As the deadline for implementing Solvency II approaches, the stakeholders are in various states of preparedness. In the previous blogs I had highlighted the state of (un)preparedness of insurance companies. Software vendors, apparently are more prepared.
In this article Lindsay James has reviewed the technology that is supporting insurers in implementing the new directive.
Thursday 10 December 2009
Wednesday 9 December 2009
Significant implications for actuaries in Solvency II Regime
New Regime Of Solvency Regulation Will Impact Insurers And Actuaries
Boston, MA – Changes to solvency regulation in Europe and the United States will have key implications for insurers and actuaries, attendees of the Casualty Actuarial Society (CAS) annual meeting heard during the opening general session of the meeting.
Session moderator Cara Blank, Actuary, Massachusetts Division of Insurance, led off the session by noting that the discussions of solvency regulation have become more heated, particularly in the last 18 months. In addition to Europe and the U.S., a number of regulatory efforts and solvency proposals are underway in jurisdictions such as Australia, Canada, and Switzerland.
Kathryn Morgan, of the UK’s Financial Services Authority (FSA), gave an overview of Solvency II, the new risk-based solvency regime in Europe that takes effect November 1, 2012.
Ms. Morgan noted that Solvency II is a fundamental review of the solvency and risk management standards for European insurers that aims to strengthen prudential regulation of the insurance sector and to improve policyholder protection.
“The idea is that the system of regulation will be absolutely the same for all insurance companies across the EU,” she said.
Ms. Morgan observed that actuaries are at the heart of Solvency II, and it has significant implications for them. This is because the actuarial function is part of the new solvency regime. However, as Solvency II is a wide-ranging regime, actuaries will need to work as part of a multi-functional team.
She noted that actuaries will help fulfill the emphasis on technical provisions under Solvency II and that actuaries are also required to give an opinion on underwriting policy.
She explained that the European body of actuaries, known as the Groupe Consultatif, is working with industry and regulators on the technical and professional standards that could apply to actuarial work.
Building internal models is an area of focus. Under Solvency II, companies may build internal models to measure their risks and capital requirements, but the models have to meet a use test and significant governance requirements.
“European regulators have tried to learn from the lessons of the financial crisis. We want to make sure that models are as useful as possible so each firm knows what the shortcomings are,” she said.
Ramon Calderon, Director for the Center for Insurance Policy & Research, NAIC, observed that while U.S. regulators welcome Solvency II for Europe, the new regime still raises questions.
“We’re all in the same boat. We seek prudent regulation and a competitive marketplace. But there are still open questions about Solvency II,” he said.
Calderon explained that some features of Solvency II have yet to be tested. “There is a lot of caution about the reliance on models and about how far we can go in group supervision,” he said.
By comparison, the U.S. solvency framework has been tested under fire. “It is a multi-jurisdictional system. There is a supervisory culture in place,” Calderon said.
With the exception of certain specialized monoline insurers, the U.S. insurance industry largely survived the economic crisis of 2008/2009. “This was because the underlying nature of the insurance business, the U.S. solvency framework, and fundamental risk management systems worked well together,” Calderon noted.
However, Calderon cautioned that U.S. regulators cannot afford to become complacent. As a result, the National Association of Insurance Commissioners (NAIC) adopted the Solvency Modernization Initiative in June 2008 that will identify potential changes to the solvency framework in the U.S.
According to Calderon, the U.S. is also active in international venues and taking leadership roles in International Association of Insurance Supervisors (IAIS) committees on solvency issues.
U.S. insurance regulators need to be engaged in the IAIS process, as they will be judged by the IAIS standards that are adopted, he added.
The Casualty Actuarial Society fulfills its mission to advance actuarial science through a focus on research and education. Among its 5,100 members are experts in property/casualty insurance, reinsurance, finance, risk management, and enterprise risk management.
Boston, MA – Changes to solvency regulation in Europe and the United States will have key implications for insurers and actuaries, attendees of the Casualty Actuarial Society (CAS) annual meeting heard during the opening general session of the meeting.
Session moderator Cara Blank, Actuary, Massachusetts Division of Insurance, led off the session by noting that the discussions of solvency regulation have become more heated, particularly in the last 18 months. In addition to Europe and the U.S., a number of regulatory efforts and solvency proposals are underway in jurisdictions such as Australia, Canada, and Switzerland.
Kathryn Morgan, of the UK’s Financial Services Authority (FSA), gave an overview of Solvency II, the new risk-based solvency regime in Europe that takes effect November 1, 2012.
Ms. Morgan noted that Solvency II is a fundamental review of the solvency and risk management standards for European insurers that aims to strengthen prudential regulation of the insurance sector and to improve policyholder protection.
“The idea is that the system of regulation will be absolutely the same for all insurance companies across the EU,” she said.
