Underwriting put to the test: Process risks for life insurers in the context of qualitative Solvency II requirements
|
|
- Clemence Sparks
- 8 years ago
- Views:
Transcription
1 Underwriting put to the test: Process risks for life insurers in the context of qualitative Solvency II requirements Authors Lars Moormann Dr. Thomas Schaffrath-Chanson Contact You can download the Knowledge Series at August 2011 Introduction In the context of Solvency II implementation, the regulatory requirements are focusing on the main processes, one of which is the underwriting process, a core component of new business in life and as such a significant risk from a Solvency II perspective. We will first examine the extremely multifaceted process with regard to its susceptibility to operational risks and then in the light of the Pillar 2 requirements for governance (especially outsourcing), ORSA (Own Risk and Solvency Assessment), compliance and internal control systems, before briefly describing how a reinsurer can help its life insurance clients to minimise and manage the risks. Does every step in a process constitute a risk? Underwriting put to the test Description of process Solvency II s so-called principlebased approach has a particular bearing on insurance companies compliance with Pillar 2 s qualitative requirements. Whilst Solvency II makes allowance for proportionality and gives companies a certain room for manoeuvre in designing their own structures and processes from a risk-management perspective, clear requirements are emerging for the identification, evaluation, management of an insurer s processes and the associated reporting, though the implementing regulations are still being drafted and political consultations are still going on. 1 1 The Level 2 and Level 3 texts ( Delegated Acts and Technical Standards respectively) in the Lamfalussy process are still in course of preparation, so that it is as yet too early to place reliance on them. Therefore, in addition to the Level 1 text, this paper is based on the following sources: CEIOPS-DOC-29/09, System of Governance; CEIOPS-IGSRR-09/08, Own Risk and Solvency Assessment (ORSA); CEIOPS-PII-11/07, Risk Management and other Corporate Issues; CEIOPS-DOC-50/09, Supervisory Reporting and Public Disclosure Requirements.
2 Page 2/8 Fig. 1: Example of a traditional underwriting process Sales process Proposal input Underwriting Issue policy or decline Internal underwriter Proposal checker Client, Sales Start Simple assessment Documentation straight-forward not Questionnaire check Additional assessment Documentation Decline proposal Validate and approve not not straight-forward Loadings, etc. without reinsurance with reinsurance End External risk assess. Reinsurer subject to queries Qualified assessment subject to queries Specific assessment Reinsurance quotation Underwriting plays a key role in a life insurer s operational processes, as it functions as a point of entry for new contracts, and hence risks. It is therefore natural for underwriting always to be considered one of the core processes for Solvency II, and it has to be subject to the systematic procedures of an internal control system both in its constituent parts and as a whole. Figure 1 shows an example of how the complete process could look following formal assessment of a proposal. It is immediately clear that the process involves numerous functions and departments. Apart from the proposer (customer), the internal functions such as sales and proposal assessment, and risk assessors with their varying views on the new risks, other outsiders may also be involved: External risk assessors such as specialist and panel doctors Reinsurers for specific questions or cover issues On closer examination, it becomes apparent that not all proposals are subject to one or more assessment stages, which are intended to ensure that the qualitative risk assessment is totally effective. Some of the proposals may be straight-forward and can go through the process to acceptance of the new policy with no further assessment. However, proposals usually go through various assessment loops in the example as many as three separate assessment stages with documentation of the results. The further procedure depends on the result of each step: If the result is negative, the proposal is declined. If the result is positive, the simple assessment is followed by a questionnaire check, which forms the basis for an additional assessment. If the result remains positive, the proposal is approved. If a positive result is qualified, external partners are approached to provide a more in-depth risk assessment. For example, panel doctors can examine the proposer to enable a particular risk to be more precisely assessed.
