A study last year by the Centre for the Study of Financial Innovation in collaboration with PricewaterhouseCoopers identified regulation as the number one risk after surveying life and non-life insurers, reinsurers, brokers, regulators, consultants, and service providers across North America, Bermuda, Latin America, Europe, Africa, the Middle East, and Asia.
We have been seeing an increase in regulatory requirements across the world—Solvency II in Europe, ORSA in the U.S., APRA’s horizontal requirement in Australia, and the B9 Earthquake requirement by OFSI in Canada—to name just a few. There has also been a push in Asia to move toward Solvency II style of regulation, with the Chinese regulator announcing intent to introduce a regulation regime based on a three-pillar system, and Japan aiming for Solvency II equivalence, at least for reinsurance.
Respondents were concerned that these new regulations come at a time when the industry is seeing reduced profitability due to poor investment performance in an uncertain macroeconomic environment. Some respondents felt that the sheer volume of the new regulations is creating a whole new class of risk—regulatory compliance risk.
Last week, Ernst & Young published its European Solvency II survey, spanning 20 countries and participants from more than 170 insurance companies. The study focused on Solvency II preparedness, and determined that the Pillar 3 regulatory requirement, which requires institutions to disclose details on the scope of application, capital, risk exposures, risk assessment processes, and the capital standing of the institution, still presents a major challenge across the industry. EY concluded that the challenges of reporting and ensuring robust data and information technology remain very significant.
This is not surprising, as we’re familiar with how the industry currently manages data. Multiple databases, missing or incorrect exposure data, risk clash, and an inability to consistently analyze or report across different businesses and entities are only symptoms of the malaise. Despite multiple industry initiatives, we have not managed to resolve the data quality issue.
Tracking of data, audit trails, the ability to roll back changes, and role-based user access are simple mechanisms that most other industries have widely embraced. Utilizing one system of record for all exposure data, no matter what the line of business or risk, has the obvious benefit of reducing errors and inconsistencies while creating a single source of risk data for modeling and other business applications. The ability to integrate insights from claims data into specific model adjustments, rather than having to tamper with exposure data, will further the integrity of exposure data as a single source of truth.
Taking the concept of a single system of record further, enabling catastrophe modeling and capital modeling tools to access the same underlying exposure data, with clearly defined hierarchies, can largely get rid of today’s versioning and inconsistency headaches. Even better, such a system of record could provide up-to-the-minute, “live” exposure.
The last piece of the puzzle is efficient reporting to internal and external stakeholders. Customizable dashboards, reporting apps for various regulatory and rating purposes, and APIs to communicate with external websites provide the necessary arsenal to meet multiple reporting requirements across group entities around the globe.
A well-designed system and infrastructure that helps companies meet regulatory requirements and achieve resilient risk management objectives is the holy grail of the industry.