© Lloyd’s

< Picture to go here >

Lloyd’s control frameworkfor Regulatory & tax reportingPhase II- Coverholders

2014

© Lloyd’s

Lloyd’s Control Framework

Why it’s important What is it and who does it affect? How is it implemented? The risk model and how it applies Coverholder audit Delivery roadmap 2013-2015 Board sign off… Questions?

© Lloyd’s

WHY it’s important

Increasing regulatory and tax authority scrutiny around the information that Lloyd’s returns are based upon.

The increasing number of tax audits, notably in Europe, both in the Lloyd's environment and the general insurance market mean that it is even more important to “raise the bar” on information standards to ensure Lloyd's can satisfy tax authorities that requirements have been met.

Increasing sophistication of the business being written (cross border) through coverholders resulting in regulatory risk increasing.

Confidence in data quality is not currently based on evidence and so is difficult to demonstrate.

© Lloyd’s

What is it?

Identifies for the first time explicit minimum information requirements covering tax and regulatory reporting.

Going through a process to implement the Control Framework ensures accuracy and completeness of the minimum regulatory and tax information requirements.

A structured, documented process that allows managing agents to demonstrate they have adequate controls in place.

Nothing new!

© Lloyd’s

WHO does it affect?

Phase I – Completed39 managing agents successfully signed off on time!

Phase II – Commenced in July 2013 Framework does not change it simply extends the scope to include coverholder

business. Assurance gained through coverholder audits. Project pack of templates to help managing agents with their delivery. Presentations at Market Forums to raise awareness on “raising the bar” around quality of

information. Our own page on Lloyds.com. Quarterly Breakfast Group for managing agents and brokers.

Phase I Service Companies – Completed

Phase II Coverholders – Deadline 31st December 2015

Phase III Open Market - TBA

Control Framework is the managing agents responsibility

© Lloyd’s

How it’s implemented

Information Requirements

Risks

How the risks apply

Controls described or

defined

Evidence gathered

Confidence gained

Process for continuous improvement to “raise the bar”

© Lloyd’s

The risk modelRISK

Requirements are not understood

1 There are many reasons why this risk may crystallise. It could be that the person interpreting the requirements does not have the requisite skills or experience, human error, or the requirements being unclear or ambiguous

HOW IT MAY TRANSPIRE

Data capture is inadequate

2 This may relate to data not being captured, being captured more than once (duplicate) or that the data captured is erroneous. It may also be that data is not refreshed at the appropriate point (if relevant).

Data is processed incorrectly

3 Between capture and reporting data will undergo some form of processing. In some cases this will be about using different elements of data to compute other information, but it also relates to things such as erroneous report definitions. Typically, this risk can also be used to cover security and continuity risks, but given the specific focus in the Operating Principles these have been broken out.

Data is corrupted

4 Data may be corrupted accidentally or on purpose. Typically this involved inadvertent or erroneous changes to data when it is being adapted outside of core processing systems.

Data is lost and cannot be recovered

5 This is most likely to crystallise where historic information is not contained in core processing systems that are subject to a robust backup regime, but in end user computing facilities such as spreadsheets or user maintained databases.

© Lloyd’s

How the risks apply

How these risks might apply to your organisation or any associated third party undertaking information capture or processing on your behalf.

Understand how these risks could be addressed What existing controls are in place? How are these risks currently mitigated and managed?

© Lloyd’s

Coverholder audit

New coverholder audit scope extended to include questions addressing the Control FrameworkAreas of focus include:

Location of risk

How this is determined for system entry

What considerations are taken when cross-border business is written

How tax liability is determined

Collation/ creation of the bordereaux

Whether Lloyd’s tools are used in the process of determining risk location and tax liability (Crystal, Risk Locator Tool, etc).

© Lloyd’s

Delivery road map 2013

© Lloyd’s

Delivery road map 2014-2015

© Lloyd’s

Managing agent certification report Internal controls over Regulatory and Tax reporting (coverholders) Managing Agent’s Responsibilities  [Name of managing agent] acknowledges its responsibility for compliance with the regulatory and tax information requirements set out by Lloyd's, including the completeness, accuracy, and presentation of the information where we lead contracts.  We understand that a risk based approach to coverholders applies, and it is not necessary for [Name of managing agent] to collect and hold all of the relevant information, but that we must be able to access and present the relevant information if required. This includes designing, implementing and operating effective controls, or gaining sufficient assurance over the adequacy of controls operated by others on which we rely, to achieve the related control objectives relating to the relevant tax and regulatory information for each territory in which we, [Name of managing agent], and the coverholder are carrying out business. Managing Agent Statement  On the basis of enquiries of management and staff with relevant knowledge and experience, sufficient to satisfy ourselves that we can properly make the following statements, we confirm that we meet the requirements of the Lloyd’s Control Framework for Regulatory and Tax Reporting, including: a) the processes described on pages [ ] to [ ] are a fair representation of the systems and controls that have been implemented at [Name of managing agent]; andb) the controls relating to the relevant information requirements are suitably designed to provide reasonable assurance that control objectives are being achieved and operated effectively as at [insert date]; andc) sufficient assurance on accuracy, quality and completeness of information captured by coverholder(s) has been gained.   On behalf of The Board Managing Agent [Date]  

Board Sign-off…

© Lloyd’s

< Picture to go here >

Any questions?

© Lloyd’s