Upload
truongdien
View
216
Download
3
Embed Size (px)
Citation preview
ERM in Insurance (Solvency II) Special Interest Group
Linking ORSA and business planning –
Embedding risk management in decision making
Jacqueline Fenech, Director
29 May 2013
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
2
Agenda
The ugly truth
The not so bad news
The good out of it all
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
3
“Largely unseen in the banking crisis has been the shocking cost of Solvency II…It was clear to me by the end
of last summer that we were facing a long delay in the directive on top of a bill that, as I have said, was
indefensible and ever rising.”
Andrew Bailey, Deputy Governor for Prudential Regulation and Chief Executive Officer Prudential Regulation Authority,
Nicholas Barbon Lecture, 6 February 2013
Writing to Andrew Tyrie, chairman of the Treasury Select Committee, Mr Bailey hit out at the “staggering” cost
to insurers of implementing Solvency II…Regulators estimate that Solvency II could cost insurers about £400m
to implement and a further £200m in annual running costs, though Mr Bailey said this was only an
“approximate benchmark.”
The Telegraph, 30 April 2013
"For the best part of 10 years, Solvency II has been mired in uncertainty, at great cost to the regulators, insurers
and, ultimately, consumers…Strengthening and harmonising the prudential regulation of the insurance sector
across the EU could bring significant benefits. But we haven't seen any yet. Even now, no one can be sure what
it will add.“
Andrew Tyrie, Conservative MP and Chair of the Treasury Select Committee
"We could have probably bailed out Cyprus with the amount of money we've all spent…It cost Lloyd's about
£300m to prepare for Solvency II [new capital rules for insurers], which were then postponed. It is frustrating.”Richard Ward, Chief Executive Lloyd's of London, 27 March 2013
The ugly truth
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
4
Solvency II in a nutshell
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
5
“We will review the in-development ORSA to facilitate the PRA approach, for instance as a way of bringing
together business model analysis, forward-looking capital planning, assessment of stress and scenario testing,
evidence of use and capital risk management. Firms should discuss with their supervisor how their in-
development ORSA may be used to meet the current INSPRU requirements.”
Julian Adams, Deputy Head of the PRA and Insurance Director,
Letter to Firms: Solvency II – early use of Solvency II work to meet ICAS requirements, 29 January 2013
The not so bad news
“We’re looking into the possibility that firms with relatively advanced ORSAs may be able to utilise parts of it to
satisfy current requirements.”Julian Adams, Director of Insurance, FSA at the PRA Insurance Conference, 22 October 2012
The PRA will be forward-looking, seeking to assess whether, on the balance of risks, there are
vulnerabilities in firms’ business models, reserving, solvency position, governance, risk
management and controls that cast into doubt their ability to deliver on policyholder
obligations.
Reflecting the uncertain nature of insurers’ liabilities, analytical models will be an important part of
assessing safety and soundness, both for management and supervisors. Supervisors will recognise the
importance of understanding risks to a firm, including the limitations of the outputs of firms’ models,
when forming their judgements.
The Bank of England, Prudential Regulation Authority - Our approach to insurance supervision
Joint BoE – FSA paper, 20 June 2011
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
6
EIOPA’s Public Consultation – Guidelines for the Preparation of
Solvency II - System of Governance & ORSA
From the PRA’s Solvency II Pillar 2 and Pillar 3 Expert Group meeting on 9 April 2013
• ORSA GLs
– Largely unchanged from the GLs in the Reporting package published by EIOPA in July 2012
– New items: Introduction of thresholds and preparedness for ORSA
• ORSA – Potential Benefits
– Reaffirm existing best practice on risk and capital management - The ORSA GLs largely reflect
principles of good risk and capital management which underpin the ICAS and are set out in the PRA
Handbook.
– Develop processes for implementing the ORSA – Although reflecting best practice, the ORSA
GLs do introduce new requirements along several dimensions. A clear plan for developing and testing
the ORSA will enable firms to ensure they have the necessary resources and time to put in place any
changes required in governance structures, processes, policies and staffing.
– Test-run the ORSA and integrate into decision-making – Dry-runs of the ORSA will enable firms
to assess interdependencies between pillar 1/2/3 requirements, move towards integration in planning
and work out any problems before implementation.
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
7
EIOPA’s PC – GLs for System of Governance & ORSA
References throughout to the required links between ORSA and decision making
processes:
Guideline 7 – Policy for the forward looking assessment of the undertaking’s own risks (based on
ORSA principles)
AMSB approves the policy for the forward looking assessment of the undertaking’s own risks. This policy
should include:
a) a description of the processes and procedures in place to conduct the forward looking assessment of the
undertaking’s own risks;
b) a consideration of the link between the risk profile, the approved risk tolerance limits and the overall
solvency needs; and
c) information on:
(i) how and how often stress tests, sensitivity analyses and reverse stress tests are to be performed;
(ii) data quality standards; and
(ii) the frequency of the assessment itself and the justification of its adequacy particularly taking into account the undertaking’s risk profile
and the volatility of its overall solvency needs relative to its capital position as well as the timing for the performance of the forward
looking assessment of the undertaking’s own risks and the circumstances which would trigger the need for a forward looking
assessment of the undertaking’s own risks outside of the regular time-scales.
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
8
EIOPA’s PC – GLs for System of Governance & ORSA (cont.)
