Solvency II Compliance

Favorites

Download

While the new directive is bound to be beneficial, it has thus far received mixed reviews. For many insurance organizations, it has proved to be an additional regulatory burden. For others, it has become a competitive advantage – an opportunity to transform risk management strategies and invite the trust of shareholders and customers. But then again, Solvency II was always intended to encourage competitiveness within the financial services sector.

Prior to the Solvency II Directive, globalization had driven local insurers to expand internationally in order to grow. Thus began a wave of mergers and acquisitions in industrialized countries and especially in the European Union. But with varying requirements and regulations across countries, it became difficult to compete on an equal footing.

Solvency II is set to overcome these challenges by creating a single market for insurance services in Europe, and leveling the playing field by ensuring consistent regulation across countries. It is also poised to offer increased protection for insurance firms, their shareholders and customers by mandating better capital and risk management.

Risk management is becoming increasingly important to insurers as they diversify the scope of their services beyond insurance. The recent financial crisis truly highlighted how vulnerable the financial sector is to risks. And although insurance companies may not have been as heavily impacted as other financial firms, they too have been surrounded by a prevailing sense of uncertainty and skepticism.

In this volatile environment, Solvency II stands as a pillar of stability. Its rigorous focus on risk management and capital reserves are bound to help insurance companies protect themselves and their customers against future financial crises. No doubt it will require significant investment, time and effort to implement. But it is sure to transform the insurance industry’s risk management operations and improve its solvency.

Solvency II may be a European regulation, but its impact is bound to be felt in the US. American insurers with parent companies in the EU will have to follow Solvency II requirements such as calculating the SCR and MCR, building a risk management framework, developing internal models, conducting an ORSA, and meeting documentation and reporting standards. Along the same lines, US parent companies with European subsidiaries will need to meet Solvency II requirements with respect to those subsidiaries.

The three pillars of Solvency II
Like Basel II, Solvency II consists of three main pillars:

• Pillar 1 lays out the quantitative requirements such as the amount of capital that insurers need to set aside to address various risks
• Pillar 2 sets forth the supervisory review process that focuses on evaluating the adequacy of a firm’s capital and risk management systems and processes.
• Pillar 3 focuses on disclosure and transparency of risk and capital management

Applying Solvency II
Firms implementing Solvency II will need to focus on the following core functions:

• Risk Management
  Thus far, the main focus of Solvency II has been on capital requirements. But risk management is just as, if not more important. Most often, a well-planned and well-implemented risk management system is far more effective than any amount of capital. But for a risk management system to be effective, it needs to address the entire scope of organizational risks. It must include strategies, processes and reporting procedures to consistently monitor, manage and report the organization’s risks individually and in relation to each other.
  
  As per Pillar II requirements, organizations need to conduct an Own Risk and Solvency Assessment (ORSA) to consistently assess their overall solvency needs and compliance with capital requirements.
  
  ORSA must be treated as an integral part of business strategy and its results have to be reported to supervisory authorities. This will require organizations to establish proper processes for identifying and quantifying risks, and demonstrating that these processes have been designed specific to their risk profile.


• Solvency Capital Requirement (SCR)
  The SCR is most often calculated using a standard formula that reflects the organization’s risk profile. It is required to be calculated at least once a year, reported to the supervisor and published. If there are any deviations from the assumptions underlying the SCR, it will have to be recalculated.
  
  The rationale behind the SCR is to protect policy holders from losses and reduce the risk that an insurer may be unable to meet claims. It also provides insurers and supervisors with an early warning for prompt intervention if the solvency capital falls below permissible levels.


• Transparency
  As per Pillar 2 and Pillar 3 requirements, organizations need to maintain a high level of transparency in their risk and capital management operations. Transparency is important because it enables the organization to get a clear picture of their risk management processes and compliance with capital requirements. This, in turn, will help them make informed strategic decisions.
  
  On a larger level, transparency is required to help supervisors judge and assess the organization’s capacity to withstand unfavorable events such as financial crises. Transparency also helps build trust in the organization. People are more likely to approach an insurance organization that is transparent in its dealings because it indicates that the organization is committed to its customers.

