Tag Archives: orsa

Interview with Nick Gerhart (Part 3)

I recently sat with Nick Gerhart to discuss the regulatory environment for U.S. insurance carriers. Nick offers a broad perspective on regulation based on his experience: after roles at two different carriers, Nick served as Iowa insurance commissioner and currently is chief administrative officer at Farm Bureau Financial Services.

Nick is recognized as a thought leader for innovation and is regularly called on to speak and moderate at insurtech conferences and events. During our discussion, Nick described the foundation for the state-based regulatory environment, the advantages and challenges of decentralized oversight and how the system is adapting in light of innovation.

This is the last installment of a three-part series. The first focused on the regulatory framework insurers face (link). In the second part (link), Nick provided the regulator’s perspective, with a focus on the goals and tactics of the commissioner’s office. Here we discuss the best practices of the insurers in compliance reporting as well as future trends in compliance reporting.

From my experience in speaking with carriers, I’ve been struck by the challenges of reporting data in various different reports to so many different entities. A lot of carriers struggle just with the process, and the quality of the data reported suffers. So, to dive into the quality of the filings for a moment, what are you looking for?

Garbage in, garbage out, obviously.

The most obvious issues start with the outliers. And it would come back to the state catching the company filing some bad data. So, for instance, on the life and annuity side, how you define “replacement” can trigger a percentage up or down that maybe you shouldn’t have in there.

If you think about it, from the company side, a lot of MCAS data is probably gathered on an Excel spreadsheet, or in Sharepoint, or a shared drive, and it’s someone’s job to pull the data. And, he or she is often not the subject expert of the report to be filed.

Overall, companies make a commendable effort in terms of timeliness and accurate data. But, to the extent that a carrier does not pay close attention to what’s going into the file, it can be a problem. You really don’t see the output very well from a 30,000-foot view; a carrier is far more likely to have issues unless it has a really solid data entry process in place or someone who owns it on the executive team who actually knows what is going into the report.

Any examples you can share?

One that comes to mind was a company that reported an unbelievably high replacement ratio. And when we dove into it, we realized they had pulled the wrong file to calculate the rate. Now, it worked itself out, and the ratio was actually much lower, which is a good thing, but again I think companies need to pay more attention to how they are filing this data and where they’re pulling it from.

And that’s where every company could do a little bit better job. I’ve had roles in three insurance companies now, and you can look at something as a check-the-box exercise, or hey-let’s-do-it-right. In my view, if you’re a bigger company, all of this does build into your ORSA filing in some respect.

See also: Why Risk Management Certifications Matter  

Your Own Risk and Solvency Assessment is just a picture of where you are on a risk basis. But a lot of your risks are related to market issues. Every company can probably do a little bit better job of making sure the data you submit is timely, relevant and the right data.

And, when you’re looking at specific data with a report, the replacement rate within MCAS, for instance, how do you come up with that benchmark data? Are you looking at trending analysis in the context of industry benchmark data or trending within the company?

That’s a really good question. It’s more art than science; there isn’t one right way to do it. If you had a 75% replacement ratio, but you only sold four annuities, that may or may not mean anything. If you have a 75% replacement ratio, and you sold 25,000, that’s a different issue.

You start to look at it from a benchmarking of industry, a standard across the industry. Whether you can get that data from LOMA, LIMRA or WINK. Regulators have all of those same data points and benchmark studies, so you have a gut feel for what is an industry number.

Then beyond that, to your point, you’d have to dig down for context. For example, Transamerica sells a lot more life insurance and annuities than EMC National Life. A benchmark is a benchmark, but it doesn’t differentiate from a small mutual carrier or small stock carrier.

This is why context is really important. If you see a disturbing relationship or ratio develop on complaints, you have to look at the line of business, how much business they write, whether or not it’s an agent issue, or a producer issue, or home office issue, or a misunderstanding issue. You really have to dig in. Benchmarking is a start, and it’s certainly helpful.

Iowa has 216 carriers, and the vast majority are small or midsize, sometimes just county mutual carriers. You have to look at each carrier on its own, as well. The benchmark helps, but it’s not the end all and be all.

