The system of governance designed by Solvency IIFinancial
Elena Agúndez Agúndez
Juan Pablo Olmo
Chief Compliance Officer
Madrid - Spain
Coming in the wake of previous reforms of financial market supervision, Solvency II has become the solution/threat in recent years with which the European regulator and supervisor intends to carry out a comprehensive reform of insurance undertakings’ solvency and supervisory regime.
Beneath the worthy objective of improving protection for insurance consumers, the new regime involves a profound reworking of the current framework in terms of business management, risk control, supervisory procedures and transparency of information. This will be followed by a reappraisal of the own funds needed for solvent operation in the insurance business, all with the ultimate aim of setting minimum own-fund levels that will prove more risk-sensitive than those currently in place.
The novelty of the reform lies in the change of outlook it entails, with a strong regulation-based conception of the supervisor’s role replaced by a system in which more trust is placed on insurers’ capacity to manage their own risks. Solvency II will establish a broad range of qualitative and quantitative indicators to determine firms’ capacity to maintain their solvency not only at the present time but also in a dynamic environment.
Current situation of Solvency II
The Solvency II Directive1 is currently in its implementation stage. Initially scheduled to enter into force in October 2012 but postponed to 1 January 2014, its full applicability is envisaged for 1 January 2016. Until that time, the European insurance industry will be undergoing a process -which this time finally seems definitive- of progressive adaptation to the Solvency II regime. This will require gradual compliance with the Guidelines2 issued last September by the European Insurance and Occupational Pensions Authority (EIOPA), the EU supervisory agency, covering four areas:
- System of Governance.
- Prospective analyses of own risks (based on the Own Risk and Solvency Assessment principles, known as ORSA).
- Pre-Application of Internal Models.
- Submission of Information to National Competent Authorities.
Solvency II will establish a broad range of qualitative and quantitative indicators to determine firms’ capacity to maintain their solvency not only at the present time but also in a dynamic environment
The European supervisor itself points out that the Guidelines are to be understood as part of supervisors’ preparation for the implementation of Solvency II. Thus, national supervisors should highlight certain aspects of prospective analyses and risk-based supervision, which are set out in the Guidelines in place from 1 January 2014.
The Spanish Directorate-General for Insurance and Pension Funds (DGSFP) had to inform EIOPA on their intention to implement the Guidelines, with the requirement to explain the reasons if it does not by 31 December 2013. There seemed to be no uncertainty surrounding this point: last September, the DGSFP presented a draft Ministerial Order at the Insurance Consultative Board with measures for insurance and reinsurance undertakings’ progressive adaptation to the new system of governance established by the Solvency II Directive.
We can say that, while the industry is to a large extent aware of the consequences that will ensue due to the application of Pillar I (quantification of the necessary financial capital) and possibly Pillar III (public disclosure and disclosure to the supervisor), there is still some way to go with regards to awareness of the requirements under Pillar II
Although the EIPOA Guidelines are aimed at national supervisors, their acceptance by these authorities will obviously mean the insurance sector will become subject to certain requirements. At the same time, national supervisors will be required to send a report to EIOPA by the end of February for 2015 and 2016 on the application of these Guidelines in their respective markets for the previous year. This means the DGSFP’s first report will be issued in February 2015.
Therefore, it seems clear that the definitive and supervised process of adaptation to the new regulatory framework will begin on 1 January 2014.
At this point, we can say that, while the industry is to a large extent aware of the consequences that will ensue due to the application of Pillar I (quantification of the necessary financial capital) and possibly Pillar III (public disclosure and disclosure to the supervisor), there is still some way to go with regards to awareness of the requirements under Pillar II (system of governance). Nonetheless, Pillar II is the essence of the Solvency II Directive and embodies the fundamental advancement it brings with respect to the current Solvency I regulation.
Solvency II and system of governance
Should we had to explain the crises that have hit the Spanish insurance industry in recent years, we would most likely conclude that their causes were related to the system of governance, rather than quantitative regulatory requirements or shortcomings in regulation or supervision.
Here, if only to clearly set out the terminology surrounding this concept, it is worth calling attention to the following articles on the system of governance from the Solvency II Directive:
Article 41. General governance requirements
1. Member States shall require all insurance and reinsurance undertakings to have in place an effective system of governance which provides for sound and prudent management of the business.
That system shall at least include an adequate transparent organisational structure with a clear allocation and appropriate segregation of responsibilities and an effective system for ensuring the transmission of information.
Article 44. Risk management
1. Insurance and reinsurance undertakings shall have in place an effective risk-management system. (...)
Article 46. Internal control
1. Insurance and reinsurance undertakings shall have in place an effective internal control system.
In 2006, the International Monetary Fund’s Assessment of Spain’s Financial System Stability3 already highlighted the need for improvements in the country’s insurance sector in terms of internal control, risk management and corporate governance in general. Articles 110 and 110b of the Regulations on the Administration and Supervision of Private Insurance were included as a result of those recommendations, as enacted by Royal Decree 239/2007 of 16 February, and in industry self-regulation documents. The ground that was left uncovered by these regulatory texts is now being addressed by Pillar II of Solvency II.
