It is interesting to note that in his Jan 31st speech (see page 6-8) Gabriel Bernardino, Chairman of EIOPA, reiterated EIOPA’s intention to issue guidelines to national supervisors to ensure that from 2014 the supervisors and insurance entities are prepared for the Solvency II regime in a consistent way.
The focus/priority of EIOPA now appears to be the aspects of the Solvency II regime that are management related, rather than Pillar 1 calculation related. The ‘certain important aspects’ covered in the guidelines will be, “…the system of governance, including risk management and the process of developing an own risk and solvency assessment, pre-application of internal models, and reporting to supervisors.”
Risk management and own risk and solvency assessment (ORSA) are the key elements of best practise management culture that the Solvency II rules are trying to engender, so it’s no surprise that EIOPA is prioritising the core professional discipline of the regime. But what will this renewed Pillar 2 real mean for insurers that have just eased off their Pillar 1 calculation projects and are trying to prioritise initiatives to achieve growth, profitability and efficiency? Need ORSA be the next big distraction?
ORSA preparation certainly means that Solvency II programs need to be re-evaluated and refocused. ORSA isn’t a check-box reporting exercise, and neither is it about being seen to be doing appropriate solvency assessments, like an operational risk self assessment where controls are identified but no one follows through by owning them, applying them or policing them. It’s not a simple as taking the Solvency Capital Requirement (SCR) figures and including them on the agenda at management and board meetings either.
So what is ORSA and why should insurers care about it at this moment in time? ORSA is about actively demonstrating that the management team is in full control of the business. As with the difference between regulatory capital and economic capital, the firm needs to understand the solvency peculiarities specific to its business, act upon them and, just for good measure, explain the difference between the SCR and the ORSA assumptions, calibrations and outcomes. Not only this, but the process and methodology of undertaking the ORSA have to be fully documented, as do the SCR/ORSA reconciliation explanations. It’s going to feel like a full, group wide, ISO certification challenge, even if your risk, capital management and stress testing (let’s not forget it) capabilities are already at the level you desire them to be, and even if you’re using the same models for regulatory reporting and running the business.
For firms with a clearly articulated risk appetite that have gone a long way to developing their Pillar 1 internal model-based regimes, which already incorporate firm-specific risks and use much internal data, ORSA could be relatively straightforward. However, even here there might be challenges.
Firstly, ORSA is an ongoing behaviour and has to influence the strategic decision making of the firm. This then requires more than a static snapshot-type dashboard report for discussion at management meetings. It requires the ability look at the firm in its entirety, see where the current direction will take it, and identify what needs to happen now to optimise the future outlook. This necessitates gathering, aggregating and calculating key financial, risk, capital, investment and business performance metrics, some of which will not have been part of the SCR preparation project, and few of which will have reflected the inter-relationships involved. Stress testing, already a sore point because of the resources it distracts from business-as-usual work, will sensibly become part of the ORSA regime too, in such a way that tests can be repeated ad hoc to check if the decisions taken after the original test have made the firm more resilient.
Secondly, the ORSA process has to be smooth and streamlined, because senior management and supervisors will insist that the assessment is updated swiftly in the event of a significant change in risk profile that threatens risk tolerances. Fire-drill readiness will have to be the norm if the industry wants to claim that lessons have been learned from the financial crisis. It’s a big ask, but it’s possible, the tools are out there, and it’s already a reality for a few firms blessed with intelligent foresight. The underlying industry-wide state of ORSA evolution will be the true bellwether of culture change intended by SII, not the implementation date for SCR reporting or the number of people filing with XBRL.
Firm-specific risk culture, however advanced, will nevertheless be sorely disrupted among firms that have yet to succeed in their Pillar 1 endeavours. They will likely encounter a multi-compliance project squeeze plus a few chicken and egg conundrums if they find themselves looking at simultaneous bottom up and top down SCR and ORSA projects at the beginning of 2014. And that’s assuming they can pull together the remnants of their SII project team, which will likely have been subject to resource reductions and direction drift, resulting from the persistent uncertainty from the regulators around final SII design, calibration and implementation dates.
Whatever a firm’s Solvency II attitude or readiness, and harking back to Mr Bernardino’s ‘certain important aspects’,the essential thing for any firm is that its board is working hard to ensure it has control over the business activities of the firm and can reach a point of confidently taking the right decisions for its long term health. The rest will fall into place and supervisors will be able to hold up the SCR figures to promote public confidence in the financial stability of the insurance sector. Solvency II predictably continues to be an uncomfortable and frustrating journey, and regulatory affairs staff along with Solvency II program directors will be looking to Mr Bernardino and his local counterparts to be as swift, thorough and decisive in their Solvency II strategy as the board is expected to be with its ORSA regime.