turkey solvency ii and operational risk 200911 v2

8/4/2019 Turkey Solvency II and Operational Risk 200911 v2

1/33

2010 IBM Corporation

Planning Considerations

Operational Risk and Solvency II

David W. Kerr

Partner and Insurance Practice Leader, Growth Markets


2/33

2010 IBM Corporation2

Risk has never been a biggerchallenge than in todays businessenvironment

new regulations, globalization, increased risk and business velocity,and an explosion of information

all demand more effective compliance and risk management practices and better alignment

of risk and performance management objectives for better business outcomes

Todays Business environment is increasing focus on Operationaland IT Risk

Source: IBM Global CFO Study 2010, Insurance POV


3/33


Agenda

An introduction to Operational Risk

An introduction to Solvency II


4/33


Planning Considerations for Operational

Risk


5/33


6/33


UK Insurers have analyzed Operational Risk Events

Operational Risk

InternalFraud

ExternalFraud

EmploymentPractices and

Workspace Safety

Damage to PhysicalAssets

Business Disruptionand System

Failures

Execution, Deliveryand ProcessManagement

Clients, Productsand Business

Practices

Distribution of Loss Amounts (% of Total)1

Insurance 0.5

Banking 6.1

1.8

8.0

0.8

6.0


7/33 2010 IBM Corporation7

Distribution of Operational Risk by Insurance Function shows that all areasof the enterprise can contribute to risk events

OperationalRisk Event

% of

TotalLoss1

Execution, Delivery andProcess Management 65.5 27.7 13.2 7.0 6.3 4.0 7.3

Accounting, Finance &Investment

PolicyholderService

Sales &Marketing

Underwriting Claims Other

Clients, Products andBusiness Practices

Business Disruptionand System Failures

External Fraud

Internal Fraud

Employment Practicesand Workspace Safety

24.0

7.4

1.8

0.5

0.8

19.4 2.8 1.8

OtherITSales & Marketing

6.0 1.4

IT Other

0.7 0.7 0.4

Claims Sales & MarketingPolicyholder Service

0.2 0.1 0.2

Claims Policyholder Service Other

0.2 0.40.2

OtherHumanResources

Facilities

Source: Association of British Insurers (ABI); Operational Risk Consortium (ORIC)

1Based on data in the ORIC database which contains operational risk events with losses totaling more than 10,000 as reported by 18 UK carriers across the life and non-life segments. Asof 1Q 2009, the ORIC database contained over 2,000 incidents representing a gross loss amount of approximately 900m ($1.3B at 3/09 rates)

Operational Losses by Insurance Function (% of Total Operational Risk Event)1



Frequency and Severity of Insurance Operational Risk

Damage to Physical Assets

Internal Fraud

Employment Practice and Workplace Safety

External Fraud

Business Disruption and System Failures

Clients, Products and Business Practices

Execution, Delivery and Process Management

0 300 600 900 1,200

12

14

16

18

20

Frequency (number of events)

AggregateLosses(inNaturalLogarithm)

Severity and Frequency of Operational Risk Events

Level 1 Category


Advisory activities, which fallsunder clients, products andbusiness practices, have a highrate of occurrence (9% of lossevents) and the highest loss perevent (13% of reported losses)

Accounting errors, which areincluded in execution, deliveryand process management, donot happen often (2% of events)but have a significant impact(12% of losses)

Customer service failures occurthe most often, accounting for16% of loss events

Reported loss experience from

ORIC database by level 2 category



Operational Risk events have a very large direct and indirect financialimpact on the Insurance Industry

Indirect Costs Associatedwith Operational Failures

Higher surrender rates/lowercustomer retention

Loss of new business

Fines

Lower customer satisfactionrates

Loss of reputation in the market


3Q07 4Q07 1Q08 2Q08 3Q08 4Q08 1Q09 2Q09 3Q09

10

20

30

40

50

60

70

0

Submission Quarter

ReportedLoss

(millions)

Insurance Operational Losses by Quarter: 3Q07 3Q09As reported by 18 ORIC members



But there are many challenges to address Operational Risk

Automating the process of identifying, measuring, monitoring, analyzing andmanaging operational risk

Insurance companies globally are under scrutiny to practice sound GovernanceRisk and Compliance (GRC)

