MARKET NEWS, DATA AND INSIGHT ALL DAY, EVERY DAY
MONDAY 28 NOVEMBER 2016
ISSUE 4,739
Watson:
no change
in Sompo
Canopius
strategy
following CEO
departure
p3
Special report: Regulation Bermuda’s underwriting
to decline again after
Hurricane Matthew
p2
p4-7
Maritime Insurance
Accurate risk assessments and marine underwriting
with market-leading vessel intelligence
For more information, visit
info.lloydslistintelligence.com/insurance
LLI Insurance 260x70.indd 1
01/09/2016 11:08
2
www.insuranceday.com | Monday 28 November 2016
NEWS
Market news, data and insight all day, every day
Insurance Day is the world’s only daily newspaper for the
international insurance and reinsurance and risk industries.
Its primary focus is on the London market and what affects it,
concentrating on the key areas of catastrophe, property and
marine, aviation and transportation. It is available in print, PDF,
mobile and online versions and is read by more than 10,000
people in more than 70 countries worldwide.
First published in 1995, Insurance Day has become the favourite
publication for the London market, which relies on its mix of
news, analysis and data to keep in touch with this fast-moving
and vitally important sector. Its experienced and highly skilled
insurance writers are well known and respected in the market
and their insight is both compelling and valuable.
Insurance Day also produces a number of must-attend annual
events to complement its daily output. The Insurance Day
London Market Awards recognise and celebrate the very best
in the industry, while the Insurance Technology Congress
provides a unique focus on how IT is helping to transform the
London market.
For more detail on Insurance Day and how to subscribe or
attend its events, go to subscribe.insuranceday.com
Insurance Day, Christchurch Court, 10-15 Newgate Street,
London EC1A 7HD
Market faces a
third consecutive
year of worsening
performance
Editor, news services: Scott Vincent
+44 (0)20 7017 4131
[email protected]
Reporter: Rebecca Hancock
+44 (0)20 7017 5570
[email protected]
Global markets editor: Graham Village
+44 (0)20 7017 4020
[email protected]
Global markets editor: Rasaad Jamie
+44 (0)20 7017 4103
[email protected]
Head of subscriptions: Carl Josey
+44(0)20 7017 7952
Key account manager: Abby Straker
+44(0)20 7017 7299
Account manager: Matthew Smith
+44(0)20 7017 7894
Business development manager: Toby Nunn +44(0)20 7017 4997
Advertising/events: Jefferson Emesibe
+44(0)20 7017 4061
Head of production: Liz Lewis
+44 (0)20 7017 7389
Production editor: Toby Huntington
+44 (0)20 7017 5705
Subeditor: Jessica Sewell
+44 (0)20 7017 5161
Events manager: Natalia Kay
+44 (0)20 7017 5173
Editorial fax:
+44 (0)20 7017 4554
Display/classified advertising fax:
+44 (0)20 7017 4554
Subscriptions fax:
+44 (0)20 7017 4097
All staff email: [email protected]
Insurance Day is an editorially independent newspaper and
opinions expressed are not necessarily those of Informa UK
Ltd. Informa UK Ltd does not guarantee the accuracy of the
information contained in Insurance Day, nor does it accept
responsibility for errors or omissions or their consequences.
ISSN 1461-5541. Registered as a newspaper at the Post Office.
Published in London by Informa UK Ltd, 5 Howick Place,
London, SW1P 1WG.
Printed by Stroma, Unit 17, 142 Johnson Street, Southall,
Middlesex UB2 5FD
© Informa UK Ltd 2016.
No part of this publication may be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means electronic, mechanical, photographic, recorded or
otherwise without the written permission of the publisher
Table 1: Bermudian* market financial highlights, first nine months
Total ($m)
†Change (%)
Gross written premium
47,329
10.8
Net written premium
37,101
7.9
Underwriting result
3,396
(11.4)
Graham Village
Investment income
3,062
16.1
Global markets editor
Realised gains
1,569
Loss in 2015
Net result
4,670
15.9
73,145
‡5.4
H
Editor: Michael Faulkner
+44(0)20 7017 7084
[email protected]
of Insurance Day.
Bermuda’s underwriting
to decline again after
Hurricane Matthew
urricane Matthew provided
an unwelcome, early fourthquarter loss for the Bermudian reinsurance market,
putting the sector on course for its third
consecutive year of deteriorating underwriting performance.
Initial marketwide estimates for Matthew are within a wide band of up to
$9bn, with XL and Everest Re estimating maximum losses of $200m at the top
end of the range.
For most firms, Matthew is likely to
prove one of the year’s two major cat
losses, the other being the Canadian
wildfires. The fourth quarter could well
also see moderate claims from November’s quakes in New Zealand and Japan.
Even with a fairly light loss record
in the third quarter, most Bermudian
companies reported an increase in major losses for the nine months compared
with the same period of last year.
Underwriting profit recorded by 17
companies associated with the market
over the nine months fell 11.4% and
followed a reduction of about the same
magnitude for the 2015 period compared
with the first three quarters of 2014.
