Address by Director of Insurance Supervision Sylvia Cronin at the Insurance Supervisory Directorate’s Industry briefing

26 October 2016 Speech

26 October 2016

Address by Director of Insurance Supervision, Sylvia Cronin, at the Insurance Supervisory Directorate’s Industry briefing, at the Radisson Blu Hotel, Golden Lane, Dublin 8

Opening remarks

Good morning ladies and gentlemen, I would like to welcome you here today to the Insurance Supervision Directorate’s Industry briefing. I hope that you enjoy the event and take away some useful insights.

The timing of today’s event provides me with an opportune moment to introduce to you the two recently appointed Heads of Division within the Insurance Directorate - Nuala Crimmins, Head of Insurance Supervision and David Cobley, Head of Actuarial, Analytics and Advisory.

I joined the Bank as Director of Insurance Supervision in October 2014 at an exciting time for prudential supervision in the insurance sector. With the pending implementation of Solvency II on the horizon for 1 January 2016, the strategic objectives for insurance supervision were very clear.

Firstly, in the short term, the preparation for the effective implementation of the Solvency II regime, both within the entities which we supervise, and within our own supervisory directorate; and secondly a focus on how Solvency II would be embedded in practice in Ireland and across Europe over the medium- and long-term.

Setting the scene

Today, two years on, from the start of that exciting journey, I am delighted to take this opportunity to speak to you about the insurance regulatory landscape, and ‘embarking on a new voyage’ of insurance regulation. Surveying the current state of affairs and looking into the future, it occurs to me that while everything is different, the foundations are still the same.

We live in a world that is dynamic; always moving, always changing. The words of Greek philosophers dating back thousands of years still hold true today – “The only thing that is constant is change”. We exist in a world in which one has to be adaptable to keep pace, and if possible stay ahead. The environment in which we operate is influenced by so many factors, from natural disasters to geopolitical instability, to economic uncertainty - driven by a fragile financial system, globalisation and advances in technology and changing consumer demands and expectations. This is challenging for industry and regulators alike.

If I had a Euro for every time I’m told about the regulatory burden, and that regulators need to balance the level of rules and supervisory engagement with the ‘ease of doing business’, I would be a very wealthy woman.

I look across the increasing demands of:

  • Insurance prudential regulation, with the introduction and implementation of Solvency II; a project which was lengthy and costly to introduce and which now requires continued focus and effort to embed into Business as Usual;
  • Insurance consumer regulation, with the introduction of PRIIPs (Packaged Retail and Insurance-based insurance Products), IMD2 (Insurance Mediation Directive) and increasing demands over Product Oversight and Governance;
  • IT and Data Protection regulations, which are moving towards a common level of security required across networks and information systems within the EU;
  • Changing accounting and tax requirements with changes to the IFRS regime and the introduction of BEPS (Base Erosion and Profit Shifting); and of course
  • Increasing accountability under Governance and Fitness & Probity regimes, coming in the form of increased requirements under Pillar II.

However, such regulation is bringing fragmented markets closer together by increasing the level of harmonisation, reducing information asymmetries, and over time, going some way in regaining what Mark Carney, Governor of the Bank of England referred to as the “social license” (Carney 2015) of financial services, to regain the trust of the public; of course this will also help to underpin the stability of the industry and protect consumers.

Rather than seeing regulation as a burden, industry should embrace it:

  • Use Solvency II to increase the return from your strategic decisions by weighing up and pricing risks appropriately, utilising the ORSA to maximise the soundness of the fundamentals underpinning your business;
  • Use consumer regulation to show consumers you are doing the right thing and you have their best interests at heart, encouraging them to stay loyal to your company;
  • Use IT regulations to strengthen your defences against IT failures and cyber attacks and thus minimise the risk of reputational damage; and
  • Use the increasing governance requirements as an opportunity to ensure people have the appropriate skills, experience, expertise and integrity to fulfil their roles in your company, and ensure that this drives the right culture.

After all, the interests of regulators and the interests of industry are aligned, albeit driven by different incentives. It is in the interest of industry to have stable and functioning economies and to produce products that meet the needs and desires of consumers.

What I would like to bring to today’s discussion is the Central Bank of Ireland’s view from within a prudential supervision directorate and share our experiences and expectations for the future.

Solvency II

Where better to start than with Solvency II, commonly described as the largest change in insurance regulation in a generation.

