Monday, 20 October 2014

PRA's Countdown to Solvency II Implementation Event - When I Need U(SPs)

PRA Implementation countdown
- "Feel like dancing" now?
So along with the entire UK Solvency II sticky-beak brigade, I had the unbridled pleasure of attending the PRA's 'Leo Sayer' on Friday, confidently titled Countdown to Implementation, despite going on to list a range of matters which have probably given both Internal Model and Standard Formula firms plenty of enthusiasm to try and turn the clock backwards rapidly!

Paul Fisher, Julian Adams' replacement as Executive Director of Insurance at the PRA, kicked off with a set of Solvency II vox-pops;

  • Solvency II is the "main game in town"
  • "The end is in sight"
  • The PRA are "not gold-plating the Directive"

A nice bit of reassurance at kick-off time then - unfortunately, the clarity which was to follow from the technical specialists on a range of topics was probably not what everyone wanted to hear, given the tone of some of the audience questioning that followed! In particular (and with everything in full quotation marks below having been said by a PRA rep on the day);

  • That the PRA will "have to prioritise" if everyone in the IMAP queue for 'from 2016' approval drops their applications in at the end of June, and that applicants should be "striving to submit" sooner. Suggests to me that the smaller firms in IMAP may get bumped to squeeze in the big boys.
  • The reinforcement of Mark Carney's message from the other week that they will have no problem refusing permission to use models, though this was couched by Fisher in the more appropriate context of failure to meet any of the TSIMs simply "cannot be allowed".
  • That, although over 90% of the UK industry was down for using Standard Formula, the PRA will be equally aggressive when challenging their preparedness as they will for IM firms.

I didn't hang around for the afternoon sessions as I had a hot date with BA, so pull whatever you can out of the Other Approvals and Regulatory Reporting slideshows. However, I would draw attention to the following from the earlier sessions:

Implementation and Policy overview

  • The Old Lady of Threadneedle Street protested through multiple speakers about how they recognise that bank and insurance internal models are different, and how Insurance Supervision is now "embedded into the Bank" - I would assume to justify the credit crunch-influenced aggression now being taken by the PRA on assessing capital models (see Adams's speech around the time of BOE/PRA merger).
  • An interesting slide 3 about how much more work Solvency II will generate for the PRA from go-live!
  • Referred to FLAOR only once before switching to ORSA, suggesting that this disposable acronym is as much of a pain in the neck for the supervisor as it is for firms!
  • Highlight what "Good" and "Bad" ORSAs have contained to-date. Clearly some firms are box-ticking, leaving an unusable report which is only skin-deep compliant as output. They were particularly scathing on Stress and Scenario Testing efforts, and implored that Reports should not be written for the PRA's benefit (though naturally must cover what the DAs and EIOPA have already set out).
  • A nice piece was discussed around the expected depth of director-level knowledge of their internal models. Andrew Bulley made a useful distinction between "conceptual" and "technical" knowledge, where your dithering 80 year-old INED from the fishing industry might not be expected to understand correlation matrices, but should probably know their significance, and alternatives to them.
  • For model applications to date, far too big ("encyclopedic" in cases), with too much process description, and not enough on assumptions and expert judgements.
  • That it is a firm's responsibility to "ensure compliance" with the Delegated Acts, and given their lessening proximity to the legislators, the PRA flag in advance that they will not be able to give "concrete advice" to firms in future.

Standard Formula

A particularly good ground-setter, given the dearth of work published previously on Standard Formula firms and the PRA's expectations. Calendar included on the slide pack, which will be of massive use to your PM/PMO staff!

  • PRA will review ALL firms ahead of 2016 for SF appropriateness - "priority" firms assessed by Q1 2015, everyone else by end of 2015.
  • While SF SCR is apparently close to current ICG numbers for GENERAL insurers in the UK, it is noticeably larger in LIFE firms 
  • PRA is "not promoting" SF ahead of internal models
  • Vigorously directed all attendees to EIOPA's Underlying Assumptions of SF Paper - expectation that some firms won't read it, and just expect SF plus any add-ons?
  • Very vocal on the "significance of the deviation" between SF SCR and one's own Risk Profile - as we know, the Delegated Acts quantify what 'significant' is in the context of capital add-ons
  • An expectation that ORSAs will be used in the assessment of SF appropriateness - qualitative for sure, possibly quant elements as well?
  • Range of examples of where significant divergences are being found, by Risk Category, and by Life vs General Insurer.
  • A lot of emphasis on Capital Add-ons being used "only as a temporary measure", which will ultimately allow firms to PIM/IM or de-risk. They are however "patient and realistic" on how quickly that change can be done, so it sounds on the face of it like 2016 and 2017 will be targeted for Capital Add-on elimination.
  • In the following session on models, a piece came up on Capital Add-ons, where the PRA confirmed that their process for handling these in future is "still developing", though they expect them to be "a lot, lot rarer" than the existing regime of ICG.

