Solvency II Breakfast
Briefing
3 December 2015
Leading business advisers
© 2015 Deloitte
Solvency II and Internal Audit
Parameter Uncertainty
Aggregation and Dependency
Stress and Scenario Testing
Contract Boundaries – Non Life
Contract Boundaries - Life
Board Considerations
Internal Audit
Anlo Taylor, Senior Manager
© 2015 Deloitte
Solvency II Internal Audit
Overview
•
Impact of SII on Internal Audit
•
To note…
•
What are IA peers doing re SII
•
SII areas to consider for 2016 Audit Plans
4
© 2015 Deloitte
Solvency II Internal Audit
Audit ‘requirement’ shift
‘Self’ Regulation
Law
IIA Standards
IIA
recommendations
for Financial
Services Internal
audit
Solvency II
Directive
Internal Audit
Best Practices
Stakeholder
Needs and
Expectations
5
© 2015 Deloitte
Solvency II Internal Audit
Similarities between SII and IIA requirements
An internal audit function is a SII requirement (30) & to be appropriately
implemented as key function (guideline 5)
IA function can be outsourced (31) but have to allocate overall responsibility for
the outsourced key function in group. (guideline 50)
IA function can not be 'combined' with another function (32) & requires
independence at engagement performance level (guideline 32)
CBI should be informed prior to the outsourcing of internal audit function. (37)
(a49)
IA must have written policies for internal audit, implemented & reviewed at least
annually; prior approval by Board (a41)
IA function have to evaluate the adequacy and effectiveness of the internal
control system and other elements of the system of governance.
IA function has to have a IA policy ie. charter/terms of reference.
(guidelines 9 & 33)
Minimum 'tasks' for IA function:
- establish, implement and maintain audit plan & report plan to Board;
- risk-based approach in deciding its priorities;
- issue an internal audit report to the board with findings, recommendations,
owner & implementation date;
- remediation testing (verify compliance with agreed action plans)
(guideline 34 on IA tasks)
6
© 2015 Deloitte
Solvency II Internal Audit
To note…
• Internal Audit Assessment included in CP73 was not included in CP92, but in
practice the expectation is that it will be considered as part of the audit
universe. SII requires that u/takings must ensure that data used to calculate
technical provisions is accurate, appropriate and complete.
• The requirement for IA function automatically include requirement for PCF-13
• Most notable impact of SII is on insurance captives or subsidiaries of very large
insurance group, previously immaterial when group audit universe was defined
7
© 2015 Deloitte
Solvency II Internal Audit
2015 Internal Audit coverage of SII
8
© 2015 Deloitte
Solvency II Internal Audit
2016 Internal Audit Plans - coverage of SII
9
© 2015 Deloitte
Solvency II Internal Audit
SII areas to consider for 2016 Audit Plans
Pillar 1

Assessment of Reserving process (CP92/ CP73)
- Review of processes around preparation and submission of data provided to the
Actuarial Function and around the production of the booked reserves to provide
reasonable assurance that the data is accurate and complete
 Model Risk Management
- Review processes and controls around operation of the model – including
governance, segregation of duties, model maintenance and updates, data checks,
controls over third party elements.
Pillar 2

High level review of ORSA governance and processes
- Review of ORSA Policy against Solvency II requirements and market best practice.
- Review of ORSA process – governance, processes and procedures in terms of
production of the ORSA.
- Review whether the methodology used the ORSA has been appropriately
documented.
- Review evidence of stress and scenario testing considered as part of the ORSA to
ensure all key risks are captured.
- Review of Board input into the ORSA process and evidence of appropriate challenge
of the assumptions and results of the solvency assessment and developing
appropriate response strategies.
© 2015 Deloitte
10
Solvency II Internal Audit
SII areas to consider for 2016 Audit Plans
Pillar 3

Governance, processes and controls supporting P3 reporting

Gap analysis including compliance with Additional Insurance and Statistical National
Specific Templates and ECB add-ons (but need to be in early Q1),

Review of governance and process in respect of and quality of quantitative reporting
(QRTs):
- Assess whether a Reporting and Disclosure Policy has been documented, approved
and cascaded.
- Assess whether all relevant QRTs have been identified by reviewing the Company’s
data directory.
- Review whether the process and controls for preparation of QRTs, has been
documented and implemented.
