Solvency II, the new, harmonised EU-wide insurance industry regulatory regime, came into effect at the start of this year establishing capital requirements and risk management standards designed to increase policyholder protection across the whole of the European Union. Aiming to reduce the possibility of consumer loss or disruption in the event of a large-scale meltdown, the new rules require insurers to have enough capital against their liabilities and risk margin to absorb significant losses.
Internal versus external modelling, risk management and regulation and the standard formula are all in the mix in the post-implementation landscape - Solvency II requires insurers to re-evaluate their business processes.
The legislation consists of three key areas, known as ‘pillars’:
• Financial Requirements to ensure adequate liquidity
• Governance & Supervision to improve risk management
• Reporting & Disclosure to improve transparency of market risks
Pillar 3 compels insurance companies to prove that all data received from administrators and data vendors is complete, accurate and appropriate and this is what makes it the most complex pillar.
In the lead up to implementation in January and with the quarterly submission timeline shrinking from the initial 8 weeks to about 5 weeks in 2019 corporates have been rushing – and struggling - to get solutions in place that not only make submission timely and efficient but that also support multiple data reconciliation criteria and reporting tools which can produce fast and flexible data analysis.
However, the harsh reality is that simply pushing existing systems and processes harder is not enough for Solvency II compliance.
Reporting and disclosure
The new reporting requirements focus on the risk models used for capital requirements. Data needs to be extracted from multiple sources and compiled in a consistent manner to feed the two main narrative reports: the Regular Supervision Report (RSR) and the Solvency and Financial Condition Report (SFCR).
Both cover quantitative and qualitative components, introducing more than 60 templates comprised of 20,000-plus data points. Ensuring data integrity for that many inputs really needs a considerable level of automation, from the validation of standard Solvency II ETLs to the performance of basic validations, like for instance completion checks. You will also need to cross-check all data entry between the two reports.
The bulk of the work around Pillar 3 then comes from gathering, consolidating, reconciling and validating data from a variety of sources. That means ETL, data entry, calculation and consolidation with stringent audit trails and traceability -- all on a potentially bruising schedule. Frequency of reporting depends on the size of a company’s market share and can be annually and/or quarterly.
This gets even more complicated for insurance groups, where consolidation is required before group reporting. Security and access to sensitive financial data included in the reports, such as asset values, becomes an issue as well. Will your approach to Solvency II compliance allow you to restrict relevant data to relevant users?
Finding and implementing a solution for Pillar 3 that suits existing processes and still ticks Solvency II’s working-day timetable box has been – and still is - a challenge for any insurance company.
And even though, in the event of Brexit, the UK would no longer have to comply with Solvency II, UK regulators have been directly involved and influential in the design of the directive and its requirements have already been implemented. It is therefore likely a similarly high standard of regulation would continue in the UK. So, regulatory would still be an area hugely affecting the insurance sector and finding a technology that enables compliance minimising risk should be top of any insurer’s agenda.
Technology to the rescue
While an in-house built solution could be an option, the main question you’ll need to ask yourself is if you are prepared to keep up with EU regulations, and potentially new, post Brexit UK regulations, using internal resources alone. Most legacy systems, and essentially all spreadsheet-based systems, are likely to struggle under the weight of these requirements. Reporting needs to be repeatable and auditable on a regular basis, and spreadsheets require manual intervention that consumes loads of staff resource, and the evolving nature of regulation means future-proofing will always be required of the software.
Investing in an automated system centred on a reporting database makes the most business sense but what Pillar 3 solution should you opt for?
There are many available in the market and understanding the pros, cons and level of suitability to your business for each option takes time. It is crucial to conduct a thorough analysis and consider the likely ease of implementation and this type of analysis requires input at both CFO and IT level.
Any such solution needs to at least deliver seamless integration with existing IT systems and software, built-in validations and data integrity checks, capability of flowing through results from Pillar 1 and other analyses. It is also very important that Pillar 3 reports should require minimal effort from the business.
Ease of use and maintenance of results auditability and traceability should also be key features. Last but not least, the solution should also contain consolidation functionality to make group reporting easier for the business.
While investment in technology should ideally have taken place from the outset and prior to Solvency II’s implementation, there is still time for insurance companies to reduce risk and cost by automating their reporting and compliance processes as soon as possible.
By Nick Nesbitt, Consulting Services Director, Tagetik UK.