Mod 05: External risk frameworks (mandatory)

Question 1

Explain why different parts of the same organisation might be subject to different regulatory regimes and/or capital adequacy standards

Answer 1

Reasons different parts of an organisation might be subject to different regulatory regimes and/or capital adequacy standards
1. having operations that are regulated by different territories
2. having subsidiaries that operate in different industry sectors, eg financial and manufacturing
3. having subsidiaries that operate in different areas within the same sector, eg banking and insurance
4. having subsidiaries or portfolios within the same sector that are subject to different regulatory requirements, eg traditional insurer and captive insurer
5. having subsidiaries which are new ventures or acquisitions and are at different lifecycle stages

Question 2

List the types of external entities that may exercise supervision and control over a company

Answer 2

Entities that may exercise supervision and control

1. professional bodies – eg the Institute and Faculty of Actuaries
2. professional regulators – eg the Chartered Financial Analyst Institute (CFA)
3. industry bodies – eg the British Bankers’ Association (BBA)
4. industry regulators (supervisors) – eg the PRA, FCA and LSE
5. governments

Question 3

List six processes that may form part of a prudential supervision system

Answer 3

Prudential supervision
1. oversight (eg financial)
2. licensing
3. a requirement to maintain minimum standards (eg operational)
4. procedures for monitoring compliance with standards and licences
5. a requirement for disclosure of key information
6. processes to take action against those who fail to comply

Question 4

Outline the UK Senior Insurance Managers Regime (SIMR)

Answer 4

Senior Insurance Managers Regime (SIMR)
There are two main parts to the SIMR:
1. a governance map giving details of: 
a. company and corporate governance structures
b. identified ‘Key Functions’, ‘Key Function Holders’ and ‘Key Function Performers’
c. all individuals within the SIMR regime, their responsibilities and reporting lines
d. the rationale applied in identifying those individuals and allocating responsibilities to them.
2. an assessment of fitness and propriety of senior insurance managers and directors, based on their responsibilities as allocated through the governance map.

Question 5

Outline two broad types of regulation

Answer 5

Two types of regulation
Two broad types of regulation:

1. functional regulation – where different authorities oversee different activities (eg banks, insurance companies and charities). This is the system used in the UK.
2. unified regulation – where a single regulator covers a broad range of activities. This is the system used in Australia.

Question 6

Outline the advantages and disadvantages of unified regulation

Answer 6

Unified regulation
Advantages:
1.easier to regulate financial conglomerates
2. ensures a consistent approach across financial services activities
3. limits any incentive for regulatory arbitrage
4. economies of scale
5. better sharing of ideas between regulatory staff
6. improved accountability (less buck-passing between regulators)

Disadvantages:
1. may become large and bureaucratic
2. departments within the regulator can end up functioning independently

Question 7

State five factors that an insurer should consider when developing a set of relationship management principles with a regulator

Answer 7

Considerations when developing relationship management principles with a regulator
The insurer should consider what principles to adopt with respect to:
1. alignment to supervisory objectives
2. preservation of the insurer’s reputation
3. the importance of being proactive and engaging with a regulator as early as possible
4. transparency of communication
5. ensuring accountability for and governance of relationship management.

Question 8

Outline insurer-regulator relationship management principles relating to alignment to supervisory objectives and to preservation of the insurer’s reputation

Answer 8

Principles relating to supervisory objectives / preservation of reputation

1. The insurer’s overall corporate strategy should encompass a supervisory strategy.
2. The supervisory strategy should be communicated to the regulator, in particular how it will lead to compliance with regulation.
3. The insurer should notify the regulator early of any changes to corporate strategy, eg new lines of business.
4. The insurer should have processes in place to ensure supervisory requirements are understood, accepted and met throughout the company.
5. The insurer should work with the regulator to develop policy as insurers are well-placed to assess the practical implications of changes in policy.
6. Best practice should be adopted before it becomes mandatory.

