There is a general consensus in the industry that insurers would need to make significant changes in their IT to be able to meet Solvency 2 requirements. Many of the Solvency 2 implementation requirements involve technology processes, systems and internal modelling functions. Data - a key ingredient – for compliance sits in disparate systems. Having discussed the current challenges being faced by the insurers, I have tried to highlight the challenges that Solvency 2 poses in data management, modelling, governance and alignment of IT with risk management and control functions.
Solvency 2 implementation involves information systems and technology in multiple ways across the three pillars.
Pillar 1 Challenges
Pillar 1 raises challenges for information systems and IT support. Solvency 2 influences many existing IT applications and requires additional functionalities to be developed. The impact assessment of Solvency 2 should focus on application architecture and functional as well as non functional requirements. It is important to ensure appropriateness, completeness and quality of data to be used in the calculation of risk capital, technical provisions and internal models. This involves robust data management capability and controls.
Insurers need to prepare documentation standards and evidence for all supporting systems. Information Systems is a part of operational risk under Solvency II. Hence, appropriate risk indicators for Information Systems should be taken in account for their quantification.
Pillar 2 Challenges
Pillar 2 raises challenges on IT governance, outsourcing and internal audit. An appropriate IT risk and control framework must be implemented as part of overall risk management framework and embedded in IT governance. All outsourced processes – system development or maintenance – must comply to Solvency 2 requirements. An effective internal audit function need to be in place to ensure that companies Information Systems are covered.
Pillar 3 Challenges
Pillar 3 raises challenges on the systems that support compliance. Companies will have to provide information on IT governance as a part of supervisory reports. Systems need to be enhanced, or new systems put in place for development and production of Solvency 2 reports.
The QIS 2 & 3 reports have identified have already revealed data-related challenges with regard to calculation of risk capital and internal models. It also mentioned the issues related to capture of data for calculation of operational risk.
The way forward
Let’s not forget the banks who had to undergo similar challenges around their information systems during their implementation of Basel II. During the implementation of Basel II, the following areas were found to be lacking:
• Integration
• Insufficient alignment of IT risk management and controls
• The role of IT and dependencies were not clearly identified
• Definition of IT risks – incidents and losses – were not readily available
Insurance companies would benefit from their experience and avoid failures and unnecessary costs. Below are some areas that require immediate attention:
• Companies need to focus on a thorough analysis of their data and IT applications. This will help increase consistency and reduce duplication of efforts and drive down cost of implementation.
• Identification of interface issues, data harmonisation and standardisation need to take place. This will lead to significant simplification of dataflow issues with respect to Solvency 2.
• Identify inconsistent or missing documentation
• Assess your systems’ capabilities to store high volume of data and their retrieval to ensure sufficient availability and access of data related to Solvency 2
• Companies need to take significant steps to prepare for the capture, storage and access of historic data required for the capital calculation
• Extra attention is required to design and prepare for the required reports
Most companies tend to adopt a ‘siloed’ approach to implementation of regulatory programmes. They tend to address individual technology issues as the project progresses. Instead they should adopt a comprehensive approach to avoid inconsistencies and duplications.
By now there is sufficient clarity on the requirements. There is no point in waiting for all the requirements to be finalised before initiating any change programme. The Solvency 2 team within the insurance companies should include IT risks, IT related dependencies and constraints into account when developing capital calculations, and risk management initiatives.
In a recent study Celent estimates the cost of Solvency 2 implementation to be about €900 million for the European Insurance Industry. Given the state of IT within an insurance enterprise, I believe the actual can be much higher than this. But the larger issue is – having spent the money, can you be sure that your Information System is ready for the challenge?
No comments:
Post a Comment