3 Page 3/8 Fig. 2: Operational risks in the underwriting process Sales process Proposal input Underwriting Issue policy or decline e Internal underwriter Proposal checker Client, Sales a Start c Simple assessment d Documentation b straight-forward not Questionnaire check h Additional assessment Documentation Decline proposal k Validate and approve not not straight-forward l Loadings, etc. without reinsurance with reinsurance End External risk assess. Reinsurer f subject to queries Qualified assessment g i subject to queries j Reinsurance quotation m a Systems/processes Questions inadequate Poor software Call centre information already incorrect b Fraud Incorrect information used for assessment Fully automated processes c Systems/processes Input errors Data protection risk Database errors d Fraud Incorrect information used for assessment e Systems/fraud Imprecise questions Incorrect answers, incomplete forms f Processes/fraud Incomplete instructions, unclear mandate, no policy Corruption g Systems/processes Data protection Failure of external partner Incorrect results No further check h Processes Incorrect interpretation of questionnaire responses i Systems/Processes Divergent definitions PI/RI Incorrect information results in further errors j Systems/Processes Data protection Data transfer k Processes Limit/trigger reached or already exceeded No underwriting guidelines l Processes No dual control m Processes Incorrect information Following this additional assessment, the reinsurer can also perform a specific risk assessment that, due to its more comprehensive database or more extensive specialist knowledge, contributes to achieving a more reliable medical or actuarial assessment and hence to the final quotation. Finally, after the last check and approval, the proposal is priced before being passed on for issue of the policy. Operational risk The scope of the second pillar of Solvency II includes the identification of risks using a risk analysis of operational processes. This risk category has been defined as follows in the EU s Solvency II Directive:, Operational risk means the risk of loss arising from inadequate or failed internal processes, personnel or systems, or from external events. 2 2 Cf. Directive 2009/138/EC, Article 13.
4 Page 4/8 Operational risks arise through weaknesses and incidents in the following four areas: Processes Systems Human error or fraud External events We focus below on risk analyses of the first three areas, as losses resulting from external events, for example fire damage to buildings, do not relate specifically to the underwriting process. As is the case for other processes, operational risks of that kind are managed in the areas of premises security or resumption of interrupted operations. However, some event types associated with information security, namely phishing, hacking, social engineering and data theft, pose a significant risk for underwriting. In this article, they are grouped under terms such as data protection and data security. The extent to which underwriting is exposed to operational risk is clear from the definition: The underwriting process is founded on the information provided by the proposer or the sales function. The health questions in the proposal process represent a necessary hurdle that has to be cleared to progress and are particularly open to error and incorrect information, creating a risk that the entire process might be based on erroneous or deliberately falsified input data. The underwriting process comprises numerous interfaces, for example throughout the internal operational processes, and additional external interfaces with partners such as agencies, medical centres and experts. Highly confidential personal data are transferred at every interface, creating risks of data loss, erroneous data transfer and incompatible IT systems. The involvement of internal functions and outside partners can lead to operational gaps, for example failure to define liability issues properly in policies. The operational risks indicated in Figure 2 can be applied to the actual interfaces and people involved in the process. It is apparent that, in the systems risk area, both data protection and system quality give rise to operational risks. In addition to unavoidable human error, false statements and attempted fraud constitute significant risks, which are, however, difficult to assess. The interfaces to external partners mentioned above can pose particular problems: Data protection risk involved in using and transferring personal data Unexpected failure of an external partner, with no alternative resources available Varying assessment results due to imprecise or even contradictory definitions, e.g. between insurer and reinsurer Imprecise or erroneous guidelines are a frequent cause of risk in the form of weaknesses in processes. For example, if no clear outsourcing policy is in place, it is difficult for a life insurer to manage its external partners, which can lead to incorrect assessment results and shortcomings in data protection. If dual control is not applied at key points in the assessment process, there will be insufficient controls and their quality will suffer, which can increase the error rate or encourage fraud. Particular attention should therefore be paid to ensuring that descriptions of process chains, defined access rights, clear definitions, complete and correct policies and guidelines, fully functional limit controls, and internal controls are in place for processes. When considering the human factor for risk-management purposes, it is useful to distinguish between error and deliberate misconduct. The former risk can generally be reduced through system support along the entire process chain, whereas deliberate misconduct can arise anywhere where there is so much as a theoretical possibility of exploiting a technical, procedural or human weakness with fraudulent intent. 3 Figure 3 shows the main categories of operational risk. 3 Useful information on assessment of financial loss through fraudulent acts can be found at Ernst & Young: European fraud survey 2011 Recovery, regulation and integrity.