Ms. Morgan observed that actuaries are at the heart of Solvency II, and it has significant implications for them. This is because the actuarial function is part of the new solvency regime. However, as Solvency II is a wide-ranging regime, actuaries will need to work as part of a multi-functional team.
She noted that actuaries will help fulfill the emphasis on technical provisions under Solvency II and that actuaries are also required to give an opinion on underwriting policy.
She explained that the European body of actuaries, known as the Groupe Consultatif, is working with industry and regulators on the technical and professional standards that could apply to actuarial work.
Building internal models is an area of focus. Under Solvency II, companies may build internal models to measure their risks and capital requirements, but the models have to meet a use test and significant governance requirements.
“European regulators have tried to learn from the lessons of the financial crisis. We want to make sure that models are as useful as possible so each firm knows what the shortcomings are,” she said.
Ramon Calderon, Director for the Center for Insurance Policy & Research, NAIC, observed that while U.S. regulators welcome Solvency II for Europe, the new regime still raises questions.
“We’re all in the same boat. We seek prudent regulation and a competitive marketplace. But there are still open questions about Solvency II,” he said.
Calderon explained that some features of Solvency II have yet to be tested. “There is a lot of caution about the reliance on models and about how far we can go in group supervision,” he said.
By comparison, the U.S. solvency framework has been tested under fire. “It is a multi-jurisdictional system. There is a supervisory culture in place,” Calderon said.
With the exception of certain specialized monoline insurers, the U.S. insurance industry largely survived the economic crisis of 2008/2009. “This was because the underlying nature of the insurance business, the U.S. solvency framework, and fundamental risk management systems worked well together,” Calderon noted.
However, Calderon cautioned that U.S. regulators cannot afford to become complacent. As a result, the National Association of Insurance Commissioners (NAIC) adopted the Solvency Modernization Initiative in June 2008 that will identify potential changes to the solvency framework in the U.S.
According to Calderon, the U.S. is also active in international venues and taking leadership roles in International Association of Insurance Supervisors (IAIS) committees on solvency issues.
U.S. insurance regulators need to be engaged in the IAIS process, as they will be judged by the IAIS standards that are adopted, he added.
The Casualty Actuarial Society fulfills its mission to advance actuarial science through a focus on research and education. Among its 5,100 members are experts in property/casualty insurance, reinsurance, finance, risk management, and enterprise risk management.
Tuesday 8 December 2009
Solvency II fatigue is a real danger for the industry
"Solvency II fatigue is a real danger for the industry."
Phil Smart, Head of Solvency II at KPMG made this comment here. When I read his short article, his words kept on resonating. Of late, the industry has been battered with regulations. No sooner than one regulation is complied with, the industry is presented with another. It is very easy to lay the blame on the regulator; but the FSA is doing what it is expected to do. And they are doing a fine job of that.
The enormity of compliance is due to the fact that
With Solvency II, the industry – battered by the last set of regulations, and the current economic downturn – is in a real danger of fatigue. While there is not sufficient time for the insurers to wait for all the requirements to develop, there is considerable confusion in the industry on the best approach to tackle it.
The four Quantitative Impact Studies were expected to help companies assess their readiness for Solvency II compliance. At best it has helped converge their focus to models and Internal Model Approval Process (IMAP). There is an inherent danger of overindulgence on the model at the cost of other (equally) vital aspects about the regulation.
Solvency II is not just another ‘tick-in-the-box’ regulation. It seeks to bring a cultural change in an insurance organisation by embedding risk management as a vital component of your business. In the new regime, it requires a change in the organisation mindset. Anyone having implemented a change programme can appreciate the enormity of the task.
Solvency II readiness is about a methodical approach to its implementation. Ideally it should begin at securing senior management buy-in. The senior management need to appreciate the regulation and its impact across the organisation. Their buy-in is essential for initiating a cultural change in an organisation.
In most organisations, scattered groups are working across functions understanding the emerging requirements in details and their consequent impact on their function. There is an urgent requirement to bring all the disparate groups under a common programme to generate synergies across the work streams.
A thorough pan-organisation impact analysis need to be conducted to assess the efforts for implementation. QIS 3 results provide an ideal starting point for an impact analysis. Another best practice would be to validate the Solvency II requirements with your strategies. In the past, it has been a common folly to comply to the regulations with a ‘myopic’ view, resulting in misaligned priorities and conflicting strategies.
Access to reliable, cross-referenced data will be a key ingredient for successful compliance. As before, the IT department (or data champions within your organisation), should be included in all discussions to provide them with an early view of the requirements. It will definitely help to take a stock of your documentations and process maps and update them, if necessary.
With the publication of Level 2 Implementation measures, there is sufficient clarity on the subjects, and insurance organisations can plan for their implementation. If you have not already kick-started your Solvency II implementation programme, I strongly recommend doing it now. Before Christmas, if possible.