Question 9

Outline insurer-regulator relationship management principles relating to proactive engagement

Answer 9

Principles for proactive engagement

1. The insurer should be pro-active in its engagement with the regulator, anticipating supervisory changes and seeking out opportunities to work with the regulator.
2. The insurer should work with a regulator to develop an overall plan of regulatory site visits and assist in the planning and logistics of each individual visit.
3. Recommendations from the regulator should be welcomed.
4. A positive perception of the supervisor should be encouraged within the insurer

Question 10

Outline insurer-regulator relationship management principles relating to transparency of communication

Answer 10

Principles for transparency of communication

1. Communication with the regulator / supervisor should be proactive, regular and open.
2. The insurer should respond promptly to data requests / investigations.
3. The insurer should have processes in place to report breaches, which supervisors understand will occur from time to time.
4. The insurer should keep the regulator up-to-date with progress on risk management qualification and quantification exercises.
5. The insurer should aim to submit responses to surveys and consultations in good time and may wish to co-ordinate submissions with other insurers, perhaps through an industry body.
6. Responses to consultations should be practical and unbiased: the insurer should avoid invoking an argument that it is unique, and should not feel under pressure to comment on every aspect of a proposal.

Question 11

Outline insurer-regulator relationship management principles relating to accountability for / governance of the relationship

Answer 11

Principles for accountability / governance

There should be clarity as to which individuals are accountable for each of the following broad groups of interactions:

1. operational or procedural
2. unusual or non-standard
3. strategic.

The Chief Risk Officer (or the Chief Financial Officer) should have overall responsibility for the relationship and co-ordinating interactions.

Continuity of the personnel involved in each type of interaction should be maintained as it helps to develop and maintain a trusting relationship.

Boards should encourage an appropriate relationship with regulators by setting the tone and be kept fully informed of insurer-regulator interactions, especially non-standard and strategic interactions.

Question 12

List the aspects of an organisation that a risk-based regulator typically seeks to understand

Answer 12

Aspects of an organisation that a regulator typically seeks to understand
Regulators try to understand which companies represent greatest risk by examining:

1. the nature of the business
2. governance arrangements
3. business plans
4. financial (condition) reports
5. risk management strategies and processes.

Question 13

Outline the three pillars of Basel Accords

Answer 13

Basel pillars

Pillar 1: minimum regulatory capital requirement determined by the amount of credit, market and operational risk exposures

Pillar 2: supervisory review which relates to the bank’s internal risk management processes. Supervisors will assess the bank’s internal systems, processes and risk limits to ensure that the bank has set aside sufficient capital for its risks (additional capital may be required, but this is expected to be rare). Particular attention is paid to liquidity and concentration risks.

Pillar 3: level of disclosure that the bank is required to undertake to the public and the market. Its purpose is to facilitate market discipline on firms through appropriate pricing for capital.

Question 14

Summarise the main criticisms of the Basel II requirements

Answer 14

Summary of the main criticisms of the Basel II requirements

1. places too much confidence in a complex model that summarises many diverse risks into a single number
2. suffers from the difficulties in quantifying certain types of risk, eg operational
3. gives only cursory consideration to certain risk types, eg liquidity may create systemic risk – pro-cyclicality and risk herding
4. uses market values which may under-value certain assets under certain conditions
5. is very costly to implement, especially the IRB approach and AMA
6. increased complexity, and implied high levels of confidence, leads to overconfidence in risk controls

Question 15

Summarise the main aims of Basel III

Answer 15

Basel III: Basel III works alongside Basel I & II.
It:
1. addresses liquidity risks (eg the risk of a run on the bank) as well as systemic and counterparty risks
2. strengthens the capital requirements for banks, including limiting cross holdings in other financial institutions and associated assets to limit systemic risk
3. introduces a conservation buffer to provide breathing space in times of financial stress
4. changes the minimum ratios of Tier 1 and Tier 2 capital
5. allows some flexibility in capital requirements in times of financial crisis to limit pro-cyclicality.

Question 16

Summarise the aims of Solvency II

Answer 16

Aims of Solvency II

1. economic risk-based solvency requirements across all EU Member States
2. more comprehensive requirements than in the past taking account of the asset side as well as liability side risks
3. requirement to hold capital against market risk, credit risk, operational risk and underwriting (life, non-life and health) risk
4. emphasis that capital is not the only (or the best) way to mitigate (this means ‘to have influence on something or to bring about a change’) against failures
5. more prospective focus
6. streamlined approach which aims to recognise the economic reality of how groups operate

Question 17

Outline the three pillars of Solvency II

Answer 17

Solvency II
Pillar 1: quantitative requirements designed to capture underwriting, credit, market and operational risk. There are two parts to the requirements: the Solvency Capital Requirement (SCR – below which regulatory action is taken) and the lower Minimum Capital Requirement (MCR – below which authorisation is foregone).