Did you look at consistency of data? For instance, premiums written is a component, in some form, of the financial reporting, market conduct and premium tax filings.

Certainly. Our team would look for consistency of data across filings. Our biggest bureau at the division was on the financial side. And that’s really where I spent a lot of my time to develop staff.

If we start to realize that a premium tax number doesn’t line up with premiums written, they start to ask questions. And sometimes there are good answers, and, other times, it’s a miss. And so, again, it’s data consistency and quality across all the reporting to make sure we have a clear picture.

Because oftentimes, it’s something we didn’t understand, or the carrier filed but didn’t pull the right number. The sophistication of the models that the companies use – as well as the sophistication of the reporting – varies greatly from small carriers to big carriers. Some have home-grown systems; some have ad hoc processes. It’s all done differently.

Do you have a sense – both from your time in industry as well as your role as insurance commissioner – how feasible it is to have a meaningful review process? To put this question in concrete terms: If you’re the CFO, you’re signing off on a lot of reports. Based on the volume of reports you’re signing, are you truly reviewing the data that’s being reported?

That’s a great question.

You’ve got reporting requirements for Sarbanes-Oxley if you’re public. You’ve got other reporting requirements under corporate governance at the state level. It’s impossible to dig into every single report for every single data point. So, you do have to rely on your staff, on your auditors and your chief accounting officer. And that’s why you have those controls in place leading up the reporting structure of those organizations.

That being said, a CFO would want to have a clear picture from a benchmarking dashboard. There are a lot of tools for people in the C-Suite for tracking and visualizing data that call out for attention when a metric is out of place or not reported.

The CFO relies on the team and the controls in place for the data to be correct in order to sign off. But, having a snapshot that showed what is filed, and when, and different data points and sources would be of immense help.

What are the consequences, from a regulator’s standpoint, of poor quality or inconsistent data? Is it reputational? Does it add to question marks around a company?

There are several things. Yes, it’s possibly reputational. But that’s in the longer term. Most immediately, the carrier is going to have to commit resources to resolve the issue.

If a commissioner’s officer is asking questions, he or she has found something. You’ve got to commit resources to adjudicate and resolve the issue. And, it could very well lead to a targeted exam, which, in turn, could end up as a full-blown market conduct exam.

It could also create a number of other issues during the triennial exam or the five-year deeper dive exam, which would require additional resources. These exams can cost quite a bit of money. And so, that’s a hard dollar cost. But, there is also the soft dollar cost of staff time, resources expended and opportunity cost in that it kept the carrier from have done something more productive.

How does this work in practice?

I can think of when I was commissioner once or twice when we had targeted exams based on filings that ultimately led us to say, “Okay, there is a problem here.” Both times were out-of-state companies.

To your point earlier, you can call an exam on any company that is doing business in your state, certainly on the market side. On the financial side, you’re going to have more deference. But, on the market side, every commissioner’s office is reviewing the data, as well.

Often for us, we would start with the complaints that are coming in, and then identify a trend with a carrier. And if you start to see a number of complaints, then you pull the data.

Some insurers have a cynical view of regulators, particularly in some states. I’ve heard them refer to this as “the cost of doing business.” They feel that, if you’re going to write policies in some states, you’re going to get fined from time to time. And then, if you get fined by one state, then you’re going to see fines from other states as well. How does this work in practice?

A carrier has an obligation to report a fine in all states in which it’s licensed. On top of that, there is this thing called the internet. When a state issues a fine – Commissioner Jones or Director Huff was famous for this – it would be followed by a press release, as well.

So, there is some truth to the idea that if an insurer has trouble in one state, it might have it in multiple states. But there is some right to have a level of cynicism. There are some states where you’re much more prone be fined. Whether this is a cost of doing business, that’s a decision for that management team. But, if there is a fine in one state, the chances that of it in multiple states is high

Our view of the world, in the Iowa division, was not necessarily to gang tackle but rather how to resolve the issue in our state. If there was a problem, we asked, “Did you make customers whole?” I would look at a systems issue with billing differently from an issue in which someone was ripped off. We tried to use judgment and look at the issues based on the facts and circumstances.