It has been a good run since the major
losses of 2011 put the market into the red
that year for underwriting activities.
The market’s overall performance
over the three quarters of this year was
helped by stronger investment income
and, more importantly, realised gains
rather than losses. Consequently, net
profit rose 15.9% to nearly $4.7bn.
Cat losses are up but com­
panies
are also struggling with poor rating
in most lines of business, as well as
the impact of diversification into other classes that offer less scope for the
kind of outsized underwriting profits
property cat cover has delivered in recent years.
Although increased on last year’s low
level, cat losses are not high by historical standards. Bermudian companies
Shareholders’ funds
*sample of 17 companies commonly associated with Bermudian market
†compared with first nine months of 2015
‡increase since December 31, 2015
Source: company filings and announcements/Insurance Day database
Table 2: Billion-dollar Bermudian acquisitions this year
Acquirer
Exor
Sompo Japan
Arch
China Minsheng
Investment
Target
Notes Price ($m)
PartnerRe
European investment group
has completed its takeover
6,900
Endurance
Follows Japanese company’s
Canopius takeover of 2013
6,300
AIG
Arch is buying mortgage unit
United Guaranty
3,400
White Mountains
Purchase of reinsurance
unit Sirius
2,592
Source: Company announcements/Insurance Day M&A database
are on track to produce another year
of relatively low combined ratios, out­
performing the wider market.
Last week Swiss Re estimated the
overall reinsurance sector would deliver a combined ratio of about 93% to 94%
this year, but after accounting for the
unusually low major loss levels and reserve releases the true, underlying ratio
would be nearly 99%, the reinsurer said.
Rates are still falling but many companies reported a slowing down in the
pace of reduction, even for property cat
business. Still, capital levels have continued to climb this year, rising 5.4%
over the nine months for the Bermudian sector to more than $73bn.
The global reinsurance industry has
registered a 50% increase in capital, including unrealised gains, since the end
of 2009, according to Swiss Re. Over
the same timeframe, earned premiums
have risen 30%. Surplus capital continues to hamper returns.
Combined ratios are edging up in Bermuda as companies expand into new
lines of business and new territories.
Nine-month ratios at Allied World’s
three main divisions were reinsurance
80.4%, North American insurance 94.8%
and global markets insurance 121.7%.
RenaissanceRe’s divisional ratios
were cat reinsurance 38.4%, specialty
reinsurance 96.2% and Lloyd’s 90.8%.
But reinsurers remain under pressure to diversify and broaden their
accounts. That is one of the factors driving the acquisition wave that has seen
Bermuda involved in deals with a total
value of more than $21bn this year so
far, including Arch’s $3.4bn bid for
AIG’s mortgage unit United Guaranty.
Arch entered the mortgage insurance market in 2010 and has developed
organically as well as through the acquisition of CMG and the assets of the
associated PMI platform in 2014.
But the United Guaranty purchase
will propel the group’s mortgage account into a new league, becoming the
largest private mortgage insurer in the
US. The expanded mortgage operation
will account for 24% of Arch’s overall
account, with primary insurance taking
a 51% share and reinsurance 25%.
Companies House tomorrow brings
full detail on the performance of the
Bermudian market over the nine
months and looks further at the impact
of diversification.
www.insuranceday.com | Monday 28 November 2016
3
NEWS
Watson: No change in Sompo Canopius
strategy following CEO departure
Planning for Endurance integration has not
commenced, executive chairman says
Michael Faulkner
Editor
S
ompo Canopius will continue the strategy put in place
by former group chief executive Stuart Davies, the
Lloyd’s insurer’s executive chairman, Michael Watson, has said.
Speaking to Insurance Day, Watson, also said no decisions had
been made about how the business would be integrated with Endurance, which parent Sompo has
agreed to acquire.
Watson took on executive responsibilities at the carrier following the surprise departure of
Davies last week.
The company said Davies, who
joined in August 2015, had decided to step down.
Watson acknowledged Davies’
“dedication to the success of Sompo Canopius” and said he had “led
the charge” in repositioning the
insurer’s book of business. “Stuart put in a place a strategy to
increase profitability and reduce
volatility,” he said.
But Watson declined to elaborate on the reasons for Davies’
departure. However, with Sompo’s impending acquisition of
Endurance Specialty Holdings,
which will be integrated with
Sompo Canopius, Davies is likely
to have felt his leadership position under threat.
Waston said his focus until
the acquisition of Endurance
completes early next year is
to “continue the work of making Sompo Canopius one of
the best-performing syndicates”.
“We will continue down the path
Stuart has chosen,” Watson added.
Davies had recently completed
a strategic review of the Lloyd’s
insurer, which Sompo acquired
in 2014, refocusing the company’s portfolio towards property
catastrophe business balanced
with “high-margin non-correlating classes”.
This included making some senior hires, such as former Aspen
executive Bernie de Haldevang
and Mike Southgate, who was active underwriter at Montpelier,
as well as entering new markets
such as US ocean marine.
