INSTRUCTIONS Guidance on formatting the beam is available in the notes pages of this document. 21March, 2012 Solvency II Main requirements

21March, 2012

Solvency IIMain requirements

All Rights Reserved – Ernst & Young 2012 Solvency II

Solvency II, a risk-orientated three pillar regime for insurance undertakings

Solvency II Briefing 2

What is Solvency II? ► A fundamental review of the capital adequacy regime for the European insurance industry

► Establishes a revised set of market consistent EU-wide capital requirements and risk management standards. The latest developments point to implementation on 1 January 2014 (requiring a change to the approved Level 1 directive where implementation is by end October 2012)

► Targets an organisational model where capital and risk frameworks are embedded by insurers with decisions made in reference to the potential impact on the business (as provided by the internal model) in order to comply with ‘Use Test’ requirements

Solvency I (current)► Rules based

► Limited and non-prescriptive requirements for risk management

► Underlying liability valuation methods not consistent between EU member states

► Capital based on statutory measures e.g., ratios of premiums or liabilities

Solvency II (future)► 'Principles' based in theory; many rules in practice

► Significant risk management requirements

► Prescribed market consistent liability valuation methodology and cost of capital

► All margins for prudence held as capital

► Capital requirements based on probability models of risk


Assets valued at market value

Capital requirements

SCR = First regulatory intervention point

MCR = Final regulatory intervention point

Technical provisions

= best estimate of all future cashflows discounted at a risk free interest rate

+ risk margin

Best estimate liability

Risk margin

MCR

Free assets

Assets

Technical

provisions

SCR

Market consistent balance sheetOverview


Solvency Capital Requirement

► 1 year Balance Sheet shock using V@R with 99.5% confidence

► Modular approach with multiple aggregation levels

► Risk modules are calculated through a combination of scenarios tests and factor based approaches

► Allowance in some risk modules is made for the impact of profit sharing and geographical diversification

► Deferred tax, profit sharing adjustments (Adj) and operational risk module are a final add on in the process

Source: QIS 4 specification

All Rights Reserved – Ernst & Young 2012 Solvency II 5

Pillar 2 expectations on firmsThe key requirement of Pillar 2 is for firms to have a system of governance to “provide for sound and prudent management of the business”

This system of governance “shall at least include an adequate transparent organisational structure with a clear allocation and appropriate segregation of responsibilities and an effective system for ensuring the transmission of information”

Supporting this requirement are six key “aspects” based on conditions and functions which the Directive expects Firms to address and have in place:

► Conditions

► Fitness and propriety

► Outsourcing

► Internal control

► Functions

► Risk management function

► Internal audit function

► Actuarial function

Pillar 2 also requires firms, as part of the risk management system that forms part of the governance arrangements to undertake an Own Risk and Solvency Assessment (ORSA)

In addition to these requirements on firms, Pillar 2 also includes provisions for Supervisory review and action

Governance arrangements demonstrate how well a firm is managed and therefore has a direct link to the regulator’s risk assessment of the business, which in turn will impact on the SCR loading.

Technical Provisions

MCRMinimum Capital Requirement

Model Approval

Pillar 1

Own Risk and Solvency Assessment(ORSA)

Governance Arrangements

Supervisory power and processes

Pillar 2

Disclosure-Solvency and Financial Condition Report

Market Discipline

Pillar 1

Pillar 3


What is the ORSAA regular practice of assessing overall capital needs with a view to the firm’s specific risk profile that forms part of the risk management system. It is:

► an internal assessment process and as such should be embedded in strategic decisions

► a supervisory tool for the supervisory authorities

The ORSA aims at enhancing awareness of the interrelationships between the risks the business is currently exposed to, or may face in the long term, and the internal capital needs that follow from this risk exposure

The ORSA needs to be supported by an effective and robust escalation process paying particular attention to

► Functional escalation

► Risk exposures and the linkages to decision making

The ORSA can be defined as the entirety of the processes and procedures employed to identify, assess, monitor, manage, and report the short and long term risks that the business faces or may face and to determine the own funds necessary to ensure that its overall solvency needs are met at all times.