Currently, data flows from carriers to commissioners in a defined cadence. What do you think of the promises of regtech – the concept that software and system automation will allow for data to flow to regulators seamlessly, in real time and without the need for insurers to prepare and curate data for filings?

Right now the NAIC is the hub of a lot of this. And the idea that a state would get this directly from the insurer is a stretch.

What about through the NAIC?

Through the NAIC, I could see it happening. They’ll go to a cloud-based system, I’m guessing. As they make that shift, could that happen? Possibly.

I always joke that for the state of Iowa, and most states, you have the best technology from 1985. Some states are ‘95. It is a stretch to think that this could happen without the NAIC leading.

See also: The Current State of Risk Management  

The NAIC really is the hub. If you’ve been to Kansas City, you’ve seen how impressive their system is, and their folks are. NIPR, for instance, I would always joke, is a technology firm. It’s not a producer licensing firm. The NAIC has tremendous resources. Their CTO has ideas on how to streamline it further. I could see this happening in 10 years or less. The reality is that a state could never do this.

So, a state has to rely on the NAIC. Going back to why this system works, well it works because you have an association – the NAIC – that has the ability to upgrade and transform quicker than any state ever could.

Is it possible that the states could innovate on their own, outside the NAIC?

It would be hard, at best. If you think about the state-based system, if Iowa doesn’t transform as quickly as California, or Montana as Wyoming, that starts to be a problem.

The NAIC can take care of that in one fell swoop and we, as state regulators, all benefit from that work.

I could see data delivery and reporting being quicker, more meaningful, real-time. I could even see, down the road, machine learning processes put in place to help on policy review form, financial review form. I think you could get there. I don’t know if it’ll be five years, 10 years or 15 years, but it will certainly happen in my career, where it’s going to be a continuously improving process.

The NAIC is the best way that regulators keep up with the demands that are happening, through leveraging the NAIC tech and personnel.

An Interview With Nick Gerhart (Part 2)

I recently sat with Nick Gerhart to discuss the regulatory environment for U.S. insurance carriers. Nick offers a broad perspective on regulation based on his experience: After roles at two different carriers, Nick served as Iowa insurance commissioner and currently is chief administrative officer at Farm Bureau Financial Services.

Nick is recognized as a thought leader for innovation and is regularly called on to speak and moderate at insurtech conferences and events. During our discussion, Nick described the foundation for the state-based regulatory environment, the advantages and challenges of decentralized oversight and how the system is adapting in light of innovation.

This is the second of a three-part series. The first part focused on the regulatory framework insurers face. In this second part, Nick provides the regulator’s perspective, with a focus on the goals and tactics of the commissioner’s office. Finally, in the third installment, we will discuss the best practices of insurers in compliance reporting.

In this conversation, we covered the tactics and process of regulation. In particular, Nick described the interactions – routine and targeted – between career and commissioner.

How is a commissioner’s office organized?

As I mentioned, the state of Iowa has a financial bureau and a market bureau. Within the market bureau is a fraud bureau. In addition, there is a securities bureau and regulated industries bureau.

As commissioner, you have to rely on your staff. In Iowa, each analyst has 10 to 12 companies to cover for a first-level review. We have great people in the state of Iowa, and we had a process for elevating issues. So, if they detected an issue, they would raise it pretty quickly. My goal was “no surprises.”

See also: Talking Insurtech With Regulators  

Analysts develop a deep understanding of the companies they supervise. We were fortunate, as we had a lot of people who had been there a long time. I would often joke that some of the people in the division knew the company as well as the people within the company because, in a way, they grew up together.

What are the touchpoints between a carrier and a regulator?

It really varies based on the size of the carrier, to be honest with you. The larger, more complex groups are going to have more touchpoints. Some of the larger companies would come in every quarter to present financials, for instance. On the other hand, you might only see the smaller carriers at a conference. So, it really varies based on the size of the organization and issues within them.

We also have other opportunities to interact, as well. For example, there are the NAIC meetings: three every year, including regulators and a number of companies, and there is often open dialogue between consumers, companies and regulators at those meetings.

How do you stay current with a carrier’s operations?