Internal Models

Calendar also provided for IM firms (slide 4), showing how tight their schedule is, and explaining why they threw the earlier curveball about all firms expecting to drop their applications in on 30th June 2015. They also touched on the following:

  • Highlighting weak areas identified to-date such as over-optimistic (new?) business plans being used in capital calculations; ENIDs; omission of certain "Key Risks", and suspiciously low correlations
  • That Use Test is "fundamentally important", and is an opportunity for firms to "put their money where their mouth is". They do not expect to see either end of the use spectrum i.e. no use, or blind use!
  • Too much technical actuarial validation seen. Usefully suggested that validation questions may be better posed as "where might this model be inadequate", rather than "why is it OK".
  • Confirmed that the PRA's SAT has now been replaced by EIOPA's CAT, which won't arrive until the back end of this year - surprisingly, no-one laughed when they said this "might create some work" for existing IMAP programmes!
  • Importantly, they stressed that their powers are to Approve or Reject applications, with no "conditional" powers whatsoever. Attendees were therefore encouraged to delay applications which were thought to be unlikely to succeed, both now and in future.
Though they instinctively feel like they could have been supplied sooner, the clarifications provided in the presentations I witnesses will be hugely welcome by programme directors and PM's alike. I would venture a guess that they will be less welcome by executive committees, who may have hoped for more flexibility on the risk quantification front post-2016.

Wednesday, 15 October 2014

PRA on Solvency II Approvals - One in the "IMAP"

The PRA today released a consultation paper on applying for Solvency II approvals (with the checklists for firms thinking of applying here), covering such juicy topics  as;
  • Matching adjustments
  • Ancilliary own funds
  • USPs
  • Group shenanighans (single ORSA for Groups, and excluding entities from Groups)
  • SFCR dispensations
And of course the big man on campus - Internal Model Approval.

I had covered on here back in March that EIOPA intened to bring in a common internal model application package (press release here), whilst also noting that while EIOPA "expected" NCAs to accept and use it, it was not compulsory.
IMAP - waste not want not
With the UK being the largest Internal Model application handler by some distance, the stupendous amount of money, management time and administrative effort which had been injected into the IMAP Process since 2011, there was at least a theoretical possibility that the PRA might say "no thanks", and ask its applicants to continue as they were, albeit with an Excel template amended to reflect the Directive and Delegated Acts as they currently stand

Therefore the rather vicious tearing of hair and gnarling of teeth coming from the UK today is the sound of 60-odd internal model applicants finding out that 3 years of IMAP work is now redundant! Section 2.11 of today's CP states;
EIOPA is expected to publish an internal model application template which the PRA will require all firms to use for their formal internal model applications.
...[firms] will be expected to transpose data onto the new EIOPA template when they make their formal application. The PRA will not be updating the SAT to align with EIOPA's application template
Perhaps I am being a touch harsh to call IMAP efforts to-date "redundant". The UK will naturally have dominated EIOPA discussions around what a template should contain, and how it should be structured to assess applications with maximum efficiency, as they have had the Chair of the Internal Model Committee since 2009!

There is an implication in the CP though that the transposition between the two "templates" will not be as seamless as I had imagined back in March, so I suspect that internal model applicants will need to go back to the market looking for expensive IMAP cajolers in the not too distant future. A shame for UK plc, who will rightly feel they have spent a lifetime's money on this topic already.

Tuesday, 14 October 2014

Solvency II Delegated Acts - Commission publish, world shrugs

Delegated Acts - handle with care
On Friday, the European Commission  released a "provisional" version of Solvency II's Delegated Acts via their own website.