Most insurance companies lack a consistent business capability to meet internalneeds and external demands

Inefficient, time consuming and manual processes make risk managementstrategically un-actionable

Many systems do not accommodate the companys specific needs



Identify

Quantify

Decide

Identify risk objectives and suitable business impact metrics

Catalog past, present, future failure events and root causes Map business processes and locate pain points

Assess frequency and severity of root causes & failure events

Map interdependencies between failure events and root causes

Forecast business impacts of expected and unexpected risks

Identify appropriate mitigation strategies for major risks

Assess costs of mitigation strategies

Perform scenario analysis to assess mitigation benefits

Anal

yticalTools

There areStructured Methodologies for Operational RiskManagement

Structured methodologies, supported by advanced analytics, are required to addressthe challenges insurers face when seeking to manage their operational risk exposures


12/33


One can apply both Top Down and Bottom Up approaches to analyzeOperational Risks


13/33


Planning Considerations for Solvency II


14/33


An Introduction to Solvency II

Solvency 2 (S2) legislation wasinitiated by the European

Commission to fundamentallychange the current Europeaninsurance solvency framework

S2 evolved from the Basel II threepillar approach to Bankingregulation - it will produce a moreconsistent solvency standard

ensuring that capital requirementsare more reflective of the risksbeing accepted.

The date for the legislation tocome into effect is 01/2013 butinterim progress milestones arefast approaching.

Each insurer should decide nowwhat Solvency 2 means for them.

There is not one solution for all -Insurers need to understand the drivers that will influence both the scale of

investment and the value to be derived from their Solvency 2 Programme.

Valid for all insurance companies in EU after

forming the directive into national law

Solvency IIProtection of policyholders

against failure of insurance companies

CapitalAdequacy

Pillar I

Quantitative

Supervisionand

Governance

Pillar II

Qualitative

Disclosure

Pillar III

Market

Discipline

Underwriting Risk

Market Risk

Credit Risk

Asset/Liability

Management Risk

Operational Risk

Liquidity Risk





CapitalAdequacy

Pillar I

Quantitative

CapitalAdequacy

Pillar I

Quantitative

Supervisionand

Governance

Pillar II

Qualitative

Supervisionand

Governance

Pillar II

Qualitative

Disclosure

Pillar III

Market

Discipline

Disclosure

Pillar III

Market

Discipline

Underwriting Risk

Market Risk

Credit Risk

Asset/Liability

Management Risk

Operational Risk

Liquidity Risk





CapitalAdequacy

Pillar I

Quantitative

Supervisionand

Governance

Pillar II

Qualitative

Disclosure

Pillar III

Market

Discipline

Underwriting Risk

Market Risk

Credit Risk

Asset/Liability

Management Risk

Operational Risk

Liquidity Risk





CapitalAdequacy

Pillar I

Quantitative

CapitalAdequacy

Pillar I

Quantitative

Supervisionand

Governance

Pillar II

Qualitative

Supervisionand

Governance

Pillar II

Qualitative

Disclosure

Pillar III

Market

Discipline

Disclosure

Pillar III

Market

Discipline

Underwriting Risk

Market Risk

Credit Risk

Asset/Liability

Management Risk

Operational Risk

Liquidity Risk


15/33


Implementation of Asset Liability Management or Dynamic Financial Analysis for alldivisions

Quantification of all significant risks and fair / realistic valuation of assets and liabilities

Adequate solvency capital for all lines and divisions

Adequate reserves

Quantitative requirements

Collecting, handling and controlling all significant risks

Prompt and comprehensive information on the risk situation for the management

Regular checks of the valuation and controlling of risks through internal audits

Precise hierarchies, communication channels and ownership for implementing and livinginternal controls

Defining and supervising limits and regulation (investment decisions and risk unterwriting)

Extensive separation between management and controlling

Implementing an early-warning system (key performance indicator based forecasts)

Regular profitatility and stress tests (scenario analysis, sensitivity tests)

Adequate asset allocation strategy (within given risk margin)

Qualitative requirements

Comprehensive and timely reporting (internal and external)

Disclosure (based on IFRS principles)