5 Page 5/8 Fig. 3: Categories of operational risk Processes No dual control No underwriting guidelines No process chains, e.g. full automation No outsourcing policy No limit/trigger controls Incorrect access rights to processes/data Lack of internal controls Inconsistent definitions Risk of specialists not being available Human error Inadequate underwriting, insufficient enquiry Incorrect input and data transfer Errors/failure: inappropriate pricing Lack of expertise, e.g. in internal audit However, as the details of the Solvency II implementing regulations are still being fine-tuned, it is likely that, in the absence of pressure to adapt underwriting processes, they are not yet fully, or are only partially, in line with Solvency II s extended qualitative requirements. Since the regulations are still in the course of being drafted, this paper should be considered as a first overview to increase awareness of the importance of qualitative risk management. Systems No systems for checking plausibility Defective/ineffective/outdated IT systems Lack of data protection/gaps in information security OpRisk cluster in underwriting process The underwriting process now and in the future The traditional underwriting process is determined by the business and sales model used by life insurers and is founded primarily on the quality of Fraud false information or internal corruption Bribery of external business partners Breach of duty of disclosure prior to the conclusion of contract the medical checks and the financial and technical assessment of proposals. At many companies, it is part of existing risk management systems put in place to avoid or reduce the operational risks described. What role will solvency II play? New governance requirements Extended requirements for structures and processes Articles in the Solvency II Directive directly or indirectly affecting the life underwriting process via Pillar 2 requirements: Art. Name Implications for underwriting and dependencies 36 Supervisory review process Relates to risk identification, segregation of duties and the monitoring of processes, and associated reporting requirements 37 Capital add-ons Possible consequence of intervention by the regulator due to inappropriate governance structures and incorrect risk profiles 38 Supervision of outsourced functions (see also 49) Relates to the willingness and ability of the external service provider to cooperate, transparency and clarity of data, methods and processes, consistency of management of an insurance company 41 System of governance In particular documentation requirements/policies and business continuity management 42 Fit and proper General obligation (cannot be delegated) to ensure that key people in senior management positions and important risk management functions have the required training and integrity 44 Risk management Relates in particular to coherence of risk identification and control and transparency of key decisions concerning core processes 45 ORSA (Own Risk and Solvency Assessment) Relates to the matching of business plans and decisions with risk strategy and the associated limit systems 46 Internal control Identification, performance and documentation of significant internal controls and assurance that compliance requirements imposed by law and the supervisory authorities are met 47 Internal audit Audits of the structures in place and compliance with processes and rules in the risk management of significant activities 48 Actuarial function Focuses on advanced functions such as data evaluation and assessments; responsible for pricing 49 Outsourcing (see also 38) 51/53 Report on solvency and financial condition Rules for protection of policyholders and obligation to ensure that outsourced activities can be inspected by the supervisory authority Reporting requirements, for example relating to risk exposure and governance, are important in this context
6 Page 6/8 A key component of Pillar 2 is the governance system, which every European insurer will be obliged to have in place in a form consistent with the specific characteristics of its operations and enhance in the years ahead. Figure 4 summarises the requirements for a Solvency II-compliant governance structure. Fig. 4: Solvency II governance structure Principles-based Solvency II framework Management is fit and proper Management s responsibility for business and risk strategy The requirements for the underwriting process should be defined in greater detail on the basis of the findings on the operational risks as described above. It is useful to allocate implementation or optimisation responsibilities for each area: Proportionality Governance requirements: Transparent structures Clear segregation of duties Documented policies Regular reviews Risk management system: Quantitative requirements Risk management function Contingency plans (Partial) internal model ORSA (Own Risk and Solvency Assessment) Internal audit Segregation of duties: Structural segregation of responsibility for risk selection and control in underwriting to avoid errors and conflicts of interest ICS: internal control system and compliance function Actuarial function Outsourcing Regular information, documentation and reports Policies: Governance, ORSA, ICS/ compliance, underwriting, risk management including limit and trigger system, outsourcing, remuneration ICS (Internal Control System): Documentation of the main underwriting processes and related key controls in the process, including clear assignment of responsibilities and regular reporting Contingency plans: Written contingency plans to be in place, with physical or virtual systems to cover the failure of external service providers and other business partners involved in the underwriting process ORSA (Own Risk and Solvency Assessment): Documentation of the risk management processes for identifying, assessing, managing and reporting on all of the company s significant risks; ensuring that there is a coherent link between the business and risk strategies and assumptions and plans based on the risk profile; adaptation of the reporting systems to the company s reporting capability, especially with regard to the acceptance and booking of new life business Outsourcing: Creation or adaptation of the procedures and processes at the company and the external service providers to be able to meet the additional regulatory requirements such as contracts, policies and accessibility and availability of information for the regulator; this means, for example, that external risk assessors or reinsurers must document their methodology for medical checks, their actuarial underwriting principles, and the databases and scientific statistics they use, and disclose them on request. This list, which at this stage is still abstract and incomplete, illustrates that, as a rule, companies must already have the necessary functions and systems available, since they need them in any case for their work processes. What is new is the extension of process logic, which had previously been geared to efficient division of labour, to take in a risk-based view of core processes as significant operational risks, which can mean that organisational structure needs to be adjusted in order to meet requirements such as segregation of duties and controllability.