Phil Smart, Head of Solvency II at KPMG made this comment here. When I read his short article, his words kept on resonating. Of late, the industry has been battered with regulations. No sooner than one regulation is complied with, the industry is presented with another. It is very easy to lay the blame on the regulator; but the FSA is doing what it is expected to do. And they are doing a fine job of that.
The enormity of compliance is due to the fact that
- Principle based regulations are new to the geography. Insurers need to get used to them soon.
- The focus of current regulatory regime is around effective governance and management of business. As such, any fresh regulation has a pan-enterprise impact. Remember TCF? What seemed such a innocuous compliance, took a larger than estimated efforts for compliance.
- Regulations are evolving out of active consultation with the industry. While this is a healthy practice to generate feedback through consultation from the industry, it delays the clarity on requirements.
- Insurance companies’ mindset of ‘another tick in the box’ towards regulations
The four Quantitative Impact Studies were expected to help companies assess their readiness for Solvency II compliance. At best it has helped converge their focus to models and Internal Model Approval Process (IMAP). There is an inherent danger of overindulgence on the model at the cost of other (equally) vital aspects about the regulation.
Solvency II is not just another ‘tick-in-the-box’ regulation. It seeks to bring a cultural change in an insurance organisation by embedding risk management as a vital component of your business. In the new regime, it requires a change in the organisation mindset. Anyone having implemented a change programme can appreciate the enormity of the task.
Solvency II readiness is about a methodical approach to its implementation. Ideally it should begin at securing senior management buy-in. The senior management need to appreciate the regulation and its impact across the organisation. Their buy-in is essential for initiating a cultural change in an organisation.
In most organisations, scattered groups are working across functions understanding the emerging requirements in details and their consequent impact on their function. There is an urgent requirement to bring all the disparate groups under a common programme to generate synergies across the work streams.
A thorough pan-organisation impact analysis need to be conducted to assess the efforts for implementation. QIS 3 results provide an ideal starting point for an impact analysis. Another best practice would be to validate the Solvency II requirements with your strategies. In the past, it has been a common folly to comply to the regulations with a ‘myopic’ view, resulting in misaligned priorities and conflicting strategies.
Access to reliable, cross-referenced data will be a key ingredient for successful compliance. As before, the IT department (or data champions within your organisation), should be included in all discussions to provide them with an early view of the requirements. It will definitely help to take a stock of your documentations and process maps and update them, if necessary.
With the publication of Level 2 Implementation measures, there is sufficient clarity on the subjects, and insurance organisations can plan for their implementation. If you have not already kick-started your Solvency II implementation programme, I strongly recommend doing it now. Before Christmas, if possible.
Outsourcing: You need to understand what value means to you!
A couple of weeks ago, I was helping a client examine the efficacy of their sourcing initiative. The client had outsourced to an on-shore vendor who (apparently) was not seen as delivering value. My role was to examine the outsourced organisation and find the areas of conflict.
Outsourcing has been around for a while. In the post Y2K world, the business model caught the imagination of the businesses. What started off as a simple skill-augmentation based on cost arbitrage, soon developed into new forms – business process offshoring, Infrastructure outsourcing, total outsourcing and knowledge process outsourcing. The providers are continuously working on refining the business model, as customers’ appetite for sourcing grows.
Has outsourcing proven to be a reliable business model? Can businesses entrust all non-core activities to an outsourcing firm and confine their attention to their core-competencies? Can there be a virtual business with an extremely thin management layer, while all activities being supported by an outsourced model? We have to wait and watch.
While outsourcing has ingrained itself in the corporate strategy of the outsourcing companies, it still remains largely tactical. Very few organisations have approached outsourcing in a strategic manner. Having discussed the outsourcing initiatives with a number of organisations, I believe that despite all strategic intents, the outsourced operations are not perceived as an extension of the home office. There remains an intention to ‘squeeze the maximum’ out of the vendor from each new piece of work. And hence, a bumpy relationship with the vendor(s).
There any many such cases of not-so-smooth relationship existing between the two parties in an outsourcing deal.
So what has gone wrong? Or what has changed? The current economic climate has uncovered many (potential) points of conflict which have been kept under wraps. The downturn has forced senior management to explore cost saving initiatives within the organisation. Maintaining a large IT organisation and outsourcing definitely came under the spotlight. In addition, outsourcing companies have been known to cut costs to win new clients. The initial losses are amortised over a longer term by mining the client deeply and spreading services in new areas. A recession put an end to any new initiative.
Cost arbitrage holds good for the first year. Or may be second. In the first year, the purchaser gets as much as 30% - 40% gains simply by moving jobs offshore (lift-and-shift!). It looks very attractive on the balance sheet. During the second year, some more processes and/or systems get added to the offshored operations, and the magic continues. However, from the third year, if no serious efforts have been taken to ‘fix’ the processes/systems and gain through productivity improvements, better programme management and better governance, the reality hits hard. After having spoken to a large number of users, it was apparent that little effort was paid to improving the quality, removing operational constraints and integrate the offshored operation to the home office.
