ERM in Insurance (Solvency II) Special Interest Group · ERM in Insurance (Solvency II) Special Interest Group ... Nicholas Barbon Lecture, ... DECISION-MAKING RISK FINANCIAL Price

ERM in Insurance (Solvency II) Special Interest Group

Linking ORSA and business planning –

Embedding risk management in decision making

Jacqueline Fenech, Director

29 May 2013

© 2013 Protiviti Inc.

CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

2

Agenda

The ugly truth

The not so bad news

The good out of it all



3

“Largely unseen in the banking crisis has been the shocking cost of Solvency II…It was clear to me by the end

of last summer that we were facing a long delay in the directive on top of a bill that, as I have said, was

indefensible and ever rising.”

Andrew Bailey, Deputy Governor for Prudential Regulation and Chief Executive Officer Prudential Regulation Authority,

Nicholas Barbon Lecture, 6 February 2013

Writing to Andrew Tyrie, chairman of the Treasury Select Committee, Mr Bailey hit out at the “staggering” cost

to insurers of implementing Solvency II…Regulators estimate that Solvency II could cost insurers about £400m

to implement and a further £200m in annual running costs, though Mr Bailey said this was only an

“approximate benchmark.”

The Telegraph, 30 April 2013

"For the best part of 10 years, Solvency II has been mired in uncertainty, at great cost to the regulators, insurers

and, ultimately, consumers…Strengthening and harmonising the prudential regulation of the insurance sector

across the EU could bring significant benefits. But we haven't seen any yet. Even now, no one can be sure what

it will add.“

Andrew Tyrie, Conservative MP and Chair of the Treasury Select Committee

"We could have probably bailed out Cyprus with the amount of money we've all spent…It cost Lloyd's about

£300m to prepare for Solvency II [new capital rules for insurers], which were then postponed. It is frustrating.”Richard Ward, Chief Executive Lloyd's of London, 27 March 2013

The ugly truth



4

Solvency II in a nutshell



5

“We will review the in-development ORSA to facilitate the PRA approach, for instance as a way of bringing

together business model analysis, forward-looking capital planning, assessment of stress and scenario testing,

evidence of use and capital risk management. Firms should discuss with their supervisor how their in-

development ORSA may be used to meet the current INSPRU requirements.”

Julian Adams, Deputy Head of the PRA and Insurance Director,

Letter to Firms: Solvency II – early use of Solvency II work to meet ICAS requirements, 29 January 2013

The not so bad news

“We’re looking into the possibility that firms with relatively advanced ORSAs may be able to utilise parts of it to

satisfy current requirements.”Julian Adams, Director of Insurance, FSA at the PRA Insurance Conference, 22 October 2012

The PRA will be forward-looking, seeking to assess whether, on the balance of risks, there are

vulnerabilities in firms’ business models, reserving, solvency position, governance, risk

management and controls that cast into doubt their ability to deliver on policyholder

obligations.

Reflecting the uncertain nature of insurers’ liabilities, analytical models will be an important part of

assessing safety and soundness, both for management and supervisors. Supervisors will recognise the

importance of understanding risks to a firm, including the limitations of the outputs of firms’ models,

when forming their judgements.

The Bank of England, Prudential Regulation Authority - Our approach to insurance supervision

Joint BoE – FSA paper, 20 June 2011



6

EIOPA’s Public Consultation – Guidelines for the Preparation of

Solvency II - System of Governance & ORSA

From the PRA’s Solvency II Pillar 2 and Pillar 3 Expert Group meeting on 9 April 2013

• ORSA GLs

– Largely unchanged from the GLs in the Reporting package published by EIOPA in July 2012

– New items: Introduction of thresholds and preparedness for ORSA

• ORSA – Potential Benefits

– Reaffirm existing best practice on risk and capital management - The ORSA GLs largely reflect

principles of good risk and capital management which underpin the ICAS and are set out in the PRA

Handbook.

– Develop processes for implementing the ORSA – Although reflecting best practice, the ORSA

GLs do introduce new requirements along several dimensions. A clear plan for developing and testing

the ORSA will enable firms to ensure they have the necessary resources and time to put in place any

changes required in governance structures, processes, policies and staffing.

– Test-run the ORSA and integrate into decision-making – Dry-runs of the ORSA will enable firms

to assess interdependencies between pillar 1/2/3 requirements, move towards integration in planning

and work out any problems before implementation.



7

EIOPA’s PC – GLs for System of Governance & ORSA

References throughout to the required links between ORSA and decision making

processes:

Guideline 7 – Policy for the forward looking assessment of the undertaking’s own risks (based on

ORSA principles)

AMSB approves the policy for the forward looking assessment of the undertaking’s own risks. This policy

should include:

a) a description of the processes and procedures in place to conduct the forward looking assessment of the

undertaking’s own risks;

b) a consideration of the link between the risk profile, the approved risk tolerance limits and the overall

solvency needs; and

c) information on:

(i) how and how often stress tests, sensitivity analyses and reverse stress tests are to be performed;

(ii) data quality standards; and

(ii) the frequency of the assessment itself and the justification of its adequacy particularly taking into account the undertaking’s risk profile

and the volatility of its overall solvency needs relative to its capital position as well as the timing for the performance of the forward

looking assessment of the undertaking’s own risks and the circumstances which would trigger the need for a forward looking

assessment of the undertaking’s own risks outside of the regular time-scales.



8

EIOPA’s PC – GLs for System of Governance & ORSA (cont.)

