Saturday, 28 February 2015

The European Commission’s Impact Assessment of Solvency II: Some Useful Points

The European Commission recently published a draft of the Solvency II ‘implementing measures’.  The ‘implementing measures’ expand on the requirements set out in the Solvency II directive.  Alongside the ‘implementing measures’, the European Commission also published a draft impact assessment.  This is one the many procedural requirements that apply to the policy-making process in the Commission. 

I thought it would be interesting to review the impact assessment.  As a user, I want to consider the extent to which the impact assessment can help me to understand Solvency II. 

What did I learn from this exercise?

1.    The importance of objectives in the EU policy-making process

The impact analysis is structured around a definition of problems that the policy making will address.  During the discussions about the directive, these objectives were enhancing policyholders’ protection and the integration of insurance markets in the EU. 

The Commission’s impact analysis acknowledges that there is now a third objective that has been taken into account: fostering growth and recovery in Europe by promoting long-term investment.  In the case of insurance, the main challenges that arise relate to the low interest rate environment and the volatility of asset prices. 

2.    A useful summary of how the calibration of asset risk has evolved

The third objective mentioned above has shaped the structure and calibration of capital requirements for assets risk which has evolved over a number of years.  However, it is not easy to see in a succinct way the end product where the answer is set out over a number of articles in the implementing measures.  Surprisingly, this can be summarised in a simple table (below).

3.    The scope of impact analysis remains a tricky issue

The Commission seems to have overcome the challenge of undertaking an impact analysis that seeks to cover the impact of all rules.  The Commission states,

“The options assessed have been selected to cover the most important and representative issues from each of the three pillars of Solvency II and each of the areas of the objectives and problem trees. The areas that are merely technical, have been settled in the Directive or are uncontroversial are not assessed in detail …”

This is reasonable and can result in a more productive use of scarce analytical resources but it can also have unintended consequences.  As far as I can see, the impact analysis did not cover the treatment of long-term guarantees.  I am frankly not sure if this is because it was settled in the Directive or because it turned out to be uncontroversial.

4.    The relative priorities of the Commission: the importance of reducing over-reliance on ratings

The concern about over-reliance on ratings is not new if you have been following the development of Solvency II.  However, given the breadth of Solvency II and the focused impact assessment, I found it surprising that the Commission went out of its way to include a full two-page annex summarising the requirements aimed at reducing reliance on external ratings in the risk management of insurance “such as

          ▪ external ratings shall not prevail in risk management;
          ▪ as part of their investment risk management policy, insurers and 
          reinsurers should have their own assessment of all counterparties;
          ▪ as part of their reinsurance (or other risk mitigation techniques) policy, 
          insurers and reinsurers should have their own assessment of all 

5.    And finally, a puzzle about policy making

The Commission’s impact assessment notes that one of the issues that emerged from the QIS5 was the application of a limit to the amount of Tier 2 capital (i.e. debt) that would be allowed.  This issue has remained unclear since then. 

Interestingly, if all you read is the relevant section of the impact analysis on pages 38 to 46 which also summarises EIOPA’s recommendations, you could be forgiven for thinking that the limit would not apply.  It is only the summary on pages 50 to 51 that suggested that I might need to reconsider my initial views.  Indeed, the draft implementing measures clarify that the sum of Tier 2 and Tier 3 capital must not exceed 50% of the SCR, which is an interesting development. 

This illustrates one of the key operational challenges of impact analysis: the need to keep up with the policy.

This was a selective but nonetheless in-depth reading of the impact assessment.  Have you read the impact assessment?  Did you learn any useful points from it?

You can subscribe to future posts here.

Friday, 27 February 2015

The Three Lines of Defence: An Enforcement Perspective

Much has been written about the three lines of defence model, including whether there are really three lines of defence (or any other number) and whether the concept is dead.  I personally regard the three lines of defence as a mechanism to clarify roles and responsibilities and underpin the risk management activities of different functions in financial services.

This week there was good evidence that the concept is alive and well.  The FCA issued a penalty to Aviva Investors for failure to manage the conflicts of interests between itself and clients, and between different clients (full paper here). 

From a risk management perspective, there were a couple of interesting lessons:   

1.  The increased size of compensation paid as part of the enforcement case relative to the size of the regulatory fine; in this case the fine was £17.6m and the compensation to eight funds was £132m. 

2.  The FCA has drawn an explicit parallel between failures of the three lines of defence model and Principle 3 which requires that an authorised firm “take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”  

The articulation of the case looks at the performance of each line of defence and articulates the observed failures which provides a useful checklist.  

1. Weaknesses in the first line of defence 
  • unclear split of responsibilities between first and second line of defence 
  • failure to implement appropriate controls  
  • lack of system to capture the relevant information 
  • weaknesses in management information produced 
  • culture focused on performance together with performance management that often overlooked the importance of risk and controls  
2.  Weaknesses in the second line of defence  
  • inadequate compliance monitoring 
  • inadequate compliance resource and capability 
3.  Weaknesses in the third line of defence  
  • unclear process to accept the risk associated with control weaknesses 
  • dependency on strategic change projects without adequate consideration of whether they address the findings and support the closure 
  • lack of testing of the closure of audit issues
Intuitively this characterisation of systems and controls around the three lines of defence is not new; in my view, rather, it is the explicit recognition in an enforcement case that is new.

You can subscribe to future posts here.

This post is part of a series of posts on the practical lessons for risk management from enforcement cases.  The posts are all brought together in the page FCA enforcement.

Sunday, 1 February 2015

Is It FCA Supervision or Enforcement?

One of the observations in my latest post about enforcement (here) was that fines can become a relatively small component of the cost of regulatory enforcement.  This observation was made in a context where, in addition to the fine, the firm had agreed to a number of specific measures which included replacing its executive management team and a comprehensive review of its governance structure. 

This week I came across an even better example of the blurring line between formal enforcement and where a firm agrees with the supervisor to a set of measures.  The Times reports that the London office of Deutsche Bank has been put on ‘enhanced supervision’ (here). 

Enhanced supervision is a new power acquired by the FCA, the use of which is articulated in a paper from June 2014 (here).  It explains that the application of enhanced supervision is not enforcement, although that may follow.  Enhanced supervision requires the firm’s Board to formally commit to remediation measures.  The paper sets out a comprehensive list of indicators of the failures that would lead to enhanced supervision:  
  • “the observation of numerous or specially significant conduct failings or repeated failings that when examined individually might not be considered serious  
  • “occurrence of failings in several business areas, as this is an indicator of wider cultural issues within the firm 
  • “a poorly functioning Board, for example failing to challenge executives or take a lead in considering conduct  
  • “evidence of control areas such as Risk, Compliance and Internal Audit being poorly managed, under-resourced or unable to make their voices heard at Board level 
  • “evidence of weak risk management (we may consider the PRA’s findings in relation to prudential risk management), or 
  • “evidence of other weaknesses in the way in which the Board and senior management influence key cultural factors, for example ‘tone from the top’, pay and incentives and their adherence to the organisation’s values.” 

There has been no formal statement from the FCA about this case. 

Perhaps the main point arising from this development is the further recognition that formal enforcement may not necessarily be the most effective tool from the point of view of meeting supervisory objectives and that fines may not be the most effective deterrent.  

You can subscribe to future posts here.

This post has been added to the page FCA enforcement in this blog which links all the enforcement cases reviewed.