11
© 2015 Deloitte
Solvency II Internal Audit
SII areas to consider for 2016 Audit Plans
Pillar 3 (continued)

Review of governance and process in respect of and quality of narrative reporting:
- Assess whether a Reporting and Disclosure Policy has been documented, approved
and cascaded.
- Solvency and Financial Condition Report (SFCR)
• Review of structure and high level content to assess whether the SFCR is in line
with Solvency II requirements and market best practice.
• Assess whether the process for producing the SFCR has been appropriately
documented.
• Review of consistency with reporting and disclosure policy.
- Regular Supervisory Report (RSR)
• Review of structure and high level content to assess whether the RSR is in line
with Solvency II requirements and market best practice.
• Assess whether the process for producing the RSR has been appropriately
documented.
• Review of consistency with reporting and disclosure policy.
12
© 2015 Deloitte
Parameter
Uncertainty
Eamon Howlin, Senior Manager
© 2015 Deloitte
Parameter Uncertainty
Prediction is very difficult – especially about
the future
‒ Niels Bohr*
*Disputed – also attributed to others
14
© 2015 Deloitte
Parameter Uncertainty
Relevance
Some sources of uncertainty:
‒ Choice of model (e.g. large claims ~ Poisson)
‒ Choice of parameters (prescribe a value for λ)
‒ This presentation focuses on the latter
Article 229 of Delegated Acts (regarding Internal Models):
Actuarial and statistical techniques shall only be considered adequate, applicable and
relevant for the purposes of Article 121(2) of Directive 2009/138/EC where all of the
following conditions are met:
(f) The outputs of the internal model do not include a material model error or estimation
error; wherever possible, the probability distribution forecast shall be adjusted to
account for model and estimation error
Can also be of interest to standard formula firms
‒ Firms using undertaking specific parameters (USPs)
‒ ORSA considerations around standard formula appropriateness
15
© 2015 Deloitte
Parameter Uncertainty
Introduction
• Estimation error is the difference between an estimated value and the true
value of a parameter
• How can we be sure our parameters are appropriate?
• If we estimate parameters from (adjusted) data what would happen if we had
observed a different data sample?
• Different data samples (observed from the same distribution) may lead to very
different parameter estimates
16
© 2015 Deloitte
Parameter Uncertainty
Example
1
2
3
4
5
6
7
8
9
10
Sample 1 Sample 2 Sample 3 Sample 4 Sample 5
6
4
9
3
2
5
4
7
3
4
3
2
5
3
6
4
3
2
3
3
3
5
6
1
8
3
7
7
2
3
4
4
4
0
4
5
8
5
5
4
3
2
3
3
2
1
5
10
3
4
3.70
4.40
5.80
2.60
4.00
• 5 different samples drawn from a Poisson random variable (λ = 4)
• Usual to estimate λ = sample average
• In this simple example we get values between 2.60 and 5.80; potentially leading to
very different values for λ in our model
• Updating after 11th observation will also result in different estimate for λ
17
© 2015 Deloitte
Parameter Uncertainty
How to incorporate
Use expert judgement
‒ Increase the CoV*
‒ Subjective and may be difficult to justify/validate
Incorporate results from probability theory
‒ Treat the parameter itself as random
‒ Use Bayes’ rule to derive appropriate distribution
‒ Different value of the parameter in each model simulation
Some commonly used methods/models already incorporate parameter
uncertainty (e.g. Mack or ODP)
*Coefficient of variation = the ratio of the standard deviation σ to the mean μ
18
© 2015 Deloitte
Parameter Uncertainty
Impact
Depends on number of data points, “spread” of data points etc. but….
Here are some (standalone) examples:
Poisson - Sample 3
Irish Motor Claims 2005-14*
Reserve USP based on Taylor/Ashe data
% increase
in CoV
4.0%
49.2%
9.7%
*for illustrative purposes only
19
© 2015 Deloitte
Aggregation and
Dependency
Eamon Howlin, Senior Manager
© 2015 Deloitte
Aggregation and dependency
Introduction
Dependency describes the relationship between two or more variables
Dependency assumptions a key input into any model
‒ Will impact diversification benefit
‒ Key focus of regulatory scrutiny
Implicit dependency
‒ Inflation
‒ Impact of CATs
‒ Shocks/Binary Events/ENIDS
Explicit dependency
‒ Usually via a copula
‒ Need to choose a copula and parameters
‒ Commonly use Gaussian Copula (“the formula that killed Wall Street”)
21
© 2015 Deloitte
Aggregation and dependency
Correlation vs dependency
• Correlation and dependency often (incorrectly)
used interchangeably
Gaussian Copula
• Correlation is a measure of linear dependency
• Dependency is not always linear
• Not all dependent variables are correlated
• In the following examples correlation = 0
• Do you think they’re independent?