On the financial solvency side, you get to know a lot of these companies very well – reviewing quarterly blanks, annual blanks and financials. Also, every five years, you do a deep dive exam into these companies on the financial side, which is very cumbersome and, some would argue, burdensome. But, that’s why the system works.

It’s important to remember that these companies are not static – you don’t just put the information in a file or in a drawer and forget about it. They’re more like living and breathing entities, unique and changing and, we hope, always getting better. One tool that regulators use to understand the risks of the larger groups is the ORSA. That provides a deep review of the carrier’s risk and is a very powerful tool for insurance regulators.

So, the regulators approach each company uniquely?

To some degree, yes. I’ve always said: “If you’ve seen one ORSA, you’ve seen one ORSA. If you’ve examined one insurance company, you’ve examined one insurance company.”

They might all have a lot of similar issues, but they all have different issues, as well. Regulators need to regulate on risk basis. A number of factors such as size, market and product could lead you to a different approach. Due to resource constraints, it is important to regulate accordingly.

In terms of the reporting that comes through, with respect to MCAS [Market Conduct Annual Statement], quarterly, annual, various data calls, how does that work?

Those are all electronic now. It used to be paper-based and very laborious and time-intensive. Now, you get on your computer, and it’s just there. This is really a necessity based on the number of companies we regulate and the amount of data.

How do you handle and evaluate such a large quantity of information?

You can’t really have a formulaic, prescriptive approach; it’s got to be risk-based.

What I mean by this is you’re really starting to look for trends and outliers. You tranche it out by line of business, or size of organization, etc. It’s more of trend analysis in the context of what is happening in the marketplace. You can’t say “we’re always going to look for one way to do it.” As you know, things trend differently: from year-to-year or quarter-to-quarter.

If you see an anomaly, you start with context. If long-term care complaints spike, it might be simply because rates have increased – which, incidentally, the commissioner approved. You start to look for different trends on the consumer side, but you can’t really dive deep enough to every single thing you get on file to have a picture.

How does a risk-based approach factor into your analysis of a carrier’s market conduct data?

You look for trends, and I think MCAS [Market Conduct Annual Statement] is an example of how the regulatory system works pretty well.

As an industry, we come up with what we think is an acceptable replacement ratio for annuities, or lapses for life insurance, or complaints per premium, etc. If companies fall outside of these benchmarks, you start asking questions. Sometimes, there’s a really good answer. Other times, you may have another issue.

And this is really where the state-based system, depending on your point of view, either shines or has issues. Other states could have a different benchmark. Other states may say, “we’re just going to review the top ten because they are the biggest.”

My point of view is, just because a carrier is a certain size doesn’t mean that I want to look at them every year. I want to look for risks and problems. You look at things differently with a risk-based approach.

Take the ORSA [Own Risk Solvency Assessment], for example. Even though this is a solvency assessment, it also contains market analysis. Continuing the approach of applying context into the other areas that we regulate, and not just the big groups, works well. So, while a small or mid-sized carrier is not going to file ORSA, I think it’s a better regulatory approach than to say, “we determined that you just had too many complaints this year.”

See also: How to Bulletproof Regulatory Risk  

Is that a benefit of the state-based system? That Iowa might not be discounting the small carriers when they are looking at market conduct, while other states might look at just the bigger players?

Absolutely. On the market side, there is definitely a check and a balance.

I would say it this way: Commissioner Jones in California told me that he had 220 fraud investigators. Well, the state of Iowa has 115 employees in the whole department, and that includes insurance as well as securities. The state of Iowa has two fraud investigators. Iowa certainly doesn’t need 220, but it’s easy to see the disparity and the size of the market.

His biggest issue is the size of the California’s market. It’s the sixth- or seventh-largest in the world. And, it doesn’t have a ton of domiciled carriers. So, Commissioner Jones has different issues and takes a different approach. He may look at annuity sales and complaints per $1,000 in premium, or another metric. California has issues that are more uncommon to them simply due to the size of the market.

Are states more likely to identify different issues with a carrier?

Yes. We may not see the same issue that another state would because our market is smaller. This is why the concept of checks and balances makes sense. And that is why it works pretty well. You have different states with different markets that identify issues differently from Iowa, or California, or Florida, or another state.

