With two year’s experience of Solvency II behind them, how are insurance and reinsurance firms adjusting to the new regime? EisnerAmper Ireland’s David Montgomery reports on the challenges firms face and how they can be overcome.
“How is Solvency II working for you?”
I have been asking this question of insurers and reinsurers over recent months. Here’s a flavour of their responses:
“We’re not sure where the bar’s set yet…” “There are the busy periods getting over each new reporting hurdle…” “It’s completely overdone…” “So far, so good…” “This is turning minutes into hours.”
That final response, or versions reflecting a similar sentiment, recurs particularly frequently. Some boards are developing the habit of holding long meetings at which almost every word spoken is transcribed. As a result, the minutes are getting longer and longer – and more cumbersome to read. Anecdotal evidence suggests that the average board meeting is now three hours long with – two and a half hours of that taken up with compliance.
Solvency II places new requirements on governance systems. One of the ways some firms have responded to this is by incorporating generic policies and procedures that are often not aligned to their specific business models.
This has helped ensure that the Solvency II requirements were met speedily, but it has also spread bad habits. Instead of adopting bespoke solutions, these firms are using off-the-shelf approaches that aren’t adequately tailored to their own requirements.
That may be a short-term fix but, in the long term, it could undermine risk management. A governance system that is not tailored to a firm’s own business will be less efficient and likely involve unnecessary work; those tasked with managing it may in turn become sceptical of its value. I have often been surprised by elements of some firms’ policies and procedures that people think are mandatory requirements.
Such is the anecdotal evidence: in some cases, at least, firms’ implementation of Solvency II has slowed down business, has led to increased costs, and is encouraging an approach to governance that could well be counter-productive.
Is this what Solvency II sought to achieve? Clearly not.
Solvency II was developed to ensure that insurers and reinsurers have:
a well-understood business model (including their risk appetite); sufficient capital to take on and maintain that business; and a robust system of governance that can identify, monitor and mitigate risks to that model.
To achieve that, firms need to:
interpret and understand the new requirements; provide the (change) management needed to implement those requirements; embed the changes in a sustainable manner, which often involves changing both behaviours and the culture supporting them – this is often the hardest and most elusive part; and all of this must be done in a way that can be demonstrated or evidenced.
As we have seen, firms are struggling under this burden; one way that some have sought to manage it is by aiming for technical compliance without embracing the cultural change that the new requirements call for. That is no longer enough.
The Central Bank has been conducting targeted risk assessments over the last 18 months. Feedback from these suggests that the bar has been raised from expecting regulated entities to be technically compliant with the new requirements to expecting them to be demonstrably compliant. This means being able to show what decisions were made, why they were made, why that was acceptable (or not) and how (including how effectively) they have been implemented.
This raising of the bar poses an opportunity, not a threat. It is when Solvency II is embraced to the full that the benefits from the new regime become apparent.
Under the EIOPA’s Guidelines on System of Governance, systems should provide for sound and prudent management of the business “without unduly restricting them in choosing their own organisational structure, as long as they establish an appropriate segregation of duties”.
So firms are free to choose how to structure themselves, as long as they embrace the governance requirements. They can – and should – match the governance requirements to their business model, to their risk appetite and to their operating environment.
Changing the culture and behaviour of an organisation is difficult. It is even more difficult – not impossible – to change culture and behaviour to match a system of governance that is not aligned to the underlying business of the firm.
In order to really embrace regulatory requirements, firms should seek to align what they do in a policy sense with what they want to achieve in a commercial sense; they should keep their suite of governance documentation as live documents that will change over time as their operating environment and risk appetite evolve. By doing this, firms will continue to be well managed in a way that complies with the goals as well as the text of the regulatory requirements.
This all takes time and effort – more so than transcribing every word of a board meeting. But it will pay for itself by changing the perception of compliance requirements within the firm and by maximising the focus of board members on the business at hand. It may even save hours reading the minutes.
David Montgomery leads EisnerAmper Ireland’s Risk & Regulatory Advisory team and was formerly Deputy Head of Risk in the Central Bank of Ireland.
Dave was formerly the Deputy Head of Risk in the Central Bank of Ireland. During his 12 years with the Central Bank, Dave established inspection teams and methodologies to supervise insurance and reinsurance firms and worked in banking sector regulation developing and implementing the Central Bank of Ireland’s regulatory risk appetite and risk assessment framework (PRISMTM).
A partner within the Firm’s Risk & Regulatory division, Dave advises financial services providers on risk, regulatory and compliance-related matters. Dave provides authorisation application support to companies and investors, outsourcing solutions to operationalise compliance and risk function requirements, Pre-Approval Controlled Function support services, supports clients throughout the regulatory engagement lifecycle and specialises in the design and implementation of risk and compliance frameworks.
Explore the EisnerAmper
Global Network. Our member
firms are strategically situated
across the globe.