Risk Management Practices in Solvency II Dr. Onur ACAR Risk Manager Mapfre Genel Insurance
What is Solvency II? It is the proposed new EU legislation which will govern the capital requirements of insurance companies. Disadvantages of Solvency I which entered into force in 1970s: Capital is not adequately directed to risks Rules conflict with good risk management A lack of harmonisation across the EU Solvency II is an opportunity for a better and more appropriate risk based solvency regime 2
Solvency II : 3 Pillars It is not only a capital calculation system but it is based on 3 Pillars: Pillar I, which focuses on quantitative requirements Pillar II, which focuses on qualitative requirements and supervisory activities Pillar III, which addresses supervisory and public disclosure of financial and other information 3
Solvency II: 3 Pillar Approach 4
Aims of Solvency II Strong, effective policyholder protection with optimal capital allocation Proportionate, risk-based approach to supervision with appropriate treatment both for small and large companies To incentivise more sophisticated risk management tools To increase competition within the EU insurance markets and the global competitiveness of the EU insurers 5
Where do we stand in the Solvency II process? 2005 2006 2007 2008 2009 2010 2011 2012 Directive Development (Commission) Directive Adoption (Council & Parliament) Level 2 & 3 (EC & CEIOPS) CEIOPS work on Pillar I CEIOPS advice on Proportionality & Groups CEIOPS advice on Implementing Measures CEIOPS work on L3 CEIOPS work on Pillars II and III QIS 1 QIS 2 QIS 3 QIS 4 QIS5 Industry gets prepared Transposition 1 Jan 2014 ?
Risk-based economic model A risk-based economic model implies an increased accuracy of the solvency assessment, closer to the true risk profile of the insurance company. The main principles of a true economic risk-based model are: A Total Balance Sheet approach: market consistent valuation of all assets and liabilities in the balance sheet Addressing risk diversification effects: within the same risk, between risks, between companies, between geographical areas Addressing risk mitigation effects: reinsurance and ART 7
Solvency II: Capital Requirement Levels Solvency Capital Requirement (SCR) Target Capital that an entity should aim to meet under normal operating conditions Dropping below SCR does not necessarily require immediate supervisory intervention Minimum Capital Requirement (MCR) Reflects a level of capital below which ultimate supervisory action could be triggered Ladder of Intervention An appropriate ladder of intervention if the available capital falls below SCR Internal Model Level of SCR Ladder of Intervention Standard Approach Level of MCR Market -consistent Value of Liabilities 8
SCR CALCULATION SCR Adj. BSCR SCRop SCRmarket SCRhealth SCRdef SCRlife SCRnon-life SCRintang Mktfx LifeMort Health SLT Health NonSLT Health CAT LifeMort NLPrem&Res Mktprop LifeLong HealthMort NLLapse Health Prem&Res Health CAT Mktint LifeDis/Morb HealthLong NLCAT Health NSLTLapse Mkteq LifeLapse Health DisMorb Mktsp LifeExp = adjustment for the risk mitigating effect of future profit sharing Health SLTLapse Mktconc LifeRev HealthExp Mktilliq LifeCat HealthRev
System of Governance in Solvency II Date 11/04/2017 System of Governance in Solvency II Internal Audit Internal audit function Internal Control Compliance function Actuarial Function Management body System of Governance Fit and proper requirements Own Risk and Solvency Assessment (ORSA) Risk Management Risk management function The functions included in the system of governance are considered to be key functions and consequently also important and critical functions. 10 10
System of Governance in Solvency II The system of governance should: be proportionate to the nature, scale and complexity of the operations of the insurer include an adequate transparent organisational structure with a clear allocation and appropriate segregation of responsibilities and an effective system for ensuring the transmission of information be subject to regular internal review Governance is crucial because: Solvency II is a flexible system There are risks that cannot be properly quantified There are internal models
Governance – Management Body Date Governance – Management Body Management Body Management body has the ultimate responsability to establish an effective system of governance which provide for sound and prudent management of the business. Fit and Proper Requirements Internal Control Internal Audit Actuarial Function Risk Management
Governance – Fit and Proper Requirements Date Governance – Fit and Proper Requirements Management Body All persons who effectively run the undertaking or have other key functions should be fit and proper. Their professional qualifications, knowledge and experience should be adequate to enable sound and prudent management (fit) They should be of good repute (proper) Fit and Proper Requirements Internal Control Internal Audit Actuarial Function Risk Management
Governance – Internal Control Date Governance – Internal Control Management Body Companies should have an effective internal control function that should include: administrative and accounting procedures appropriate reporting arrangements at all levels of the company a compliance function Compliance function should include: advising the management body on compliance with laws, regulations and administrative provisions an assessment of the possible impact of any changes in the legal environment on the operations of the company Fit and Proper Requirements Internal Control Internal Audit Actuarial Function Risk Management
Governance – Internal Audit Date Governance – Internal Audit Management Body Companies should have an effective internal audit function that should: include an evaluation of the adequacy and effectiveness of the internal control system and other elements of the system of governance. be objective and independent from the operational functions. Any findings and recommendations of the internal audit should be reported to the management body which should determine what actions are to be taken. Fit and Proper Requirements Internal Control Internal Audit Actuarial Function Risk Management