Risk management systems

Executive Committee

Supported by Risk Taking

Business Units

Strategy, risk appetite and policy

Board

Risk Modelling Function

1st Line 2nd Line 3rd Line

Own risk and solvency assessment

Risk Management Function

Compliance Function

Actuarial Function

Audit Committee

Supported by Internal

Audit

Internal control framework

The ORSA process for assessing and monitoring overall solvency builds on the Pillar I SCR calculation by articulating the firm’s view of required capital. It should form an integral part of the business planning of the organisation. A key challenge will be integrating the appropriate modelling approaches into the risk framework and ORSA


ORSA relationship with internal capital model and standard formula SCR

Own Risk and Solvency Assessment (ORSA)

Risks not considered by standard formula

Aspects varying between business and regulatory (SCR) models

Risks

Liquidity, Reputational and Strategic risk are not included in the standard formula. If these represent a material risk they need to be included in the ORSA

Liquidity risk

Reputational risk

Strategic risk

Time horizon

Confidence level

Management actions

Time horizon

The time horizon used for business planning may differ from the time horizon for regulatory capital by internal model

Confidence level

A different confidence level to the SCR internal model may be used e.g rating confidence level

Management actions

Consideration should be taken of any agreed management actions that could influence the risk profile

Stress and scenario tests Stress and scenario tests

Should be extensive in business planning for internal purposes

Firms using models will be required to integrate these into the ORSA.


Requirements around risk management systems and internal controlsRisk management systems

Firm shall have in place a risk management system comprising strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report, on a continuous basis the risks, on an individual and aggregated level, to which they are or could be exposed, and their interdependencies. It shall include:

► A documented risk management strategy that includes the objectives, key principles, risk appetite and assignment of responsibilities

► Written policies that include a definition and categorisation of the risks faced by the firm, implement the undertaking’s risk strategy, facilitate control mechanisms and take into account the nature, scope and time horizon of the business and the risks associated with it

► Reporting procedures that ensure that risk information is continuously monitored

► A suitable ORSA process

The risk management system shall be well integrated into the organisational structure and in the decision making process of the firm.

Internal control frameworkAn effective internal control framework, shall comprise a coherent, comprehensive and continuous set of mechanisms designed to secure at least the following:

► Effectiveness and efficiency of the firm’s operations in view of its objectives

► Availability and reliability of financial and non-financial information; and

► Compliance with applicable laws, regulations and administrative provisions

Risk Management Systems

Executive Committee

Supported by Risk Taking Business Units


Board



Own Risk and Solvency Assessment


Compliance Function

Actuarial Function

Audit Committee

Supported by Internal Audit

Internal Control Framework


Functional requirements Risk management function and compliance function

Risk management functionThe Risk Management function must be objective and independent from operational functions. Its key tasks shall include:

► Assisting the Board in the effective operation of the risk management system, in particular by performing specialist analyses and performing quality reviews

► Monitoring the risk management system

► Maintaining an organisation-wide and aggregated view on the risk profile of the undertaking

► Reporting details on risk exposures and advising the Board with regard to risk management matters in relation to strategic affairs like corporate strategy, mergers and acquisitions and major projects and investments

Risk management shall be responsible for the way in which an internal model is integrated with the internal risk management system and the day-to-day functions of the undertaking. It shall assess the internal model as a tool of risk management and as a tool to calculate the undertaking’s SCR

Compliance function► The internal control system shall secure the firm’s compliance with

applicable laws and regulations

► The firm shall have in place a suitable control environment including a compliance function

► The compliance function shall not be placed in a position where there is a possible conflict of interest between its compliance responsibilities and any other responsibilities it may have

► The compliance function shall be able to communicate on its own initiative with any staff member and to obtain access to any records necessary to allow it to carry out its responsibilities

► There will be a compliance plan that ensures that all relevant areas of the firm are appropriately covered, taking into account their susceptibility to compliance risk

► The compliance function shall promptly report any major compliance problems it identifies to the Board

Note: CEIOPS Issue Paper on Risk Management and Other Corporate Issues makes explicit reference to the Risk Modelling Function however the Issues Paper on Implementing Measures on System of Governance does not explicitly identify this as a Function a Firm must have.