Take Florida, for instance. They have a radically different population mix in terms of age and demographics, but also weather events. The issues unique to a state – hurricanes in Florida, earthquakes in California or Oklahoma, etc. – make for different issues and challenges that are best regulated locally. The system works well because it has a check and balance: Each state focuses on issues it identifies, which may not be as relevant elsewhere. Sometimes, it’s related to the size of the state’s market, sometimes it’s related to different risks in that state.

Continued….

An Interview With Nick Gerhart (Part 1)

I recently sat with Nick Gerhart to discuss the regulatory environment for U.S. insurance carriers. Nick offers a broad perspective on regulation based on his experience: After roles at two different carriers, Nick served as Iowa insurance commissioner, and he currently is chief administrative officer at Farm Bureau Financial Services.

Nick is recognized as a thought leader for innovation and is regularly called on to speak and moderate at insurtech conferences and events. During our discussion, Nick described the foundation for the state-based regulatory environment, the advantages and challenges of decentralized oversight and how the system is adapting in light of innovation.

This is the first of a three-part series and focuses on the regulatory framework insurers face. In the second part, Nick will provide the regulator’s perspective, with a focus on the goals and tactics of the commissioner’s office. Finally, in the third installment, we will cover the best practices of the insurers in compliance reporting.

Part I: The Regulatory Framework

You served as the chief regulator in Iowa: How do regulatory practices in Iowa compare with other states?

Every state essentially has the same mission. Iowa has one of the largest domestic industries, so we have to focus a lot on the issues that go along with having a lot of domiciled companies. We have over 220 companies domiciled in Iowa. I believe that is the eighth most in the country; therefore, we are a top-10 state in the number of domiciled carriers. So, how we focus may be a bit different than if we only had a handful of domestic carriers. Due to the number of companies domiciled in Iowa, we must have a technical skill set and ability to completely understand the all facets of the industry.

Level-setting: What are the goals of the office of the insurance commissioner?

First and foremost, the goal is to protect the consumer. You do that through monitoring a company’s solvency and financial status. You also make sure that companies are following rules and regulations and all the laws on the books.

A lot of folks don’t recognize how complex that regulatory framework is, so you really spend your time not only on financial solvency but also on the market side, making sure that rules are followed.

See also: Time to Revisit State-Based Regulation?  

Even if a state has fewer companies domiciled, is it still interested in solvency? Or is this outsourced to the state of domicile?

That’s a good question. There are two sides – the financial side and the market side. On the financial side, there’s great deference to the lead state. For instance, if you are the lead state regulator of a group that is doing business in multiple states, there will be great deference to that regulator and his or her team that is reviewing those financials and that file. Any regulator can check and have their own views, obviously. But, there’s going to be great deference to that lead state.

Is this the same for market conduct?

On the market side, there’s not nearly as much deference. In fact, while I was commissioner, the NAIC was undertaking an accreditation standard for the market side. On the financial side, every state is accredited by the NAIC. And through this process, there’s much more cohesiveness and deference to that lead state. That doesn’t exist as much on the market side.

So, backing up a second, I’d like to touch on the topic of state-based regulation vs. federal regulation. Is this the right way to regulate this market?

I think it’s a good thing, because it’s local. A lot of insurance is local.

The feds have done a lot of work – whether it’s CMS, the Department of Labor or Treasury – that encroaches on state insurance regulators. I submit that this encroachment creates confusion and is counterproductive. I personally do not believe a federal regulator is going to do a better job and, in fact, believe it would lead to poorer results and hurt consumers. In my opinion, the federal government did not do exemplary work during the financial crisis, and I believe insurance regulators actually performed and executed quite well during that financially stressful time. In looking at that crisis, I have concluded that I do not want federal regulators or prescriptive banking standards forced upon the insurance industry.

State insurance commissioners are either elected by the people they serve or are appointed by a governor or other official or agency head. Those are held accountable at that local level and are part of the communities they serve. On countless occasions, I was stopped by people and asked about insurance issues. It would be very difficult to get that accountability or access if insurance were regulated at a federal level.

Are there areas where the states could improve?