Given how long they have taken to arrive, they rather surprisingly aren't chiselled into pyramid slabs or written on parchment - less surprisingly, they feature very little in the way of changes since the July 2014 version, so for those who want to know why it has taken 3 years for these to officially emerge, the January 2014 version is a better contrast (I summarise some of the changes between 2011's starter document and the January version here).

There has been enough comment since Friday (here, here, here and here for a start) to highlight what has changed since the summer, and more importantly, what has driven those changes - namely, encouraging EU insurers to plough money into long-term infrastructure assets by making them cheaper from a capital perspective, thus solving the European Union's economic woes in one fell swoop!

Bear in mind the first scrounging letter from the Commission came to EIOPA over two years ago, reminding them of what a "...potentially powerful financing channel" European insurers could be, provided any necessary "...adjustment or reduction" was made to Solvency II's capital requirements.

Little wonder then that it has taken a while for them to ensure that Solvency II remains prudential, while simultaneously unlocking long-term capital pools, though it sounds like the empirical basis of EIOPA's earlier calibration attempts has been overriden to get there.

Is it likely to get through the baying mob in ECON? The insurance industry's Green Party sparring partner had already flagged his distaste at the capital discounts now being offered, as well as the due process applied to recalibrating them.

It remains to be seen whether it is controversial enough to delay the inevitable in early January, but given the Acts seem to have been received with customary ambivalence by most affected parties, this is probably 'job done'.

Monday, 13 October 2014

ORSA and Independent Review - Misunder-stud?

Independent review of ORSA
- banging the drum?
I listened in on a Solvency II readiness webcast a couple of weeks ago which pricked my ears like a low-budget high street beauty parlour. The specific theme was independent review of ORSA, and the broadcaster confidently included it in the list of "things we all need to do" in the Solvency II preparatory phase, both 2014 and 2015.

While most familiar with the topic would immediately cry "that got lobbied out in 2011", the speaker's argument was that, while EIOPA's Guidance no longer says firms should "independently" review its ORSA, it also doesn't not say it, therefore we must do it, and do it annually!

I would have chuckled and left it at that, but having read InsuranceERM's recent roundtable on preparations for Solvency II, the topic again reared its head, albeit in a more controlled manner, as a number of attendees explained how they have used Internal Audit (and dismissed the idea of using external firms) in reviewing their ORSA processes during the preparatory phase.

My problem is this - as an industry we were happy to, erm, relieve ourselves and moan when CEIOPS's first attempts at ORSA Guidance in 2010 included a guideline which compelled annual independent review of the ORSA Process (included in slide 32 of Mr Bernadino's pack here in Summer 2011, as I can't find the original CP anywhere).

This was lobbied-out by the time the re-badged EIOPA released their 2011 CP (here), and when their Final Report followed in June 2012, "independent review" was a distant memory.

Any compulsion to review the ORSA Process is now  covered only by EIOPA's System of Governance Guidelines (here), specifically Guideline 8 asking that a firm's SoG is regularly "internally reviewed on a regular basis" (5.11).

EIOPA continue in 5.11 that "...the review undertaken by the internal audit function on the system of governance as part of its responsibilities can provide input to this internal review" - i.e. this is not work considered to be performed automatically and exclusively by one's Internal Audit function.

In terms of frequency, EIOPA elaborate in section 4.26 of the Guidelines, namely that your AMSB, given your firm's nature, scale and complexity;
...determines the scope and frequency of the internal reviews of the system of governance
 So three things - no 'annual' requirement; AMSB's choice on frequency; and that this is internal review, not "independent", "external", or indeed any other word which gets me contracted past 2016!

Monday, 29 September 2014

CRO Forum's Principles on Operational Risk Measurement - "Quant touch this"...

Hammer Time?
Current efforts in Op Risk quantification
Despite practitioners efforts over the last few years, Operational Risk continues to live on starvation rations when it comes to considered quantification. Never treated as an alpha-topic by executives inside insurance institutions, it has been treated with similar indifference by legislators, culminating in the  "totally inadequate" take-a-percentage methodology for calculating Operational Risk capital in the Standard Formula.

Internal Modellers on the whole are not likely to be shaming that technique with their efforts either (basic summary of their problems here, while InsuranceERM cover struggles as a whole with a roundtable here). A paucity of operational risk event (and near miss) data within firms may be good news for ORIC as a vendor, but from a parameter and data uncertainty perspective, it leaves internal model operators and validators in an invidious position, particularly due to the quantum of insurers' capital likely to be involved (10%, give or take?).

