Sponsor’s FeatureEIOPA’s final Guidelines for the preparation of Solvency II look set to require firms and supervisors to put in place elements of the new regime by 1 January 2014. In this report William Coatsworth, Consulting Actuary and John McKenzie, Principal and Consulting Actuary, at Milliman take a detailed look at the guidelines, note what has changed after the consultation and comment on the practical implications for firms. final guidelines for the preparation of Solvency II. These set out EIOPA’s proposal for the phased introduction of specific aspects of the Solvency II requirements into national supervision from 1 January 2014, in advance of the full implementation of the Solvency II regime with the aim of ensuring that “National Competent Authorities (NCAs), insurance companies and groups take active steps towards implementing certain key elements of Solvency II in a consistent and convergent way”. The final guidelines and accompanying explanatory text take on board many of the comments received during the consultation period, run from 27 March 2013, covering:
- System of governance
- Forward looking assessment of the undertaking’s own risk (based on Own Risk and Solvency Assessment (ORSA) principles)
- Submission of information to NCAs
- Pre-application for internal models (IMs)
Proportionate and principles-based approachIn response to stakeholder comments, EIOPA has emphasised that the application of the guidelines by NCAs should be proportionate to the “nature, scale and complexity inherent in the business of the insurance and reinsurance undertaking”. In order to support this application, EIOPA notes that the guidelines are largely “principle-based or drafted with a view to the outcome and supervisory objective that should be met”.
Timings for the preparatory phaseEIOPA has commented that the guidelines have been drafted based on the assumption that Solvency II will be applicable from 1 January 2016.
Application to third countriesOne key concern raised by stakeholders during the consultation period was the application of the guidelines to firms in countries outside of the EEA. In response to this, EIOPA has clarified that it does not expect supervisory authorities in third countries to apply the preparatory guidelines and that the guidelines are only intended to apply to EEA-based groups (and specifically not to apply to EAA branches of third country-based groups). Where EEA groups have subsidiaries in third countries, they are permitted to use the solvency capital requirements and eligible own funds based on local regulations, effectively assuming that all third countries are considered equivalent during the preparatory phase.
- An effective System of Governance
- An effective Risk Management System with strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report, on a continuous basis and at an individual and at an aggregated level, the risks to which they are or could be exposed, and their interdependencies
- Qualitative information supporting the System of Governance.
System of GovernanceUnder the proposed guidelines, NCAs are required to ensure that:
- The administrative, management or supervisory body (“AMSB”) (whether at solo or group level) is engaged with the management process.
- The organisational structure established by the AMSB maintains an adequate segregation of duties, is proactive and challenging, supports the strategic objectives and operations of the firm and is capable of being adapted if these objectives change.
- The scope and frequency of internal reviews of the System of Governance are established, with the scope, findings and conclusions of the reviews documented and reported to the AMSB.
- The firm has contingency plans addressing areas where it considers itself to be vulnerable which are reviewed, updated and tested on a regular basis.
Risk Management SystemThe guidelines specify that NCAs should ensure that the AMSB is responsible for the effectiveness of the risk management system, setting risk appetite and risk tolerance limits, and approving the risk management strategies and policies. The guidelines set out the requirements for these elements of the risk management system, including the items to be covered in a risk management policy, and the need for the risk management function to report information to the AMSB, both on risks that have been identified as potentially material and on other specific areas of risk either on its own initiative or as requested by the AMSB. Particular features of underwriting and reserving risk, operational risk, asset-liability management, investment risk and liquidity risk are highlighted, as are the requirements for maintaining a policy for risk mitigation techniques. The accompanying explanatory text expands on these guidelines, requiring firms to consider explicitly strategic and reputational risks as part of their risk management procedures, including the “interconnectedness between these risks and other material risks”, highlighting the potential impact these risks may have on the business. These risks should be included in the risk management policy where relevant.
Own Funds RequirementsThe proposed guidelines require NCAs to ensure that firms are developing a capital management policy which includes procedures to ensure the Own Funds items satisfy (at issue and subsequently) the applicable capital regime. The policy should include controls on issuance and set out the approach to managing dividends and distributions. The development of a medium-term capital management plan is also in the scope of the guidelines. The plan should include consideration of the output from both the risk management systems and the forward looking assessment of the undertaking’s own risks (based on the ORSA principles).