Graph source: Wikipedia
22
© 2015 Deloitte
Aggregation and dependency
Tail dependence
In times of stress apparent
dependency can increase
4
3
‒ “All the correlations go to 1”
‒ Can be “good” or “bad” tail
dependency
2
Variable 2
Tail dependence measures how
variables behave under extreme
conditions
Value scatter
5
1
0
-1
-2
-3
-4
-5
-4
-3
-2
-1
0
1
2
3
4
Variable 1
Can be underestimated (or missed completely) if data is observed over a period
of benign experience
‒ e.g. Operational risk modelling
Models lacking tail dependency can underestimate extreme events and hence
capital requirements
‒ Long term capital management
‒ 2008 financial crisis
23
© 2015 Deloitte
A word of warning…….
All models are wrong, but some models are
useful
‒ George Box
……is yours one of the useful ones?
24
© 2015 Deloitte
Stress and Scenario
Testing
Maaz Mushir, Manager
© 2015 Deloitte
Stress and Scenario Testing
Definitions
Sensitivity Testing - Straightforward and common technique to assess financial impact
of adverse changes in a single risk parameter (single factor analysis) relative to a best
estimate view. Sensitivity testing can be used to highlight whether a risk or assumption is
material.
Stress Testing - In a stress test, a single or a small number of connected risk factors are
stressed in isolation from other risk factors and the effect on the economic balance sheet is
calculated. A stress test can therefore serve to analyse the exposure of a company to
specific (individual) risk factors.
Scenario Testing - A scenario tries to define and include all risk factors to which a
company may be exposed. Scenarios do not predict future development, but rather
illuminate extreme but still possible situations.
Back-testing - A comparison of the actual observed (historical) values of key financial
variables with the predictions generated by the stress-testing models. Back-testing can be
used to validate the robustness of stress testing models.
Reverse Stress Testing – These are stress tests that require a firm to assess scenarios
and circumstances that would render its business model unviable, thereby identifying
potential business vulnerabilities.
26
© 2015 Deloitte
Stress and Scenario Testing
Lessons to be learned from the banking sector
Performance of stress testing
during the crisis
Paper highlighted weaknesses in stress
testing practices employed prior to the crisis
in 4 key areas:
i. Use of stress testing and integration in
risk governance;
ii. Stress testing methodologies;
iii. Scenario selection; and
iv. Stress testing of specific risks and
products.
May
2009
27
© 2015 Deloitte
Stress and Scenario Testing
Lessons to be learned from the banking sector
Use of stress testing and
integration in risk governance
 Lack of Board and Senior management
involvement
 Isolated exercise by the risk function.
 SST frameworks not flexible to respond to
economic changes.
 Risk-specific stress testing was usually
conducted within business lines.
Stress testing
methodologies
 Broad spectrum of methodologies, very
simple to very complex.
 Models largely built on historical data and
statistical relationships.
 Inability to identify and aggregate exposures
across the bank.
Stress testing of
specific risks and products
Scenario Selection
 Scenarios very benign. Stress tests did not
even broadly match actual developments.
 Significantly underestimated correlations.
 Scenarios ignore multiple risk factors or
feedback effects.
 Historical scenarios unable to capture risks in
new products and changing exposures.
 Funding and liquidity issues not considered
adequately.
28
 Particular risks that were not covered in
sufficient detail in most stress tests include.
•
•
•
•
•
•
the behaviour of complex structured products
under stressed liquidity conditions.
pipeline or securitisation risk.
basis risk in relation to hedging strategies
counterparty credit risk
contingent risks
funding liquidity risk
© 2015 Deloitte
Stress and Scenario Testing
Typical Framework for Stress and Scenario Testing
Risk Strategy
Risk and
owner
identification
Business
applications
Stress and
scenario
development
Reporting
and review
Risk quantification
& validation
29
© 2015 Deloitte
Stress and Scenario Testing
Maturity Ladder
Risk Strategy
Business
applications
- Stresses based on a 1-in-200
event from the EC model.
- Additional focus on risks not
covered in SCR.
