Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
new regulations, globalization, increased risk and business velocity, and an explosion of information all demand more effective compliance and risk management practices and better alignment of risk and performance management objectives for better business outcomes
Agenda
With all the attention on reporting and Solvency II, the issues relating to Operational Risk may actually have an even greater impact to Insurers
... the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.
Internal Processes External Events
People
Systems
Credit Risk
Market Risk
Operational Risk
Operational risk can kill financial institutions. Credit and market risk are now well understood and are therefore more likely merely to wound. It is the relative lack of understanding of operational risk that is threatening.
-- Adrian Belton, director of operational risk, Barclays Group worldwide, London
5 2010 IBM Corporation
Internal Fraud
External Fraud
Distribution of Loss Amounts (% of Total)1 Insurance Banking 0.5 6.1 1.8 8.0 0.8 6.0 24.0 52.4 65.5 24.9 7.4 1.2 <1.0 1.4
Description of Event
Acts involving internal parties intending to defraud, misappropriate property, or circumvent the law, regulations or company policy Acts by a third party with the intent or result of defrauding the institution, misappropriating property, or circumventing the law Acts inconsistent with employment, health and safety laws or agreements, personalinjury claims and diversity/discrimination issues Failure to meet professional obligations to specific clients (including fiduciary and suitability requirements), or such failure caused by nature and design of a product or service Failed transaction processing or process management, relations with trade counterparties, and relations with vendors Failures of hardware or software, telecommunications outages, utility outages, and real estate facilities problems Loss or damage to physical assets from natural disasters or other events such as terrorism, vandalism, fires, floods, storms, civil wars and strife
Insurance Examples
An employee colluding with or impersonating a customer to make a fraudulent claim Use of irregular accounting procedures for financial gain Failure to disclose investment losses
1Based
Policyholder supplying Wrongful termination incorrect data to obtain Workplace harassment cover or reduce cost Discrimination based Supplier deliberately on religion, sex, age, overcharging for their ethnicity, etc. services or submitting false claims Fraudulent surrenders to generate commissions
Regulatory breach by a financial advisor Failure to ensure claimant had sufficient information during the claims process Non-qualified individuals selling or giving advice Breach of data privacy rules
Policyholder service failures (i.e., failure to implement address or beneficiary changes) Claims payments to the wrong policyholder or incorrect amount Policy pricing errors Unintentionally exceeding underwriting limits Missing policy documents
IT system or telecom Loss of building housing downtime data and/or call center Viruses and security Theft of equipment breaches Unauthorized access to internet site or data center
Source: Association of British Insurers (ABI); Operational Risk Consortium (ORIC) 6 2010 IBM Corporation
Distribution of Operational Risk by Insurance Function shows that all areas of the enterprise can contribute to risk events
Operational Risk Event Execution, Delivery and Process Management % of Total Loss1 65.5 Operational Losses by Insurance Function (% of Total Operational Risk Event) 1
27.7
Accounting, Finance & Investment
13.2
Policyholder Service
7.0
6.3
4.0
7.3
Other
24.0
19.4
Sales & Marketing
2.8
IT
1.8
Other
7.4
6.0
IT
1.4
Other
External Fraud
1.8
0.7
Policyholder Service
0.7
Claims
0.4
Sales & Marketing
Internal Fraud
0.5
0.2
Claims
0.1
Policyholder Service
0.2
Other
0.8
0.2
Facilities
0.2
Human Resources
0.4
Other
1Based
on data in the ORIC database which contains operational risk events with losses totaling more than 10,000 as reported by 18 UK carriers across the life and non-life segments. As of 1Q 2009, the ORIC database contained over 2,000 incidents representing a gross loss amount of approximately 900m ($1.3B at 3/09 rates) Source: Association of British Insurers (ABI); Operational Risk Consortium (ORIC) 7 2010 IBM Corporation
Advisory activities, which falls under clients, products and business practices, have a high rate of occurrence (9% of loss events) and the highest loss per event (13% of reported losses) Accounting errors, which are included in execution, delivery and process management, do not happen often (2% of events) but have a significant impact (12% of losses) Customer service failures occur the most often, accounting for 16% of loss events
16
External Fraud
Employment Practice and Workplace Safety Internal Fraud
14
300
600
900
1,200
Source: Association of British Insurers (ABI); Operational Risk Consortium (ORIC) 8 2010 IBM Corporation
Operational Risk events have a very large direct and indirect financial impact on the Insurance Industry
Insurance Operational Losses by Quarter: 3Q07 3Q09
As reported by 18 ORIC members
70
Indirect Costs Associated with Operational Failures Higher surrender rates/lower customer retention Loss of new business Fines Lower customer satisfaction rates Loss of reputation in the market
60
40
30
20
Submission Quarter
Source: Association of British Insurers (ABI); Operational Risk Consortium (ORIC) 9 2010 IBM Corporation
10
Analytical Tools
Identify
Identify risk objectives and suitable business impact metrics Catalog past, present, future failure events and root causes Map business processes and locate pain points Assess frequency and severity of root causes & failure events Map interdependencies between failure events and root causes Forecast business impacts of expected and unexpected risks
Quantify
Decide
Identify appropriate mitigation strategies for major risks Assess costs of mitigation strategies Perform scenario analysis to assess mitigation benefits
11
One can apply both Top Down and Bottom Up approaches to analyze Operational Risks
12
An Introduction to Solvency II
Solvency 2 (S2) legislation was initiated by the European Commission to fundamentally change the current European insurance solvency framework S2 evolved from the Basel II three pillar approach to Banking regulation - it will produce a more consistent solvency standard ensuring that capital requirements are more reflective of the risks being accepted. The date for the legislation to come into effect is 01/2013 but interim progress milestones are fast approaching. Each insurer should decide now what Solvency 2 means for them.