Sompo plans to create a global
international business platform
following the $6.3bn acquisition
of Endurance. The integration will see the creation of a new holding company
led by Endurance chairman and
chief executive, John Charman,
with a single subsidiary operating
company for each of the Lloyd’s,
Michael Watson: said
focus was to ‘continue the
work of making Sompo
Canopius one of the bestperforming syndicates’
reinsurance and US businesses.
The various operating platforms
of Sompo Canopius will be merged
into the new structure.
Watson said integration planning had not commenced. “It
is not appropriate [to do so] and
it is not happening yet,” he said. He also refused to be drawn
on his potential role in the new
structure.
Watson founded Canopius leading it for 14 years until Davies was
appointed to the role.
S&P: India ‘no walk in park’ for foreign reinsurers
Foreign reinsurers will find it difficult to develop profitable business in India in the short-term,
Standard & Poor’s (S&P) has said,
writes Michael Faulkner.
The rating agency said the influx of foreign reinsurers into
India could drive down rates
putting pressure on underwriting returns.
But S&P said there were still
“opportunities” for reinsurers
willing to invest for the long-term.
Foreign reinsurers are queuing
up for licences to operate in India, seeing the country as a strong
growth market.
Munich Re, Swiss Re, Hannover
Re, Scor, Lloyds, and RGA are understood to have received initial
licence approvals, while XL Catlin and Gen Re have submitted
their licence applications. India’s
regulator, the Insurance and Regulatory Development Authority
of India (IRDAI), expects some
branches to commence operations in early 2017.
S&P said there were challenges
for firms in the short-term. “India won’t be a walk in the park
for foreign reinsurers,” the rating
agency said.
“The non-life insurance industry has been racking up underwriting losses for many years. We
believe the market will remain
extremely competitive, placing
severe downward pressure on
rates. For business lines that rely
on reinsurance capacity, the influx of foreign reinsurers could
drive rates down further.”
The net combined ratio of the
Indian non-life market has been
above 100% since 2000. In 2014/15
the net combined ratio was 114%.
But S&P said the market still
presented opportunities for foreign insurers “with sophisticated
product development and strong
technical underwriting expertise,
which are also willing to invest
for the longer term”.
“We expect foreign reinsurers
will gradually develop underwriting expertise, which will lead to
a wider range of products better
suited for the market that draw
on the companies’ global experience,” S&P said.
According to Lloyd’s, India’s
specialty market is expected to
grow from $2bn to $6bn by 2025.
GIC Re, the only India-based reinsurer of any significance, has an
advantage over foreign companies
because of its local relationship
and the fact Indian insurers must
consider domestic reinsurers first.
“While GIC Re will have first
right of refusal, having a branch
presence in India gives foreign insurers preference over overseas
reinsurers,” S&P added.
Earlier this month, Paris-based
reinsurer Scor received partial
regulatory authorisation to establish a branch in India. Scor
expects to start underwriting
with effect from the April 1, 2017
renewals and will establish the
branch office as soon as it receives
R3 authorisation.
Lloyd’s also announced it had
secured R1 approval from the IRDAI and will open a branch in India in March next year.
At the time, Lloyd’s chairman,
John Nelson, said India is one of
the greatest growing economies
and a diverse reinsurance market is “fundamental to the stability and future growth of the
Indian economy”.
“A level playing field for all reinsurers will mean the domestic
market can thrive and become a
hub for innovative new products
that meet the need of businesses,”
he added.
Indian regulator forms committee
on reinsurance cessions
The Indian regulator has formed
a committee to draft guidelines
on reinsurance cessions, writes
Michael Faulkner.
The committee will include representatives from Lloyd’s, Marsh
India, Munich Re and GIC Re.
There will also be representatives from New India Assurance,
ICIC Lombard, Aegon and Max
Bupa Health.
The Insurance Regulatory and
Development Authority of India
(IRDAI) said the committee would
develop “clear-cut guidelines for
the smooth implementation and
operation” of the order of preference rules for reinsurance cessions
in Indian insurance regulations.
This will include the procedure
for seeking best terms and the
timelines for offering best terms.
Last year, the IRDAI published
regulations for foreign reinsurers that are setting up branches
in the country.
The rules required cedants to
offer participation in reinsurance programmes to reinsurers
in an order of preference. Domestic reinsurers are favoured
ahead of the local branch operations of foreign reinsurers.
4
www.insuranceday.com | Monday 28 November 2016
www.insuranceday.com | Monday 28 November 2016
5
SPECIAL REPORT/ REGULATION
Silent cyber threat Underwriting in the shadow of a geopolitical vortex
The consequences of geopolitical
developments for managing the
operational, underwriting and
other risks around regulatory
developments for international
insurers will be profound
Insurers’ understanding of the cyber risk environment
is coming under scrutiny as regulators fear cyber
could pose a systemic threat to the market
Steve Williams
Moore Stephens
T
he growing role of technology within the industry has been set at a
dizzyingly steep incline
for some time now and the biggest
challenge facing insurers in 2017 is
how to tread the fine line of tackling the cyber risk threat from both
sides of the business equation.