Vendors, on the other hand, regularly undercut prices to win a large deal. Once they have gained entry to the offices of a new client, the onsite person is pressured into expanding to new business functions, new systems or new service lines. Often the sheer difference in CMM levels between the client and vendor is sufficient to show budgetary gains in any projects that are undertaken. Vendors are very well aware that client organisations do not have any metrics to benchmark the performance. They definitely don’t encourage building any benchmarks either. Once sufficient volume of business has been acquired, the key skills (highly paid) are often replaced by rookies to cut costs. Ask a vendor about their ‘rookie ratio’ and watch their reaction. This is probably one of the best kept secrets from the clients.
So what is the best way forward?
I was interested and intrigued to find how companies treat their captive organisations. They are very similar to outsourced organisations. However they are run on an entirely different lines. While the captives are very similar to an outsourced entity, the approach of the parent company is very different towards it. It is an integral part of the organisation. There is no ‘us versus them’ feeling existing within the organisation. Due care is taken to build the knowledge base and motivation of the employees. The captive organisation employees are regularly integrated with the home organisation to inculcate the feeling of ‘oneness’. There is no desire to ‘squeeze’; relative capabilities of different teams are assessed for an optimal performance. The performance of the home and captive teams are evaluated on a similar basis.
The difference is very much in terms of the perception of business value that a buyer seeks from their sourcing initiative. In the case of outsourced business while the intention is to ‘squeeze’; in case of captive operations, the intention is to generate a sustainable value over longer period of time.
For the buyers of outsourced services, there is a lot to learn from the management of captive operations. Outsourced vendors have a business to run. As in any competitive scenario, they would use all possible means – foul or fair – to win a new business. It is important to understand their margins, their business challenges and work with them to mutual benefits. There is an urgent need to integrate the outsourced organisation to your home organisation. The integration needs to happen at a cultural, emotional and skill levels to get the best out of the employees of your outsourced organisation.
In one of the accounts that I used to manage for my employer, I would encourage client managers to spend at least 2 weeks working in the outsourced office. On their return, the managers had a completely different perspective of the remote office than they had before. And, this was after 2 years of outsourced relationship. The returning managers had a better grasp of the capabilities, working style and ethos of the remote office. On their part, the employees at the remote office connected better with the managers who had spent some time with them.
Another company has mandated that all senior employees from the offshore are rotated to the home office to build a rapport within the team.
While at home, companies take a lot of efforts toward people development, it is interesting to note that they rely on their vendor organisation’s capabilities to do this in the remote office. Your vendor organisation’s core capability is definitely not your line of business. Any capability development that would happen through them would not be aligned to your lines of business.
If outsourcing companies are seeking better value out of their initiatives, they need to explore the value that they seek out of it. I cannot it express it better than John Knowles, IT Director at Allianz, UK, who said, “You need to understand what value means to you”.
Thanks John for your insight and your wonderful comment. It aptly sums up the success of your organisation’s initiative in outsourcing!
- A leading life and pensions provider who had outsourced a substantial part of their IT to an outsourced vendor has recently hired a senior consultant to ‘fix’ the widening differences with their vendor. The relationship is less than 18 months old.
- The outsourcing partner of a leading mutual insurer has asked to raise the rates or agree to outsource more work. Duration of relationship – less than two years.
- A leading financial services firm has published a tender for seeking new vendor for their ITO initiative. Reason: The current vendor has not been able to understand their business priorities
John Knowles, Director IT Operations and Outsourcing at Allianz UK has setup a captive operation in India for his company. Amidst a number of 'outsourced operations', Allianz's captive operation is an island. It is not driven by motives of spreading across their client organisation like a rash. Nor is there monetary incentive for employees to perform at super-human levels. In our discussions John reflected on the challenges that he faced to maintain the employee morale. Unlike a typical outsourcing provider, he was not operating in price-war scenario. Nor was he interested in quick wins. Sheer perseverence, and investment in people has helped him scale his organisation to be a shared service centre across the global business.
If outsourcing companies are seeking better value out of their initiatives, they need to explore the value that they seek out of it. I cannot it express it better than John Knowles, IT Director at Allianz, UK, who said, “You need to understand what value means to you”.
Thanks John for your insight and your wonderful comment. It aptly sums up the success of your organisation’s initiative in outsourcing!
Friday 4 December 2009
Solvency II: Data – The Hidden Culprit?
In my previous blog, I have commented on the inadequate preparation for the implementation of Solvency 2. I had also commented on the possible challenges that a company’s Information Systems can pose on the implementation. Perhaps the most serious challenge to implementation would come from data. It has happened before – there are plenty of case studies on the Net about how inadequate and inconsistent data has led to project failures and inordinate delays. More recently, Banks faced severe challenges during implementation of Basel II as they underestimated their data issues.