There are some areas: They can do a better job of working together on the market side. But that’s why the National Association of Insurance Commisioners, the NAIC, exists – to create model laws that will create more uniformity across all states. And again, the states have done a tremendous job on the financial side.

The market side has more room to improve –  at least as far as coordination. Regulators have made tremendous progress in recent years, though. In the last six years, by collaborating and coordinating through the NAIC, monumental modernization has occurred. As an example, annuity suitability, ORSA, principal-based reserving, corporate governance, credit for reinsurance and now cyber model laws have all been created and passed in numerous states. Passing a model law out of the NAIC is important because it provides a state a solid model to guide through the legislative process.

What is the downside of state regulation?

There are certainly challenges with the state-based system. One is, at the state level, having resources to do the job. The state of Iowa is really an international regulator as we’re the lead state for Transamerica/Aegon and group-wide supervisor for Principal Financial. We have firms in Iowa with significant international footprints, so Iowa regulates alongside international peers from all over the world. I believe it is critical that Iowa resource the insurance division appropriately, as limiting resources too much ultimately hurts the ability to regulate effectively.

After resources, I think the biggest challenge for states is uniformity issues. An emerging challenge is keeping up with all the technological advances and innovation emerging from the insurtech and fintech area.

Is regulation keeping up with innovation?

Whether or not the old regulatory framework is still relevant today – I believe we will soon have a debate around that and how to modernize. The use of data is going to be a challenge for regulators, whether it’s genetic testing in life insurance or some other topic. There are a lot of issues in the innovation space that regulators are going to have to step up and meet because, if consumers demand change, the answer shouldn’t necessarily be, “We can’t do that.” Maybe we need to look at the rules and the laws and make a concerted effort to modernize.

Over the years, a number of people have come into my office frustrated at the limitations of the current rules and said, “That law’s stupid.” I have to inform them that just because it is illogical doesn’t mean that you can get rid of it. That’s not the commissioner’s job. The legislature passes the laws. The commissioner interprets and enforces the laws. Commissioners do not pass the law, so, when individuals are frustrated, often that frustration is misplaced.

See also: The Coming Changes in Regulation  

All in all, you would say that state-based regulation is the better answer?

I would put the state system up against a federally based system any day.

At the same time, we are the only country, to my knowledge, that has 56 different jurisdictions regulating insurers. Every other nation has a federal one. This poses challenges for international groups; certainly, some reinsurers are facing these issues. It is for that reason that we must coordinate better and speak with a unified voice.

As I have said, I do think the state system is remarkably better for consumers. When I was commissioner, the phone number on my business card went right to my office. I talked to consumers every day who called me directly. I would answer my phone, and they would be shocked that I would answer. There is genuine appeal in that.

When something goes wrong, insurance quickly becomes very personal. Sometimes, it’s bad things happening intentionally or willfully, while other times it’s just misunderstandings. Insurance is incredibly complex. I’d much rather have a system where there is accountability at the state level. You have people working for their citizens whom they go to church with and see around the state.

That’s a much better system than a federal bureaucracy that might have 10 regional offices where it’s impersonal and you have no idea who in the heck you’re talking to.

Continued….

Global Insurance CRO Survey 2016

Risk functions have evolved from “check-the-box” compliance to being a key enabler for business decision-making. This change has provided chief risk officers (CROs) with a seat at the table in the highest levels of the organization.

2016 has been a year of black swans, characterized by prolonged low interest rates, political uncertainty in key markets and increasing competitive forces challenging insurers’ business models. Together with the rise of risk-based capital regimes across the globe, these factors are tending to align the CRO and CFO agendas, establishing a tighter link between risk, capital and value.

The CRO role will always have a strong regulatory-driven rationale. But as the role evolves, we see an opportunity in ERM to take stock of teams, toolkits and processes — and use them to achieve greater effectiveness.