Market discipline and transparency

Solvency II Requirements


16/33


Solvency 2 Objectives Overview

Pillar I Risk Quantification and

Capital Adequacy Demands that firms explicitly quantify: The level of risk they face and the amount of capital needed to

support that risk. To perform these calculations, firms

can elect to: Apply a standard model

prescribed by the regulator, Operate a full internal model

across all business lines, or Operate a partial internal model,

with some areas remainingunder the standard model

The regulator will need to approveeach internal model after beingsatisfied that following tests have been

passed: Statistical quality Calibration Profit & loss attribution Validation Documentation Use

Pillars II & III: Internal Control and

Reporting Address the supervisory, reportingand disclosure requirements

Define the risk managementprocesses and practices that a firmneeds to have in place fordemonstration to the regulator.

To achieve compliance, the firm willhave to prove that it has :

Strong internal reportingmechanisms and a thoroughinternal audit function.

End to end, timely data sharingbetween the various functionaldepartments - from underwriting,claims, actuarial, operations, IT,

investment management, finance,risk and compliance, right up to boardlevel.

Reality : Many Western EuropeanInsurers are still only working towardsPillar 1 Compliance


17/33


Risk categories


18/33


Although Solvency II is less than 2 years away, many insurers still have themajority of work still to do

PWC S2 Report - 'Insurers face tough and

expensive push for S2 deadline'. More than 40% ofinsurers are still only in the preparatory stages or haveyet to launch their Solvency II projects.

According to a recent PwC survey of 115 insurers in 22countries across Europe and outside the EEA, 11%have not yet launched their Solvency II project. Ofthose that have started the implementation process, the

majority of respondents are only a quarter of the waythrough.

0 20 40 60 80

Projectplan

Gapanalysis

No

Partially

Yes

Status NL insurers Mid 2010 (N= 118)

Accenture, Most European Insurers Say

Compliance with Solvency II Will Cost MoreThan Originally Expected

Nearly one-third (29 percent) of the insurerssurveyed said they expect to spend more than25million to comply with the directive, including 7percent that anticipate spending more than100million. In a similar 2007 survey, only 4 percent of

insurers said they expected to spend more than26million and none said they expected to spend morethan100 million.

Lloyd's Solvency II costs estimated at about$480M: Levene

Compliance for Solvency II may cost insurers in the

Lloyds of London market as much as 300 million($480.2 million), according to the markets chairman.

The situation


19/33


Experience from western Europe shows challenges and suggested focusareas

Technology implementation issues are now becoming real. The designs that havebeen developed are being handed over to the IT development teams and delivery plans arebeing developed. These plans are now showing that either timescales are going to have tomove or scope is going to have to be reduced.

Data remains a key area of concern, be it accessibility or granularity of data and in manycases its quality. Therefore many organizations are now looking at how they can simplifytheir data requirements in order to achieve a realistic solution.

much effort has been placed, especially in the Quantitative Impact Study 5 (QIS5) on thedevelopment of sophisticated internal models that allow customization of SCR and MCRcalculations according to the companys needs. However, it is less valuable to fine-tuneinternal models without making sure they are fed with high quality data

BUT

insurers are beginning to appreciate the real implications it will have for theirbusinesses.

Solvency II is acting as a catalyst for businesses to restructure (it) is likely to lead toM&A activity in the form of acquisitions or disposals of portfolios, teams or companies asbusinesses look to achieve the scale and diversity they see as optimal under the newregime

Sources : Solvency II Survey 2011 (UK) Deloitte LLP, Meeting the Data Quality Challenges of Solvency II Moody Analytics


20/33


Solvency II is challenging but the potential business benefitsare big.

Ambition level Objectives Main benefits

Compliance with external

model

Compliance reached with minimal required

effort

Compliance with internal

model with auditableprocesses

Integrated data and reporting

platform feed calculations

Lower capital costs, improved credit rating,

optimization of reinsurance

Comparability with peers

Higher efficiency in risk & finance reporting,

rationalization of information systems

Value creation based on

Economic Capital return

Reporting based on fair

value combining external

demands with internal needs

Improved pricing

More value creating products

Performance mgmt, culture and rewards

based on true value

Complianceonly

Sustainablesolution

Managing onValue


21/33


Solvency II requires insurers to collect detailed asset, liability and risk data to beable to come up with the market consistent balance sheet

Performancemanagement

Reporting &information usage

External & internalmodels

Datastorage

Source systems &local databases

Typical numbers for top 10 insurers

10 to >50source systems

in multiple

(business) unitsExternal data

1000-1500attributes to be

modeled for

different risksand LOBs

Multiple modelsfor different

LOBs, different

calculationsteps

44 reports,1400 line items

for CP58

Internalreports


22/33


Based on our western Europe experience, we see data related gaps inmost Insurers environments

Parts of current IT application landscape under control of different parties who owns all the spreadsheets?