References throughout to the required links between ORSA and decision making

processes:

Guideline 5 – Role of the administrative, management or supervisory body: top-down approach

AMSB takes an active part in the forward looking assessment of the undertaking’s own risks, including

steering, how the assessment is to be performed and challenging the results.

Guideline 17 – Link to the strategic management process and decision-making framework

The undertaking takes into account the results of the forward looking assessment of the undertaking’s own

risks and the insights gained during the process of this assessment in at least:

a) its capital management;

b) its business planning; and

c) its product development and design.



9

The good out of it all

Extracting business value from Solvency II:

Linking ORSA and business planning –

Embedding risk management in decision making



10

Lloyd’s Society approach to ORSA process*

Clear use of the ORSA in

management decision making

Does the report cover the key risk

issues and capital assessments as you

see them?

How comfortable are you with the risk

you are taking on? Is it within your

overall appetite?

What, if any, additional management

actions should be considered?

How comfortable are you with the level

of capital held?

How comfortable are you that you are

well prepared to withstand shocks or

risks to which you may be exposed to

over the next 3-5 years?* Lloyd’s Solvency II ORSA Guidance Notes, September 2011 and May 2012



11

External Environment (PESTLE)

ORSA process within an ERM framework

ERM Framework

Ris

k U

niv

ers

eT

rig

ge

rs

Other

disclosures

ORSA

Internal model

Calculation kernel

Management Actions

Risk appetites

3-year

business plan

Capital plan

Outputs

Reporting



12

Protiviti Risk Universe

ENVIRONMENT

RISK

Customer service quality

Technological Innovation

Stakeholder/ Shareholder Expectations

Capital Availability

Sovereign/Political

Legal

Regulatory

Industry Consolidation

Financial Markets

PROCESS

RISK

INFORMATION FOR

DECISION-MAKING RISK

FINANCIAL

Price

Interest rate

Currency

Equity

Commodity

Financial Instrument

Liquidity

Cash Flow

Opportunity Cost

Credit

Default

Concentration

Settlement

Collateral

Reserving

Best estimate

Risk margin

Technical provisions

Management actions

GOVERNANCE

Organizational Culture

Ethical Behaviour

Board Effectiveness

Succession Planning

INFORMATION

TECHNOLOGY

Integrity

Access

Availability

Infrastructure

INTEGRITY & REPUTATION

Management Fraud Illegal Acts Image and Branding

Employee Fraud Unauthorised Use Stakeholder Relations

Third Party Fraud

Scalability Compliance Capacity

Human Resources Performance Gap Business Interruption

Knowledge Capital Cycle Time Product/Service Failure

Product Development Offshored/onshore Efficiency

Channel Effectiveness Health and Safety Trademark/Brand Erosion

Claims

Bonuses

Guarantees

Final payouts

Outsourcing

Selection criteria

Service level agreements

Contingency plan

Joint Opco/governance

Policy administration

Policy lapses & renewals

Member notices

Policy expenses

Customer service

Asset management

ALM

Market risk appetite

Investment strategy/policy

Valuation

Run-off

Arrangement scheme

Book closure

Commutations

STRATEGIC

Environmental Scan

Insurance Market Intelligence

Business Portfolio

Investment valuation/Evaluation

Organization Structure

Measurement (Strategy)

Resource Allocation

Planning

Life Cycle

PUBLIC REPORTING

Financial Reporting Evaluation

Internal Control Evaluation

Executive Certification

Taxation

Pension Fund

Regulatory reporting

Customer reporting (statements)

OPERATIONAL

Budget and Planning

Product/Service Pricing

Contract Commitment

Measurement (Operations)

Alignment

Accounting Information

Partnering/material outsource

LEGAL/LITIGATION

DELEGATED

AUTHORITY

Leadership

Authority/Limit

Employee retention

Communications

OPERATIONS & IT

The Protiviti Risk Universe is an indicative framework for assisting in understanding potential business risks. This

framework can be further enhanced to reflect the organisation’s unique operating environment and culture.



13

FSA approach: Risk management, governance, data & reporting

FSA presentation by Victoria Raffé, Head of Prudential Insurance Policy – Prudential Policy and Dr Colin Lawrence, Director – Risk Specialists, 18 April 2011



14

Protiviti risk management maturity-capability model



15



16

Preparedness for ORSA

Findings from a Protiviti survey of the UK Insurance

industry on risk management practices



18

CRO not yet on the main Board

Is your CRO absent from the main Board?

• Almost two-thirds of respondents (64%) report that CROs or Heads of Risk are still absent from Boards

of their respective organisations.



19

Risk function deemed to be a regulatory requirement…

How do you think the risk function is perceived in your organisation?

• 68% of respondents deem the risk function in their respective organisations to be a regulatory

requirement and a necessary control function

…regulation is the primary driver of risk management practices (36%)



20

Board involvement in business activities

To what extent does your Board…?

• 21% of respondents have said that their Board always (36% have said frequently) uses risk-based

return on capital measures in business planning



21

Risk management embeddedness

How would you rank the strength of these indicators of risk management

embeddedness?

• The strongest risk embeddedness indicator reported by respondents (46%) is non-executive director

challenge of risk management

Thank you



23

Documents

ERM in Insurance (Solvency II) Special Interest Group · ERM in Insurance (Solvency II) Special Interest Group ... Nicholas Barbon Lecture, ... DECISION-MAKING RISK FINANCIAL Price