Pillar 2: qualitative requirements on undertakings such as risk management well as supervisory activities. Specifically, insurers must carry out their Own Risk and Solvency Assessment (ORSA) to quantify their ability to continue to meet the SCR and MCR in the near future, given their identified risks and associated risk management processes and controls.

Pillar 3: supervisory reporting and disclosure

Question 18

Outline the purpose and requirements of an Own Risk and Solvency Assessment (ORSA)

Answer 18

Purpose and requirements of an ORSA
The purpose of the ORSA is to provide the board and senior management of an insurance company with an assessment of:
1. the adequacy of its risk management, and
2. its current, and likely future, solvency position.

The ORSA requires each insurer to:
1. identify the risks to which it is exposed,
2. identify the risk management processes and controls in place, and
3. quantify (using long-term projections) its ongoing ability to continue to meet its solvency capital requirements (both MCR and SCR)
4. analyse quantitative and qualitative elements of its business strategy
5. identify the relationship between risk management and the level and quality of financial resources needed and available.

Question 19

Outline the similarities between Basel II and Solvency II

Answer 19

Similarities between Basel II and Solvency II
three-pillar structure
 Pillar 1 – minimum capital requirements
- risk-based approach, using standard or internal model
- consideration of credit, market and operational risk
- available capital tiered to indicate quality
 Pillar 2 – supervisory review
- assessment of own RM processes and capital adequacy
 Pillar 3 – disclosure
- to facilitate market discipline
 mandatory (if adopted into individual country regulation)
suitable for multi-nationals

Question 20

Outline the differences between Basel II and Solvency II

Answer 20

Differences between Basel II and Solvency II
1. Solvency II not designed with systemic risk in mind
2. Solvency II is more principles based, Basel II has more prescriptive rules
3. Solvency II is EU, whereas Basel is global
4. Under Pillar 1, Solvency II involves the assessment of an SCR in addition to the MCR
5. Under Pillar 1, Solvency II considers underwriting risk

Question 21

Outline the key features of the Sarbanes-Oxley Act

Answer 21

Key features of the Sarbanes-Oxley Act
1. formation of a Public Company Accounting Oversight Board (PCAOB)
2. increased accountability of CEOs and CFOs requiring them to:
– certify that financial reports do not contain any untrue facts
– set up, maintain and evaluate internal controls, and report any issues to the external auditors
3. published reports must contain an internal control report (ICR)
4. independent audit committee with at least one financial expert
5. external auditor cannot provide non-audit services to same firm
6. limited length of appointment of external auditor (five years)
7. strengthened separation of analyst and investment bankers
8. illegal for directors to interfere with the audit process
9. illegal for employees to alter, conceal, falsify, destroy records

Question 22

Outline the key questions that management should consider as part of their governance, risk and compliance (GRC) systems

Answer 22

Key questions for management to consider as part of GRC systems

1. Are controls identified and documented?
2. Are controls consistent across the business?
3. Do controls address the critical factors – ie are the right controls in place?
4. Do the controls include risk management?
5. What testing procedures are required before signing off the ICR?

Question 23

Outline the COSO Integrated Framework

Answer 23

The COSO Integrated Framework

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a US private sector organisation, sponsored by professional accounting associations.

The framework it has set out definitions and standards which organisations can use to assess their internal RM control systems.

The framework considers different aspects of a business across three dimensions (often represented as a cube):
1. activities required to demonstrate internal controls
2. business areas covered
3. level of application.

The contents of each cell is considered in terms of whether there are adequate internal controls (eg reporting of risk assessments at divisional level) to demonstrate compliance with Sarbanes-Oxley.

Question 24

State the principles embedded in the COSO framework:

Answer 24

Principles embedded in the COSO framework

The principles embedded in the COSO framework include:
1. ERM should be integrated into an organisation’s strategy
2. risk represents opportunity as well as potential downside
3. ERM is a multi-dimensional and iterative ongoing process
4. it should be integrated into everyday processes
5. everyone has a role in risk management (at all levels), but ultimate responsibility is with the CEO
6. any risk management process is imperfect
7. implementation of risk management must balance cost with potential benefit.

Question 25

Outline the Swiss solvency test

Answer 25

Swiss Solvency Test 1. is a risk-based regulatory capital regime takes a market consistent approach and has similarities with the 2. Solvency II Pillar 1 requirements, but uses a Tail Value at Risk (TVaR) measure at 99% confidence rather than Value at Risk (VaR) at 99.5% confidence 3. extreme scenarios have to be evaluated and the impact on the target capital has to be estimated