Governance – Actuarial Function Date Governance – Actuarial Function Management Body Companies should have an effective actuarial function to: ensure the appropriateness of the methodologies and models used in the calculation of technical provisions inform the management body regarding the reliability and adequacy of the calculation of technical provisions express an opinion on the overall underwriting and reinsurance policy contribute to the effective implementation of the risk management system Fit and Proper Requirements Internal Control Internal Audit Actuarial Function Risk Management
Governance – Risk Management Date Governance – Risk Management Management Body Companies should have an effective risk management system comprising strategies, processes and procedures necessary to identify, measure, monitor, manage and report the risks they face. It needs to be integrated into the decision making process of the company. The management body should have the ultimate responsibility for ensuring that the implemented risk management system is suitable, effective and proportionate to the nature, scale and complexity of the risks. Fit and Proper Requirements Internal Control Internal Audit Actuarial Function Risk Management
Tasks of the Risk Management Function Assisting the management body in the effective operation of the risk management system Monitoring the risk management system Maintaining an organisation-wide and aggregated view on the risk profile of the company Reporting details on risk exposures and advising the management body with regard to risk management matters Identifying and assessing emerging risks
Risks To Be Covered by Risk Management Underwriting Risk The risk of loss in the value of insurance liabilities, due to inadequate pricing and provisioning assumptions Market Risk The risk of loss in the financial situation resulting from fluctuations in the level and in the volatility of market prices of assets, liabilities and financial instruments Credit Risk The risk of loss in the financial situation, resulting from fluctuations in the credit standing of counterparties or issuers of securities Operational Risk The risk of loss arising from inadequate or failed internal processes, personnel or systems, or from external events Liquidity Risk The risk that the company is unable to realise investments and other assets in order to settle its financial obligations when they fall due Concentration Risk All risk exposures with a loss potential which is large enough to threaten the financial position of the company
Effective Risk Management System Date Effective Risk Management System Clearly defined and well documented Risk management strategy should include: risk management objectives key risk management principles general risk appetite assignment of risk management responsibilities across all the activities of the company It should be consistent with the company’s overall business strategy. Adequate written policies Appropriate processes and procedures Appropriate procedures and feedback loops Appropriate management reporting
Effective Risk Management System Date Effective Risk Management System Clearly defined and well documented Written risk management policies should include: definition and categorisation of the material risks faced by the company definition of acceptable risk limits implementation of risk strategy and control mechanisms Written policies should at least cover: underwriting and reserving asset–liability management (ALM) investments liquidity and concentration risk management operational risk management reinsurance Adequate written policies Appropriate processes and procedures Appropriate procedures and feedback loops Appropriate management reporting
Effective Risk Management System Date Effective Risk Management System Clearly defined and well documented Main risk management strategies and policies should be approved by the management body. Processes and procedures should include: risk identification risk assessment risk measurement risk monitoring risk reporting Adequate written policies Appropriate processes and procedures Appropriate procedures and feedback loops Appropriate management reporting
Effective Risk Management System Date Effective Risk Management System Clearly defined and well documented Information on the risk management system should be actively and continuously monitored and managed by the management body and by all relevant staff Adequate written policies Appropriate processes and procedures Appropriate reporting and feedback loops Appropriate management reporting
Effective Risk Management System Date Effective Risk Management System Clearly defined and well documented Material risks faced by the company and the effectiveness of the risk management system should be reported to the management body Adequate written policies Appropriate processes and procedures Appropriate procedures and feedback loops Appropriate reporting to the management
Supervision of the Risk Management System The company is required to demonstrate to the supervisor that it has an effective risk management system which is: capable of identifying, monitoring and mitigating both current and future risks in line with its risk tolerance levels. Stress testing and scenario analysis can be used to determine the effect of these risks. an integral part of its business strategy subject to regular internal review by the management body proportionate to the nature, scale and complexity of its business
Supervision of the Risk Management System The disclosure to the supervisor could include: material risks and their potential effects any perceived emerging risks to the company’s solvency position the scope and nature of risk and capital measurement systems the structure and organisation of the relevant risk and capital management systems details of organisational structure and staff responsible for the risk management system qualitative measures for risks which are not quantifiable, such as liquidity risk and operational risk
Thank you … Onur Acar, Ph.D. Mapfre Genel Sigorta Risk Manager