Embed Size (px)
Citation preview
Effective Insurance Supervision – Moving Towards a Risk-based Approach
Regional Seminar on Capital Adequacy and Risk-based Supervisionfor Supervisors in Latin America
Rio de Janeiro, Brazil, 10-11 May 2007
Gunilla Borer
Senior Financial Sector Specialist
2
Various objectives of supervisory activities
Ensure compliance with statutory requirements, e.g. capital
Assess risks of a company Assess management and controls of a company Respond to problems identified Deal with company requests for approval, information etc Monitor company and industry developments Take action where necessary and ensure that companies
respond to supervisory requirements
3
Challenges in planning supervisory activities
Allocation of resources Prioritisation of activities Off-site monitoring and/or on-site inspection Reliance on external experts, e.g. auditors, actuaries and lawyers Traditional versus risk based approach
4
Traditional supervision
Ensuring safety and soundness of financial institutions by devising a comprehensive set of rules and good behaviour
Rules apply to all financial institutions and can be enforced by law
Examples: solvency requirements and investment rules
Ensuring compliance by applying sanctions of various degrees
5
Moving from rules to principles
One-size-fits-all rules are less effective for modern or complex institutions
With principle-based rules or best practice supervisory action needs to focus on risks and risk management practices
Need to identify the key risks and evaluating the significance of these risks
6
Limits to principles
Supervisory review can be based on principles to a large extent
Sanctions need some rules to be in place otherwise no predictability or accountability
Minimum rules with some room for personal discretion could take care of that problem
Solvency rules are usually described in terms of minimum rules and/or providing a standard formula also where internal models are allowed
7
Risk-based solvency requirements
Risk-based supervisory process ideally requires a risk-based solvency framework
Risk management is costly – promotion of better practices requires incentives and rewards
Selection process and supervisory focus could still be risk-based
We will look at the supervisory process only
8
This is what risk-based supervision is doing
Assessing the business of an insurance company, its risk profile and the macro-economic context– One dimensional: risks profile of individual
institutions– Two dimensional: also systemic importance
Looking at the possibility of failure and its impact Designing effective supervisory plans and
making appropriate use of supervisory tools
9
Typical approach
Identify significant business areas Disaggregate into most important inherent risks Grade the risks (high, above average, moderate or low) Evaluate effectiveness of controls (operational/business line
management and independent oversight/board etc. – strong, acceptable, needs improvement and weak)
Evaluate net risk by combining the two levels of risk Possibility of adding a second dimension: potential impact of a
failure on the financial system Determine a risk rating of the institution based on the evaluations Use the risk rating as a basis for supervisory action Update risk rating regularly
10
Requirements and challenges
Higher levels of experience and skills than traditional rule-based supervision
Inventory of best practices and assessment criteria Sophisticated methodology (internal manuals, training
etc.) Sophisticated and largely subjective judgements (not
objectively correct) – temptation to overlay non-risk-based practices on top
Supervisory judgements may be challenged by financial institutions – difficulties to prove correctness
11
Where and when to start
Timing: Determine when to start and how long the process will take (rule-based supervision may be more effective for some time) – can take 5-10 years to implement
Expertise: Have a critical mass of experienced supervisors with deep understanding of the risk-based supervisory methodology, financial system, institutions, their business activities and risk management – develop training programmes
Methodology: Develop methodology (unwise to simply import methodology of another supervisory body)
Acceptance: Information and support
12
But first….