References throughout to the required links between ORSA and decision making
processes:
Guideline 5 – Role of the administrative, management or supervisory body: top-down approach
AMSB takes an active part in the forward looking assessment of the undertaking’s own risks, including
steering, how the assessment is to be performed and challenging the results.
Guideline 17 – Link to the strategic management process and decision-making framework
The undertaking takes into account the results of the forward looking assessment of the undertaking’s own
risks and the insights gained during the process of this assessment in at least:
a) its capital management;
b) its business planning; and
c) its product development and design.
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
9
The good out of it all
Extracting business value from Solvency II:
Linking ORSA and business planning –
Embedding risk management in decision making
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
10
Lloyd’s Society approach to ORSA process*
Clear use of the ORSA in
management decision making
Does the report cover the key risk
issues and capital assessments as you
see them?
How comfortable are you with the risk
you are taking on? Is it within your
overall appetite?
What, if any, additional management
actions should be considered?
How comfortable are you with the level
of capital held?
How comfortable are you that you are
well prepared to withstand shocks or
risks to which you may be exposed to
over the next 3-5 years?* Lloyd’s Solvency II ORSA Guidance Notes, September 2011 and May 2012
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
11
External Environment (PESTLE)
ORSA process within an ERM framework
ERM Framework
Ris
k U
niv
ers
eT
rig
ge
rs
Other
disclosures
ORSA
Internal model
Calculation kernel
Management Actions
Risk appetites
3-year
business plan
Capital plan
Outputs
Reporting
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
12
Protiviti Risk Universe
ENVIRONMENT
RISK
Customer service quality
Technological Innovation
Stakeholder/ Shareholder Expectations
Capital Availability
Sovereign/Political
Legal
Regulatory
Industry Consolidation
Financial Markets
PROCESS
RISK
INFORMATION FOR
DECISION-MAKING RISK
FINANCIAL
Price
Interest rate
Currency
Equity
Commodity
Financial Instrument
Liquidity
Cash Flow
Opportunity Cost
Credit
Default
Concentration
Settlement
Collateral
Reserving
Best estimate
Risk margin
Technical provisions
Management actions
GOVERNANCE
Organizational Culture
Ethical Behaviour
Board Effectiveness
Succession Planning
INFORMATION
TECHNOLOGY
Integrity
Access
Availability
Infrastructure
INTEGRITY & REPUTATION
Management Fraud Illegal Acts Image and Branding
Employee Fraud Unauthorised Use Stakeholder Relations
Third Party Fraud
Scalability Compliance Capacity
Human Resources Performance Gap Business Interruption
Knowledge Capital Cycle Time Product/Service Failure
Product Development Offshored/onshore Efficiency
Channel Effectiveness Health and Safety Trademark/Brand Erosion
Claims
Bonuses
Guarantees
Final payouts
Outsourcing
Selection criteria
Service level agreements
Contingency plan
Joint Opco/governance
Policy administration
Policy lapses & renewals
Member notices
Policy expenses
Customer service
Asset management
ALM
Market risk appetite
Investment strategy/policy
Valuation
Run-off
Arrangement scheme
Book closure
Commutations
STRATEGIC
Environmental Scan
Insurance Market Intelligence
Business Portfolio
Investment valuation/Evaluation
Organization Structure
Measurement (Strategy)
Resource Allocation
Planning
Life Cycle
PUBLIC REPORTING
Financial Reporting Evaluation
Internal Control Evaluation
Executive Certification
Taxation
Pension Fund
Regulatory reporting
Customer reporting (statements)
OPERATIONAL
Budget and Planning
Product/Service Pricing
Contract Commitment
Measurement (Operations)
Alignment
Accounting Information
Partnering/material outsource
LEGAL/LITIGATION
DELEGATED
AUTHORITY
Leadership
Authority/Limit
Employee retention
Communications
OPERATIONS & IT
The Protiviti Risk Universe is an indicative framework for assisting in understanding potential business risks. This
framework can be further enhanced to reflect the organisation’s unique operating environment and culture.
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
13
FSA approach: Risk management, governance, data & reporting
FSA presentation by Victoria Raffé, Head of Prudential Insurance Policy – Prudential Policy and Dr Colin Lawrence, Director – Risk Specialists, 18 April 2011
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
14
Protiviti risk management maturity-capability model
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
15
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
16
Preparedness for ORSA
Findings from a Protiviti survey of the UK Insurance
industry on risk management practices
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
18
CRO not yet on the main Board
Is your CRO absent from the main Board?
• Almost two-thirds of respondents (64%) report that CROs or Heads of Risk are still absent from Boards
of their respective organisations.
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
19
Risk function deemed to be a regulatory requirement…
How do you think the risk function is perceived in your organisation?
• 68% of respondents deem the risk function in their respective organisations to be a regulatory
requirement and a necessary control function
…regulation is the primary driver of risk management practices (36%)
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
20
Board involvement in business activities
To what extent does your Board…?
• 21% of respondents have said that their Board always (36% have said frequently) uses risk-based
return on capital measures in business planning
© 2013 Protiviti Inc.
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
21
Risk management embeddedness
How would you rank the strength of these indicators of risk management
embeddedness?
• The strongest risk embeddedness indicator reported by respondents (46%) is non-executive director
challenge of risk management