Preparing for and implementing Solvency II presented numerous challenges for both companies and regulators. A particular challenge for us as regulators was in relation to company’s approaches to the calculation of capital requirements as they sought to use the various options available such as internal models, as well as availing of the transitional measures. This resulted in a number of applications for items such as Ancillary Own Funds, Volatility Adjustments and so on; and a significant number of applications for the use of Internal Models. In order to overcome this challenge, we established a robust review, validation and decision making process for the application and approval of these mechanisms.

Now that many models have been approved, the focus shifts towards the regulation and oversight of capital post implementation. At the forefront of our minds is the temptation for companies to reduce the level of capital held through selective changes to model parameters. We cannot ignore the experiences of the past of the banking sector, where, over time, the temptation to ‘game models’ became too great and the capital requirements of banks trended inappropriately downwards over time. We must be cognisant not to fall victim of what may be referred to as model drift, and ensure we maintain vigilance over internal models and that they continue to reflect a firm’s risk profile. Through our engagements we will be rigorous in our review of model changes and supervisors will expect firms to have robust internal governance processes in place to assess, approve and implement model changes.

There will also be an onus on firms using the standard formula to perform on-going assessments of the suitability of this for their businesses. The standard formula has been designed based on an ‘average’ European insurance company, with a one size fits all approach. However, firms will need to assess this against the risk profile of their own company. Companies cannot take a false comfort from application of the standard formula and should be taking a step back to understand what their number should be.
Whether a company is using an internal model or the standard formula, we have paid particular attention to the solvency ratios projected under Solvency II. Where firm’s SCRs currently are, or are projected to be, close to 100%, we engage intensively with the senior management teams in relation to their margin of safety against unforeseen events. This should be expected to continue in the future.

Supervision v Regulation

Of course in order to fully appreciate the holistic picture of what lies ahead on the ‘voyage’ of insurance regulation for companies, I would like to draw your attention to the subtle distinction between regulation and supervision.

Regulation is the framework of rules, laws, codes and guidance that put structure around the objectives of regulatory authorities. Essentially this is the rulebook. One of the fundamental roles of a prudential ‘supervisor’ is to ensure that companies comply with the prudential regulations as set out in law.

However, supervision is much more than that. As you will be no doubt aware, in the Central Bank of Ireland we use a supervisory model called PRISM, Probability Risk and Impact System, which is built on the premise of supervision being forward-looking, outcomes focused and requires the use of expert and supervisory judgement. The PRISM model looks at both the impact and probability risk of a company and generates a score which determines the level of intensity of engagement a firm will receive. In our preparations for Solvency II we made a number of changes to this model to move more towards the importance of supervisory judgement and become less reliant on the impact category which is generated based on hard metrics and balance sheet size. The amended model now ensures where supervisors identify risks such as pricing and underwriting, reserving and claims, capital, operational, market or liquidity risk as being escalated, we have a more agile model which will result in the work on these areas being more intensive.

As a consequence, supervisors need to understand and assess the whole gambit of risks to firms. They will rely on some of the more traditional tools, such as solvency ratios, but in a modern risk-based regulatory regime such as Solvency II, financial analysis and reviewing a number is not enough. Supervisors need to understand the components and drivers of that number. They need to understand how changes in risk profile of a company could potentially impact that number. Supervision is not a box ticking exercise against a checklist of regulatory requirements, but rather understanding and assessing risk at its core. It will be supervisors that you will deal with on a day to day basis.

Many of you here today will have already experienced interactions with supervisors, and you may be asking the question, now that Solvency II has been introduced should you expect any changes in your level of engagement in the BAU phase.

I expect that the core of your engagement will remain the same, supervision has always been and will continue to be forward looking and judgement based, coupled with challenging dialogue with the supervised entities. In addition to this there will continue to be an increased level of intrusiveness of supervision, as supervisory culture and practices become more consistent across Europe under the Solvency II regime. Take for example in 2016 the Central Bank of Ireland has established an on-site inspections team. The purpose of this team is to increase the frequency and intrusiveness of on-site activity by supervisors, on the premises of companies, verifying company practice in reality.

Remember also, as we work to embed the Solvency II requirements and practices, we are also working towards the harmonisation of supervisory practices and approaches across Europe. You can expect this to be proportionate, with the intensity and frequency of our supervision tailored to the insurer’s individual circumstances.

Notwithstanding that Solvency II has introduced many changes, we need to make sure that we do not forget the ‘bread and butter’ of our business. Our fundamental objectives as regulators and supervisors has not changed, and we will not lose sight of the basic sound principles of insurance, such as; disciplined underwriting, appropriate reserve setting and robust risk and capital management.

