Tag Archives: Stacey Guardino

Key Regulatory Issues in 2016 (Part 2)

The complexities of the current regulatory environment undoubtedly pose significant challenges for the broad spectrum of financial services companies, as regulators continue to expect management to demonstrate robust oversight, compliance and risk management standards. These challenges are generated at multiple, and sometimes competing, levels of regulatory authority, including state and local, federal and international, and, in some cases, by regulatory entities that have been newly formed or given expanded authority. Their demands are particularly pressing for the largest, most globally active firms, though smaller institutions are also struggling to optimize business models and infrastructure to better address the growing regulatory scrutiny and new expectations.

In the first part of this two-part series, we covered the first five key regulatory issues we anticipate will have an impact on insurance companies this year. Here are the final five:

6. Transforming the Effectiveness and Sustainability of Compliance

Compliance continues to be a top concern for financial institutions and insurance companies as the pace and complexity of regulatory change, coupled with increased regulatory scrutiny and enforcement activity, have pushed concerns about reputation risk to new levels. These firms need to be able to respond to changes in their internal and external environments with flexibility and speed to limit the impact from potentially costly business shifts or compliance failures. To do so, however, can demand enhancements to the current compliance risk management program that build adaptability into the inter-relationships of the people, processes and technologies supporting compliance activities; augment monitoring and testing to self-identify compliance matters and expand root cause analysis; and integrate compliance accountability into all facets of the business. Compliance accountability starts with a strong compliance culture that is supported by the “tone from the top” and reaches across all three lines of defense, recognizing that each line plays an important role within the overall risk management governance framework. Transforming compliance in this way allows it to align on an enterprise-wide basis with the firm’s risk appetite; strategic and financial objectives; and business, operating, functional and human capital models.

7. Managing Challenges in Surveillance, Reporting, Data and Control

Driven largely by regulatory requirements and industry pressures
for increased speed and access, trade and transaction reporting has become increasingly complex. Capturing and analyzing vast amounts of data in real time remains a massive challenge for financial services firms, as regulators continue to initiate civil and criminal investigations and levy heavy fines on broker-dealers, investment banks and insurance companies based on failures to completely and accurately report required information. In addition, ensuring compliance with federal and state laws prohibiting money laundering, financial crimes, insider trading, front running and other market manipulations and misconduct remains critically important. In the coming year, it will be essential for financial institutions and insurance companies to reassess the strength and comprehensiveness of their compliance risk management programs to better manage and mitigate both known and emerging regulatory and legal risks and respond to prospective market structure reforms.

See Also: Should We Take This Risk?

8. Reforming Regulatory Reporting

The financial services industry, including the insurance sector, continues to face challenges around producing core regulatory reports and other requested financial information, as demands from both regulators and investors have increased exponentially in the wake of the financial crisis. For insurance companies, the IAIS faces a significant challenge as there is no common basis of accounting applied across jurisdictions, either for regulatory or financial reporting purposes. The need for consistent regulatory reporting has been highlighted by the efforts of the IAIS to develop an insurance capital standard for IAIGs as well as basic capital requirements (BCR) and a higher loss absorbency (HLA) for global systemically important insurers. The IAIS is moving toward a market-consistent basis of valuation for both assets and liabilities to underpin this effort. Complementing the work previously performed by the Financial Stability Oversight Council, which solicited comment on certain  aspects of the asset management industry that included requests for additional financial information that would be helpful to regulators and market participants, the SEC published rules to modernize and improve the information reported and disclosed by registered investment companies and investment advisers (Investment Company Reporting Modernization, proposal published in June 2015).

Among other areas of reform, the SEC’s rule is intended to provide enhanced information that will be used to monitor risks in the asset management industry as a whole and increase the transparency of individual fund portfolios, investment practices and investment advisers, particularly for derivatives, securities lending and counterparty exposures. Fund administrators and managers will likely need to carefully contemplate and implement new governance, operational and reporting capabilities that will be necessary to support enhanced reporting and disclosure requirements.