Concepts such as propriety, professionalism, risk management, regulatory compliance and internal control, which are sparingly touched upon -or not at all- in the current legislation, will be regulated exhaustively and specifically, creating new functions and establishing new requirements in Solvency II.
The recitals of the Solvency II Directive already point out that some risks can only be properly addressed through governance requirements rather than through the quantitative requirements reflected in the Solvency Capital Requirement. Thus, as stated above, insurance companies will be required to have effective systems in place for risk management and internal control, as well as a clear allocation and appropriate segregation of responsibilities.
The Solvency II Directive defines “function” as the administrative capacity to undertake particular governance tasks. Certain functions are considered to be important and critical, with a smaller set within this group designated as “key functions”.
Concepts such as propriety, professionalism, risk management, regulatory compliance and internal control, which are sparingly touched upon -or not at all- in the current legislation, will be regulated exhaustively and specifically, creating new functions and establishing new requirements in Solvency II
For a broader reference -though not a definition- of what constitutes a critical or important function, we must turn to the explanatory text of EIOPA Guideline 44 on the system of governance. This Guideline states that, in determining whether an outsourced function or activity is critical or important, the undertaking has to take into account any definition or list of such functions or activities provided by the national authority. The explanation then gives examples of functions considered critical or important (design and pricing of insurance products, claims handling, portfolio management) and functions or activities that should not be considered to have this status (legal advice, training of personnel).
The functions included in the system of governance are considered key functions, and therefore also critical or important:
- Risk management function.
- Compliance function.
- Internal audit function.
- Actuarial function.
The regulations on key functions are contained in articles 41 to 49 of the Solvency II Directive and in the EIOPA Guidelines on System of Governance mentioned above. Further, more detailed rules will be introduced by the Commission Delegated Regulation. The most recent draft, dated 31 October 2011, provides regulation of key functions in articles 249 to 264.
The priorities of this regulation are:
- Undertakings must include key functions in their organisational structure and ensure they are free of any influence that may compromise their independence.
- Key functions must operate under the ultimate responsibility of the Board of Directors. The Board of Directors must be informed generally, and immediately upon occurrence of any material problems.
- People who perform key functions must be able to communicate with any person in the organisation and have access to any information that is relevant. They must also have the authority, resources, experience and qualifications needed to perform their duties.
- It is the responsibility of the individual undertakings to organise and put these functions in place within their organisation, although no strict rules are laid down in this regard. Thus, they may be performed in-house or outsourced to affiliate or non-affiliate providers.
- The functions will be organised on the basis of the nature, scale and complexity of the undertaking’s operations, and in smaller or less complex companies, one single person or organisational unit may be responsible for more than one function - with the exception of the internal audit function.
- Insurance undertakings must have written policies in relation to at least risk management, compliance and internal audit (with no specific mention of the actuarial policy) and these policies must be approved by the Board of Directors. If important or critical functions are outsourced, the undertaking must have a written policy on the outsourcing of the functions concerned.
- People who perform key functions must comply with fit (qualifications and experience) and proper requirements. All appointments in this respect must be notified to the supervising authority.
- Article 35 of the Solvency II Directive and Article 297 of the draft Commission Delegated Regulation regulate the information to be provided to the supervisor in relation to the system of governance in general and key functions specifically. Article 51 of the Directive and Article 285 of the draft Regulation set out the information that undertakings must include on their financial and solvency position for release to the general public in the annual report.
- Lastly, Article 246 of the Directive states that its provisions on system of governance in relation to individual undertakings apply mutatis mutandis at the level of the group.
It may be asserted that the introduction of key functions will bring about a new system where the existing sequence of controls on undertakings’ activities – internal audit, external audit and the DGSFP in this order – will be supplemented with three new functions that will operate between business management and the internal audit function
In light of this brief review of the current regulations, it may be asserted that the introduction of key functions will bring about a new system where the existing sequence of controls on undertakings’ activities -internal audit, external audit and the DGSFP in this order will be supplemented with three new functions (commonly known as the second line of defence). These three new functions will operate between business management (the first line of defence) and the internal audit function (the third line of defence). The responsibilities of these new functions involve controlling and advising the Board of Directors on risk management, regulatory compliance and actuarial matters.
It should be noted, however, that -leaving internal audit to one side, as it was made mandatory by the 2007 reform of the Regulation on Management and Supervision of Private Insurance- the absence of a formal requirement in Spanish legislation to establish key functions should not lead to the conclusion that all the responsibilities are newly created. A large proportion of them were already present in insurers’ organisational structures one way or another. Hence, in most cases it will be a matter of coordinating, integrating and utilising the structural units already in place, modifying and trying to optimize any internal operational processes.
- (1) Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance.
- (2) https://eiopa.europa.eu/fileadmin/tx_dam/files/publications/guidelines/System_of_Governance/
- (3) http://www.imf.org/external/pubs/ft/scr/2006/cr06212.pdf