- SST focussed on one metric
only (SCR).
- SST treated as a compliance
exercise.
- Very technical output.
Primitive
30
- Clear governance, and well
developed frameworks.
- Business functions engaged in
identifying risks and developing
scenarios.
- SST linked to business plan
Reporting
and changes in risk profile.
and review
- Complimentary and
independent risk perspective to
Economic Capital Models.
- Reasonable evidence of
embedding in decision making.
Basic
Risk and
owner
identification
- SST performed at different
confidence levels and multiperiod time horizons.
- Developing early warning
- Attention to emerging risks and indicators and trigger points for
management actions.
changing risk profile.
- Wider range of scenarios,
Stress and - Realistic contingency actions
through techniques such as
including control failures.
scenario
war-gaming.
- Peer analysis, and
industry
development
- Views from internal and
benchmarking,
external experts on scenarios
- Wide range of metrics used,
and contingency plans.
IFRS, EEV, SCR, Liquidity.
- Wide range of reverse stress
- Mitigating actions developed
tests, extended to disaster
for different
scenarios.
Risk
quantification
management and recovery
- Perform
reverse stress testing
& validation
planning.
and back-testing.
- Strong evidence of embedding - Reporting and communication
tailored to different audience.
in decision making.
Advanced
Leading
© 2015 Deloitte
Stress and Scenario Testing
General Insurance Stress Tests
•
•
31
Solvency II
In July 2015 the PRA sent a request to the UK’s
largest general insurers to participate in a stress
test exercise.
The GIST have 9 scenarios guided by the
regulator, plus two additional insurer specific
scenarios.
• These stress tests have been
designed to complement the
ongoing work of the PRA in
assessing the resilience of UK
insurers and in monitoring how
insurers are developing their
Own Risk and Solvency
Assessment.
• The full document on GIST can
be found here:
• http://www.bankofengland.co.uk/
pra/Documents/supervision/activ
ities/generalinsurancestresstesti
ngjuly2015.pdf
• http://www.bankofengland.co.uk/
pra/Documents/supervision/activ
ities/gist2015.xlsx
© 2015 Deloitte
Contract
Boundaries – Non Life
Darren Shaughnessy, Manager
© 2015 Deloitte
Contract Boundaries – Non Life
Recognition of obligations
Delegated Acts, Article 17
“… undertakings shall recognise an insurance or reinsurance obligation at the
date the undertaking becomes a party to the contract that gives rise to the
obligation or the date the insurance cover begins, whichever date occurs
earlier….”
Treatment of bound but not incepted business at valuation date?
Future premium and claims cash flows should form part of premium
provisions, unless the undertaking has a “unilateral right to cancel” the
contract.
33
© 2015 Deloitte
Contract Boundaries – Non Life
Recognition of obligations – impact on premium volume
measure
Premium risk volume measure at t=0
IRD ------------- ---------------------IRD -----------IRD ----t-1
t
IRD
34
t+1
t+2
Initial recognition date of contract
FP(existing,s)
P(last,s)
FP(future,s)
Ps
Premium excluded
© 2015 Deloitte
Contract Boundaries – Non Life
Boundary of a recognised contract
Undertakings should consider the boundary of a contract to be the point in time in the
future which the undertaking has a unilateral right to cancel the contract, reject the
premium or amend the premium or benefits (“unilateral right to cancel”).
Treatment of multi-year contracts (technical provisions)?
• All future premium and claims cash flows for the whole of the multi-year
contract should form part of technical provisions, unless the undertaking has
a “unilateral right to cancel” the contract.
• Any obligations which relate to cover provided after the date in which the
undertaking has “unilateral right to cancel” do not belong to the contract
unless the undertaking can compel the policyholder to pay the premium for
those obligations.
35
© 2015 Deloitte
Contract Boundaries – Non Life
Boundary of a recognised contract - impact on premium volume
measure
EIOPA Q&A set 8 on the Preparatory Phase Technical Specification (10/07/2014)
There should not be a link between the contract boundary and the premium and
reserve risk modules, as it is factor based.
Technical Provisions
No profits / losses are recognised
beyond this point defined as the
contract boundary.
36
Premium volume measure (SCR)
The premium volume measure is the
expected value of premiums
irrespective of what point in time is
defined as the contract boundary.