9. Examining Capital

Recovery and Resolution Planning and the EPS for large U.S. bank holding companies, foreign banking organizations and insurance and nonbank financial companies have brought capital planning and liquidity risk management to the forefront, as regulators have sought to restore both public and investor confidence in the aftermath of the financial crisis. Financial institutions, including nonbank SIFIs, are required to demonstrate their ability to develop internal stress testing scenarios that properly reflect and aggregate the full range of their business activities and exposures, as well as the effectiveness of their governance and internal control processes. A growing number of state regulators have adopted the Own Risk and Solvency Assessments (ORSA) requirement to support insurers’ risk management and capital adequacy.

The international development of an insurance capital standard for IAIGs continues along with BCR and HLA requirements. In the U.S., the NAIC and state regulators are working closely with the Federal Insurance Office, the Federal Reserve and industry participants to develop a group capital assessment. Insurers, however, are challenged to fit capital requirements originally designed for banks into the insurance business model along with group capital into local entity capital requirements. The potential variability and current uncertainty resulting from these and other pending requirements may limit funding flexibility and make capital planning difficult, as financial institutions will need to consider the ties between capital and liquidity in areas such as enterprise-wide governance, risk identification processes, related stress testing scenarios and interrelated contingency planning efforts.

10. Managing the Complexities of Cross-Border Regulatory Change

The largest financial institutions and insurance companies must now understand and manage regulatory mandates across more jurisdictions and services than ever before. Regulatory obligations and cross-border pressure points continue to challenge global financial firms to move past their current reactionary mode of response to tackling high-impact regulatory change. For insurers and their regulators (both international and domestic), the integration of ComFrame (Common Framework) into local entity requirements as they are adopted by individual jurisdictions will be such a challenge. Anticipating the recognition of “equivalence” or a covered agreement for certain U.S. regulations under Solvency II for U.S. insurers operating in Europe is another. However, to address these challenges, financial institutions and insurance companies will need to consider implementing a regulatory change management framework that is capable of centralizing and synthesizing current and future regulatory demands and incorporates both internally developed and externally provided governance, risk management, and compliance regulatory change tools. This framework will enable financial entities to improve coordination across their operations and gain insights that can improve overall performance, ensure risk management and compliance controls are integrated into strategic objectives, avoid redundancy and rework and better address regulatory expectations in a practical and efficient way.

This piece was co-written by Amy Matsuo, Tracey Whille, David White and Deborah Bailey.

Key Regulatory Issues in 2016 (Part 1)

The complexities of the current regulatory environment undoubtedly pose significant challenges for the broad spectrum of financial services companies, as regulators continue to expect management to demonstrate robust oversight, compliance and risk management standards. These challenges are generated at multiple (and sometimes competing) levels of regulatory authority, including local, state, federal and international, as well as, in some cases, by regulatory entities that are new or have been given expanded authority. Their demands are particularly pressing for the largest, most globally active firms, though smaller institutions are also struggling to optimize business models and infrastructures to better address the growing regulatory scrutiny and new expectations.

Across the industry, attentions are focused on improving overall financial strength and stability, guided by the recommendations of international standards-setting bodies and U.S. regulatory mandates that encompass governance, culture, risk management, capital and liquidity. Though historically under the purview of individual states, the insurance sector in the U.S. has been responding to influences at both the international and federal levels. The efforts of the International Association of Insurance Supervisors (IAIS) to develop insurance core principles (ICPs), a common framework for the supervision of internationally active insurance groups (IAIGs) and capital standards, have all laid the foundation for global regulatory change. These efforts have been further supported by new authorities given to the Federal Reserve Board, the Financial Stability Oversight Council and the Federal Insurance Office and by the designation of certain nonbank insurance companies as systemically important financial institutions (SIFIs). Following are some of the key regulatory issues we anticipate will have an impact on insurance companies this year:

1. Strengthening Governance and Culture

Despite heightened attention from regulators and organizations to strengthen governance structures and risk controls frameworks, instances of misconduct (i.e., professional misbehavior, ethical lapses and compliance failures) continue to be reported across
the financial services industry, including the insurance sector,
with troubling frequency. Boards and senior management are
now expected to define and champion the desired culture within their organizations; establish values, goals, expectations and incentives for employee behavior consistent with that culture; demonstrate that employees understand and abide by the risk management framework; and set a “tone from the top” through their own words and actions.

