INSTRUCTIONS Guidance on formatting the beam is available in the notes pages of this document. 21March, 2012 Solvency II Main requirements

All Rights Reserved – Ernst & Young 2012 Solvency II Solvency II, a risk-orientated three pillar regime for insurance undertakings Solvency II Briefing 2 What is Solvency II? ► A fundamental review of the capital adequacy regime for the European insurance industry ► Establishes a revised set of market consistent EU-wide capital requirements and risk management standards. The latest developments point to implementation on 1 January 2014 (requiring a change to the approved Level 1 directive where implementation is by end October 2012) ► Targets an organisational model where capital and risk frameworks are embedded by insurers with decisions made in reference to the potential impact on the business (as provided by the internal model) in order to comply with ‘Use Test’ requirements Solvency I (current) ► Rules based ► Limited and non-prescriptive requirements for risk management ► Underlying liability valuation methods not consistent between EU member states ► Capital based on statutory measures e.g., ratios of premiums or liabilities Solvency II (future) ► 'Principles' based in theory; many rules in practice ► Significant risk management requirements ► Prescribed market consistent liability valuation methodology and cost of capital ► All margins for prudence held as capital ► Capital requirements based on probability models of risk

All Rights Reserved – Ernst & Young 2012 Solvency II Assets valued at market value Capital requirements SCR = First regulatory intervention point MCR = Final regulatory intervention point Technical provisions = best estimate of all future cashflows discounted at a risk free interest rate + risk margin Best estimate liability Risk margin MCR Free assets Assets Technical provisions SCR Market consistent balance sheet Overview

All Rights Reserved – Ernst & Young 2012 Solvency II Solvency Capital Requirement ► 1 year Balance Sheet shock using with 99.5% confidence ► Modular approach with multiple aggregation levels ► Risk modules are calculated through a combination of scenarios tests and factor based approaches ► Allowance in some risk modules is made for the impact of profit sharing and geographical diversification ► Deferred tax, profit sharing adjustments (Adj) and operational risk module are a final add on in the process Source: QIS 4 specification

All Rights Reserved – Ernst & Young 2012 Solvency II 5 Pillar 2 expectations on firms The key requirement of Pillar 2 is for firms to have a system of governance to “provide for sound and prudent management of the business” This system of governance “shall at least include an adequate transparent organisational structure with a clear allocation and appropriate segregation of responsibilities and an effective system for ensuring the transmission of information” Supporting this requirement are six key “aspects” based on conditions and functions which the Directive expects Firms to address and have in place: ► Conditions ► Fitness and propriety ► Outsourcing ► Internal control ► Functions ► Risk management function ► Internal audit function ► Actuarial function Pillar 2 also requires firms, as part of the risk management system that forms part of the governance arrangements to undertake an Own Risk and Solvency Assessment (ORSA) In addition to these requirements on firms, Pillar 2 also includes provisions for Supervisory review and action Governance arrangements demonstrate how well a firm is managed and therefore has a direct link to the regulator’s risk assessment of the business, which in turn will impact on the SCR loading. Technical Provisions MCR Minimum Capital Requirement Model Approval Pillar 1 Own Risk and Solvency Assessment (ORSA) Governance Arrangements Supervisory power and processes Pillar 2 Disclosure- Solvency and Financial Condition Report Market Discipline Pillar 1 Pillar 3

All Rights Reserved – Ernst & Young 2012 Solvency II 6 What is the ORSA A regular practice of assessing overall capital needs with a view to the firm’s specific risk profile that forms part of the risk management system. It is: ► an internal assessment process and as such should be embedded in strategic decisions ► a supervisory tool for the supervisory authorities The ORSA aims at enhancing awareness of the interrelationships between the risks the business is currently exposed to, or may face in the long term, and the internal capital needs that follow from this risk exposure The ORSA needs to be supported by an effective and robust escalation process paying particular attention to ► Functional escalation ► Risk exposures and the linkages to decision making The ORSA can be defined as the entirety of the processes and procedures employed to identify, assess, monitor, manage, and report the short and long term risks that the business faces or may face and to determine the own funds necessary to ensure that its overall solvency needs are met at all times. Risk management systems Executive Committee Supported by Risk Taking Business Units Strategy, risk appetite and policy Board Risk Modelling Function 1 st Line 2nd Line 3rd Line Own risk and solvency assessment Risk Management Function Compliance Function Actuarial Function Audit Committee Supported by Internal Audit Internal control framework The ORSA process for assessing and monitoring overall solvency builds on the Pillar I SCR calculation by articulating the firm’s view of required capital. It should form an integral part of the business planning of the organisation. A key challenge will be integrating the appropriate modelling approaches into the risk framework and ORSA