Insurance companies have large volumes of data. Being one of the earliest adopter of IT in their businesses, companies have accumulated large quantities of data across their IT systems. However, the sheer volume of data has often proved to be a bane. As their IT estate have grown tactically, the data residing in those systems are inconsistent, duplicate and orphans. Traditionally most reporting have been standard, being generated out of a tactical process. The data users within insurance companies have learnt to receive data in ‘piecemeal’, use indigenous techniques for purification and de-duplication, before using them for their purpose. However, this approach will not see them through the new regulation.
Insurance companies have taken efforts in the past to cleanse their business of this problem. However, in the absence of a strategic approach, each new effort has led to creation of yet another ‘definitive’ source of data. At the enterprise level, this has added another source of (duplicate) data.
Solvency II: The focus on data management
The Supervisory Review Process under Pillar 2 regulates how ORSA (Own Risk and Solvency Assessment) is achieved. To do so, it places increased scrutiny on
Solvency II – Data architecture
Under Solvency II, there will be an increased demand for historical data to support capital calculation. A ‘piecemeal’ approach to data sourcing will not be a viable option, given the volume of data requirement and increased scrutiny by the regulator on how data is being sourced. Based on the experiences of Basel II, a robust, well documented data architecture will be a key enabler for compliance.
I have highlighted how insurance companies have unsuccessfully attempted to create an enterprise data. With the benefit of this experience, perhaps a balanced approach to data architecture will be a do-able option. Companies should centralise the acquisition, preparation and storage of historical data, but decentralise the development of data stores for analysis and reporting. Centralising the management and sourcing of all reference data implies that data is validated within the architecture and any anomalies can be remedied as close to the source as possible. A master source of data will avoid any inconsistencies in reporting when data is sourced from functional data stores maintained by the user departments.
Solvency II – Data Quality Management
The effectiveness of insurance company’s internal models cannot be guaranteed unless the quality and accuracy of the input data is ensured. Insurance companies, traditionally, suffer from serious data quality issues – incomplete validation, out-of-date reference data, missing fields, orphan records, inaccurate mappings rules and tables etc. All such issues may lead to delays in updating the models, requirement to maintain provision for uncertainty, improper calculations and greater efforts. The greatest challenge with in data management is that it cannot be handled at individual department’s level. Data is a corporate asset and hence it needs to be treated accordingly.
Solvency II – Data Governance
Pillar 2 requirements requires heavy scrutiny of the data sourcing process. In the new regime it will not be sufficient to demonstrate that those involved in capital calculation have a good understanding of data. Companies, on the other hand will have to demonstrate a similar level of rigour across the organisation. Keeping this in mind, enforcing good data governance across data management and analysis process will ensure that the data platforms would stand up to the regulatory scrutiny and pave way for wider data-based decision making.
Unlike previous rule-based regulations, Solvency II seeks to inculcate a cultural change in insurance companies. Companies need to embed a risk based approach in day-to-day decision making. Being compliance to Solvency II is not just a ‘tick-in-the-box’. The business implications of compliance to this regulation extends far beyond that. For those who get it right, there are larger rewards in store – companywide data architecture, stronger governance, lower operating costs, being some of them. A key success criteria for harnessing the benefits is to look beyond the obvious, understand the full implications of the regulation across the company and make early advances towards compliance.
Solvency II: The focus on data management
- Controls around gathering and storage of risk data
- Evidence that risk assessments are based on accurate, complete and appropriate historical data
- Evidence of consistency and accuracy between data used for capital calculation and that being used for reporting across the organisation.
During Basel II implementation, most banks failed to demonstrate data governance from its creation, through its journey across various functional repositories to the point when it became available for analysis. Banks failed to estimate the scale of data quality problem and the efforts required to fix them. Consequently, many had to adopt tactical fixes which are being fixed up till today. Another result of this underestimation was that banks had to hold a higher level of capital to compensate for increased uncertainty arising out of unresolved data issues.
To avoid this pitfall, insurance companies should adopt a data management framework comprising of three key components – data architecture, data governance and data quality. By tackling the data on these three fronts, insurance companies would be able to get their data in the shape needed for compliance of solvency II as well as harnessing capital efficiencies from the regulation.
The experience of Basel II has suggested that data quality management can take considerable efforts. Given the quality of data in insurance companies, it is wise to start this exercise immediately.
Data governance must also be extended to analytical processes. Traditionally, most risk calculations happened out of macro-enabled spreadsheets residing in analysts’ PCs. These calculation tools need to be ‘stress-tested’ for robustness. The calculation methodologies too, need to be stress-tested and documented for scrutiny by the regulators.
Thursday 3 December 2009
Management of change is a tight rope walk!