7 Page 7/8 At the core, then, is the need for companies to incorporate risk awareness in their handling of their business model and the mandatory governance components, such as the multiplicity of written policies that even small insurance companies will have to have in place. Particularly life insurers, with their long-term contract periods, will have to apply holistic principles derived from the two overriding Solvency II objectives: to protect policyholders by ensuring that insurance companies always have risk capital cover in line with their risks; to create uniform rules for audits and reporting in the EU legal environment through structural, methodical and formal audit standards. Internal controls to minimise process risks Although the new qualitative requirements introduced by Solvency II will initially demand considerable additional resources, they do provide opportunities to improve the structure of processes. The ICS is the main tool as regards the operational risks in core processes, as the typical ICS key controls are applied precisely at those points in the underwriting process where the highest exposure to risk has been identified. Thus, a properly implemented internal control system meets not only the regulatory requirements, but also those relating to compliance and process performance, which is clearly in a company s own interest. There is a synergy effect, because the information provided to the insurance supervisor is derived from the same database as that needed for internal audit and corporate management. Consequently, the findings from the risk assessment and the Solvency II qualitative requirements mentioned should both be taken into account when designing an effective structure for an internal control system. Apart from fulfilling Solvency II reporting requirements, the goal of an ICS as regards risk management is to identify, control, avoid or, at least, reduce operational risks for example by applying dual control at key stages in a process. The second pillar requires companies not only to describe the risks they have identified as being significant, but also as far as possible to quantify the potential financial loss. Methodologies include maintenance of the company s own databases and expert estimates of the occurrence probability and assumed loss for a risk. Moreover, it would make sense for insurance companies to determine the losses directly expected or incurred for reputational risk as well as for operational risk, because, although Solvency II makes a distinction between operational and reputational risk, in practice operational risks that have materialised have frequently led to critical reports in the media and thus damaged a company s reputation with its stakeholders. An internal control system for individual operational risks based on the identify, assess, control principle could have the following structure: 1. Risk identification 1.1 Allocation to risk category: processes, systems, people, external events 1.2 Description of the risk 1.3 Description of the causes 1.4 Description of the effects (on existing regulations and processes) 2. Risk assessment 2.1 Occurrence of risk (e.g. daily or weekly) 2.2 Quantitative assessment of the potential financial loss 2.3 Quantitative and qualitative assessment of the potential damage to reputation 3. Risk control 3.1 Name of control 3.2 Objective and description of control 3.3 Frequency of control (e.g. quarterly) 3.4 Responsibility for design of control 3.5 Responsibility for performance of control 3.6 Review of risk control
8 Page 8/8 Support from reinsurer The role of the reinsurance partner will also change as a result of the more stringent control and reporting requirements. A life insurer using, for example, an external risk assessment and pricing tool such as Munich Re s MIRA system needs not only technical and operational security for the daily use of sensitive data in its business, but also the certainty that all legal and regulatory requirements are fully depicted and integrated. The example of MIRA highlights how assuming unchanged use of the service its formal references will alter once Solvency II has been introduced: Life insurers will prepare documentary evidence for the supervisor showing that the use of external services relating to its underwriting methodology and the underwriting processes selected has been in accordance with governance requirements. It will be based on its policies for risk management and outsourcing and a comprehensive contract. As a service provider, the reinsurer will consistently provide the life insurer with high-quality content and service, complemented by additional features such as adapted conditions of use, extended documentation or technical access for the regulator. However, these additional tool features are in any event indispensable to enable a company to meet the regulatory requirements relating to its own risk model, ICS or reporting. Fig. 5: Examples of services improving qualitative risk management Processes connect.munichre: access rights Creation of case and productspecific forms/guidelines Advice on new business processes: analysis of actuals and optimisation potential UW review: Analysis of actuals and optimisation potential Systems MIRA: coherent acceptance policy connect.munichre: best possible personal data protection Automated underwriting/uw rule sets Munich Re services Our final diagram shows some examples of the services and systems that Munich Re makes available to life insurance cedants. They provide both real technical solutions to key risk management requirements such as standard underwriting rule sets and qualitative solutions such as knowledge transfer in the form of training. The products are grouped by operational-risk category to illustrate the areas in which they can be used. Human error Qualifications for underwriters and company medical officers: Local and cross-market workshops/seminars, structured certified training and individual measures Decisions: Support from reinsurance experts and documentation Quality assurance: External dual control, underwriting audits Fraud Heightening awareness of risks in underwriting processes Heightening awareness of risks in product development/proposal process at PoS It is likely that, in future, standard and automated processes or audits will increasingly form a part of risk management at the interface between insurer and reinsurer. This would not only increase the quality of cooperation between the two, but would also become established as an integral component of the life insurer s reporting and documentation requirements vis-à-vis the regulator. With its extensive experience in building its own risk model and rapid analysis of all Solvency II-related developments from both an insurance and a reinsurance perspective, Munich Re is today already able to provide support to its cedants in areas that will be of key significance under Solvency II Münchener Rückversicherungs-Gesellschaft Königinstrasse 107, München, Germany Order number
Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II
Responsibilities, interfaces and outsourcing under Solvency II Author Lars Moormann Contact solvency solutions@munichre.com January 2013 2013 Münchener Rückversicherungs Gesellschaft Königinstrasse 107,
More informationTreatment of technical provisions under Solvency II
Treatment of technical provisions under Solvency II Quantitative methods, qualitative requirements and disclosure obligations Authors Martin Brosemer Dr. Susanne Lepschi Dr. Katja Lord Contact solvency-solutions@munichre.com
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationIOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS
. IOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS June 2010 1 GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS 1 Introduction 1. The objective
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationRegulations in General Insurance. Solvency II
Regulations in General Insurance Solvency II Solvency II What is it? Solvency II is a new risk-based regulatory requirement for insurance, reinsurance and bancassurance (insurance) organisations that operate
More informationFRAMEWORK FOR CONSULTATION OF CEIOPS AND OTHER STAKEHOLDERS ON SOLVENCY II
Annex 1 to MARKT/2506/04-EN FRAMEWORK FOR CONSULTATION OF CEIOPS AND OTHER STAKEHOLDERS ON SOLVENCY II Purpose of this document The purpose of this paper is to consult the Insurance Committee on a framework
More informationCEIOPS Advice for Level 2 Implementing Measures on Solvency II: Articles 120 to 126. Tests and Standards for Internal Model Approval
CEIOPS-DOC-48/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: Articles 120 to 126 Tests and Standards for Internal Model Approval (former Consultation Paper 56) October 2009 CEIOPS e.v.
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationCONSULTATION PAPER P002-2013 January 2013. Enterprise Risk Management for Insurers
CONSULTATION PAPER P002-2013 January 2013 Enterprise Risk Management for Insurers PREFACE 1 In line with the increasing importance of Enterprise Risk Management ( ERM ) in a more complex risk environment,
More informationNOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE
STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52
More informationEIOPACP 13/011. Guidelines on PreApplication of Internal Models
EIOPACP 13/011 Guidelines on PreApplication of Internal Models EIOPA Westhafen Tower, Westhafenplatz 1 60327 Frankfurt Germany Tel. + 49 6995111920; Fax. + 49 6995111919; site: www.eiopa.europa.eu Guidelines
More informationSociety of Actuaries in Ireland
Society of Actuaries in Ireland Information and Assistance Note LA-1: Actuaries involved in the Own Risk & Solvency Assessment (ORSA) under Solvency II Life Assurance and Life Reinsurance Business Issued
More informationGuidelines on supervisory review process
EIOPA-BoS-14/179 EN Guidelines on supervisory review process EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany - Tel. + 49 69-951119-20; Fax. + 49 69-951119-19; email: info@eiopa.europa.eu
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationSolvency ii: an overview. Lloyd s July 2010
Solvency ii: an overview Lloyd s July 2010 Contents Solvency II: key features Legislative process Solvency II implementation Conclusions 2 Solvency II: key features 3 Solvency II the basics Introduces
More informationAPS2 The Prudential Supervision of Long-Term Insurance Business. Definitions. Legislation or Authority. Application. General
APS2 The Prudential Supervision of Long-Term Insurance Business Classification Mandatory Definitions Insurer Liabilities to policyholders Long-term insurance business The insurance company or other organisation
More informationSolvency II Detailed guidance notes
Solvency II Detailed guidance notes March 2010 Section 1 - System of governance Section 1: System of Governance Overview This section outlines the Solvency II requirements for an effective system of governance,
More informationInsurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive
Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance
More informationGUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK
GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More information14 December 2006 GUIDELINES ON OUTSOURCING
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK
SUPERVISORY AND REGULATORY GUIDELINES: PU-0412 Operational Risk 25 th November, 2013 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK 1. INTRODUCTION 1.1. The Central Bank of The Bahamas ( the Central
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationGuidance on Risk Management, Internal Control and Related Financial and Business Reporting
Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting
More informationTexts passed by the European Council and Parliament Adapted by Member States
Introduction A few words about European Directives Texts passed by the European Council and Parliament Adapted by Member States Insurance law: What is going on? A draft directive under discussion = SOLVENCY
More informationINSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES
SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting
More informationA Guide to Corporate Governance for QFC Authorised Firms
A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide
More informationOwn Risk and Solvency Assessment Within the Solvency II Framework and its Interplay with the Quantitative Solvency Capital Requirements
Prof. Dr. Helmut Gründl and Prof. Dr. Jens Gal Own Risk and Solvency Assessment Within the Solvency II Framework and its Interplay with the Quantitative Solvency Capital Requirements Policy Letter Series
More informationInsurance Groups under Solvency II
Insurance Groups under Solvency II November 2013 Table of Contents 1. Introduction... 2 2. Defining an insurance group... 2 3. Cases of application of group supervision... 6 4. The scope of group supervision...