Solvency II - The Path to Follow
Insurers with operations outside Europe will also be impacted by Solvency II, as many countries have begun developing similar regulations. Canada, Japan, Chile, South Africa and reinsurance centers like Bermuda and Guernsey have all announced their intention to move to solvency regimes patterned on or equivalent to Solvency II.

In response, the National Association of Insurance Commissioners (NAIC) has embarked on a Solvency Modernization Initiative (SMI) to examine and improve the US Insurance Solvency Framework, while assessing the usefulness of international regulatory developments such as Solvency II. The new initiative will also address the issue of ‘equivalence.’ Mandated by Solvency II, equivalence rules lay out requirements for a country’s regulatory standards to be considered equivalent to Solvency II. If equivalence is achieved, compliance could be simplified - US subsidiaries with parent companies would need to comply primarily with US standards. But if equivalence is not achieved, free trade could be affected between the US and Europe. In addition, competitive issues could arise between US domiciled companies and US subsidiaries of EU parents.

Some Insurers across the globe are already using Solvency II as a foundation to build economic capital and risk management frameworks. This might require tremendous time, money and effort, but, as the recent financial crisis demonstrated, compliance with a well-researched risk management framework like Solvency II is crucial to tide over future crises. Besides, customers would rather opt for a company that operates a risk management framework in compliance with internationally recognized standards.

The future of insurance regulation points to the development of a uniform international capital standard. This would greatly simplify compliance, especially for multinational companies. But if this initiative is ever undertaken, Solvency II is likely to be at the forefront. Therefore it might be useful for US insurers to understand Solvency II requirements and its impact on their business, and consider developing a similar risk and capital management framework.

The Challenges of Solvency II Implementation
Solvency II may be due for implementation only in 2012. But organizations that have made a head-start are fast realizing the challenges associated with the new directive:

High costs
In 2008, Celent reported that overall, European insurance companies were allocating between €700 million and €900 million for Solvency II IT projects. The previous year, CEA had estimated that the initial administrative costs would amount to €2-3 billion . Of course, the costs might differ from one organization to another, but clearly, Solvency II represents a major investment for all.

Post the financial crisis, insurance organizations that are struggling with fragile capital will find it even more difficult to conform to the Solvency Capital Requirements. In addition, they will have to bear the costs of establishing an effective risk management framework that can assess and monitor risks, conduct internal audits and provide periodic reports. As these operations have to be carried out continuously and across geographical locations, managers may have to be hired to oversee the process.

Insurers who are tempted to adopt a minimum compliance strategy may end up spending more in the long run. If supervisors discover that an insurer’s risk management framework is inadequate, they could raise the capital requirements.

The nature and variety of risks
Insurers have always operated in volatile markets. However, with rapid changes in the business environment, these volatilities and uncertainties have only increased. Catastrophic risks like terrorist attacks, high unemployment rates, floods, earthquakes and hurricanes are impacting the way insurers reassess insurability criteria, pricing structures, policy reservations, solvency and corporate viability. Technological risks such as cyber theft and fraud are threatening the security of valuable information and increasing the risks of lawsuits. Legal risks from disgruntled policy holders are threatening insurers’ funds and very reputations.

Calculating these risks in a quantifiable manner and monitoring them continuously is nothing short of complex. Not only are these risks inter-related, they are constantly changing and many-a-time, increasing in number. To top it off, the risks have to be managed across global operations, business units and departments.

Clearly, risk management is a complex endeavor. Insurers have to define the organization’s risk appetite, compile a risk inventory, prioritize risks, implement controls, establish ownership for the controls and risks, develop reporting for stakeholders and consistently ensure that the risks encountered by the organization stay well within its risk appetite.

The increasing number of compliance regulations
While the spotlight may be on Solvency II, other regulations in the insurance sector demand equal attention to compliance. In Europe, insurers have to grapple with reinsurance directives, Sarbanes-Oxley (SOX) regulations which mandate effective internal control frameworks, International Financial Reporting Standards (IFRS) which demand greater financial transparency, tougher provisions on customer protection and anti-money laundering regulations. With the introduction of the European Systemic Risk Board and the European Insurance Occupational Pensions Authority (EIOPA), the EU regulatory environment is set to become even more complex.