Line and middle managers, who are frequently responsible for implementing organizational changes and strategic initiatives, are expected to be similarly committed, ensuring the “mood in the middle” reflects the tone from the top. Regulators are also assessing an organization’s culture by looking at how organizations implement their business strategies, expecting firms to place the interests of all customers and the integrity of the markets ahead of profit maximization. They will consider business practices and associated customer costs relative to the perceived and demonstrable benefit of an individual product or service to the customer, giving attention to sales incentives and product complexities.

State and federal insurance regulators have joined the global push for enhanced governance, and, in 2016, insurers can expect heightened attention in this area through the Federal Reserve Board’s (Federal Reserve) supervision framework and its enhanced prudential standards (EPS) rule; the Financial Industry Regulatory Authority’s (FINRA) targeted review of culture among broker-dealers; and the National Association of Insurance Commissioners’ (NAIC) Corporate Governance Annual Disclosure Model Act, which became effective Jan. 1, 2016, and requires annual reporting following adoption by the individual states. Given the regulatory focus on conduct, insurers might experience some pressures to put in place governance and controls frameworks that specifically recognize and protect the interests of policy holders.

2. Improving Data Quality for Risk Data Aggregation and Risk Reporting

Financial institutions continue to struggle with improving their risk-data aggregation, systems and reporting capabilities, which means insurers, in particular, will be challenged to handle any coming changes in regulatory reporting, new accounting pronouncements, enhanced market opportunities and increasing sources of competition because of legacy actuarial and financial reporting systems. These data concerns are augmented by information demands related to emerging issues, such as regulatory interest in affiliated captives. In addition, there are expected requirements of anticipated rulemakings, such as the Department of Labor’s Fiduciary Rule, which necessitates a new methodology or perspective regarding product disclosure requirements and estimations of the viability and benefits of individual products. There is also the Federal Reserve’s single counterparty credit limit (SCCL) rule, which requires organizations, including nonbank SIFIs, to track and evaluate exposure to a single counterparty across the consolidated firm on a daily basis. Quality remains a challenge, with data integrity continually compromised by outmoded technologies, inadequate or poorly documented manual solutions, inconsistent taxonomies, inaccuracies and incompleteness.

Going forward, management will need to consider both strategic- level initiatives that facilitate better reporting, such as a regulatory change management strategic framework, and more tactical solutions, such as conducting model validation work, tightening data governance and increasing employee training. By implementing a comprehensive framework that improves governance and emphasizes higher data-quality standards, financial institutions and insurance companies should realize more robust aggregation and reporting capabilities, which, in turn, can enhance managerial decision making and ultimately improve regulatory confidence in the industry’s ability to respond in the event of a crisis.

See Also: FinTech: Epicenter of Disruption (Part 1)

3. Harmonizing Approaches to Cybersecurity and Consumer Data Privacy

Cybersecurity has become a very real regulatory risk that is distinguished by increasing volume and sophistication. Industries that house significant amounts of personal data (such as financial institutions, insurance companies, healthcare enrollees, higher education organizations and retail companies) are at great risk of large-scale data attacks that could result in serious reputational and financial damage. Financial institutions and insurance companies
in the U.S. and around the world, as well as their third- party service providers, are on alert to identify, assess and mitigate cyber risks. Failures in cybersecurity have the potential to have an impact on operations, core processes and reputations but, in the extreme, can undermine the public’s confidence in the financial services industry as a whole. Financial entities are increasingly dependent on information technology and telecommunications to deliver services to their customers (both individuals and businesses), which, as evidenced by recently publicized cyber hacking incidences, can place customer-specific information at risk of exposure.