Insurers need to become increasingly alert to the cyber risks
facing them both externally and
internally to avoid falling off the
cyber precipice next year. Balancing the demands of this dichotomy could well prove to be
the defining difference between
insurers that successfully weather the cyber onslaught and those
that fall foul of the regulator or
risk reputational damage.
External cyber risks
Are insurers asking the right questions about exactly what defines
cyber? At present it looks to be
categorised by much of the market
as risks simply connected to technology and connectivity, but there
is a need to clearly define what
the industry means when it talks
about cyber risk. This issue of lack
of definition has now become stark
as the Prudential Regulation Authority (PRA) raises concerns about
“silent” cyber – cyber risks insurers
are already covering implicitly.
The PRA’s concern is there are
cyber risks the industry has not
recognised and that policies in areas such as motor, with the rise of
smart cars and smart technology
on road networks, and health, with
the growing use of technology in
implants, for instance, are unintentionally covering cyber risks as
there is no specific exclusion or recognition in the policy for the threat.
The fear remains if the industry
is not looking at policies and asking whether there is a cyber risk
and how best to approach that
risk, then the threat could come
back to haunt insurers.
This is likely to have knock-on
impacts for the customer. Policyholders will have to prove they
are aware of the cyber risks they
face and are taking steps to manage that risk. The expectation is
insurers will start to ask more
detailed questions of their clients
as they look to understand the
cyber risk environment as regulators continue to be concerned
cyber could pose a systemic threat
to the market.
Internal cyber risks
The pressure for insurers to address the way in which they approach their policyholders’ cyber
risks also comes at a time when
insurers need to ensure full compliance with a myriad of sweeping data protection rules that will
be coming into effect. Next year
will see insurers attempt to ensure readiness for the implementation of the European General
Data Protection Regulation and
the UK Data Protection Act (UK
DPA). Non-compliance carries
significant penalties. For the DPA
the maximum fine is £500,000
($622,842) for a serious breach,
while under European regulations
that fine can be €20m ($21.2m) or
4% of the global annual turnover,
whichever is greater. It presents a
significant change to the value of
the security risk faced by insurers.
The European regulations and
the UK DPA have similar aims, but
the mechanisms behind achieving
those aims are significantly different. In an ever-more globalised
supply chain the European directive will apply to any business
around the world that handles the
data of EU nationals. While under
the UK act the insurers have the
responsibility and accountability
to ensure any third party is meeting the required standards when
handling its data, the European
rules also place the accountability
on the third-party processors.
There is also a requirement to
notify the relevant authority of a
privacy breach within 72 hours of
becoming aware. While the notification requirement may well not
be seen as too onerous, the biggest
challenge will be whether firms
have the systems in place to be
able to detect data breaches.
Insurers will need to ensure
they are putting the processes into
place to meet the European regulations in the coming year, as they
cannot afford to wait until the
eleventh hour to ensure systems
are compliant and robust enough
to meet the requirements.
It is clear the industry will need
to understand how cyber affects
their policyholders, exposures and
internal systems. It is highly likely
firms will need to have the skills to
unpick the problems if, and when
they arrive and there is already a
well-publicised shortage of those
with the capabilities to do so.
Next year will require insurers to examine how technology is
changing the way we do business
and how we live, then understand
the risks this poses to client and
company alike. n
Steve Williams is a partner and
leader for technology risk and
regulation at Moore Stephens
Suki Basi
Russell Group
A
nyone
who
lived
through
the
1980s
might tell you it did not
appear to be a particularly remarkable decade at the
time but on reflection it was, of
course, a period of tumultuous
transformation. Under the shadow of nuclear Armageddon, the
decade that began with Reagan
and Thatcher laid the foundations
of a new post-war neo-liberal economic settlement and caused the
conditions for the end of the Cold
War – part one, at any rate.
This decade shares some similarities with the 1980s, however,
not the least of which is a new
male president in the US and
female prime minister in the UK.
This partnership and the wider
cultural, economic and political
shift symbolised by Brexit threatens to create a geopolitical vortex
that is going to disrupt post-war
bodies, regulatory frameworks
and trading relationships.
US president Barack Obama
meets president-elect Donald
Trump in the Oval Office of
the White House
© 2016 Pablo Martinez Monsivais/AP
The immediate consequences for managing the operational, underwriting and other risks
around regulatory developments
for international insurers will be
profound. At a geo-political level,
Donald Trump has already outlined his policy plans for his first
100 days in office and vows to issue a note of intent to withdraw
from the Trans-Pacific Partnership “from day one.”
Solvency II
Meanwhile at the insurer regulatory level, the introduction of Solvency II, throws up the challenge
of new rules that affect US companies that are not considered to
be subject to an equivalent regulatory regime. The hope was that
a bilateral trade deal covering
reinsurance – the covered agreement negotiation between the EU
and the US – could resolve the issue, resulting in zero collateral
on both sides. The worry is the
election of the president-elect will
result in a deal being put on the
back-burner as the US adopts a
more protectionist approach.