Executive Committee



Board




Compliance Function

Actuarial Function

Audit Committee





Functional requirements Actuarial function and internal audit function

Actuarial functionKey tasks should include:

► To coordinate the calculation of technical provisions

► To ensure the appropriateness of the methodologies and underlying models used as well as the assumptions made in the calculation of technical provisions

► To assess the sufficiency and quality of the data used in the calculation of technical provisions

► To compare best estimates against experience

► To inform the administrative or management body of the reliability and adequacy of the calculation of technical provisions

► To express an opinion on the overall underwriting policy

► To express an opinion on the adequacy of reinsurance arrangements

► To contribute to the effective implementation of the risk management system in particular with respect to the risk modelling

Internal audit function► The Function shall carry out its assignments with impartiality. It shall

be able to exercise its assignments on its own initiative in all areas of the undertaking

► The Function shall have the complete and unrestricted right to obtain information as well as having direct communication with any member of the undertaking’s staff

► Every activity and every unit of the undertaking shall fall within its scope and the function shall draw up an audit plan

► The Function shall at least annually produce a written report on its findings to be submitted to the Board. The report shall cover at least any deficiencies with regard to the efficiency and suitability of the internal control system as well as major shortcomings with regard to the compliance with internal policies, procedures and processes


Executive Committee



Board




Compliance Function

Actuarial Function

Audit Committee




All Rights Reserved – Ernst & Young 2012 Solvency II April 19, 2023Solvency II - Pillar 3Page 11

► Description of the business and performance of the undertaking

Overview of Pillar 3

Business overview & performance

System of Governance

Risk disclosures

Valuation basis used for Solvency purposes

Capital Management

► For each risk category:

► Risk exposure► Concentration of

risk► Risk mitigation► Risk sensitivity

► Description of the bases and methods used for the valuation of:

► Assets► Technical provisions► Other assets and

liabilities► Explain any major

differences for the valuation in the financial statements

► Minimum Capital Requirement (MCR) and Solvency Capital Requirement (SCR)

► Structure and amount of own funds including quality

► Differences between the standard formula and the internal model used for the SCR calculation

► Analysis of any significant changes from previous periods and differences to elements in financial statements

► Capital add-ons► Amount of non-compliance

► Description of the system of governance and an assessment of its adequacy for the risk profile of the undertaking

Overview of Solvency II Draft Directive Pillar 3 requirements for public disclosures:

Pillar 3 Directive requirements:► Undertakings to publicly disclose, on an annual basis, a report on their solvency and financial

condition► Pillar 3 is not just about disclosing Solvency II numbers but includes requirements around the control

levels and governance in place to ensure accurate financial reporting. The Directive requires that written policies should be in place to ensure the ongoing appropriateness of any information disclosed

Additional guidance and further Pillar 3 development:► There is additional guidance being issued on disclosure, but the exact requirements are not yet final

Ernst & Young

Assurance Tax Transactions Advisory

About Ernst & YoungErnst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 135,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve potential.

For more information, please visit www.ey.com/uk

Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients

The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC300001 and is a member firm of Ernst & Young Global Limited.

Ernst & Young LLP, 1 More London Place, London SE1 2AF.

© Ernst & Young LLP 2009.Published in the UK. All rights reserved.

Documents

INSTRUCTIONS Guidance on formatting the beam is available in the notes pages of this document. 21March, 2012 Solvency II Main requirements