Internal ControlsNCAs should ensure that firms are promoting internal controls by making all personnel aware of their roles in the internal control system and ensuring that there is an appropriate reporting process within this system to support decision making. Where applicable, NCAs should ensure the internal control systems are applied consistently across groups.
Group-Specific Governance GuidelinesThe final guidelines require NCAs to ensure groups have appropriate governance arrangements in place to steer risk management and internal control at an individual level. This should have regard to the reporting requirements, and the tools and processes needed to identify, measure, monitor and control risks, taking into account the interests of all entities and how these contribute to the common purpose of the group. The guidelines address the group-specific challenges of contagion risk, interdependencies between risks from conducting business through different entities and in different jurisdictions, third country entities and from regulated and unregulated companies. Further guidelines extend the scope of risk management and IM specification to a group context.
Threshold for reportingFirms representing at least 80% of the national market share will be required to submit annual quantitative and narrative information to NCAs, while firms representing 50% of national market share will also be required to submit quarterly information. Groups with more than EUR 12 billion of total assets as at the reporting period ending 2012 will be required to provide both quarterly and annual information.
Quantitative information to be providedThe information required to be submitted annually by those solo entities falling within the annual reporting threshold includes:
- Content of the submission (new form)
- Basic information
- Balance sheet
- Assets and liabilities split by currency
- Detailed list of assets and derivatives
- Technical provisions
- Own Funds
- Solvency Capital Requirement (SCR)
- Breakdown of the components of the SCR
- Minimum Capital Requirement (MCR)
- Entities in the scope of the group
- Insurance and reinsurance solo requirements
- Other regulated and non-regulated financial entities including insurance holding companies solo requirements
- Contribution to group technical provisions
- Cells regarding information on Ring-Fenced Funds (RFFs) and any simplifications used have been included in a number of templates
- The templates for reporting the SCR calculated using the standard formula or partial IM have been modified to better reflect the relationship between the elements of risk modules calculated using standard formula and a partial IM
- The templates for reporting the SCR calculated using a full IM have been modified to include information on the approaches used to calculate the loss absorbing capacity of technical provisions and of deferred taxes
Narrative information to be providedThe guidelines propose that the narrative report to be provided during the preparatory phase should include information on the following areas:
- General governance requirements – including the system of governance, fit and proper requirements, risk management system, internal control system and governance structure
- Capital management – including information on Own Funds, and explanation of any material differences between the equity shown in the financial statements and the excess of assets over liabilities as calculated for solvency purposes
- Valuation for solvency purposes – covering information on the valuation of assets, technical provisions and other liabilities
Reporting of internal model firmsIM firms will be required to submit information on the SCR using both the standard formula and using their full/partial IM. The information calculated using the IM should be provided under the requirements set out in the guidelines on submission of information to NCAs, while the information calculated using the standard formula is defined under the guidelines on pre-application of IMs.
Reporting of groupsEIOPA has confirmed that where firms within a group fall below the threshold on an individual level, they should still be subject to reporting at a group level where the group as a whole is subject to preparatory reporting. For the purposes of the preparatory phase, all third countries should be considered as equivalent. The approach for the calculation of group SCR should be determined by the group in discussions with the group supervisor (the consolidation method remains the default approach and any decision not to use this should be justified to the group supervisor).
Reporting of ring-fenced funds (RFFs)Firms are required to submit information on major material RFFs, based on notional SCR, at both an individual and group level during the preparatory phase. Non- material RFFs are to be reported together with the remaining non-RFF business.
Reporting of (re)insurance captivesFor the purposes of the preparatory phase, EIOPA has permitted NCAs to exempt captives from the need to submit quarterly information relating to Q3 of 2015. EIOPA notes that captives would still need to provide annual reporting information and that this exemption should not be taken as an indication of future solutions under Solvency II.
Reporting of third country branchesThird country branches operating in the EU are excluded from the reporting requirements during the preparatory phase.
- Assessment of overall solvency needs
- Assessment of whether the firm would comply with Solvency II regulatory capital requirements and technical provisions on a continuous basis
- Assessment of deviations from the assumptions underlying the SCR calculation.
ThresholdsAll firms falling under the Solvency II Directive will be required to perform an assessment of their overall solvency needs starting in 2014.
