In January 2016 Solvency II, the new insurance industry regulatory regime, established capital requirements and risk management standards designed to increase policyholder protection across the whole of the European Union. Aiming to reduce the possibility of consumer loss or disruption in the event of a large-scale meltdown, the new rules require insurers to hold enough capital to absorb significant losses.
Comprised of three key ‘Pillars’ -- Financial Requirements to ensure adequate liquidity; Governance & Supervision to improve risk management; and Reporting & Disclosure to improve transparency of market risks – Solvency II compels insurers to undertake a serious re-think of their business processes. Pillar Three however comes with technical complexities that could make it the trickiest to resolve: insurance companies are expected to demonstrate that all data received from administrators and data vendors is complete, accurate and appropriate.
In the lead up to implementation in January and with the quarterly submission timeline shrinking from the initial 8 weeks to about 5 weeks in 2019 corporates have been scrambling to get solutions in place that not only make submission timely and efficient but that also support multiple data reconciliation criteria and reporting tools which can produce fast and flexible data analysis.
However, for Solvency II compliance the harsh reality is that simply pushing existing systems and processes harder is not enough to address the demands of the regime’s rigorous reporting cycle.
Pillar of pain
The new reporting requirements focus on the construction, implementation and supervision of the risk models used for capital requirements. Data needs to be extracted from multiple sources and compiled in a consistent manner to feed the two main narrative reports: the Solvency and Financial Condition Report (SFCR) and the Regular Supervision Report (RSR).
Both cover quantitative and qualitative components, introducing more than 60 templates comprised of 20,000-plus data points. Ensuring data integrity for that many inputs really needs a considerable level of automation, from the validation of standard Solvency II ETLs to the performance of basic validations, like for instance completion checks. You will also need to cross-check all data entry between the two reports.
The bulk of the work around Pillar Three then comes from gathering, consolidating, reconciling and validating data from a variety of sources. That means ETL, data entry, calculation and consolidation with stringent audit trails and traceability -- all on a potentially bruising schedule. Frequency of reporting depends on the size of a company’s market share and can be annually and/or quarterly.
This gets even more complicated for insurance groups, where consolidation is required before group reporting. Security and access to sensitive financial data included in the reports, such as asset values, becomes an issue as well. Will your approach to Solvency II compliance allow you to restrict relevant data to relevant users?
Finding and implementing a solution for Pillar Three that suits existing processes and still ticks Solvency II’s working-day timetable box has been – and still is - a challenge for any insurance company.
Most in-house-developed, and virtually all spreadsheet-based systems, are likely to groan under the weight of these requirements.
What can be done?
Building your own solution as a stop-gap could be an option, however the optimal choice is an automated system centred on a reporting database. Reporting needs to be repeatable and auditable on a regular basis, and spreadsheets require manual intervention that consumes loads of staff resource, and the evolving nature of regulation means future-proofing will always be required of the software. Are you prepared to keep up with EU regulators using internal resources alone?
There are many Pillar Three solutions available in the market and understanding the pros, cons and level of suitability to your business for each option takes time. Obviously it is essential to conduct a thorough analysis of the options and consider the likely ease of implementation. This analysis requires input at both CFO and IT level.
At a minimum, any such solution needs to deliver Seamless integration with current IT systems and software, built-in validations and data integrity checks, capability of flowing through results from Pillar One and other analysis. It is also very important that Pillar Three reports should require minimal effort from the business.
In addition, such solution should be user friendly and also maintain auditability and traceability of results. Last but not least, it should also contain consolidation functionality to make group reporting easier for the business.
While investment in technology should ideally have taken place from the outset and prior to Solvency II’s implementation, there is still time for insurance companies to reduce risk and cost by automating their reporting and compliance processes as soon as possible.
By Nick Nesbitt, Consulting Services Director at Tagetik UK