Some firms are responding to this link between cybersecurity and privacy by harmonizing the approach to incidence response, and most have made protecting the security and confidentiality of customer information and records a business and supervisory priority this year. State insurance regulators have a significant role in monitoring insurers’ efforts to protect the data they receive from policyholders and claimants. In addition, they must monitor insurers’ sales of cybersecurity policies and risk management services, which are expected to grow dramatically in the next few years. Insurers are challenged to match capacity demands, which may lead to solvency issues, with buyers’ needs and expectations for these new and complex product offerings. The NAIC, acting through its cybersecurity task force, is collecting data to analyze the growth of cyber-liability coverage and to identify areas of concern in the marketplace. The NAIC has also adopted Principles for Effective Cybersecurity: Insurance Regulatory Guidance for insurers and regulators as well as the Cybersecurity Consumer Bill of Rights for insurance policyholders, beneficiaries and claimants. Insurance regulatory examinations regularly integrate cybersecurity reviews, and regulatory concerns remain focused on consumer protection, insurer solvency and the ability of the insurer to pay claims.

4. Recognizing the Focus on Consumer Protection

In the past few years, the Consumer Financial Protection Bureau and the Federal Trade Commission have pursued financial services firms (including nonbanks) to address instances of consumer financial harm resulting from unfair, deceptive or abusive acts or practices. The DOL Fiduciary Rule redefines a “fiduciary” under the Employee Retirement Income Security Act to include persons — brokers, registered investment advisers, insurance agents or other types of advisers — that receive compensation for providing retirement investment advice. Under the rule, such advisers are required to provide impartial advice that is in the best interest of the customer and must address conflicts of interest in providing that advice. Though intended to strengthen consumer protection for retirement investment advice, the rule is also expected to pose wide-ranging strategic, business, product, operational, technology and compliance challenges for advisers.

In addition, the Securities and Exchange Commission (SEC) has announced it will issue a rule to establish a fiduciary duty for brokers and dealers that is consistent with the standard of conduct applicable to an investment adviser under the Investment Advisers Act (Uniform Fiduciary Rule). The consistent theme between these two rules is the focus on customer/investor protection, and the rules lay out the regulators’ concern that customers are treated fairly; that they receive investment advice appropriate to their investment profile; that they are not harmed or disadvantaged by complexities in the investments markets; and that they are provided with clear descriptions of the benefits, risks and costs of recommended investments. In anticipation of these changes, advisers are encouraged to review their current practices, including product offerings, commissions structures, policies and procedures to assess compliance with the current guidance (including “suitability standards” for broker/dealers and fiduciary standards for investment advisers, as appropriate) as well as to conduct impact assessments to identify adjustments necessary to comply with the DOL Fiduciary Rule. Such a review should consider a reassessment of business line offerings, product and service strategies and adviser compensation plans.

5. Addressing Pressures From Innovators and New Market Entrants

The financial services industry, including the insurance sector, is experiencing increased activity stemming, in large part, from the availability of products and services being introduced to meet the growing demand for efficiency, access and speed. Broadly captioned as financial technology, or FinTech, innovations such as Internet-only financial service companies, virtual currencies, mobile payments, crowdfunding and peer-to-peer lending are changing traditional banking and investment management roles and practices, as well as risk exposures. The fact that many of these innovations are being brought to market outside of the regulated financial services industry — by companies unconstrained by legacy systems, brick-and- mortar infrastructures or regulatory capital and liquidity requirements — places pressures on financial institutions to compete for customers and profitability and raises regulatory concerns around the potential for heightened risk associated with consumer protection, risk management and financial stability.

For insurance companies, the DOL Fiduciary Rule will affect the composition of the retirement investment products and advice they currently offer and, as such, creates opportunity for product and service innovation as well as new market entrants. Insurers will want to pursue a reassessment of their business line offerings, product and service strategies, and technology investments to identify possible adjustments that will enhance compliance and responsiveness to market changes. Regulators will be monitoring key drivers of profit and consumer treatment in the sale of new and innovative products developed within and outside of the regulated financial services industry.

This piece was co-written by Amy Matsuo, Tracey Whille, David White and Deborah Bailey.