As the same time, the problem
with the Solvency II regime is that
it is a “one size fits all” approach.
Whether you are a multinational
with 10,000 employees or a smaller insurance company with 50 to
100 employees, you have to apply
the same rules. These are hard
enough for a large company that
can employ a team of actuaries
and other specialists, but for a
small company these rules are
It is as though we are in a Back to the
Future kind of world, where Biff is the
president and we are one step away
from the fear of nuclear Armageddon
while at the same time being free as
ever – or are we?
often unnecessary or far too complex to address directly.
The legal and regulatory risk
framework is becoming increasingly complex while protectionism grows in credibility as a
potential tool in the legislative kit
box. According to Robert Nijhout
from the International Credit and
Surety Association to identify
countries that are going to perform better than others one needs
to look for a couple of indicators:
the first is a stable and reliable
currency, the second a working legal framework and the third is allowing trade flows to be sustained
with as few trade barriers - or
as few as possible in place. “The
more protection there is, the more
difficult it is to trade and the more
vulnerable an economy is to any
shock wherever that comes.”
The impact of the impending
European General Data Protection
Regulation (GDPR) also has implications for insurers. GDPR is the
“upgrade” to the Data Protection
Directive (implemented in the UK
under the Data Protection Act) and
comes into force in May 2018.
According to one insurance consultant, if you are a UK-based firm
that thinks this is a piece of EUoriented legislation and you do not
have to implement, think again.
The UK will not “Brexit” before
May 2018 (when GDPR comes into
force) and even post-Brexit, it is
likely the UK will maintain equivalence with legislation like GDPR to
ensure UK firms can sell products
and services to EU residents.
New norm
International markets will also be
affected, where uncertainty becomes the new norm and business
risk is heightened. This vortex
will create winners who innovate,
de-risk and make decisions in real
time, by harnessing data, technology and analytics. As ever, popular culture as
embodied by the world of advertising is as good a way of any of
informing the state of the world
today, for example, Insurance Day
readers familiar with the latest
PayPal advert will have picked
up on its theme of progress –
“new money” fostered by technology innovation. “Move over
old money, there’s a new money
in town,” the advert says and the
message is clear: in today’s world
of disruption we need to continually innovate.
The effects of the vortex I describe will foster a culture of free
entrepreneurial spirit that will
paradoxically generate and share
wealth in a new order combining policies from the right and
left, but in a non-politically correct way. You will forgive me if I
extend my 1980s metaphor but
it is as though we are in a Back to
the Future kind of world, where
Biff is the president and we are
one step away from the fear of
nuclear Armageddon while at
the same time being free as ever
– or are we? n
Suki Basi is chief executive of
Russell Group
New EU network security directive to drive cyber demand growth
The EU data protection regulation is not
the only law to impact the cyber market
Jamie Monck-Mason
Willis Towers Watson
M
uch store has been
set by the increased
enforcement powers
of data protection
regulators under the EU General
Data Protection Regulation (GDPR)
– fines of up to an eye-watering
4% of annual global turnover or
€20m ($21.2m).
That strapline may well have
done a valuable job in getting
the attention of C-suite decision-makers, but the reality is
it represents the tip of the iceberg in terms of forthcoming
regulatory developments impact-
ing the technology, media and telecommunications (TMT) sector.
Technology companies are right
to take the regulatory obligations
imposed by the GDPR seriously;
not least the application to data
processors of the sort of obligations
hitherto imposed only on data
controllers.
Broadly speaking, data processors will be subject to precisely
the same onerous obligations in
terms of safeguarding EU data
subjects’ rights and freedoms as
will data controllers – rights which
will now include the much-vaunt-
ed ‘“right to be forgotten” as well
as rights to data portability and to
object to profiling.
Similarly, those attention-grabbing
fines mentioned earlier will apply
to data processors, as will the requirement to notify personal data
breaches1 posing a high risk to, for
example, a data subject’s right to
privacy or to quiet enjoyment of
property or money.
NIS directive
But the advent of the GDPR –
which will apply direct in each
member state from May 25, 20182
– has tended to overshadow and
obscure the similarly timed introduction of the Network and Information Security (NIS) Directive
(sometimes known as the Cyber
Security Directive).
The NIS Directive came into force
in August and will have to be enacted by national legislation within 21
months of then.
It will impose obligations on the
providers of “essential services” and
“digital service providers” (DSPs) to
take appropriate measures to ensure the security of their network
and information systems and man-
age the impact of cyber “incidents”
so as to minimise any interruption
to services.
Such organisations will, moreover, be required to notify such
incidents (not merely personal
data breaches, as in the case of the
GDPR) to the national competent
authority or computer security incident response teams without undue delay – in the case of DSPs if
the incident is likely to have a “substantial” impact on the provision
of the digital services in question
(and in the case of essential services if it is likely to significantly
impact the continuity of the essential services).
When an essential service provider relies upon a DSP for the provision of its services, the obligation to
notify such incidents will remain
with the former (so it will be important to ensure DSP contracts
require the DSP to inform the essential service provider).