Timings for the FLAORUnder the final guidelines, firms are expected to perform the assessment of their overall solvency needs at least two times during the preparatory phase, once in 2014 and once in 2015, regardless of any changes to the Solvency II implementation timeline. EIOPA has confirmed that the first assessment of overall solvency needs is expected to be performed at any time during the year 2014. EIOPA will prepare technical specifications in 2014 covering Pillar I technical issues and guidance on the assumptions underlying the standard formula. As such, the assessment of continuous compliance with regulatory capital requirements and technical provisions together with the assessment of any deviations from the assumptions underlying the SCR calculation will not be required until 2015. The need for firms to quantitatively estimate the impact of different recognition and valuation basis for the assessment of overall solvency will similarly not be required until 2015. As the technical specifications depend on the finalisation of the Omnibus II Directive, these dates will be reviewed at the end of 2013.
Use of the FLAORDuring the preparatory phase, firms are expected to ensure that the results and insights from the forward looking assessment are used throughout the business, and at least in the following areas:
- Capital management
- Business planning
- Product development and design
FLAOR for internal model firmsSolo and group IM firms are permitted to perform the FLAOR based on their IM. However, EIOPA has commented that such firms should also consider the regulatory capital requirements and capital planning implications under the standard formula as well as establishing a contingency plan for non approval of the IM.
FLAOR for groupsAs a minimum, all entities that are within the scope of group supervision should be captured within the group FLAOR (although others can be included if appropriate at the discretion of the group). This includes non-EEA entities even if these are not required to perform a FLAOR at an individual level. The group FLAOR should be performed according to the requirements set out by the NCA of the parent firm. EIOPA has emphasised that the AMSBs of the individual firms within the group are responsible for their individual FLAORs. Where a single FLAOR is produced covering both the group and the underlying individual firms, the AMSBs of the individual firms must provide assurance that their risks are properly represented. Furthermore, the interrelations and responsibilities between the individual and group AMSBs should be clearly defined. Where application is being made for a group (partial) IM, the group is not expected to provide an assessment of the deviation of the risk profile for the assumptions underlying the SCR. However, where individual firms within the group continue to us the standard formula to calculate the SCR, such an assessment should still be made at an entity level.
FLAOR for EAA branchesEEA branches of third country (re)insurers are not required to perform a FLAOR.
Documentation of the FLAORFirms must maintain the following documentation for the forward looking assessment:
- Policy for the forward looking assessment
- Record of each forward looking assessment
- An internal report on each assessment
- A supervisory report of the assessment.
- Model changes
- Use test
- Assumption setting and expert judgement
- Methodological consistency
- Probability distribution forecast (PDF)
- Calibration – approximations
- Profit and loss (P&L) attribution
- External models and data
- Functioning of colleges
Model changesIM firms must establish a written model change policy, outlining the procedures in place to ensure the IM meets the Solvency II requirements on an on-going basis. The explanatory text states that a model change policy should cover the following aspects:
- The sources of change
- The identification of a need for change
- The classification of changes as major or minor
- The governance of changes
- The reporting of changes
Assumption setting and expert judgementThe final guidelines contains guidance on what NCAs should look for during the pre-application process with regards to assumption setting and expert judgement within the IM, including the communication, documentation and validation of assumptions. The guidelines state that firms should:
- Obtain AMSB sign-off for the most material assumptions
- Document the materiality of each assumption and also the rationale of the expert judgement behind each assumption
- Obtain an independent review (internal or external) of the assumptions as part of the validation process.
Probability distribution forecast (PDF)Previous guidance has required firms to have processes in place which aim to ‘increase’ knowledge of their risk profile, including knowledge of the risk drivers and other factors explaining the behaviour of the variable underlying their PDF. The final guidelines relax this requirement such that a firm is now only required to “maintain sufficient and current knowledge of its risk profile”. NCAs should take into account the following when assessing the ‘richness’ of a firm’s PDF:
- Whether the PDF reflects the firm’s risk profile
- The current progress in actuarial science and generally accepted market practice
- Any measures that the firm puts in place to ensure compliance with IM tests and standards
- For each risk, the way in which the techniques chosen, and the resulting PDF, interact with the richness of the PDFs of other risks
- The nature, scale, and complexity of the risk.