In order to introduce a risk-based system we need to have proper infrastructure and supervisory systems
We also need to have sufficient supervisory resources and proper tools in place
13
Conditions for effective supervision (ICP 1)
Policy, institutional and legal framework for financial sector supervision
Financial market infrastructure– Legal and court system, enforceable decisions– Accounting, actuarial and auditing standards– Accountants, actuaries and auditors– Basic economic, financial and social statistics
Efficient financial markets– Availability of both long-term and short-term investment
opportunities Possible additional supervisory powers where the
conditions are not yet sufficient
14
ICPs regulating the supervisory authority
ICP 2 Supervisory objectives ICP 3 Supervisory authority ICP 4 Supervisory process ICP 5 Supervisory cooperation and
information sharing
What supervisory system do we need to have in place, what should we strive to achieve, and how can our objectives be fulfilled and measured
15
Supervisory Objectives (ICP 2)
Legislation should clearly define the objectives (should be relevant)
Key objectives: Promote efficient, fair, safe and stable insurance markets for the benefit and protection of the policyholders
Disclose and explain how the objectives will be applied if multiple
Deviations from objectives should be explained If contradictive – initiate or propose corrections in law
16
Supervisory Authority (ICP 3)
Adequate powers, legal protection and financial resources to exercise its functions and powers
Operational independence and accountability Hire, train and maintain sufficient staff with high
professional standards (enough resources and public audited financial statements)
Appropriate treatment of confidential information (however transparency and co-operation)
17
Independence and accountability
Governance structure, internal governance procedures and internal audit arrangements
Procedures for appointment and dismissal of head and members of governing body (public)
Institutional relationships with executive and judiciary branches Free from undue political, governmental and industry interference Financed in a manner that does not undermine independence Allocate funds in accordance with mandate, objectives and risks Transparent process and procedures Prior consultation with market participants in case of material
changes in legislation and practices
18
Supervisory Process (ICP 4)
Transparency and accountability Public and adequate regulatory and supervisory
processes Consistent application of regulations and
processes, taking different risk profiles into consideration (risk-based)
Decisions subject to judicial review
19
Supervisory Cooperation (ICP 5)
Efficient and timely exchange of information among supervisory bodies, cross-border and cross-sector
– Regularly or on demand
– MoU or informal agreement Information sharing arrangements should facilitate prompt
and appropriate action
– Consultation with relevant supervisors Confidentiality should be maintained for information
shared
20
ICPs regulating the supervisory process
ICP 11 Market analysis ICP 12 Reporting to supervisors and off-
site monitoring ICP 13 On-site inspection ICP 14-16 Prevention and remedial action
What should we assess and control, and what processes and methods are effective tools
21
Risk-based supervisory cycle
1. Assemble all available and relevant information
2. Make a preliminary risk assessment (one or two dimensions)
3. Test and refine the preliminary assessment (reporting, off- and on-site)
4. Develop a multi-year supervisory plan (3-5 years)
5. Implement the supervisory plan (weaknesses will be allayed or confirmed) = diagnostic phase
6. Take remedial action to address weaknesses
7. Update risk assessment (at least once per year)
8. Revise supervisory plan if needed
22
Market Analysis (ICP 11)
Make use of available sources to monitor and analyse all factors that may have an impact on insurers and insurance markets
– Individual insurers and insurance groups
– Market and environment in which they operate
– Quantitative and qualitative information Assessment of financial data from another jurisdiction
requires an understanding of the basis of reporting in that jurisdiction
23
Reporting (ICP 12)
Identify potential problems early
– Current and prospective information Reporting requirements should reflect
– Supervisory needs (frequency, information)
– Individual situation (additional information ad hoc)
Balance between need and burden Distinction between public and supervisory use
24
Off-site monitoring (ICP 12)
Reporting (and market information) are the basis for off-site analysis (relevant to the result are accounting and consolidation techniques):– Financial conditions and performance– Solo and group-wide (subsidiaries)– Off-balance sheet and outsourced functions – Important changes (ad hoc)– Regulatory compliance
Timing and accuracy– Responsibility of senior management– Audit opinion
Assemble all information, make preliminary assessment of risks, or update
25
On-site inspection (ICP 13)
Verify information in regulatory returns periodically through on-site inspections
Conduct on-site inspection on full scale, or focused basis, investigating areas of specific concern
Discuss findings and any need for corrective action with the insurer, and obtain appropriate feedback from the insurer
Follow-up with the insurer to ensure that required actions have been taken
Extend on-site inspection to intermediaries or service providers in outsourcing agreements
Assemble all information , make preliminary assessment of risks, or update
26
Purpose of on-site inspections
Verify or capture reliable data and information to assess and analyse an insurer’s current and prospective solvency
Gain better understanding of a company’s business and risk management practices
Obtain information and detect problems that cannot be easily obtained or detected through on-going monitoring
– Identifying problems that the company ignore/hide
– Opportunity to have a more personal relationship with managers (fitness and propriety)
Analyse the impact of specific regulations Gather information for benchmarking Convey supervisory objectives and expectations to the company
27
Risk areas covered by on-site analysis
Asset quality Accounting and actuarial practices Quality of underwriting (prudence of policy and
effectiveness of implementation Valuation of technical provisions Strategic and operational direction Reinsurance Competence of management Corporate governance (decision-making process etc.) Internal controls (incl. IT and outsourcing) Risk management
28
Preparation and planning of inspection
Identify insurers to be examined
– List the insurers and prioritise according to if systemically important, vulnerable, etc.