Each member state will have to
identify, by list, the providers of services it considers to be “essential”3,
but the categories will include digiContinued on p7
>>
6
www.insuranceday.com | Monday 28 November 2016
www.insuranceday.com | Monday 28 November 2016
7
SPECIAL REPORT/ REGULATION
Bringing shadow IT into the fold
of Solvency II, the difference between good data and bad data
can mean the difference between
a policy being underwritten or
not. With data increasingly being
shared throughout the insurance
value chain, the impact of bad
data can be spread.
Regulatory requirements are becoming more global in nature, but
too many insurance companies are still dealing with regulation in a
piecemeal fashion as opposed to implementing a holistic framework
Darren Wray
Fifth Step
A
sk any board member
from a re/insurance
company what governance risk and compliance means to them and a series of
wearisome acronyms soon trip off
their tongue. We have all become
far too familiar with SOX, Lloyd’s
minimum standards, Solvency II
and Dodd-Frank. What about DPA,
Fatca, CASL, Hippa, Copa, FCPA,
Piedia? The wave of regulatory
acronyms is threatening to mutate
into a tsunami. All this and then
we have the joys of GDPR (the EU’s
General Data Protection Regulation) just around the corner.
While these regulations have
their own requirements, they all
have at least one thing in common: most of the organisations
that have implemented responses
to regulatory measures have done
so as a “one-off” project and then
operated in a silo thereafter. There
is another, better way, however, to
approach and implement governance, risk and compliance (GRC).
It can be done by implementing
a holistic GRC framework that allows your organisation to understand both the present and future
requirements, while deploying
a capability that meets existing
needs in a way that is appropriate
and proportionate to the business.
A GRC framework is the combination of an assessment, processes, systems, reporting and
auditing that when combined
allows organisations to recognise similarities in national and
international regulatory requirements. A holistic GRC framework
allows different regulatory requirements (for example, capital
and controls, taxation, data use
and protection) to be documented, recorded, monitored, and audited under the same framework.
The benefit of the holistic approach is it helps organisations develop their responses to regulatory
requirements in a way that plans
for and allows the reuse of controls, mitigations, monitoring and
reporting where crossover exists.
There are positive benefits
to implementing GRC-inspired
change in business processes.
These include business process
optimisation, weeding out inefficiencies that have crept in over
time (or worse still have been in
place since the beginning). Make
sure the team implementing the
changes is cross-discipline and
open to the possibility of improvement. Most people are resistant to
Financial Conduct Authority:
the regulator’s thematic
review found many brokers
were failing to manage their
appointed representatives
Remember to demonstrate and
evidence: it is not good enough to
say something has been done; we
need to demonstrate and evidence
it was done, when it was done and
why it was done. This is particularly relevant in the case of capital
and control regulations but is also
a requirement for data protection
regulation (something that is only
going to get stronger with the introduction of GDPR in 2018).
change so it is essential to foster
an open minded culture that recognises its own weaknesses.
Crossover areas
There are common threads and
areas of crossover between many
of the new regulation and regulatory requirements.
Practice data protection as a
whole: The number of countries/
jurisdictions implementing data
protection (the EU, Singapore,
Canada, Australia and the Philippines, to name just a few) share
common threads, as well as a
common base of the EU data protection directive.
Increase the importance of data
and data quality: many regulatory
requirements (SOX, FATCA, DPA,
Solvency II) have an increased
focus on data quality. In the case
When it comes to developing a
GRC framework, an organisation’s
chief information officer (CIO) is
key to successful implementation.
As well as implementing enterprise systems, system and data
security, modern CIOs innovate
solutions that improve the efficiency of the operation through
automation, simplification of key
processing systems and improvements to business processes.
Shadow IT is the term given
to systems, particularly spreadsheets, access databases, which
Information: the chief
information officer plays a
key role in developing an
organisation’s governance, risk
and compliance framework
are recognised as a threat to GRC.
Shadow IT typically starts with
the best of intentions: a department wants to do some analysis,
or capture information not available in the enterprise. Often those
systems will grow, adding additional data or capabilities and
become vital to the operation of
the department while being used
to make or support business decisions. Ensure your CIO is looking
at ways to bring shadow IT into
the fold, and the correct controls
are in place (even something as
simple as critical spreadsheets
being backed up often enough can
get missed).
Regulation and compliance will
play a major role in the change
agenda for 2017 and don’t forget
to include GDPR in this list. Understand the 2017 GRC change
agenda, and use any projects that
are being implemented in silos
as an opportunity to implement
a holistic framework. Now is the
time to identify business process
improvement opportunities.
Be innovative in your solutions
but above all make use of a cross
discipline group, to get the best results, and make sure that the CIO
is part of this team. n
Darren Wray is chief executive of
Fifth Step
Appointing the right representative
Brokers are now
coming under
pressure
to have robust
systems in
place to ensure
their appointed
representatives
understand
their role
and, more
importantly,
their
responsibilities
Steve Lockwood
Belinos
T
he thematic review by the
Financial Conduct Authority (FCA) makes for grim
reading for companies that
have responsibility for appointed representatives. One-third of
brokers have been deemed to be
operating badly, even appallingly,
another third were said to be managing their appointed representatives fairly well with remaining
third seen to be managing their appointed representatives adequately.
