Tag Archives: sifi

Global Insurance CRO Survey 2016

Risk functions have evolved from “check-the-box” compliance to being a key enabler for business decision-making. This change has provided chief risk officers (CROs) with a seat at the table in the highest levels of the organization.

2016 has been a year of black swans, characterized by prolonged low interest rates, political uncertainty in key markets and increasing competitive forces challenging insurers’ business models. Together with the rise of risk-based capital regimes across the globe, these factors are tending to align the CRO and CFO agendas, establishing a tighter link between risk, capital and value.

The CRO role will always have a strong regulatory-driven rationale. But as the role evolves, we see an opportunity in ERM to take stock of teams, toolkits and processes — and use them to achieve greater effectiveness.

See also: The Myth About Contractors and Risk  

This shift is occurring at different rates in different regions, but the direction is clear. Our survey explores five key themes around the risk function and CRO role:

1. There has been a high degree of operationalization in prudential regulation around the globe:

  • In Europe, in response to Solvency II demands
  • In the U.S., as a consequence of the NAIC’s ORSA requirement and for the larger insurers, SIFI demands from the Federal Reserve Board
  • In Asia-Pacific, with the implementation of risk-based capital regimes (e.g. C-ROSS in China, LAGIC in Australia, ORSA requirements in Singapore and ICAAP in Malaysia)

2. We are seeing a sharper focus on consumer-conduct regulation:

  • The U.S. Department of Labor is shaking up focus on the advice model.
  • The European Parliament is debating significant advances in policyholder communications, and various European home regulators are demanding redress for past failings in sales process, transparency of charges and continuing product suitability.
  • Depending on the region, it is more or less common for CROs to have compliance report through to them.

3. Governance models are now largely converging to reflect the three lines of defense principles.

Although differences exist across geographies, CROs are consistently seeking to strengthen risk accountability and understanding across the workforce. In particular, while we are seeing an increased awareness that risk ownership starts with the first line, there still are opportunities to strengthen risk accountability and improve communication to help everyone understand risk appetite and consequences.

4. Risk functions are becoming more involved in producing and monitoring risk metrics.

Larger insurers subject to Solvency II and now required to obtain approval of their internal economic capital models are partly behind this shift in risk functions.

Beyond Europe, other jurisdictions have a variety of approaches. For example, U.S. insurers subject to Federal Reserve regulation are required to use more extensive stress and scenario testing in their internal capital management processes (with the eventual requirement to publicly disclose the results).

See also: Minority-Contracting Compliance — Three Risks  

In general, even where there is no regulatory mandate, CROs and their risk teams are increasingly involved with stress testing and more advanced financial models to quantify risk.

5. CROs are aware of the potential for improvement in operational risk management.

While businesses generally understand the “known knowns,” risk plays an important role in emphasizing the need for a systematic approach to the full spectrum of exposures. Cyber risk in particular is one of the biggest areas of concern for most CROs, who consider it a key focus area of operational risk.

Download the full North American report here.

Download the full EMEIA report here.

The Gristle in Dodd-Frank

I love using the phrase “unintended consequences” when talking about our issues on Capitol Hill. It’s so commonly understood among veteran staffers that legislative actions produce market reactions, some that are unexpected and unintended. Whoops!

Sometimes these unintended consequences are significant, like when Congress passed the behemoth rewrite of financial regulations in the Dodd-Frank Act.

A big unintended consequence of that law gave the Federal Reserve the authority to regulate non-bank “systemically important financial institutions” (SIFI), as designated by the Financial Stability Oversight Council (FSOC), with the same capital standards that they impose on banks. Insurance companies at risk of being regulated by the Federal Reserve, like MetLife, Prudential and AIG, are facing the big threat of being held to an additional layer of capital standards that are bank-centric and threaten their regulatory compliance models and ultimate product safety.

The thing is, the business of insurance is very different from banking, and regulatory capital standards designed to protect consumers should reflect those differences. Property-casualty and life insurance products are underwritten with sophisticated data and predictable global risk-sharing schemes that inherently withstand most market fluctuations. And to protect consumers, different capital standards are imposed on insurance companies for the different models and products they produce. Traditional banks, however, have different economic threats, requiring different standards. There cannot be a run on insurers with claims the way there can be on banks.

The last economic crisis demonstrated that varying insurance capital standards protected the insurance industry throughout the global debacle. Even AIG’s insurance operations were well protected (it was AIG’s non-insurance financial products division that led to the company’s near-demise). Allowing the Fed to regulate insurers with the same standards as banks not only threatens corporate compliance models but also ultimately makes it more expensive for insurers to share risk, increases the cost for the same level of coverage and spikes prices for consumers.

Even the congressional authors of the too-big-to-fail language recognize the issue and are pushing to correct it. Sen. Susan Collins, R-Maine, who originally wrote the Dodd-Frank provision to allow the FSOC to designate insurance companies as SIFIs, recognizes that any capital standards imposed by the Fed should be duly tailored for insurance companies. She said in congressional testimony: “I want to emphasize my belief that the Federal Reserve is able to take into account—and should take into account—the differences between insurance and other financial activities…. While it is essential that insurers subject to Federal Reserve Board oversight be adequately capitalized on a consolidated basis, it would be improper, and not in keeping with Congress’s intent, for federal regulators to supplant prudential state-based insurance regulation with a bank-centric capital regime for insurance activities.”

Fed Chair Janet Yellen, who is responsible for implementing the law, agrees.