Solvency II Protection of policyholders against failure of insurance companies
Pillar I Quantitative
Pillar II Qualitative
Valid for all insurance companies in EU after forming the directive into national law
There is not one solution for all - Insurers need to understand the drivers that will influence both the scale of investment and the value to be derived from their Solvency 2 Programme.
14 2010 IBM Corporation
Solvency II Requirements
Quantitative requirements
Implementation of Asset Liability Management or Dynamic Financial Analysis for all divisions Quantification of all significant risks and fair / realistic valuation of assets and liabilities Adequate solvency capital for all lines and divisions Adequate requirements Qualitative reserves Collecting, handling and controlling all significant risks Prompt and comprehensive information on the risk situation for the management Regular checks of the valuation and controlling of risks through internal audits Precise hierarchies, communication channels and ownership for implementing and living internal controls Defining and supervising limits and regulation (investment decisions and risk unterwriting) Extensive separation between management and controlling Implementing an early-warning system (key performance indicator based forecasts) Regular profitatility and stress tests (scenario analysis, sensitivity tests) Adequate asset allocation strategy (within given risk margin)
Pillar 1 Compliance
16
Risk categories
17
The situation
Although Solvency II is less than 2 years away, many insurers still have the majority of work still to do
PWC S2 Report - 'Insurers face tough and expensive push for S2 deadline'. More than 40% of insurers are still only in the preparatory stages or have yet to launch their Solvency II projects. According to a recent PwC survey of 115 insurers in 22 countries across Europe and outside the EEA, 11% have not yet launched their Solvency II project. Of those that have started the implementation process, the majority of respondents are only a quarter of the way through. Accenture, Most European Insurers Say Compliance with Solvency II Will Cost More Than Originally Expected
Nearly one-third (29 percent) of the insurers surveyed said they expect to spend more than 25 million to comply with the directive, including 7 percent that anticipate spending more than 100 million. In a similar 2007 survey, only 4 percent of insurers said they expected to spend more than 26 million and none said they expected to spend more than 100 million.
Lloyd's Solvency II costs estimated at about $480M: Levene Compliance for Solvency II may cost insurers in the Lloyds of London market as much as 300 million ($480.2 million), according to the markets chairman.
No Partially Yes
Projectplan
18
20
40
60
80
Experience from western Europe shows challenges and suggested focus areas
Technology implementation issues are now becoming real. The designs that have been developed are being handed over to the IT development teams and delivery plans are being developed. These plans are now showing that either timescales are going to have to move or scope is going to have to be reduced. Data remains a key area of concern, be it accessibility or granularity of data and in many cases its quality. Therefore many organizations are now looking at how they can simplify their data requirements in order to achieve a realistic solution. much effort has been placed, especially in the Quantitative Impact Study 5 (QIS5) on the development of sophisticated internal models that allow customization of SCR and MCR calculations according to the companys needs. However, it is less valuable to fine-tune internal models without making sure they are fed with high quality data BUT insurers are beginning to appreciate the real implications it will have for their businesses. Solvency II is acting as a catalyst for businesses to restructure (it) is likely to lead to M&A activity in the form of acquisitions or disposals of portfolios, teams or companies as businesses look to achieve the scale and diversity they see as optimal under the new regime
19
Sources : Solvency II Survey 2011 (UK) Deloitte LLP, Meeting the Data Quality Challenges of Solvency II Moody Analytics
2010 IBM Corporation
Compliance with external model Compliance with internal model with auditable processes Integrated data and reporting platform feed calculations Value creation based on Economic Capital return
Compliance reached with minimal required effort Lower capital costs, improved credit rating, optimization of reinsurance Comparability with peers Higher efficiency in risk & finance reporting, rationalization of information systems Improved pricing More value creating products
Sustainable solution
Managing on Value
Reporting based on fair value combining external demands with internal needs
20
Solvency II requires insurers to collect detailed asset, liability and risk data to be able to come up with the market consistent balance sheet
Producing & use test Steering
Data storage
Performance management
21
Based on our western Europe experience, we see data related gaps in most Insurers environments
Parts of current IT application landscape under control of different parties who owns all the spreadsheets? No specific policy on data management No clearly formulated data quality checks No central data dictionary across multiple legacy systems Inadequate recoding of data history
Internal controls for business processes may be in place but not formalized or documented or tracked
Lack of controls on use of externally provided data note exposure from distribution channels. Are you even certain of client names?