The other day I was helping an ex-colleague respond to an online questionnaire for a potential job opportunity. The role was for Change Management. The potential employer - one of the Big 4s - had a very interesting question: "Which Change Management methodologies have you used in the past?". This question set me thinking. Have (we) consultants reduced such a delicate issue as Change to a methodology? And if were just about methodology, we can churm out potential change managers by huge numbers on the production line (a.k.a. management schools).
And if it is a process (i.e., set of discreet activities) that lead to a defined results, companies don't need Big 4 any more. Any BPO/ITO/KPO/XXO vendor can deliver the change from offshore. Big 4s, watch out!
I have handled transformation programmes (and the inherent change element) of varied sizes before. I have found it to be emotionally draining, very intense, but extremely rewarding experience. No amount of compensation can beat the sight of a (formerly) resistant person, helping their co-workers with their newly acquired skills.
Methodologies help. No doubt about it. But to the extent of developing an understanding of what goes in a change programme. If you select a change manager only on the basis of their knowledge of a particular methodology, I believe your change programme may be in for serious challenges.
And if it is a process (i.e., set of discreet activities) that lead to a defined results, companies don't need Big 4 any more. Any BPO/ITO/KPO/XXO vendor can deliver the change from offshore. Big 4s, watch out!
I have handled transformation programmes (and the inherent change element) of varied sizes before. I have found it to be emotionally draining, very intense, but extremely rewarding experience. No amount of compensation can beat the sight of a (formerly) resistant person, helping their co-workers with their newly acquired skills.
Methodologies help. No doubt about it. But to the extent of developing an understanding of what goes in a change programme. If you select a change manager only on the basis of their knowledge of a particular methodology, I believe your change programme may be in for serious challenges.
Wednesday 2 December 2009
Solvency 2 – Is your Information Systems ready for the challenge?
There is a general consensus in the industry that insurers would need to make significant changes in their IT to be able to meet Solvency 2 requirements. Many of the Solvency 2 implementation requirements involve technology processes, systems and internal modelling functions. Data - a key ingredient – for compliance sits in disparate systems. Having discussed the current challenges being faced by the insurers, I have tried to highlight the challenges that Solvency 2 poses in data management, modelling, governance and alignment of IT with risk management and control functions.
Solvency 2 implementation involves information systems and technology in multiple ways across the three pillars.
Pillar 1 Challenges
Pillar 1 raises challenges for information systems and IT support. Solvency 2 influences many existing IT applications and requires additional functionalities to be developed. The impact assessment of Solvency 2 should focus on application architecture and functional as well as non functional requirements. It is important to ensure appropriateness, completeness and quality of data to be used in the calculation of risk capital, technical provisions and internal models. This involves robust data management capability and controls.
Insurers need to prepare documentation standards and evidence for all supporting systems. Information Systems is a part of operational risk under Solvency II. Hence, appropriate risk indicators for Information Systems should be taken in account for their quantification.
Pillar 2 Challenges
Pillar 2 raises challenges on IT governance, outsourcing and internal audit. An appropriate IT risk and control framework must be implemented as part of overall risk management framework and embedded in IT governance. All outsourced processes – system development or maintenance – must comply to Solvency 2 requirements. An effective internal audit function need to be in place to ensure that companies Information Systems are covered.
Pillar 3 Challenges
Pillar 3 raises challenges on the systems that support compliance. Companies will have to provide information on IT governance as a part of supervisory reports. Systems need to be enhanced, or new systems put in place for development and production of Solvency 2 reports.
The QIS 2 & 3 reports have identified have already revealed data-related challenges with regard to calculation of risk capital and internal models. It also mentioned the issues related to capture of data for calculation of operational risk.
The way forward
Let’s not forget the banks who had to undergo similar challenges around their information systems during their implementation of Basel II. During the implementation of Basel II, the following areas were found to be lacking:
• Integration
• Insufficient alignment of IT risk management and controls
• The role of IT and dependencies were not clearly identified
• Definition of IT risks – incidents and losses – were not readily available
Insurance companies would benefit from their experience and avoid failures and unnecessary costs. Below are some areas that require immediate attention:
• Companies need to focus on a thorough analysis of their data and IT applications. This will help increase consistency and reduce duplication of efforts and drive down cost of implementation.
• Identification of interface issues, data harmonisation and standardisation need to take place. This will lead to significant simplification of dataflow issues with respect to Solvency 2.
• Identify inconsistent or missing documentation
• Assess your systems’ capabilities to store high volume of data and their retrieval to ensure sufficient availability and access of data related to Solvency 2
• Companies need to take significant steps to prepare for the capture, storage and access of historic data required for the capital calculation
• Extra attention is required to design and prepare for the required reports
Most companies tend to adopt a ‘siloed’ approach to implementation of regulatory programmes. They tend to address individual technology issues as the project progresses. Instead they should adopt a comprehensive approach to avoid inconsistencies and duplications.
By now there is sufficient clarity on the requirements. There is no point in waiting for all the requirements to be finalised before initiating any change programme. The Solvency 2 team within the insurance companies should include IT risks, IT related dependencies and constraints into account when developing capital calculations, and risk management initiatives.