– Define the interval Identify the purpose of the examination
– Full scale (general)
– Focused (vulnerabilities etc.) Identify the risk areas to be examined based on the information
received, required and processed Check compliance with reporting and regulatory requirements Meet with other internal stakeholders.
29
Develop a multi-year supervisory plan
Establish minimum cycles of activities to ensure proper coverage (according to the risk assessment)
Example:
– Four year on-site inspection cycle for small and low risk companies - use off site monitoring to verify that companies are still small and low risk
– One year on-site inspection cycle for large, systemically important, high risk companies.
Use supervisory judgement to establish and revise the cycles
30
Pre-visit process
Preparation – established per risk area
– Questions to be asked
– Tests to be done
– Documentation to be obtained Pre-visit announcement
– Letter indicating date, time, scope, persons to perform the on-site examination, and documentation needed before the visit
31
Staff and procedures
Skilled staff that can evaluate the information obtained (investigative and technical skills)
Established scope and procedures for on-site inspections– Rules for an objective and uniform process irrespective
of staff or companies (compliance-based)– Guidance supplemented by personal judgements (risk-
based)– Structured framework for decision making
(responsibility/accountability) Integrity – personally and collectively (policy on ethics etc.) Governance structure
32
Full scale investigation (risk and solvency)
Evaluation and analysis of Management and internal control systems Nature of the activities (type of business underwritten) Technical conduct of insurance business Organisation and management of the insurer Commercial policy, reinsurance cover and its security Relationship with external entities (outsourcing or other entities
within a group) Financial strength, notably technical provisions (adequate and
sufficient – valuation) Compliance with corporate governance requirements
33
Full scale investigation (market conduct)
Checking and reviewing: Sufficiency and adequacy of the information
given to consumers Timing of payments Frequency and nature of complaints and
litigations Observance of the market conduct standards
and consumer regulation
34
Access to non-regulated entities
Service providers in outsourcing agreements (can be regulated but supervised by other supervisor)
Cross-border and home/host supervisory issues Access could be guaranteed
– Make outsourcing an integral part of supervision (licensing condition, requirement related to outsourcing contract etc.)
– Co-operation (MoU or multilateral agreement)
35
Post-visit process
Write report on findings and send to company for comments
– Senior management should indicate appropriate action to be taken where relevant
– Board notification if significant findings Follow up and remedial action where necessary
– Senior management should report back on action taken and outcome thereof
Update risk assessment Review interval and priority (risk profile of insurer)
36
Risk-based approach – pros and cons
Improved supervisory outcomes
More efficient use of scarce resources
Better risk management – more efficient
Better risk bearing capacity - positive economic effects
Higher level of experience and skills
Difficulties in implementing Subjective judgements Less objectivity and
predictability Challenged judgements and
difficulties to prove correctness