Supervisors may be more searching in their interviews and intrusive in their techniques. They will:

Ask more questions, of Board members given their responsibilities over the ORSA document and the ORSA process which is the centre point of your risk management framework. Key to the regulatory agenda is understanding how a company is managing its capital and ensuring plausible threats to the medium and long term sustainability of each company are adequately assessed through the ORSA process;

  • Engage more closely with your Senior Management Teams, seeking evidence of the way in which decisions are made, reviewing what information is provided to the board, what is the level of internal challenge from the risk function and the CRO in particular;
  • Assess investment strategies robustly against the Prudent Person Principle;
  • Increasing their on-site presence, by increasing the level of testing of internal controls, comparing what is described on paper to what happens in practice to ensure that governance and risk management standards are maintained;
  • Conduct rigorous business model analysis; and
  • Pay very close attention to new and emerging risks, looking more in-depth at those risks that are potentially ‘heating up’. Questioning if the probability of such risks materialising may change over time, that these changes in likelihood are reflected in the level of analysis applied to such scenarios in companies ORSA reports.

While the focus to date for companies has been on making the next hurdle, meeting the next deadline for Solvency II implementation and ensuring all the systems and documentation are in place. We are now moving into a BAU phase which means that supervisors will expect that companies will breathe life into Solvency II and embed it in their practices.

You may also observe the effects of an increased level of interaction between national supervisors. Your interactions with supervisors should have a similar theme and message, regardless of whatever European jurisdiction you are in.

Data/Macro supervision

Supervision is not just about individual companies. There is also an increasing focus on supervision at the macro level, taking a more systemic view of the threats to financial stability. There is a move towards using data and data analytics to build central repositories of information. This will be used to identify patterns and trends, conduct peer analysis, identify cross border issues and interconnected risks. This will help to inform our supervisory dialogue. You will have seen some of this work already through the EIOPA insurance stress tests.

Of course this presents significant technological challenges for both you and us, to ensure that data is consistent, any ‘white noise’ is stripped from it and that our system and analytical challenges do not lead to big time lags. The availability and use of data under Solvency II has advanced immensely, however, the challenges in the quality and accuracy of the data are still significant.

Whilst our first priority will be of course to utilise the data provided through Solvency II; just as the use of data is increasing in importance in the running of your businesses so it is in our supervision.

We ask that Industry is prepared to participate and respond to both individual company and wider market engagement in the spirit of enhancing all our understanding of the insurance market.


We have come through the ‘once in a generation’ overhaul of insurance regulation, where both industry and regulators showed great persistence and resolve. It is a proud achievement that both parties now see this as ‘business as usual’. As we look into the future we will face many more challenges. These will come from all quarters and some will be driven from outside the insurance industry and some from within.

Brexit is a major shift in direction, driven by the external environment and we are in uncertain times. Many things will need to be discussed and resolved, such as future trading agreements, the issue of ‘passporting’ on a cross border basis, and the impact on capital flows and regulations will emerge over time.

Moving into the future, I would expect the UK insurance regulatory regime will remain on par with Solvency II, ensuring equivalence. And just as the PRA were at the forefront of driving many of the core aspects of Solvency II, I would foresee this continuing in the shaping and implementation of global regulatory standards in the future. In the meantime, as noted by Mark Carney in June, until the UK does exit, the law is the law, the rules are the rules and we can take some certainty from that.

Innovation from within insurance is also driving us in uncertain directions. There is much discussion of products falling outside of the regulatory umbrella such as ‘Hop on/hop off’ insurance products. There are also growing complications from increasing digitisation and disruptors in the market, which may change the landscape of insurable interests, for example through products such as driverless cars. This is combined with dramatically increasing volumes of personal data being made available to insurance providers such as driving habits and health and lifestyle choices. We are not yet sure of what this will mean for industry or what the regulatory response will be. I’m sure there will be many conversations ahead where we will have to work through the intricacies of providing fair and equitable products, combined with the use of personal data. These are challenges we will have to face and work through both from a business and regulatory perspective.

We will continue to actively engage with EIOPA on driving forward the European harmonisation agenda. Key projects here include Recovery and Resolution, Stress Testing, Solvency II Data Analysis and the Supervisory Handbook.

To conclude, we need to continually adjust, this will mean not being able to rely entirely on tried and tested formulas from the past. We need to be adaptable to our environment and accept and embrace the changes that the present and the future bring. As noted by John F. Kennedy in 1963 “time and the world do not stand still. Change is the law of life. And those who look only to the past or the present are certain to miss the future.”

Thank you for your attention this morning, enjoy the rest of this morning’s event.