It's not that the actuarial world hasn't taken a stab at it before (here), aren't fully aware of the data holes (here), or haven't used the word "Bayesian" in a sentence (here). However an activity which was "in its infancy" in the UK as far back as 2005, is surely now old enough to be working in the mines...

I was therefore happy to see the unprolific-yet-important CRO Forum bring a white paper to the table, Principles of Operational Risk Management and Measurement. It is an update to a 2009 version which takes into account Solvency II demands, as well as developing practice within insurers over the period, the suggestion being that 2009's efforts were a little too Banking Industry-influenced.

While this document might feel at outset like an idiot's guide to "quanting" operational risk (and bearing in mind the number of prospective standard formula applicants - 9 out of 10 in UK - one may be needed soon!), the document touches on a number of noteworthy technical matters, in particular;
  • The Definition section doesn't read well, but they have attempted to include outcomes other than monetary loss into the Op Risk definition, which from experience will improve discourse within firms. Are they attempting to squeeze strategic and reputational risks into this box though?
  • Nice coverage of Boundary Events, and encouraging firms to consider them in their management of Op Risk.
  • Very specific treatment of Risk Tolerance throughout, using it in preference to Risk Appetite. This is because it cannot be avoided, and so tolerance levels should be used to trigger "RAG"-type reporting up the chain. Nice work, and well justified, but I have certainly seen the expression "Zero Appetite" used for Op Risk, so no doubt this is not an industry standard perspective yet! (p5-6)
  • No problems with their coverage of tried and tested techniques - "Top Down", RCSA's & Loss Event analysis (p9-10)
  • Nice turn of phrase regarding emerging risks on p9 - "...assess the proximity of new risks to the organisation". It may need to include an attempt to quantify to be fully useful for ORSA purposes.
  • Concept of residual risk arrives quite late in the day, but isn't omitted. Important, given how much qualitative, or spuriously quantitative, material is being promoted as aiding this measurement work (p10)
  • Seem to accept at the bottom of p10 that Internal Modellers must do more than curve fit on internal Op Risk Event data - good news I guess.
  • Internal Model validation pressures on current Op Risk quantification practices flagged directly (p16 in particular)
  • Guidelines on embedding Op Risk monitoring processes highlight just how much work some practitioners are managing to cover (p11). Quite disheartening for those with smaller budgets.
Ther are a few points to make on section B around quantification:
  • Pretty scathing on Standard Formula relevance. (p14)
  • Scenario Analysis sold as something of a panacea to cure the ills of incomplete Op Risk Event data sets, but no mention of the biases which seem to permeate the creation of the scenarios, which is sadly a hostage to the invitee list. (p14)
  • Expand more on scenario analysis, bringing the "severe but plausible" terminology to the table (p15)
As well as the following generic comments;
  • Is risk measurement - "a tool for embedding risk culture in the organisation"? I would say so, particularly in the Op Risk arena, where decision makers will need to be involved at scenario-compilation time.
  • That said, they then go on to reference "senior management sign-off" of scenario work, which is somewhat contradictory!
  • Overweight in references to "culture" and "tone at the top", like most white papers these days (see the FRC's efforts from the other week). Playing with fire as a profession by shoehorning references to "culture" into everything.
  • A couple of horror-show schematics used on pages 7 and 8 - the Forum must know how much time risk professionals lose walking non-experts through things like this. They serve no purpose, and detract from surrounding text.
  • Attempt on p9 to solicit business for ORIC?
It was Professor Jagger who accurately prophesised "You can't always get what you Quant" - I'd say the Risk profession concurs, based on these very welcome principles.

Wednesday, 24 September 2014

KPMG on Pillar 3 and Public Disclosure - in or out?

Pillar 3 - rude awakening?
The operational reality of Solvency II Pillar 3 is seemingly about to deliver a ruder awakening than breakfast at Chubby Brown's. Whilst for example the UK's regulator has offered an element of flexibility in the content of the QRT reporting to be submitted during the Solvency II preparatory phase (Q21 here), Finance functions across the EU will be in an spreadsheet-fuelled scramble to deliver Solvency I, Solvency II and public reporting from now on in.