See also: The Myth About Contractors and Risk  

This shift is occurring at different rates in different regions, but the direction is clear. Our survey explores five key themes around the risk function and CRO role:

1. There has been a high degree of operationalization in prudential regulation around the globe:

  • In Europe, in response to Solvency II demands
  • In the U.S., as a consequence of the NAIC’s ORSA requirement and for the larger insurers, SIFI demands from the Federal Reserve Board
  • In Asia-Pacific, with the implementation of risk-based capital regimes (e.g. C-ROSS in China, LAGIC in Australia, ORSA requirements in Singapore and ICAAP in Malaysia)

2. We are seeing a sharper focus on consumer-conduct regulation:

  • The U.S. Department of Labor is shaking up focus on the advice model.
  • The European Parliament is debating significant advances in policyholder communications, and various European home regulators are demanding redress for past failings in sales process, transparency of charges and continuing product suitability.
  • Depending on the region, it is more or less common for CROs to have compliance report through to them.

3. Governance models are now largely converging to reflect the three lines of defense principles.

Although differences exist across geographies, CROs are consistently seeking to strengthen risk accountability and understanding across the workforce. In particular, while we are seeing an increased awareness that risk ownership starts with the first line, there still are opportunities to strengthen risk accountability and improve communication to help everyone understand risk appetite and consequences.

4. Risk functions are becoming more involved in producing and monitoring risk metrics.

Larger insurers subject to Solvency II and now required to obtain approval of their internal economic capital models are partly behind this shift in risk functions.

Beyond Europe, other jurisdictions have a variety of approaches. For example, U.S. insurers subject to Federal Reserve regulation are required to use more extensive stress and scenario testing in their internal capital management processes (with the eventual requirement to publicly disclose the results).

See also: Minority-Contracting Compliance — Three Risks  

In general, even where there is no regulatory mandate, CROs and their risk teams are increasingly involved with stress testing and more advanced financial models to quantify risk.

5. CROs are aware of the potential for improvement in operational risk management.

While businesses generally understand the “known knowns,” risk plays an important role in emphasizing the need for a systematic approach to the full spectrum of exposures. Cyber risk in particular is one of the biggest areas of concern for most CROs, who consider it a key focus area of operational risk.

Download the full North American report here.

Download the full EMEIA report here.

Key Regulatory Issues in 2016 (Part 2)

The complexities of the current regulatory environment undoubtedly pose significant challenges for the broad spectrum of financial services companies, as regulators continue to expect management to demonstrate robust oversight, compliance and risk management standards. These challenges are generated at multiple, and sometimes competing, levels of regulatory authority, including state and local, federal and international, and, in some cases, by regulatory entities that have been newly formed or given expanded authority. Their demands are particularly pressing for the largest, most globally active firms, though smaller institutions are also struggling to optimize business models and infrastructure to better address the growing regulatory scrutiny and new expectations.

In the first part of this two-part series, we covered the first five key regulatory issues we anticipate will have an impact on insurance companies this year. Here are the final five:

6. Transforming the Effectiveness and Sustainability of Compliance

Compliance continues to be a top concern for financial institutions and insurance companies as the pace and complexity of regulatory change, coupled with increased regulatory scrutiny and enforcement activity, have pushed concerns about reputation risk to new levels. These firms need to be able to respond to changes in their internal and external environments with flexibility and speed to limit the impact from potentially costly business shifts or compliance failures. To do so, however, can demand enhancements to the current compliance risk management program that build adaptability into the inter-relationships of the people, processes and technologies supporting compliance activities; augment monitoring and testing to self-identify compliance matters and expand root cause analysis; and integrate compliance accountability into all facets of the business. Compliance accountability starts with a strong compliance culture that is supported by the “tone from the top” and reaches across all three lines of defense, recognizing that each line plays an important role within the overall risk management governance framework. Transforming compliance in this way allows it to align on an enterprise-wide basis with the firm’s risk appetite; strategic and financial objectives; and business, operating, functional and human capital models.

7. Managing Challenges in Surveillance, Reporting, Data and Control

Driven largely by regulatory requirements and industry pressures
for increased speed and access, trade and transaction reporting has become increasingly complex. Capturing and analyzing vast amounts of data in real time remains a massive challenge for financial services firms, as regulators continue to initiate civil and criminal investigations and levy heavy fines on broker-dealers, investment banks and insurance companies based on failures to completely and accurately report required information. In addition, ensuring compliance with federal and state laws prohibiting money laundering, financial crimes, insider trading, front running and other market manipulations and misconduct remains critically important. In the coming year, it will be essential for financial institutions and insurance companies to reassess the strength and comprehensiveness of their compliance risk management programs to better manage and mitigate both known and emerging regulatory and legal risks and respond to prospective market structure reforms.