More informationPositioning the internal audit function within the Solvency II framework Key challenges. Ludovic Bardon Senior Manager Audit Deloitte Luxembourg
Positioning the internal audit function within the Solvency II framework Key challenges Jérôme Sosnowski Director Governance, Risk & Compliance Deloitte Luxembourg Ludovic Bardon Senior Manager Audit Deloitte
More informationCOMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document
EUROPEAN COMMISSION Brussels, 27.3.2014 SWD(2014) 102 final COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationGN5: The Prudential Supervision outside the UK of Long-Term Insurance Business
GN5: The Prudential Supervision outside the UK of Long-Term Insurance Business Classification Recommended Practice MEMBERS ARE REMINDED THAT THEY MUST ALWAYS COMPLY WITH THE PROFESSIONAL CONDUCT STANDARDS
More informationOECD GUIDELINES FOR PENSION FUND GOVERNANCE
OECD GUIDELINES FOR PENSION FUND GOVERNANCE These Guidelines were approved by the Working Party on Private Pensions on 5 June 2009. OECD GUIDELINES FOR PENSION FUND GOVERNANCE 1 I. GOVERNANCE STRUCTURE
More informationOutsourcing Risk Guidance Note for Banks
Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the
More informationSolvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)
Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationBANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994
BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION
More informationBERMUDA MONETARY AUTHORITY
BERMUDA MONETARY AUTHORITY INSURANCE DEPARTMENT GUIDANCE NOTE # 17 COMMERCIAL INSURER RISK ASSESSMENT Commercial Insurer Risk Assessment Page 1 of 17 Introduction 1. The ( the Authority ) is introducing
More informationGUIDANCE PAPER No. 2 ON CORPORATE GOVERNANCE IN INSURANCE COMPANIES
In order to foster more efficient management and supervision of insurers, in line with the core principles of insurance supervision promoted by the International Association of Insurance Supervisors (IAIS),
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationRS Official Gazette, No 51/2015
RS Official Gazette, No 51/2015 Pursuant to Article 147, paragraph 3, Article 150, paragraph 3 and Article 151, paragraph 4 of the Insurance Law (RS Official Gazette, No 139/2014) and Article 15, paragraph
More informationORSA - The heart of Solvency II
ORSA - The heart of Solvency II Groupe Consultatif Summer School Gabriel Bernardino, EIOPA Lisbon, 25 May 2011 ORSA - The heart of Solvency II Developing the regulatory framework for Solvency II ORSA it
More informationSCHEDULE TO INSURANCE GROUP SUPERVISION AMENDMENT RULES 2015 SCHEDULE 3 (Paragraph 30) SCHEDULE OF FINANCIAL CONDITION REPORT OF INSURANCE GROUP [blank] name of Parent The schedule of Financial Condition
More informationSolvency II Data audit report guidance. March 2012
Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the
More informationAudit Risk and Materiality in Conducting an Audit
Audit Risk and Materiality in Conducting an Audit 1647 AU Section 312 Audit Risk and Materiality in Conducting an Audit (Supersedes SAS No. 47.) Source: SAS No. 107. See section 9312 for interpretations
More informationCONSULTATION PAPER Proposed Prudential Risk-based Supervisory Framework for Insurers
INSURANCE CONSULTATION PAPER Proposed Prudential Risk-based Supervisory Framework for Insurers December 2010 CONSULTATION PAPER: Proposed Risk-based Supervisory Framework (Final December 2010) Page 1 of
More informationNEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES 11 NYCRR 82 (INSURANCE REGULATION 203) ENTERPRISE RISK MANAGEMENT AND OWN RISK AND SOLVENCY ASSESSMENT
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES 11 NYCRR 82 (INSURANCE REGULATION 203) ENTERPRISE RISK MANAGEMENT AND OWN RISK AND SOLVENCY ASSESSMENT I, Benjamin M. Lawsky, Superintendent of Financial
More informationSound Practices for the Management of Operational Risk
1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required
More informationINTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...