All Rights Reserved – Ernst & Young 2012 Solvency II 7 ORSA relationship with internal capital model and standard formula SCR Own Risk and Solvency Assessment (ORSA) Risks not considered by standard formula Aspects varying between business and regulatory (SCR) models Risks Liquidity, Reputational and Strategic risk are not included in the standard formula. If these represent a material risk they need to be included in the ORSA Liquidity risk Reputational risk Strategic risk Time horizon Confidence level Management actions Time horizon The time horizon used for business planning may differ from the time horizon for regulatory capital by internal model Confidence level A different confidence level to the SCR internal model may be used e.g rating confidence level Management actions Consideration should be taken of any agreed management actions that could influence the risk profile Stress and scenario tests Should be extensive in business planning for internal purposes Firms using models will be required to integrate these into the ORSA.

All Rights Reserved – Ernst & Young 2012 Solvency II 8 Requirements around risk management systems and internal controls Risk management systems Firm shall have in place a risk management system comprising strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report, on a continuous basis the risks, on an individual and aggregated level, to which they are or could be exposed, and their interdependencies. It shall include: ► A documented risk management strategy that includes the objectives, key principles, risk appetite and assignment of responsibilities ► Written policies that include a definition and categorisation of the risks faced by the firm, implement the undertaking’s risk strategy, facilitate control mechanisms and take into account the nature, scope and time horizon of the business and the risks associated with it ► Reporting procedures that ensure that risk information is continuously monitored ► A suitable ORSA process The risk management system shall be well integrated into the organisational structure and in the decision making process of the firm. Internal control framework An effective internal control framework, shall comprise a coherent, comprehensive and continuous set of mechanisms designed to secure at least the following: ► Effectiveness and efficiency of the firm’s operations in view of its objectives ► Availability and reliability of financial and non-financial information; and ► Compliance with applicable laws, regulations and administrative provisions Risk Management Systems Executive Committee Supported by Risk Taking Business Units Strategy, risk appetite and policy Board Risk Modelling Function 1 st Line 2nd Line3rd Line Own Risk and Solvency Assessment Risk Management Function Compliance Function Actuarial Function Audit Committee Supported by Internal Audit Internal Control Framework

All Rights Reserved – Ernst & Young 2012 Solvency II 9 Functional requirements Risk management function and compliance function Risk management function The Risk Management function must be objective and independent from operational functions. Its key tasks shall include: ► Assisting the Board in the effective operation of the risk management system, in particular by performing specialist analyses and performing quality reviews ► Monitoring the risk management system ► Maintaining an organisation-wide and aggregated view on the risk profile of the undertaking ► Reporting details on risk exposures and advising the Board with regard to risk management matters in relation to strategic affairs like corporate strategy, mergers and acquisitions and major projects and investments Risk management shall be responsible for the way in which an internal model is integrated with the internal risk management system and the day-to-day functions of the undertaking. It shall assess the internal model as a tool of risk management and as a tool to calculate the undertaking’s SCR Compliance function ► The internal control system shall secure the firm’s compliance with applicable laws and regulations ► The firm shall have in place a suitable control environment including a compliance function ► The compliance function shall not be placed in a position where there is a possible conflict of interest between its compliance responsibilities and any other responsibilities it may have ► The compliance function shall be able to communicate on its own initiative with any staff member and to obtain access to any records necessary to allow it to carry out its responsibilities ► There will be a compliance plan that ensures that all relevant areas of the firm are appropriately covered, taking into account their susceptibility to compliance risk ► The compliance function shall promptly report any major compliance problems it identifies to the Board Note: CEIOPS Issue Paper on Risk Management and Other Corporate Issues makes explicit reference to the Risk Modelling Function however the Issues Paper on Implementing Measures on System of Governance does not explicitly identify this as a Function a Firm must have. Risk Management Systems Executive Committee Supported by Risk Taking Business Units Strategy, risk appetite and policy Board Risk Modelling Function Own Risk and Solvency Assessment Risk Management Function Compliance Function Actuarial Function Audit Committee Supported by Internal Audit Internal Control Framework 1 st Line2nd Line3rd Line