See Also: Should We Take This Risk?

8. Reforming Regulatory Reporting

The financial services industry, including the insurance sector, continues to face challenges around producing core regulatory reports and other requested financial information, as demands from both regulators and investors have increased exponentially in the wake of the financial crisis. For insurance companies, the IAIS faces a significant challenge as there is no common basis of accounting applied across jurisdictions, either for regulatory or financial reporting purposes. The need for consistent regulatory reporting has been highlighted by the efforts of the IAIS to develop an insurance capital standard for IAIGs as well as basic capital requirements (BCR) and a higher loss absorbency (HLA) for global systemically important insurers. The IAIS is moving toward a market-consistent basis of valuation for both assets and liabilities to underpin this effort. Complementing the work previously performed by the Financial Stability Oversight Council, which solicited comment on certain  aspects of the asset management industry that included requests for additional financial information that would be helpful to regulators and market participants, the SEC published rules to modernize and improve the information reported and disclosed by registered investment companies and investment advisers (Investment Company Reporting Modernization, proposal published in June 2015).

Among other areas of reform, the SEC’s rule is intended to provide enhanced information that will be used to monitor risks in the asset management industry as a whole and increase the transparency of individual fund portfolios, investment practices and investment advisers, particularly for derivatives, securities lending and counterparty exposures. Fund administrators and managers will likely need to carefully contemplate and implement new governance, operational and reporting capabilities that will be necessary to support enhanced reporting and disclosure requirements.

9. Examining Capital

Recovery and Resolution Planning and the EPS for large U.S. bank holding companies, foreign banking organizations and insurance and nonbank financial companies have brought capital planning and liquidity risk management to the forefront, as regulators have sought to restore both public and investor confidence in the aftermath of the financial crisis. Financial institutions, including nonbank SIFIs, are required to demonstrate their ability to develop internal stress testing scenarios that properly reflect and aggregate the full range of their business activities and exposures, as well as the effectiveness of their governance and internal control processes. A growing number of state regulators have adopted the Own Risk and Solvency Assessments (ORSA) requirement to support insurers’ risk management and capital adequacy.

The international development of an insurance capital standard for IAIGs continues along with BCR and HLA requirements. In the U.S., the NAIC and state regulators are working closely with the Federal Insurance Office, the Federal Reserve and industry participants to develop a group capital assessment. Insurers, however, are challenged to fit capital requirements originally designed for banks into the insurance business model along with group capital into local entity capital requirements. The potential variability and current uncertainty resulting from these and other pending requirements may limit funding flexibility and make capital planning difficult, as financial institutions will need to consider the ties between capital and liquidity in areas such as enterprise-wide governance, risk identification processes, related stress testing scenarios and interrelated contingency planning efforts.

10. Managing the Complexities of Cross-Border Regulatory Change

The largest financial institutions and insurance companies must now understand and manage regulatory mandates across more jurisdictions and services than ever before. Regulatory obligations and cross-border pressure points continue to challenge global financial firms to move past their current reactionary mode of response to tackling high-impact regulatory change. For insurers and their regulators (both international and domestic), the integration of ComFrame (Common Framework) into local entity requirements as they are adopted by individual jurisdictions will be such a challenge. Anticipating the recognition of “equivalence” or a covered agreement for certain U.S. regulations under Solvency II for U.S. insurers operating in Europe is another. However, to address these challenges, financial institutions and insurance companies will need to consider implementing a regulatory change management framework that is capable of centralizing and synthesizing current and future regulatory demands and incorporates both internally developed and externally provided governance, risk management, and compliance regulatory change tools. This framework will enable financial entities to improve coordination across their operations and gain insights that can improve overall performance, ensure risk management and compliance controls are integrated into strategic objectives, avoid redundancy and rework and better address regulatory expectations in a practical and efficient way.

This piece was co-written by Amy Matsuo, Tracey Whille, David White and Deborah Bailey.