Profit and Loss AttributionThe P&L is previously defined as the change in basic Own Funds not attributable to capital movements. The guidelines acknowledge that the IM may use other monetary amounts to determine the change in basic own funds such as economic capital resources. Throughout the pre-application process, NCAs must form a view on how firms ensure the relevance and adequacy of the P&L attribution process. Firms will be expected to regularly evaluate and document (at least annually) how the results of the P&L attribution might be used within their risk management and decision making framework. The explanatory text states that NCAs must gain comfort that firms ensure:
- The P&L attribution includes all material risks and not just those modelled internally
- The attribution methods remain sufficiently consistent over time to allow a useful comparison of the P&L attribution from one period to another.
Validation policyThe final guidelines provide more explicit guidance on what EIOPA expects to see in validation policies, including details on:
- The processes, methods and tools used to validate the IM and their purpose
- The frequency of regular validation for each part of the IM and the circumstances that trigger additional validation
- The persons who are responsible for each validation task
- The procedure in the event that the validation process identifies problems with the reliability of the IM and the decision-making process to address those concerns.
- The topics (e.g. data quality, expert judgement) covered by the specific type of validation
- The type and volume of activities (e.g. desk research, interviews, tests) performed
- Some criteria or threshold to specify when the validation is passed or failed.
Group internal modelsThe group specificities of the use test have been expanded from the draft Level 3 text. The guidelines require NCAs to be comfortable that all firms within a group who will use the group IM are cooperating to ensure the design of the model is aligned with their businesses and risk management systems. This includes ensuring the outputs are granular enough to allow the group IM to play a sufficient role in each firm’s decision making process. Individual firms must provide evidence that: • The individual SCRs will be calculated at least once a year, and more frequently if the firm’s risk profile changes significantly, and whenever needed as part of the decision making process • It is able to propose changes to the group IM for components that are material to them or following a change in their risk profile or in local conditions • It possesses an adequate understanding of those parts of the IM which cover risks related to their business, for example by having access to up-to-date and relevant model documentation
Validation policy for group internal modelsEIOPA states that a single validation policy should be established to cover the validation process at both group and solo entity level
Functioning of collegesThe guidelines address the practicalities of the pre-approval process for cross-border groups, as well as the areas that colleges should consider when forming a view about the appropriateness of the scope of a group IM: • The significance of firms within the group with respect to the risk profile of the group • The risk profile of firms within the group compared to the overall group risk profile • Any transitional plan to extend the scope of the model at a later stage • The appropriateness of the standard formula or alternative IM used to calculate the SCR of a firm within the scope of the group IM
Validation processThe risk management function retains overall responsibility for model validation and is expected to ensure the validation process is independent from the development and operation of the model. When deciding the parties which will contribute towards the validation process, EIOPA requires firms to take into account the nature, scale and complexity of the risks the firm faces, the function and skills of the people to be involved and the firm’s internal organisation and governance system. The explanatory text clarifies that the validation process can leverage activities performed by non-independent parties but these cannot be relied on entirely. The most material tests, calculations and analysis must be performed by people not involved in the development of the IM. ‘Good practice’ for the risk management function with respect to validation of modelling performed by external parties includes:
- Staying in close touch with the external party and consider any appropriate follow-up
- Assessing the activities performed by the external party to ensure they are free from restrictions and limitations that might influence the outcome
- Ensuring that a realistic budget and timeframe are put in place for the services to be performed
- Ensuring that there is no conflict of interest between the external party and the person performing the validation activities.
DocumentationBuilding on existing guidance, the guidelines state that documentation of circumstances under which the IM does not work effectively should cover:
- The risks not covered
- The limitations in risk modelling
- The nature, degree and sources of uncertainty of results, including the sensitivity of the results
- The deficiencies in data
- The limitations of information technology
- The limitations of governance.
External Models and DataIn validating external models, the guidelines state that firms should assess the appropriateness of the selection, or otherwise, of features or options which are available for the external models. EIOPA clarifies that it is the firm’s responsibility to provide specific information to NCAs about any external models used to allow them to make the requisite assessments. NCAs should reject applications for using external models if this requirement is not met.
- System of governance
- Forward looking assessment of the undertaking’s own risk (based on Own Risk and Solvency Assessment (ORSA) principles)
- Submission of information to NCAs
- Pre-application for internal models (IMs)