More informationPolicy Statement: Licensing Policy in respect of those activities that require a permit under the Insurance Business (Jersey) Law 1996
Policy Statement: Licensing Policy in respect of those activities that require a permit under the Insurance Business (Jersey) Law 1996 Issued: 11 February 2011 Glossary of terms: The following table provides
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationMonetary Authority of Singapore INSURANCE BUSINESS - INSURANCE FRAUD RISK
Monetary Authority of Singapore INSURANCE BUSINESS November 2007 GUIDELINES ON RISK MANAGEMENT PRACTICES FOR INSURANCE BUSINESS MONETARY AUTHORITY OF SINGAPORE TABLE OF CONTENTS 1 INTRODUCTION AND FUNDAMENTALS
More informationTypes of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down
Types of and Recent Cases Developing an Effective Anti-fraud Program from the Top Down 1 Types of and Recent Cases Chris Grippa (404-817-5945) FIDS Senior Manager with Ernst & Young LLP Works with clients
More informationRegulation for Establishing the Internal Control System of an Investment Management Company
Unofficial translation Riga, 11 November 2011 Regulation No. 246 (Minutes No. 43 of the meeting of the Board of the Financial and Capital Market Commission, item 8) Regulation for Establishing the Internal
More informationIntroduction to Solvency II
Introduction to Solvency II Tim Edwards Gavin Dunkerley 24 th September 2008 Introduction The primary purpose of this presentation is to explain what Solvency II is and why it is important We also hope
More informationImplementation of Solvency II
undertaking-specific parameters Are there alternatives to an internal model? Authors Dr. Kathleen Ehrlich Dr. Manijeh Schwindt Dr. Norbert Kuschel Contact solvency-solutions@munichre.com June 2012 The
More informationHow To Understand The Importance Of Internal Control
FINANCIAL REPORTING COUNCIL INTERNAL CONTROL REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED CODE OCTOBER 2005 FINANCIAL REPORTING COUNCIL INTERNAL CONTROL REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationOWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT
OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT ERM as the foundation for regulatory compliance and strategic business decision making CONTENTS Introduction... 3 Steps to developing an
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationCONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE
CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on
More informationChecklist for Completing and Submitting Life Insurance Applications under the European Union (Insurance and Reinsurance) Regulations 2015
2015 Checklist for Completing and Submitting Life Insurance Applications under the European Union (Insurance and Reinsurance) Regulations 2015 Applicant Central Bank of Ireland Checklist Notes: Complete
More informationDealing with Predictable Irrationality. Actuarial Ideas to Strengthen Global Financial Risk Management. At a macro or systemic level:
Actuarial Ideas to Strengthen Global Financial Risk Management The recent developments in global financial markets have raised serious questions about the management and oversight of the financial services
More informationPrudential Practice Guide
Prudential Practice Guide LPG 240 Life Insurance Risk and Life Reinsurance Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationPROVISIONAL REQUEST TO CESR FOR TECHNICAL ADVICE
Ref. Ares(2010)892960-02/12/2010 PROVISIONAL REQUEST TO CESR FOR TECHNICAL ADVICE ON POSSIBLE LEVEL 2 MEASURES CONCERNING THE FUTURE DIRECTIVE ON ALTERNATIVE INVESTMENT FUND MANAGERS Table of Contents
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationFRAMEWORK FOR INTRODUCTION OF NEW PRODUCTS...5 SUPERVISORY EXPECTATIONS ON PRODUCT RISK MANAGEMENT AND FAIR TREATMENT OF CONSUMERS...
PART A. INTRODUCTION...1 1. Overview of the Guidelines... 1 2. Legal Provisions... 2 3. Scope... 2 PART B. FRAMEWORK FOR INTRODUCTION OF NEW PRODUCTS...5 4. General Conditions... 5 5. General Exception...