So there’s now legislation in the grinder designed to fix the problem by giving the Fed flexibility to tailor capital standards to the unique characteristics of the insurance industry. The bill passed the Senate without opposition but at the time of this writing is stalled in the House and risks being caught in the partisan battle between the House and Senate’s varying legislative vehicles.

It’s rightly frustrating to stakeholders and lawmakers that the fix is held up, but it’s not surprising that another serious unintended consequence is facing our industry. I’ve used the term when discussing the Foreign Account Tax Compliance Act (FATCA), flood reform, and the Affordable Care Act (ACA). I hope we can see the legislative fix to this latest unintended consequence signed into law soon.

This article first appeared in Leader’s Edge magazine.

US Insurers Must Contend With Federal Overseers

Since 1851, when the first state insurance regulator was established, the US insurance industry has had to comply only with the laws of a regulatory system that is state-based. However, that changed when the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act) passed into law on July 21, 2010. The Dodd-Frank Act, which is the US Federal Government’s response to the 2007-2008 financial crisis, created several entities including the Federal Insurance Office (FIO) and the Financial Stability Oversight Council (FSOC). Both of these entities are authorized to be involved in the insurance regulatory system, albeit with different degrees of authority and oversight.

Ovum’s recently published report 2013 US Insurance Regulatory Landscape discusses the strengthening presence of the federal government in US insurance regulation, four interdependent initiatives that US insurers need to implement to comply with regulations, and the expanding role that technology can play in supporting US insurers as they prepare for regulatory compliance.

Federal Presence In The US Insurance Regulatory System Has Strengthened
State-based insurance regulators can be forgiven for believing that the regulatory system they have in place, and are continually reshaping to align with market realities, has continued to prove worthy to both consumers and insurance companies. Be that as it may, the Dodd-Frank Act is now law and the FSOC and the FIO are now active participants in the US insurance regulatory system. Both entities have authority and responsibilities that could transform the US insurance system. Only time will tell whether their existence is a net positive for insurance companies domiciled in the US and international insurers conducting business in the US.

Insurers should familiarize themselves with the roles and responsibilities of the FSOC and FIO. The FSOC will identify and respond to threats to the financial stability of the US and promote market discipline. The FIO has a number of responsibilities, including: recommending to the FSOC when an insurer (and its affiliates) should be designated a “systemically important financial institution” (SIFI), thus making it subject to additional capital requirements set by the Federal Reserve; representing the US in matters relating to international insurance regulation; monitoring the extent to which traditionally underserved communities, consumers, minorities, and those of low-to-moderate income can access affordable insurance products; and assisting the Secretary of the Treasury and other officials in administering the Terrorism Risk Insurance Program.

Insurers Must Implement Four Interdependent Initiatives To Enable Readiness To Comply With State And, Potentially, Federal Regulations
Insurers should create and continue to strengthen four interdependent initiatives to ensure their readiness to comply with regulation, which encompass monitoring, management, analysis, and reporting.

  • Monitoring initiatives include monitoring and capturing: any legislative bills available for public comment; discussions from the insurance legislators in each state, the NAIC, the FIO, the FSOC, the various influencer groups, and online trade press articles and commentary concerning legislative issues impacting the insurance industry; and existing regulations and proposed and actual changes to these regulations for each state in which the company conducts and wants to conduct business.
  • Management initiatives include storing, cleaning, tagging, and otherwise preparing the primarily unstructured content captured above, for analysis and preliminary preparation of regulatory compliance initiatives.
  • Analysis initiatives include analyzing the captured content’s potential impact on existing company regulatory compliance initiatives or the resources needed to create new initiatives. The analysis is likely to encompass financial analysis and modeling if the regulatory discussion impacts the amount of capital reserves the insurance company will need, or alters the investments it can make or the mix of risks it can insure. It also includes the creation of interactive dashboards that enable insurance executives and legal, compliance, and other insurance departments to track compliance with state and, where necessary, federal regulations.
  • Reporting initiatives include creating reports for internal insurance company use, for each state insurance commissioner’s office for the states in which the company conducts business, and, where necessary, for the FIO and the FSOC.

Technology Has A Growing Role To Play In Enabling Insurers To Comply With Regulations
To remain knowledgeable about what is happening, be prepared for any changes to requirements, and comply with existing regulations, insurers should use:

  • Text data mining/semantic technology to create a tagged and searchable repository of existing and pending regulations.
  • Master data management (MDM) applications to establish, maintain, and update a repository of existing and proposed industry regulations.
  • Analytics, including predictive analytics, to measure the company’s capital adequacy and ensure it complies with state and, where necessary, FIO and FSOC requirements, and to model and project the company’s current and projected density of risk (i.e. total exposure across all insurance lines of business that the insurer is selling for all or specific geographies).
  • Data visualization to create dashboards to track the company’s alignment with regulatory deadlines and capital requirements, and its progress toward adopting insurance regulatory initiatives (e.g. uniform producer licensing).
  • Database technologies to create, store, and manage producer demographic, insurance experience, training, and licensing information for every insurance company producer (i.e. agent/broker/financial advisor) for each insurance line of business, for every state (or jurisdiction) in which the agent is legally authorized to sell insurance.
  • Collaboration and communications technologies within the insurance company, including the agent/broker/financial advisor intermediaries, to discuss progress toward regulatory compliance including concerns or problems and potential solutions if the company believes it is non-compliant on certain issues.
  • Reporting capabilities to create compliance reports and send them to internal insurance departments, to each state insurance commissioner’s office for each state in which the company conducts business, and, where necessary, to the FIO and the FSOC.