No specific policy on data management

No clearly formulated data quality checks

No central data dictionary across multiple legacy systems

Inadequate recoding of data history

Internal controls for business processes may be in place but not formalized ordocumented or tracked

Lack of controls on use of externally provided data note exposure from distribution channels. Are you even certain of clientnames?


23/33


The lack of good quality data will also have financial consequences

Granularity toolow to makemore detailedanalyses

-Much time spenton movementanalysis,-E.g..reconciliationbetween GL andRisk outcomes

Performance

management

Reporting &

information usage

External & internal

models

Data

storage

Source systems &

local databases

-Delays in modelupdating, testing &validation- Difficulty keepingaudit trail in riskoutcomes- Increased manualintervention

-Increase incapital due tocapital addon or use ofstandardformula-No basis forperformancemanagement

Changes in dataof sourcesystems can becostly to digest


24/33


Data integration makes up the majority of the implementation costsin a Solvency II project

0 10 20 30 40 50 60 70 80 90 100

Leverage Sol II findings

Build DWH

Retrieve and normalise

data

Detail requirements

Build internal model

Assessment current

situation

Rough estimate of cost break-up of a Solvency II project

% of total costsSource: IBM analysis


25/33


Data Sources/Operational Systems Extraction &Staging

InsuranceInformationWarehouse

Calculation EnginesData MartsDecision Support/

Reporting

Meta Data & Reference Data

Software Infrastructure

Development Environment and System Management

Enterprise DataIntegration

&historitation

Stress Test

Fair Value

Controlling

Scenarios

Other

RegulatoryReporting

Financialreporting

ActuarialReporting

ManagementReporting

Risk Analytics

Dashboards

Products

Partner/Clients

Contracts

Sales

Claims

FinancialAccounting

CapitalInvestment

Other

Challenge 1:Source systems

Many differentsource systems, ofvarying quality,technology, ageand accessibility

The data delivery challenges

Challenge4:

One versionof the truth

TransformationCalculation

(e.g. Risk Engine)Market Risk

Operational RiskActuarial Risk

Other Risk

Challenge 3:

Data Quality

Define rules,process and monitor

Challenge 5:

Requirementsmanagement

Challenge 6: Meta data

One language:

operational, technical, business

DataAcquisition

DataQuality

DetermineChanges

Challenge 2:

Data governance

Organise the

ownership, use,definition andstructure of thedata


26/33


Challenge 1: Many different source systems, of varying quality,technology, age and accessibility

IBM View Recommendations

Prioritize connection of source systemsbased on your relevant criteria (future proof,materiality, maturity)

Industrialize the data extraction process

Profile the data of the source systems beforethe business starts to map source to target

Use a repeatable Data migration approach

Use a strong tool for data profiling

Discover Validate Remediate

Discovery

Data profiling is simply taking a picture of the dataof the source systems

Should be done before the source to targetmapping

Skipping data profiling leads to:Unexpected source data

Old source data, business rules unknownMultiple versions of the dataIncomplete, out-of-date, untrusted dataRework and higher cost

Executing data profiling results in complete view:Relationships between data elementsData integrityDuplicate Values