© 2015 Deloitte
Contract
Boundaries - Life
Colin Murphy, Senior Manager
© 2015 Deloitte
Contract Boundaries – Life
Reviewable products & unit-linked savings
Reviewable products
•
General Irish market practice is that the contact boundary is the date of
review and the policy is assumed to become paid-up after that date.
Regular premium savings products
•
General Irish market practice is that the contract boundary is assumed to
be immediately and no future premiums from the valuation date forward, in
most cases.
Solvency II rules prevent the recognition of future premiums
unless there is a future material insurance event or financial
guarantee.
38
© 2015 Deloitte
Contract Boundaries – Life
Example – Regular premium unit-linked savings products
Sold a regular premium unit linked savings product on the 1st of December
with the following features.
• Monthly premium of €400;
• Management charge of 2% per annum;
• Per policy expenses of €60 per annum;
Value with no contract boundary as at 31st December
• Assume future premiums of €400 per month
• Very profitable policy with a negative non-unit reserve of circa €1,200
Solvency II basis with contract boundary as at 31st December
• Assume no future premiums
• Positive non-unit reserve of circa €220
Assumptions used in example; Flat interest rate of 3%, Surrender rate of 20%
39
© 2015 Deloitte
Contract Boundaries - Life
Considerations
Expenses after the contract boundary
• Do you use full expenses, paid-up expenses or another expense
assumption after the contract boundary?
Extending the contract boundary
• Some insurers are considering adding free benefits to insurance
contracts to extend the contract boundary.
Preference for higher own funds
• Depending on your preference for higher own funds and potentially a
lower coverage ratio or vice versa could influence how companies
approach the application of the contract boundary.
40
© 2015 Deloitte
Board
Considerations
Sinéad Kiernan, Director
© 2015 Deloitte
Solvency II Board Considerations
General
• Board responsibility – Article 40 Directive
Boards have … “the ultimate responsibility for the compliance, by the
undertaking concerned, with the laws, regulations and administrative provisions adopted
pursuant to this Directive.”
• Are board members aware of all of their responsibilities under Solvency II?
• Are board members equipped with the skills, tools and knowledge to challenge
management and to conclude that the undertaking is compliant with Solvency II?
• Is there undue reliance on any one board member?
• Is there a clear and credible plan of activities from now until the first annual report is
submitted in 2017?
42
© 2015 Deloitte
Solvency II Board Considerations
Pillar 1
• Is there a clear understanding of the differences between the Solvency II balance sheet
and financial statements / Solvency I balance sheets?
• Solvency II risk margin is a very different concept to Solvency I margin for uncertainty
(non-life undertakings)
• Capital coverage ratio on a Solvency I vs Solvency II basis
• What are the drivers of SCR? What might cause it to fluctuate?
43
© 2015 Deloitte
Solvency II Board Considerations
Pillar 2
 ORSA:
• Have board members been actively involved in identifying risks and stresses?
• How have board members steered the ORSA process?
• Has ORSA been used in any board level decisions?
 Standard formula appropriateness: Have board members challenged the analysis and
any resulting actions?
 Key control functions:
• Risk management: Is there sufficient challenge from risk management, including at
board level?
• Compliance function: Advises board on compliance with Solvency II
• Actuarial Function Report: Is the board aware of changes to the role of the actuary
under Solvency II?
44
© 2015 Deloitte
Solvency II Board Considerations
Pillar 3
• Board is responsible for approving annual QRTs, narrative reports and Day 1 QRTs
• Do board members have a good understanding of the QRTs?
• Has there been a dry run to populate QRTs and test the CBI portal?
• Can management provide sufficient evidence to the board of the controls around the
population of QRTs / narrative reports and the quality of data in the reports?
• Is there sufficient time in the 2016 plan for Board review and challenge of regulatory
submissions?
45
© 2015 Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of
member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed
description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
With nearly 2,000 people in Ireland, Deloitte provide audit, tax, consulting, and corporate finance to public and private clients
spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings
world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex
business challenges. With over 210,000 professionals globally, Deloitte is committed to becoming the standard of excellence.
This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services
Limited, Deloitte Global Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of
the foregoing’s affiliates (collectively the “Deloitte Network”) are, by means of this publication, rendering accounting, business,
financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional
advice or services, nor should it be used as a basis for any decision or action that may affect your finances or your business.
Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified
professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person
who relies on this publication.
© 2015 Deloitte. All rights reserved
© 2015 Deloitte
© 2015 Deloitte