All Rights Reserved – Ernst & Young 2012 Solvency II 10 Functional requirements Actuarial function and internal audit function Actuarial function Key tasks should include: ► To coordinate the calculation of technical provisions ► To ensure the appropriateness of the methodologies and underlying models used as well as the assumptions made in the calculation of technical provisions ► To assess the sufficiency and quality of the data used in the calculation of technical provisions ► To compare best estimates against experience ► To inform the administrative or management body of the reliability and adequacy of the calculation of technical provisions ► To express an opinion on the overall underwriting policy ► To express an opinion on the adequacy of reinsurance arrangements ► To contribute to the effective implementation of the risk management system in particular with respect to the risk modelling Internal audit function ► The Function shall carry out its assignments with impartiality. It shall be able to exercise its assignments on its own initiative in all areas of the undertaking ► The Function shall have the complete and unrestricted right to obtain information as well as having direct communication with any member of the undertaking’s staff ► Every activity and every unit of the undertaking shall fall within its scope and the function shall draw up an audit plan ► The Function shall at least annually produce a written report on its findings to be submitted to the Board. The report shall cover at least any deficiencies with regard to the efficiency and suitability of the internal control system as well as major shortcomings with regard to the compliance with internal policies, procedures and processes Risk Management Systems Executive Committee Supported by Risk Taking Business Units Strategy, risk appetite and policy Board Risk Modelling Function Own Risk and Solvency Assessment Risk Management Function Compliance Function Actuarial Function Audit Committee Supported by Internal Audit Internal Control Framework 1 st Line2nd Line3rd Line

All Rights Reserved – Ernst & Young 2012 Solvency II 11 September 2015 Solvency II - Pillar 3 Page 11 ► Description of the business and performance of the undertaking Overview of Pillar 3 Business overview & performance System of Governance Risk disclosures Valuation basis used for Solvency purposes Capital Management ► For each risk category: ► Risk exposure ► Concentration of risk ► Risk mitigation ► Risk sensitivity ► Description of the bases and methods used for the valuation of: ► Assets ► Technical provisions ► Other assets and liabilities ► Explain any major differences for the valuation in the financial statements ► Minimum Capital Requirement (MCR) and Solvency Capital Requirement (SCR) ► Structure and amount of own funds including quality ► Differences between the standard formula and the internal model used for the SCR calculation ► Analysis of any significant changes from previous periods and differences to elements in financial statements ► Capital add-ons ► Amount of non-compliance ► Description of the system of governance and an assessment of its adequacy for the risk profile of the undertaking Overview of Solvency II Draft Directive Pillar 3 requirements for public disclosures: Pillar 3 Directive requirements: ► Undertakings to publicly disclose, on an annual basis, a report on their solvency and financial condition ► Pillar 3 is not just about disclosing Solvency II numbers but includes requirements around the control levels and governance in place to ensure accurate financial reporting. The Directive requires that written policies should be in place to ensure the ongoing appropriateness of any information disclosed Additional guidance and further Pillar 3 development: ► There is additional guidance being issued on disclosure, but the exact requirements are not yet final

Ernst & Young Assurance  Tax  Transactions  Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 135,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve potential. For more information, please visit Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC and is a member firm of Ernst & Young Global Limited. Ernst & Young LLP, 1 More London Place, London SE1 2AF. © Ernst & Young LLP Published in the UK. All rights reserved.