These compliance regulations often come with hundreds of requirements and procedures that are subject to constant change. Navigating this complex web of regulations is extremely complex. Compounding matters is the global nature of insurance operations. As insurance companies expand to different markets, they have to deal with newer regulations, standards and laws. This makes compliance all the more daunting.

Providing real-time exposure into risk and compliance information
As discussed earlier, transparency is an integral part of Solvency II. Insurance organizations have to consistently monitor and provide reports on their risk and compliance status, address vulnerabilities in the system and judge the efficacy of internal controls. Without real-time visibility into these factors, they cannot make the right business decisions or submit reports for supervisory review.

Documentation is just as important as reporting and monitoring. A number of insurance organizations carry out their documentation using spreadsheets and paper-based processes. Although this manual approach may still be popular, it is often tiresome and prone to errors especially in large insurance organizations that deal with thousands of clients and policies. Sifting through hundreds and thousands of papers requires tremendous time and effort. Electronic records may be more efficient, but they run the risk of being hacked into or subject to fraud.

Overcoming Solvency II challenges through a Streamlined Approach to Risk and Compliance management
To gain the most out of Solvency II, insurance organizations need to align their risk profile with their risk appetite, and their risk appetite with their business strategy. This kind of alignment requires collaboration across business operations, departments and geographical locations. Unfortunately, many insurance organizations still function in a fragmented, isolated manner. For instance, SOX compliance may be carried out in separate initiatives across two business locations. This approach is neither efficient nor cost-effective as it duplicates costs and efforts.

Reducing all risks is not the best approach either. It may be ‘safe,’ but it is hardly profitable -Some risks can actually be transformed into opportunities with immense rewards. A more optimal approach would be to understand, quantify and manage risks in a manner that is appropriate to each.

The key is to adopt a systematic, streamlined approach to risk and compliance management. This way, organizations can gain a unified view into risks and controls across the enterprise and ensure high transparency. Risks can be clearly defined and managers can ensure that their organization stays within its risk appetite.

A streamlined approach also improves collaboration across the enterprise. This is especially useful as risks and compliance mandates are often inter-related. It also helps risk and compliance activities to be aligned with corporate objectives. As a result, the entire organizations can operate as a single entity, collaborating with ease and making informed decisions based on hard facts and metrics.

MetricStream’s Integrated GRC Solutions
MetricStream provides a suite of comprehensive solutions that are designed to help insurance companies manage a wide range of risk and compliance related activities, data and processes. Used by leading insurance organizations across the world, MetricStream solutions are renowned for their flexibility, scalability and extendibility. Advanced capabilities like built-in remediation workflows, risk assessment methodologies and dashboards with drill down capabilities allow organizations to implement industry best practices for efficient risk and compliance management.

The solutions are provided on a centralized platform, allowing insurance organizations to manage all their risk and compliance needs using a single point of reference. This integrated approach improves collaboration across the enterprise, avoids duplication of resources and efforts, and reduces costs. At the same time, it allows independent responsibilities to be assigned to specific individuals, thereby increasing accountability.

To aid with effective Solvency II implementation, MetricStream provides the following key solutions:

Risk Management
Meeting Solvency II regulatory requirements will be a transformational step taken by insurance organizations in Europe towards a risk based capital model. MetricStream Risk Management Solution will support insurance organizations in this move by providing a centralized framework to assess and document the different types of risks like Underwriting, Credit, Market, Operational, Liquidity risks etc. The solution helps in assessing risks and arriving at the inherent risk score. Based on the inherent risk score, controls can be defined and implemented to mitigate the risk and residual risk score can be calculated.

Defining controls is followed by assessing the controls on an ongoing basis and the solution supports this need faced by insurance organizations. Different scenarios can be defined in the solution and the risk score can be calculated for each of the scenarios. Key risk indicators can be defined and monitored for breach. Powerful tools such as risk calculators and risk heat maps help to closely analyze and monitor the organization's risk profile. This way, the organization can confidently prepare itself for Solvency II supervisory reviews.