Exceptional ValuesEmpty Fields


27/33


Challenge 2: Organize the ownership, use, definition and structure of thedata

IBM View Recommendations

Step 1: Get the (right) people in place togovern

Step 2: Do initial assessment, calculate valueof data and probabilities of risk

Step 3: Develop a data-governance strategy

Build a Data Governance Framework and assessyour current maturity

Consider available industry data models

Exploit Tooling

DataQuality

Management

InformationLife-Cycle

Management

InformationSecurity

and Privacy

Core Disciplines

Data Risk Management &Compliance

Outcomes

Value Creation

DataArchitecture

Classification &Metadata

Audit InformationLogging & Reporting

Supporting Disciplines

Organizational Structures & Awareness

Enablers

Policy Stewardship

IBM Data Governance Framework


28/33


Challenge 3: Define rules, process and monitor

IBM View Recommendation

Data Quality Management is a continuousprocess

Functional data quality rules should bedefined by the business

After definition of rules monitoring of DQshould be put in place

Data Quality Management approach as part of DataGovernance Framework

Use tools to enable processes

Data Quality

User can access

data

Accessability

Access Rights

Transactions

SystemAvailability

User can

understand data

User can use data for

decisions

User can exploit data

in processes

Interpretability

Semantics

Syntax

Plausibility

Reliability

Accuracy

Completeness

Consistency

Usefulness

Timeliness

Relevance

Up-to-Dateness

Non-Volatility


29/33


Challenge 4: One version of the truth


Use standard reference data model for theinsurance industry

Requirements are clear: Repository of historical data for validation /

calibration of internal models and reporting Capturing of results from calculation engines Central data store for all analytic purposes

Storage of detailed raw data from multiplesources

Build a robust data warehouse architecturesupported by an enterprise data dictionary

One physical Enterprise Data Warehouse is notnecessarily the (only) solution

FOUNDATION MODELSEnterprise Insurance

Concepts Definition forCommunication and

Standardization

DATA MODELSInsurance data content foran enterprise-wide view of

information and data

rationalization

SERVICE MODELSEnterprise Insurance Services

Definition for componentbased development and

Service Oriented ArchitectureProduct Models for

accelerating insuranceproduct design

PROCESS MODELSEnterprise Insurance

Processes Definition forbusiness process

modelling, simulation,and executionSample :

IBMsInsurance

InformationWarehouse


30/33


Challenge 5: Requirements management


Solvency II requirements are extensive &changing

Define high level data requirements right fromthe start based on needed reporting

Iteratively sharpen/add data reqs in releases,realise 1st working source-report chain forsmall scope, then extend LOB/LOR scope

Use accelerators from vendors to get started.Define long term tool and asset strategy once base

model is in place

Generation data-

marts

Reqsanalyis

Determination of facts,measures

anddimension

s

Determinedata

definitions

Designlogicaldata

model

Sourceanalysis

andextractio

n

DWHbuild

Data related activities for acquiring Solvency II compliancy

Use Accelerators Use tooling and own models


31/33


Challenge 6: Meta data, one language, operational, technical, business


Full audit ability from report-source requiresdata lineage and metadata management

Standardization of business terms and theirdefinitions is a critical first step

Build an architecture that considers the end to endaudibility requirements (even with narrow scope)

Select tooling that supports the broader traceabilityrequirements


32/33


Investment in a Solvency 2 solution can provide significantbusiness opportunities for insurers

Improving capital allocation by giving a common basis for comparing projects /business strategies

Providing management with deeper insight into risks to identify areas ofcompetitive advantage

Delivering improved MI to facilitate decision making

Creating value through improved product design and pricing

Enabling better alignment of employee remuneration with risk-basedperformance

Minimizing cost of raising capital, reinsurance and other risk transfer productsby making the firms risks more transparent and measurable

Driving investment in scalable / extendable models to minimize cost of futurechange (such as IFRS Phase 2)

Efficiency improvements, e.g. removing duplications across different reportingprocesses; increased automation

Realising these benefits need not require an instant, wholesale businesstransformation.


33/33

Urgent Decisions and Guiding Principles

1.Define and articulate the vision and ambition for the Solvency 2 programme, gaining

committed buy-in from across the business and IT

2.Agree the calculation model approach to be used i.e. Standard vs. Partial Internal vs.

Full Internal and select between achieving basic compliance, or to invest smartly and

gain business benefit.3.Understand the S2 Risk and MI needs of different roles and user groups so the

solution can be designed to support these requirements and deliver MI to an appropriate

level of granularity for each constituent member or group

4.Decide the degree to which the risk calculation process is to be industrial strength?

Capture the organizations ambitions towards end-to-end data integration

5.Agree their appetite for technology as an enabler to support and embed the desired

change.

IBMs experience from similar projects indicates that insurers must act nowto:

turkey solvency ii and operational risk 200911 v2

Documents