These figures were, on the whole,
for the larger national broking network operations.
The conclusion was when it comes
to appointed representatives, brokers
need to seriously up the ante in terms
of how they are managed. While the
benefits of appointed representatives
are widely understood what is becoming increasingly clear is brokers
have for a number of reasons been
either unable or unwilling to manage
them properly, often to the detriment
of the underlying client.
While the thematic review may
have delivered its verdict, brokers
should not be thinking that a line
has been drawn under the issue, far
from it. The FCA will not rest on its
laurels. As its follow-up “Dear CEO”
letter made clear, it will continue
to turn up the pressure on brokers
to ensure that its views have been
heard and implemented until it is
satisfied that appointed representatives are being correctly managed
and that brokers have put in place
robust systems to ensure that their
appointed representatives understand their role and more importantly their responsibilities.
It will involve brokers needing
to have a far better handle on what
their appointed representatives are
doing day to day, and the onus on
brokers to put a structure in place
that can be demonstrated to the FCA
will become ever more tangible.
Indeed, what has become clear is
that the senior management at broking firms will be charged with ensuring they are fully aware of how their
appointed representatives are managed, and to know what, if any, are the
issues that need to be remedied and
what steps are being taken to do so.
No choice
Brokers have to face the fact they
have no choice in the matter other
than in how they deliver the management of appointed representatives in what they perceive to be a
radically changed regulatory environment. (In fact the regulatory environment hasn’t changed at all, but
the thematic review makes clear the
failings of broker-principals within
that environment). Put quite simply they can resource
up or they can look to outsource
those compliance responsibilities.
Bringing in permanent resources
to beef up your compliance responsibilities may well seem the best
option as it creates a full time monitoring capability within the organisation. But it also brings with it the
challenge of ensuring that a broker’s
senior management is competent to
know what its compliance department and staff are supposed to be
doing on a daily basis. In addition,
a broker’s appointed representative
operation is subject to change.
As we have seen many times in
the past, a large number of appointed representatives use the role as
a stepping stone to their own ambitions to move to become a fully
regulated independent operation in
their own right.
The size and number of appointed representatives a broker has to
manage can change dramatically
and if there is a sudden reduction in
numbers, resourcing up internally
can become an expensive gamble
that has failed to pay off.
Outsourcing
Outsourcing, handing over the
oversight of how your firm is managing its appointed representatives,
therefore can be viewed as providing a more flexible structure for a
broker when it comes to the costs
of compliance.
Indeed, the ability to increase or
decrease the level of compliance to
reflect the changes needed at any
particular point of time is a positive
attraction for the outsource option.
For certain principal firms there
may well also be a need to deliver
call centre monitoring to ensure that
your appointed representatives are
fully managed and monitored which
will deliver benefits to both the principal’s business and its clients.
Compliance monitoring can also
act as a significant part of a broker’s
support system for its appointed
representatives. A robust compliance monitoring function can have
substantial levels of contact with
appointed representatives which
can only add to a broker’s operational management of its appointed
representatives.
It is clear that the issues with appointed representatives will remain
at the forefront of the FCA’s mind.
They are not going to take a step
back following the review. In fact it
is likely that it will continue to push
for improvements bringing with
it the need for brokers to have the
capability to understand what the
evolving regulatory regime means
specifically for their business.
Having written to every broker
CEO following the review to demand
that they get their act together, there
is no question that the FCA is expecting a vigorous and timely response
from the sector.
For the broker, it is now a question of the size and cost of that reaction. The buck now stops firmly with
the board. n
Steve Lockwood is managing
director at Belinos
Continued from p5
tal infrastructure providers such
as those providing “internet exchange points” (network facilities
enabling exchanges of internet
traffic between several autonomous systems), domain name
system service providers and
top-level domain name registries.
DSPs are not subject to national flexibility in identification:
they will include “online marketplaces”, online search engines
and cloud service providers. App
stores will be considered to be
DSPs, whereas price-comparison
sites, computer hardware manufacturers and software developers will not.
Distinction
A crucial distinction between the
NIS and the GDPR – touched on
above – is that the directive’s notification obligations extend beyond personal data breaches to
cover cyber incidents, including
outages affecting the provision
or continuity of services.
In the same way as the GDPR
is understandably expected to
increase demand for data protection insurance, so the NIS
Directive is likely to drive TMT
companies’ appetite for other cyber insurance covers.
The US experience has shown
us notification requirements
resulting in cyber incidents entering the public domain are
likely to increase the volume of
third-party claims.
Willis Towers Watson’s recently launched TMT Risk Index4 identified the major trends
affecting the sector are, first,
regulation and legal risks (of
which data protection regulation ranked first, then multimedia liability and anti-trust law),
followed by cyber attacks.