Compliance Management
MetricStream Compliance Management Solution provides a common framework and integrated approach to manage the entire gamut of compliance regulations. Therefore, organizations can ensure complete compliance not only with insurance-specific mandates such as Solvency II, but also with cross-industry mandates such as the Sarbanes-Oxley Act. The solution helps maintain a centralized structure of the overall compliance hierarchy including processes and assets in scope, risks, controls, policies and procedures, reporting requirements, schedules and filing templates.

The solution also creates a transparent environment for the identification and tracking of all compliance issues through advanced functionalities such as risk heat maps, control monitoring and compliance dashboards. Issues that are identified are either automatically resolved or routed to the appropriate personnel for remediation action

Audit Management
MetricStream Audit Management Solution provides a comprehensive framework for managing the complete audit lifecycle from audit planning and scheduling, through field data collection and the development of audit reports, to audit reviews and implementation of audit recommendations. It also enables audits to be conducted offsite.

Using the solution, auditors can conduct a gap analysis to identify areas of non-compliance. Automated functionalities along with a systematic, work-flow driven process help to eliminate audit errors and inconsistencies while improving the efficiency of audit processes. The solution automates all basic auditing processes, enabling audit staff to focus on value-oriented functions such as analyzing and recognizing trends in audit data.

Additional functionalities
Across the above software solutions, MetricStream provides the following additional functionalities:

• Document management: MetricStream solutions provide a centralized repository to store and manage all documents, written policies and procedures. Integrated collaboration and workflow tools enable organizations to access, create, modify, review and approve these documents globally in a controlled manner.
• Issue management: MetricStream solutions enable companies to establish and follow consistent procedures for issue capture, loss event tracking, task management and status reporting. The issue management solution supports identification and evaluation of issues as well as case investigation and tracking, leading to an elaborate remediation or corrective action process.
• Training Management: MetricStream Solution enables effective management of the training process by maintaining a central repository of course offerings and providing a simple framework for training delivery and tracking. It also helps in recording training history as evidence of compliance with mandatory requirements. The solution enables effective management of the overall training process by maintaining course offerings and course descriptions for easy review by employees and managers, scheduling classes, conducting tests, evaluating performance, providing feedback on instructors and course material effectiveness, maintaining training records and conducting gap analyses. It measures the gap in employees' training records and allows managers to track the status of training within their departments and monitor overall skill pool availability at the organizational levels.
• Reporting: MetricStream solutions are equipped with executive dashboards that provide enterprise-wide visibility into the organization's risk, compliance and audit processes. Using these dashboards, organizations can track risk profiles, control ownership, assessment plans and compliance statuses on graphical charts that display real-time information and can be accessed globally.

MetricStream’s Value Proposition

• Address the entire scope of insurance compliance regulations using a single, centralized platform
• Streamline Solvency II compliance across business units, operations, departments and geographies
• Proactively address risks in line with corporate objectives
• Enhance visibility into the Risk, Compliance and Audit status in real-time
• Reduce costs and simplify GRC management through process automation
• Monitor Solvency II progress consistently through powerful dashboards
• Stay ahead of Solvency II compliance requirements through automated alerts and notifications
• Make informed decisions about risk and compliance based on timely information and metrics

About MetricStream
MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Solutions for global corporations. MetricStream solutions are used by leading corporations such as Pfizer, Philips, NASDAQ, UBS, SanDisk, Subway, Fairchild Semiconductor, SunTrust Banks and Cummins in diverse industries such as Pharmaceuticals, Medical Devices, Automotive, Food, High Tech Manufacturing, Energy and Financial Services to manage their quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as by over a million compliance professionals worldwide via the www.ComplianceOnline.com portal. MetricStream is headquartered in Palo Alto, California and can be reached at www.metricstream.com.

Sources
Solvency II: a new framework for prudential regulation of insurance in the EU: A discussion paper – HM
Treasury, FSA – February 2006 (Crown Copyright 2006)
Solvency II: Understanding the Directive – EMB
Solvency II – What Does it Mean to US Companies – The Financial Reporter, Society of Actuaries, June 2010
http://www.soa.org/library/newsletters/financial-reporter/2010/june/frn-2010-iss81-hines.pdf