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council December 2014 Audit Quality Thematic Review The audit of loan loss provisions and related IT controls in banks and building societies
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationInternal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)
Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business
More informationINSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY
INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY ICP 4 Draft revisions for consultation June 2015 (Clean version) ICP 4 Licensing A legal entity which intends to engage in insurance
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationReport on Internal Control
Annex to letter from the General Secretary of the Autorité de contrôle prudentiel to the Director General of the French Association of Credit Institutions and Investment Firms Report on Internal Control
More informationINTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS
Standard No. 13 INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS STANDARD ON ASSET-LIABILITY MANAGEMENT OCTOBER 2006 This document was prepared by the Solvency and Actuarial Issues Subcommittee in consultation
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationConsultation Paper. on the proposal for. Guidelines. product oversight & governance arrangements by. insurance undertakings
EIOPA-BoS-14/150 27 October 2014 Consultation Paper on the proposal for Guidelines on product oversight & governance arrangements by insurance undertakings EIOPA Westhafen Tower, Westhafenplatz 1-60327
More informationSolvency II and catastrophe
Solvency II and catastrophe risks: Measurement approaches for propertycasualty insurers Country-specific requirements or standard formula? Authors: Dr. Kathleen Ehrlich Dr. Norbert Kuschel Contact solvency-solutions@munichre.com
More informationAPRA REVIEW OF UNIT PRICING PRACTICES
APRA REVIEW OF UNIT PRICING PRACTICES Unitisation is the process by which a pool of assets are broken into portions of ownership (units), which are conceptually similar to shares in a company. The process
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. on remuneration policies in the financial services sector
EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 30.4.2009 C(2009) 3159 COMMISSION RECOMMENDATION on remuneration policies in the financial services sector {SEC(2009) 580} {SEC(2009) 581} EN EN
More informationSolvency II. Solvency II implemented on 1 January 2016. Why replace Solvency I? To which insurance companies does the new framework apply?
Solvency II A new framework for prudential supervision of insurance companies 1 Solvency II implemented on 1 January 2016. 1 January 2016 marks the introduction of Solvency II, a new framework for the
More informationRisk management within AIFMD for private equity and real estate funds. Sylvain Crépin Senior Manager Capital Markets/Financial Risk Deloitte
Risk management within AIFMD for private equity and real estate funds Xavier Zaegel Partner Capital Markets/Financial Risk Deloitte Sylvain Crépin Senior Manager Capital Markets/Financial Risk Deloitte
More informationAudit and Risk Committee Charter. Knosys Limited ACN 604 777 862 (Company)
Audit and Risk Committee Charter Knosys Limited ACN 604 777 862 (Company) Audit and Risk Committee Charter 1. Introduction 1.1 The Audit and Risk Committee is a committee established by the board of directors
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationDelegated authority: Outsourcing in the general insurance market
Financial Conduct Authority Delegated authority: Outsourcing in the general insurance market June 2015 Thematic Review TR15/7 Delegated authority: Outsourcing in the general insurance market TR15/7 Contents
More informationRisk Management Programme Guidelines
Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and
More informationBermuda s Insurance Solvency Framework. The Roadmap to Regulatory Equivalence
Bermuda s Insurance Solvency Framework The Roadmap to Regulatory Equivalence May 2012 Contents This publication provides details of the Authority s progress to date and planned initiatives in the regulatory
More informationCentral Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models
2013 Central Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models 1 Contents 1 Context... 1 2 General... 2 3 Guidelines on Pre-application for Internal Models...
More informationKINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS
KINGDOM OF SAUDI ARABIA Capital Market Authority CREDIT RATING AGENCIES REGULATIONS English Translation of the Official Arabic Text Issued by the Board of the Capital Market Authority Pursuant to its Resolution
More informationEUROPEAN CENTRAL BANK
19.2.2013 Official Journal of the European Union C 47/1 III (Preparatory acts) EUROPEAN CENTRAL BANK OPINION OF THE EUROPEAN CENTRAL BANK of 24 May 2012 on a draft Commission delegated regulation supplementing
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationSolvency 2 and captives a SWERMA perspective
Solvency 2 and captives a SWERMA perspective Some especially important Pillar 1 issues: By way of introduction it s noted that CEIOPS (see footnote 2) in reference to Article 111 (j) makes certain proposals
More informationThe EBF would like to take the opportunity to note few general remarks on key issues as follows:
Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More information