TMT boardrooms are right
to see regulation as a mega-trend affecting their sector,
but they should look beyond
the well-publicised GDPR to the
NIS Directive. n
Jamie Monck-Mason is executive
director of cyber and TMT at
Willis Towers Watson
1) Data processors must notify the data
controller of such breaches ‘without
undue delay’
2) The UK government has confirmed
the Brexit vote will not prevent the UK’s
adoption of the GDPR
3) It is possible the same organisation
could be deemed to be a provider of
essential services in one EU country but
not in another
4) Launched in May 2016, the TMT Risk
Index reveals the short- and long-term
risks expected to shape the sector
Marine
AGCS warns of increasing
cargo MGA
executive liability exposures Fiducia
launches
Non-compliance with laws and regulations the top cause of D&O claims
Rebecca Hancock
Reporter
D
irectors and officers are
“walking a managerial
tightrope” as the scope
of executive liability
continues to increase annually,
Allianz Global Corporate & Specialty (AGCS) has warned.
The insurer said there was a
growing trend towards seeking
punitive and personal legal action
against executives for failure to
follow regulations and standards,
which could result in costly investigations, criminal prosecutions
or civil litigation putting the company’s assets or their own at risk.
According to AGCS analysis,
non-compliance with laws and
regulations is now the top cause
of directors’ and officers’ (D&O)
claims, followed by negligence
and maladministration.
While the average D&O claim
for breach of duty costs more than
$1m, in large corporate liability
cases D&O claims can be valued in
the hundreds of millions of dollars.
AGCS said it had observed a
general trend for D&O claims to
be dismissed or resolved more
slowly, meaning lengthier litiga-
Boardroom: AGCS says
company executives are
‘walking a managerial
tightrope’ of liability
tion, increased defence costs and
higher settlement expectations.
As well as D&O litigation becoming lengthier and more costly, the
growth of cyber risk was putting
corporate leaders under greater
threat than ever of falling foul of
investigations, fines or prosecution over alleged wrongdoing.
The risk landscape for executives is further complicated by a
number of emerging perils, such
as liability around cyber attacks
and data privacy, the insurer said.
In the US several class actions
have already been filed related
to data breaches. Data protection
rules around the world are becoming increasingly tough, with severe
penalties for non-compliance.
AGCS has said it expects cyber
security-related D&O litigation
to increase predominately in the
US, but also in Europe, the Middle
East and Australia, “if there has
been negligence in any failure to
protect data or a lack of controls”.
Emy Donavan, regional head
of cyber liability North America
at AGCS, said: “Many directors
used to see cyber as an IT issue and not an exposure for the
Antares Asia launches legal
expenses business
Lloyd’s insurer Antares has appointed Mark Waters as legal
expenses underwriter to support
its expansion in Asia, writes Rebecca Hancock.
In his new role Waters will head
the newly created legal expenses
business reporting to Li Shan Yeo,
chief executive of Antares Asia.
Waters joins from Markel,
where he held the position of development underwriter. He has
previously held positions at Abbey Legal Protection and Capita
Insurance Services.
Yeo said: “Antares Asia has
grown since its launch by offering specialist products which reflect local markets, underwritten
by the very best in the field. Our
strategy is based on long-term,
sustained growth, led by marketleading figures able to drive expansion in niche areas.”
She added: “Mark’s extensive
experience in growing a successful and high-quality book of
business makes him an excellent
addition to our team.”
Antares was acquired by Qatar
Insurance Company in 2014 to
give the Doha-based firm a presence in the Lloyd’s market.
Antares now accounts for 15%
of QIC’s total business after growing premiums 16% to $233m.
board to consider but there is no
escaping cyber risks and directors
need to be adequately informed,
otherwise they will leave themselves exposed.”
To tackle the increase in executive risk, AGCS said directors
needed to develop a highly sophisticated risk management culture, such as instilling first-class
cyber and IT protection, keeping
records of all information relevant to a managerial role and
maintaining open communication with authorities, investors
and employees.
Private equity firm BP Marsh &
Partners has invested in marine
managing general agency (MGA)
Fiducia, writes Stuart Collins.
The company has invested
£75,000 ($93,411) in return for a
25% shareholding in Fiducia, a
Lloyd’s coverholder established
by Gerry Sheehy.
In addition to the equity investment, BP Marsh will also lend Fiducia up to £1.7m.
The MGA will provide marine
cargo, transit liability, engineering and terrorism insurance
through a panel of UK and London brokers. It is backed by
cap­acity from Hiscox and other
Lloyd’s syndicates.
Fiducia’s chief executive, Sheehy, has more than 30 years’ experience in the insurance industry.
Up until September 2015, he was
a founding shareholder and executive director of Northern Marine Underwriters.
“Regional brokers are becoming
increasingly aware of the opportunities that the class of business
represents and Fiducia has created a team which can meet the
needs of both the intermediaries
and their clients,” Sheehy said.
“We believe we will be able to
differentiate ourselves not only
by the quality of the products that
we have developed, but also by
the level of service that will support our policyholders and intermediary partners.”
Hong Kong: Antares Asia has
named Mark Waters legal
expenses underwriter