The lie of the land is not pretty as it stands. Evidently the PRA's crack team of Pillar 3 regulator and industry expets is tabling some sobering questions, given their recently revised Q&A, and both software solution providers (here) and asset data firms (here) continue to ebb and flow with their contributions to preparedness, depending on the pay-off. Some co-odination efforts have recently begun on asset data transference involving the larger EU players, but doesn't yet sound like the golden ticket for the teams charged with delivering Pillar 3 material.

Even EIOPA, the new custodians of the word ERRATA, are seemingly tied up with the less technologically developed EU members in an Excel-flavoured workaround to the xBRL question which, judging by the number of QRT template amendments already applied, has an air of inevitability about it.

It was therefore nice to see one of the Big 4 release results from this survey on how firms are preparing for Pillar 3 in the content of existing and future public disclosure requirements. Small sample (11 firms, all multinationals), and all evidently have existing plc-type disclosure requirements, but the topics and trends covered should inform anyone in the Pillar 3 space who has transitioning on their agendas.

Worthy of note:

  • Pre-Solvency II disclosure of quantitative material not favoured - not much to be gained I suppose
  • No-one planning to publish projected capital adequacy!
  • Responders in IMAP seemingly working on the basis that "Plan B" won't be required
  • Few likely to publish "internal views of capital" ( for this read "overall solvency needs" or "ORSA Capital") - analysts felt unlikely to be looking for it.
  • Most common differences between Pillar 1 and OSN used were treatment of contract boundaries and the risk-free rate, with the list of distinctions going into double figures
  • Some provisional plans for IFRS alignment on the balance sheet methodology front
  • Embedded Value about to be jettisoned as a reporting metric - analysts are of course devastated!

Who said accountancy was boring?

Monday, 22 September 2014

Central Bank of Ireland and ORSA - fancy a bunch of FLAORs?

So the Central Bank of Ireland went and knocked together an ORSA Reporting tool for the less complex end of the Irish Insurance industry, specifically the "low" and "medium-low" rated insurers. And to think I have spent 4 years railing at the consultancy and supervisory industries for catering for the big boys, while ignoring the immaterial...

2014 FLAORs
- a serious affair
The tool was released back in July, and while it (intelligently?) copy-pastes EIOPA's guidance and dissects most of those words into a set of obvious questions, there are some aspects which are very revealing in respect of where supervisory expectations for 2014's ORSA reporting and process development efforts perhaps are at the less material end of the industry.

They have evidently taken the approach that most large programmes will have used over the last 3 years, namely to deconstruct paragraphs in Directive/Delegated Acts/EIOPA Guidelines in an Excel spreadsheet, and pose them as questions. Not every firm's budgets would have stretched to accommodate even that level of analysis though, so I'm sure the CBoI's efforts have been warmly received to date.

For example, the following elements are very shocking to me, given our proximity to go-live;
  • No compulsion for ORSA Policy (and therefore process) to be documented and Board-approved in 2014 (2.3 and 2.4)
  • No expectation that the 2014 version assesses one's ability to continue past the 1 year horizon (4.8)
These elements are perhaps revealing as to supervisory planning for 2015 and beyond;
  • Asking when the Board approved the results and conclusions - likely to be hunting for evidence in minutes (2.2)
  • Asking which personnel/units have been briefed as to the ORSA results - is there a feeling that outside of EXCOM and control functions, the reports won't see the light of day? (3.4)
  • Highlight what they are really interested in, in the context of "overall solvency needs" quantification - risk measure, confidence level and time horizon, which feels proportionately light in focus given the detail in Article 262 of the Delegated Acts (4.1).
Some good elements include;
  • Uses of ORSA in decision-making process listed in 1.1 - some are directly lifted from EIOPA, but couple of other examples may help focus the mind (I would add that setting "risk limits" feel sloppy, given the legislation uses "risk tolerance limits")
  • Ask for a table to be populated with quantitative results for each risk category, but don't prescribe the category names, rather provide the legislative categories as examples - this is how it should be, especially for the smaller firms. (4.2)
  • No expectation that the "medium or long-term" capital is calculated at this point - the column provided is marked *OPTIONAL* (4.2) 
Whilst the data gleaned from the template they have provided may be a bit cumbersome, fair to say that CBoI's efforts will be welcomed by both the qualifying firms (as a pro-forma) and the larger firms as an INED guide.