22
The lack of good quality data willuse test have financial consequences also Producing & Steering
Data storage
Performance management
-Delays in model updating, testing & validation - Difficulty keeping audit trail in risk outcomes - Increased manual intervention
-Much time spent on movement analysis, -E.g.. reconciliation between GL and Risk outcomes
-Increase in capital due to capital add on or use of standard formula -No basis for performance management
23
Data integration makes up the majority of the implementation costs in a Solvency II project
Rough estimate of cost break-up of a Solvency II project
Assessment current situation
10
20
30
40
50
60
70
80
90
100
% of total costs
2010 IBM Corporation
24
Partner/Clients
Contracts
Challenge 2: Data governance Organise the ownership, use, definition and structure of the data
Stress Test
Regulatory Reporting
Financial reporting
Challenge 1: Source systems Sales Many different source systems, of Claims varying quality, technology, age and accessibility Financial
Accounting Capital Investment Other
Scenarios
Actuarial Reporting
Management Reporting
Other Transformation Calculation (e.g. Risk Engine) Market Risk Operational Risk Actuarial Risk Other Risk
Risk Analytics
Dashboards
Calculation Engines
Meta Data & Reference Data Development Environment and System Management Software Infrastructure
25
Challenge 1: Many different source systems, of varying quality, technology, age and accessibility
IBM View Prioritize connection of source systems based on your relevant criteria (future proof, materiality, maturity) Industrialize the data extraction process Profile the data of the source systems before the business starts to map source to target Data profiling is simply taking a picture of the data of the source systems
Discover Validate Remediate
Recommendations Use a repeatable Data migration approach Use a strong tool for data profiling
Should be done before the source to target mapping Skipping data profiling leads to: Unexpected source data Old source data, business rules unknown Multiple versions of the data Incomplete, out-of-date, untrusted data Rework and higher cost Executing data profiling results in complete view: Relationships between data elements Data integrity Duplicate Values Exceptional Values Empty Fields 2010 IBM Corporation
Discovery
26
Challenge 2: Organize the ownership, use, definition and structure of the data
IBM View Step 1: Get the (right) people in place to govern Step 2: Do initial assessment, calculate value of data and probabilities of risk Step 3: Develop a data-governance strategy Recommendations Build a Data Governance Framework and assess your current maturity Consider available industry data models Exploit Tooling
Data Architecture
27
Recommendation Data Quality Management approach as part of Data Governance Framework Use tools to enable processes
Recommendation Build a robust data warehouse architecture supported by an enterprise data dictionary
One physical Enterprise Data Warehouse is not
calibration of internal models and reporting Capturing of results from calculation engines Central data store for all analytic purposes Storage of detailed raw data from multiple sources
FOUNDATION MODELS Enterprise Insurance Concepts Definition for Communication and Standardization
PROCESS MODELS Enterprise Insurance Processes Definition for business process modelling, simulation, and execution SERVICE MODELS Enterprise Insurance Services Definition for component based development and Service Oriented Architecture Product Models for accelerating insurance product design 2010 IBM Corporation
DATA MODELS Insurance data content for an enterprise-wide view of information and data rationalization
29
Use Accelerators
30
31
Investment in a Solvency 2 solution can provide significant business opportunities for insurers
Improving capital allocation by giving a common basis for comparing projects / business strategies Providing management with deeper insight into risks to identify areas of competitive advantage Delivering improved MI to facilitate decision making Creating value through improved product design and pricing Enabling better alignment of employee remuneration with risk-based performance Minimizing cost of raising capital, reinsurance and other risk transfer products by making the firms risks more transparent and measurable Driving investment in scalable / extendable models to minimize cost of future change (such as IFRS Phase 2) Efficiency improvements, e.g. removing duplications across different reporting processes; increased automation Realising these benefits need not require an instant, wholesale business transformation.
32 2010 IBM Corporation
33