In a recent study Celent estimates the cost of Solvency 2 implementation to be about €900 million for the European Insurance Industry. Given the state of IT within an insurance enterprise, I believe the actual can be much higher than this. But the larger issue is – having spent the money, can you be sure that your Information System is ready for the challenge?
Solvency 2 implementation involves information systems and technology in multiple ways across the three pillars.
Pillar 1 Challenges
Pillar 1 raises challenges for information systems and IT support. Solvency 2 influences many existing IT applications and requires additional functionalities to be developed. The impact assessment of Solvency 2 should focus on application architecture and functional as well as non functional requirements. It is important to ensure appropriateness, completeness and quality of data to be used in the calculation of risk capital, technical provisions and internal models. This involves robust data management capability and controls.
Insurers need to prepare documentation standards and evidence for all supporting systems. Information Systems is a part of operational risk under Solvency II. Hence, appropriate risk indicators for Information Systems should be taken in account for their quantification.
Pillar 2 Challenges
Pillar 2 raises challenges on IT governance, outsourcing and internal audit. An appropriate IT risk and control framework must be implemented as part of overall risk management framework and embedded in IT governance. All outsourced processes – system development or maintenance – must comply to Solvency 2 requirements. An effective internal audit function need to be in place to ensure that companies Information Systems are covered.
Pillar 3 Challenges
Pillar 3 raises challenges on the systems that support compliance. Companies will have to provide information on IT governance as a part of supervisory reports. Systems need to be enhanced, or new systems put in place for development and production of Solvency 2 reports.
The QIS 2 & 3 reports have identified have already revealed data-related challenges with regard to calculation of risk capital and internal models. It also mentioned the issues related to capture of data for calculation of operational risk.
The way forward
Let’s not forget the banks who had to undergo similar challenges around their information systems during their implementation of Basel II. During the implementation of Basel II, the following areas were found to be lacking:
• Integration
• Insufficient alignment of IT risk management and controls
• The role of IT and dependencies were not clearly identified
• Definition of IT risks – incidents and losses – were not readily available
Insurance companies would benefit from their experience and avoid failures and unnecessary costs. Below are some areas that require immediate attention:
• Companies need to focus on a thorough analysis of their data and IT applications. This will help increase consistency and reduce duplication of efforts and drive down cost of implementation.
• Identification of interface issues, data harmonisation and standardisation need to take place. This will lead to significant simplification of dataflow issues with respect to Solvency 2.
• Identify inconsistent or missing documentation
• Assess your systems’ capabilities to store high volume of data and their retrieval to ensure sufficient availability and access of data related to Solvency 2
• Companies need to take significant steps to prepare for the capture, storage and access of historic data required for the capital calculation
• Extra attention is required to design and prepare for the required reports
Most companies tend to adopt a ‘siloed’ approach to implementation of regulatory programmes. They tend to address individual technology issues as the project progresses. Instead they should adopt a comprehensive approach to avoid inconsistencies and duplications.
By now there is sufficient clarity on the requirements. There is no point in waiting for all the requirements to be finalised before initiating any change programme. The Solvency 2 team within the insurance companies should include IT risks, IT related dependencies and constraints into account when developing capital calculations, and risk management initiatives.
In a recent study Celent estimates the cost of Solvency 2 implementation to be about €900 million for the European Insurance Industry. Given the state of IT within an insurance enterprise, I believe the actual can be much higher than this. But the larger issue is – having spent the money, can you be sure that your Information System is ready for the challenge?
Tuesday 1 December 2009
Solvency 2 - Are you adequately prepared for it?
Enough is known about the shape of final Solvency 2 requirements for insurers to being work. However in my view the industry has not yet realised the extent of work required to be done duing the next two years. Any further delays now will be costly in the future. This is particularly true for firms that want to use internal models.
A recent survey conducted by Deloitte indicated that most companies are very much in the planning phase for Solvency 2. Some other observations coming out of this survey indicates the following:
1. Stakeholder Engagement: Majority of the companies still do not have adequate board and manegerial engagement. Without sufficient board and manegerial engagement there is a risk that the new regime would not be fully embedded within the organisation and some opportunities may be lost.
For companies who have not done this, it is important that the board and managerial team are fully briefed and engaged on the regulatory requirement. Internal stakeholders need to be identified and assigned clear roles and responsibilities.
2. Strategic Intent: A clear and well thought-out strategy can enable an organisation to equip itself with a competitive edge. An organisation implementing Solvency 2 can also benefit from potential synergies with other programmes (e.g. IFRS II). The survey indicated over 60% of the companies are yet to determine their implementation approach for Solvency II.
Companies need to assess the wider impact of Solvency 2 (e.g. how can the regulations be used to improve business performance). They also need to explore potential synergies arising out of their existing programmes and future regulations.
