For those not involved in financial services, you probably haven't heard of Solvency II yet. For those who do work in insurance, if you haven't heard of it, you must have had a long sabbatical! Insurers are very busy with it: initiating projects, aligning activities with risk, actuarial, internal control and internal audit, compliance and process departments. All of them are struggling with hundreds of pages of advice on requirements from CEIOPS (Committee of European Insurance Supervisors), who are taking a leading role in the preparation of the final legislation. It impacts on about 5000 European insurance companies (premium > 5 million) with a total premium volume of about 900 billion euro's.
Solvency II purposes
Solvency II was introduced to set new, stronger EU-wide requirements on capital adequacy and risk management for insurers. Solvency II has the purpose:
- to reduce the risk that an insurer becomes unable to meet claims;
- to reduce the losses suffered by policyholders in the event that a firm is unable to meet all claims fully;
- to provide supervisors early warning so that they can intervene promptly if capital falls below the required level;
- to promote confidence in the financial stability of the insurance sector
Solvency II pillars
The Solvency II framework consists of three pillars, similar to the approach of Basel II. Each pillar covers a different aspect of the economic risks. The first pillar relates to the quantitative requirement for insurers to understand the nature of their risk exposure. As such, insurers must hold sufficient regulatory capital to ensure that they are protected against adverse events. The second pillar deals with the qualitative aspects and sets requirements for the governance and risk management of insurers. The third pillar focuses on disclosure and transparency requirements by seeking to harmonize reporting and provide insight into insurers risk and return profiles. All pillar requirements must be fulfilled by the insurance companies themselves or outsourced.
Figure1: The three pillars of Solvency II.
Importance of ERM (Enterprise Risk Management)
Solvency II defines risk management and measurement objectives to ensure the adoption of robust risk management processes that are carried out across end-to-end processes and the entire organization. This forms the basis for the insurer's decision making process. To adequately meet these forthcoming requirements, insurers can benefit from the adoption of an Enterprise Risk Management Framework (ERM).
The benefits of ERM are evident in the integrated view of risk management including consistent processes for analyzing, evaluating, mitigating and communicating risks. An ERM framework also enables the implementation of strong controls embedded in processes, and facilitates a risk culture and governance in an organization. Thus, ERM can increase efficiency and consistency, especially when it's supported by one methodology in one (or a limited number of) tool(s).
Figure 2: Overview ERM supported by ARIS.
The importance of an integrated approach for compliance management
ERM can bring together a risk-based procedure, governance structure (that can be supported by workflow) and an integrated methodology, where the relationships between processes, risks, controls and regulation are made more visible. The alignment with regulation must function as a continual process, because for insurers, new financial regulations appear regularly. We had Basel II, WRAP, MiFID (Markets in Financial Instruments Directive), Sarbanes Oxley and now Solvency II. Instead of complying to each regulation separately with a separate project group, it's more much more efficient to use an integrated approach. This calls for collecting all of the relevant regulations, interpreting them for your insurance company (in the form of norms or requirements) and assigning them to your business processes. The identified risks and mitigating controls are part of the business processes described. This integrated and transparent overview of daily business is the basis for executing risk and control assessments, audits, compliancy and control statements. In addition, the impact of changing regulation can be seen immediately in the business processes with their related risks and controls. This alone improves the alignment between different competences of risk, compliance, actuaries and IT. Process transparency and ownership is an important part of Pillar 2, which is missing today in many insurance companies. Solvency II can be used to promote change in inefficient organization silos and promote risk-based (capital) management in business processes and your entire organization.
In general, it took banks more than 3 years to comply with Basel. Hopefully, insurers can benefit from these experiences and an integrated approach, in order to meet all Solvency II and other related requirements by the end of 2012!
Additional links:
- all articles of the #LoungeTalk series
- www.grc-lounge.com
- GRC discussion group at ARIS Community
- Governance, Risk, and Compliance category
