used should be “subject to independent validation” – is it that important if you are not using your model for regulatory capital purposes (i.e. just for ORSA)?
  • The residue of Rumsfeld, which I had hoped had been resigned to the Noughties dustbin, reappears on pages 7 & 8, specifically “A complete ORSA would include the assessment of unknown unknowns”. Pacino said it best in Godfather III