Governance is central to Solvency II. The primary objective is to drive effective risk management through a risk based capital requirement. All insurers will therefore be required to produce and maintain an Own Risk and Solvency Assessment (ORSA).
2. What is the ORSA?
The ORSA is effectively a risk management process (systems and controls). Insurers are required to document this process and to report on it annually to their supervisor. Details of the content of the ORSA are contained in the Level 2 Regulation and supplemented by Level 3 guidance from EIOPA.
3. New Functions
For the first time all insurers will be required to establish specified functions (e.g. actuarial, compliance, internal audit and risk management functions).
The actuarial function will be responsible for the appropriateness of the premium the insurer charges. It will need to coordinate the calculation of technical provisions (expected liabilities) and to assess the suitability of both the model and data underlying the calculation. The actuary will have to apply judgement to the outcome and report to the Board.
The compliance function will be responsible for ensuring compliance with laws, regulatory requirements and other provisions applicable to the insurer.
The internal audit function must be separate from the rest of the organisation and not have other internal responsibilities. This is in order to maintain its independence from the business units.
The risk management function will be responsible for the design, implementation and validation of any 'internal model' used (and approved by the supervisor) to calculate all or part of an insurer's Solvency Capital Requirement (SCR) (which is the main capital requirement under Solvency II).
All of these required functions should have sufficient resource, seniority and access to records, to the Board and other personnel. They should also produce plans and report appropriately to the Board.
Solvency II contains provisions on outsourcing which are almost identical to the rules from the Markets in Financial Instrument Directive (MiFID). They apply to any outsourcing of a 'critical or important' function. The rules require due diligence of the supplier and appropriate contractual terms to enable the insurer to retain control over the services provided. According to EIOPA Guidelines, firms should determine whether an activity or function is critical or important on the basis of whether it is ‘essential to the operation of the undertaking as it would be unable to deliver its services to policyholders without the function or activity’. It is not clear what this means but it is likely to include functions fundamental to the carrying on of the insurer’s core businesses (e.g. design and pricing of products, customer facing services and investment assets). As there are currently no grandfathering or transitional provisions on outsourcing, it is likely that existing agreements will need to be amended to meet the requirements. Insurers will also need a documented policy on outsourcing.
Solvency II also imposes requirements in relation to remuneration. It requires the fixed element of remuneration to be sufficiently high in relation to any discretionary elements (e.g. bonus payments) and that the majority of bonus payments be deferred over a period which reflects the nature and time horizon of the underlying business. Any bonus should also be made up of both individual and collective performance elements.
One of the key elements of effective Solvency II governance will be an effective and transparent organisational structure. This will need to be appropriately documented so that delegation from the Board (e.g. to committees) and any onward delegation is clear and enables the flow of authority to be verified for accuracy and completeness.
7. Board and committee minutes
Solvency II is likely to result in more detailed Board and committee minutes being required. This will be particularly the case where an 'internal model' is approved by the PRA as the insurer will need to show that it is ‘used’ in making business decisions. It is also likely that the nature of any debate and challenge to proposals put to the Board (which is expected to be robust) will need to be documented. Similarly, internal consents and the views expressed by relevant committees may need to be recorded more formally.
8. Education, Education, Education
Much of the emphasis in Solvency II will need to be placed on understanding the output of models and the effect on an insurer’s business of applying the Solvency II standard formula to calculate the SCR. The ORSA should be more forward-looking and based over a longer term than the calculation of the SCR, it may therefore require different inputs and challenges. As all models are only as good as the data, parameters and assumptions relied upon, Board members will need to be able to understand both the input and output of models. Board members are therefore likely to require training, and they may also need access to their own professional (e.g. actuarial) advice.
9. Supervisory approval
The PRA is required to approve the internal model to be used by any UK authorised insurer. The PRA has been running a pre-application process and is due to provide individual feedback to firms in April 2015. The PRA is also required to approve use of various of the transitional measures and/or use of adjustments used in calculating technical provisions (e.g. matching or volatility adjustment).
Insurers will need to publish annually a public document called the Solvency and Financial Condition Report (SFCR). In addition to setting out the insurer's financial position, it will provide details of its business, its internal controls and risk management. The SFCR must also contain a summary, written for the benefit of policyholders, explaining the firm’s strategy.