Attention for pillars two and three
This article was written by Chris Finney. It was published in Insurance Day on 21 June.
Pillars 2 and 3 of the Solvency II regime will bring significant changes to the way insurers run their businesses, but have not been the subject of the same levels of debate as Pillar 1. The new requirements will also transform what companies need to report to the Financial Services Authority (FSA) and the markets. This creates risk, but these risks can be mitigated by taking a considered approach and planning ahead.
Pillar 2: requires firms to develop, document and maintain effective corporate governance arrangements, which include:
- A risk management function, which identifies, manages, monitors and reports on the firm's risks in a way that allows the firm to respond appropriately to them.
- A compliance function that advises the firm on its compliance with Solvency II.
- An internal audit function, which must be free to audit all parts of the business and report its findings to the board.
- An actuarial function to co-ordinate the calculation of technical provisions.
- Regular "own risk and solvency assessments" to assess the firm's solvency needs and ensure continuous compliance with the firm's Solvency II capital requirements.
- A system that ensures all those who effectively run the firm are fit and proper - a heavy responsibility that Solvency II seems to impose on the firm, instead of the FSA.
Pillar 3: requires firms (and groups) to prepare and publish an annual "solvency and financial condition report" and copy it to the regulator with a more detailed "supervisory report".
The solvency and financial condition report must include:
- A description of the firm's business and performance.
- An assessment of its system of governance and whether it is adequate for the firm's risk profile.
- A description of the firm's risk exposure, concentration, mitigation and sensitivity.
- A description of the valuation methodology used by the firm for its assets, technical provisions and other liabilities.
- A description of the firm's minimum and solvency capital requirements, and the assumptions used to calculate them.
- Details of any non-compliance with the minimum capital requirement, and any material non-compliance with the solvency capital requirement. This must include the reasons for and consequences of any breaches and the steps taken to correct them.
The supervisory report must include a copy of the firm's solvency and financial condition report, a detailed narrative that supplements it and a series of quarterly and annual reporting templates. The quarterly templates will require firms to state their minimum and solvency capital requirements, technical provisions, assets and own funds on a point-in-time basis. The annual report will be more detailed and subject to an audit.
These requirements will create risk for firms. The first set of risks is plain: although firms will not be required to publish confidential policyholder information or anything that could significantly advantage their competitors, most will still need to publish more, and more sensitive, information than before. In addition, there is a risk that a firm's report will contain errors. There is also a risk that policyholders and commentators will draw simplistic comparisons between firms that wrongly suggest one is stronger than the other. To mitigate these risks, firms will need to manage policyholder and market expectations, develop systems that check and correct errors and think carefully about presentation so the risk of flawed comparisons is reduced.
The second set of risks is less obvious. To meet Solvency II's requirements, firms will have to prepare and maintain detailed risk logs and other documents that will contain sensitive information. This will require detailed analyses and mean obtaining advice that will not necessarily be legally privileged. Some of those documents, and the analyses and advice that sit behind them, could be useful to actual and potential litigants. Firms may therefore be obliged by the courts to disclose them if (for example):
- A customer sues the firm alleging it failed properly to understand the nature of the risks associated with its investment decisions.
- The firm sues its directors, alleging they failed to identify and properly manage the firm's operational and investment risks.
A reinsurer refuses to meet its reinsurance obligations because the insurer has allegedly failed to identify and manage emerging risks on the reinsured business.
Firms may wish to take legal advice on the techniques that can be used to mitigate each of these risks.
For further information about this published article, contact Kathryn Hobbs on +44 (0)121 685 2785 or Liam Thompson on +44 (0)121 685 2943
This published article may contain information of general interest about current legal issues, but does not give legal advice.