3. Preparedness: It is heartening to know that gap analysis is underway in most companies. However, the next stages are yet to be defined. One-fifth of the respondents had an internal team in place with full responsibility for preparing for Solvency 2 requirements. Many companies are expecting to bring external resources to help them implement the requirements.
To ensure preparations are complete in time companies should have a clear vision for the 'end state'. They need to review priorities within their change portfolio and shift priorities, if required. Finally, for a programme of this magnitude, it is important that they have an appropriate programme governance in place.
4. Integrating Solvency II requirements within the business: This is an area where many firms need to undertake more work. Unlike previous regulations (except perhaps TCF) Solvency II should be seen as an enabler for better business performance. Most companies have not aligned their risk decisions to strategic objectives. The risk appetite is largely focussed on capital requirements with little regard to earning visibility. For many companies there is a need to ensure that risk based decision making is adopted as a culture within the organisation.
To ensure that Solvency II requirements are embedded, companies need to assess the ‘cultural dimension’ of the regulation and design an adequate change programme for it.
5. Implementation: Till date companies have predominantly focussed their attention on the requirements of Pillar 1 at the expense of Pillar 2 & 3. While most of the companies have programme initiation, gap analysis and implementation planning on their agenda for the next six months, some key areas are still neglected (e.g. Management Information). Quality information will play a key role in gaining strategic and operational advantage and need to be considered early on.
For companies contemplating implementation, they need to plan for the requirements of Pillar 2 & 3 concurrently. Companies also need to consider their management information needs as a part of their holistic approach.
Solvency II is not expected to be in force till October 2012. However, insurance companies do not have the luxury of time on their hands. The experience of implementing Basel II regulations in Banking suggest that insurance companies need to initiate change programme now in order to avoid last minute surprises. Substantial changes are required across the enterprise and most companies are very much in the planning stage for Solvency II. The next 6 – 12 months call for significant investment of efforts to make that happen.
A recent survey conducted by Deloitte indicated that most companies are very much in the planning phase for Solvency 2. Some other observations coming out of this survey indicates the following:
1. Stakeholder Engagement: Majority of the companies still do not have adequate board and manegerial engagement. Without sufficient board and manegerial engagement there is a risk that the new regime would not be fully embedded within the organisation and some opportunities may be lost.
For companies who have not done this, it is important that the board and managerial team are fully briefed and engaged on the regulatory requirement. Internal stakeholders need to be identified and assigned clear roles and responsibilities.
2. Strategic Intent: A clear and well thought-out strategy can enable an organisation to equip itself with a competitive edge. An organisation implementing Solvency 2 can also benefit from potential synergies with other programmes (e.g. IFRS II). The survey indicated over 60% of the companies are yet to determine their implementation approach for Solvency II.
Companies need to assess the wider impact of Solvency 2 (e.g. how can the regulations be used to improve business performance). They also need to explore potential synergies arising out of their existing programmes and future regulations.
3. Preparedness: It is heartening to know that gap analysis is underway in most companies. However, the next stages are yet to be defined. One-fifth of the respondents had an internal team in place with full responsibility for preparing for Solvency 2 requirements. Many companies are expecting to bring external resources to help them implement the requirements.
To ensure preparations are complete in time companies should have a clear vision for the 'end state'. They need to review priorities within their change portfolio and shift priorities, if required. Finally, for a programme of this magnitude, it is important that they have an appropriate programme governance in place.
4. Integrating Solvency II requirements within the business: This is an area where many firms need to undertake more work. Unlike previous regulations (except perhaps TCF) Solvency II should be seen as an enabler for better business performance. Most companies have not aligned their risk decisions to strategic objectives. The risk appetite is largely focussed on capital requirements with little regard to earning visibility. For many companies there is a need to ensure that risk based decision making is adopted as a culture within the organisation.
To ensure that Solvency II requirements are embedded, companies need to assess the ‘cultural dimension’ of the regulation and design an adequate change programme for it.
5. Implementation: Till date companies have predominantly focussed their attention on the requirements of Pillar 1 at the expense of Pillar 2 & 3. While most of the companies have programme initiation, gap analysis and implementation planning on their agenda for the next six months, some key areas are still neglected (e.g. Management Information). Quality information will play a key role in gaining strategic and operational advantage and need to be considered early on.
For companies contemplating implementation, they need to plan for the requirements of Pillar 2 & 3 concurrently. Companies also need to consider their management information needs as a part of their holistic approach.
Solvency II is not expected to be in force till October 2012. However, insurance companies do not have the luxury of time on their hands. The experience of implementing Basel II regulations in Banking suggest that insurance companies need to initiate change programme now in order to avoid last minute surprises. Substantial changes are required across the enterprise and most companies are very much in the planning stage for Solvency II. The next 6 – 12 months call for significant investment of efforts to make that happen.
Subscribe to:
Posts (Atom)