Key functions in the system of governance
Responsibilities, interfaces and outsourcing under
Solvency II
Solvency Consulting Knowledge Series
Author
Lars Moormann
Contact
solvency­solutions@munichre.com
January 2013
With the introduction of Solvency II,
European insurance companies will
have to meet a large number of new
requirements. Apart from the quanti­
tative requirements in the first pillar
and the disclosure obligations in the
third, the second pillar contains
extensive requirements relating to
the way insurers organise their busi­
ness. Article 41 of the Solvency II
Directive stipulates that companies
must have an effective system of
governance in place to provide for
sound and prudent management of
their business.
Though this requirement and other
provisions will not fundamentally
change the current system of govern­
ance, additional requirements will
have to be met. Under Solvency II,
insurance companies will have to
have in place the following four key
functions:
− Risk­management function
− Compliance function
− Internal audit function
− Actuarial function
“Function” is defined as the internal
capacity to undertake practical
tasks.1 The functions will in turn have
to satisfy a range of requirements,
such as fulfilling the “fit and proper”
requirements, comply with certain
reporting requirements and be in
a position to perform their tasks and
exercise the authorities given to
them.
© 2013
Münchener Rückversicherungs­Gesellschaft
Königinstrasse 107, 80802 München, Germany
Order number 302­07752
1
Solvency II Directive, Article 13 (Definitions),
paragraph 29.
This Knowledge Series provides an
overview of the requirements in
Articles 41 to 49 of the Solvency II
framework directive that will apply
to the four future key functions and
describes their tasks and responsi­
bilities and the outsourcing possibili­
ties on the basis of the state of the
debate as at the end of 2012. The
information provided is essentially
based on the framework directive
and more detailed descriptions in
Level 2 and 3 papers. For ease of
reading, references to sources are
made in the text only for certain
important points. Some adjustments
may be necessary as Solvency II con­
tinues to develop.
System of governance and
key functions
Recital 30 of the Solvency II Directive
requires European insurance com­
panies to set up the above­mentioned
four key functions (risk­management,
compliance, internal audit and actu­
arial functions). “Function” does not
necessarily mean a specific person or
department. A company is free to
decide on its own structure – functions
may be centralised or decentralised,
independent or integrated. Recital 32
specifically mentions the possibility
of concentrating several functions in
one person or one unit. It is important
for guidelines to be prepared to clearly
document the tasks and the positions/
people responsible for performing
them. Functions must be able to
fulfil their responsibilities objectively,
fairly and independently, so that,
for example, the internal audit func­
tion can only be performed by an
independent unit.2
2
Recital 32 of the Solvency II Directive.
Page 2/8
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Table 1: Articles in the Solvency II directive relevant to the system
of governance
Article 41
General governance requirements
Article 42
Fit and proper requirements for persons who effectively run the undertaking or
have other key functions
Article 43
Proof of good repute
Article 44
Risk management
Article 45
Own risk and solvency assessment
Article 46
Internal control
Article 47
Internal audit
Article 48
Actuarial function
Article 49
Outsourcing
The “fit and proper” requirements
for key functions stipulated in Art­
icles 42 and 43 can be summarised
as follows:
Fig. 1: The three lines of defence in the governance system
Management
Responsible for risks and controls
Risks
1 st line of defence: operational units
Identification, analysis, assessment and
­management of risks on a day-to-day basis
2nd line of defence: risk-management function,
actuarial function and compliance function
Monitoring of risks and operational and central
divisions
3rd line of defence: internal audit
Independent of operational units and 2nd line of
defence; responsible for performance of internal
controls
The functions must have clearly segregated responsibilities, though there will inevitably
be some overlaps, and where they occur the distribution of tasks and responsibilities must
be clearly defined and documented.
The Articles listed in Table 1 define
the main requirements and responsi­
bilities of the key functions, which we
briefly describe below:
According to Article 41, the tasks,
responsibilities, processes and
reporting obligations of the four key
functions must be transparent and
clearly defined. At least for risk
­management, internal control, inter­
nal audit and outsourcing in general,
there must be written guidelines,
and compliance with them must be
assured. Furthermore, there is
expected to be regular communi­
cation between the Board and the
The principle of proportionality is
not applicable to this requirement.
Companies must prepare a “fit and
proper” guideline, in which the pro­
cedure for assessing suitability for a
key function is documented.
key functions, the latter communi­
cating independently with the rele­
vant departments at the company.
Article 42 sets out the requirements
for persons in charge of key functions.
To comply with the “fit and proper”
requirements, they must have appro­
priate professional qualifications and
be of good repute and integrity to
guarantee sound and prudent man­
agement of the company.
−−Professional qualifications and
practical experience in the function
concerned
−−Analytical skills and competence in
solving problems
−−Ability to communicate with people
at all levels in the company (irre­
spective of their position in the
hierarchy)
−−Irreproachable certificates of good
conduct and reputation
Articles 44 to 48 of the Directive con­
centrate on the responsibilities of the
four key functions.
The four key functions in detail
The establishment of the four key
functions for Solvency II will bolster
the “three lines of defence” structure.
As shown in Figure 1, the front-line
operational units are responsible for
the initial acceptance or decline of a
risk. The risk-management, actuarial
and compliance functions form the
second line, regularly monitoring and
managing all of the risks at aggre­
gated level and controlling the under­
writing guidelines and acceptances
in the operational units. As the third
line of defence, internal audit regu­
larly reviews the entire system of
governance and all other activities in
the company.
Risk-management function
According to Article 44 of the direc­
tive, the risk-management function,
like the organisational structure and
the decision-making processes,
“shall be structured in such a way as
to facilitate the implementation of
the risk-management system”.
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Page 3/8
By risk-management system,
­Solvency II means the strategies,
processes and reporting proce­
dures necessary to
The risk-management function also
has reporting responsibilities: rele­
vant risks must where appropriate be
represented qualitatively and quanti­
tatively and internally and externally,
and all significant risks classified and
shown as an exposure figure.
−−continuously identify, measure,
monitor, manage and report
−−incurred and potential risks and
their interdependencies
−−at an individual and at an aggre­
gated level.
The risk-management system should
cover at a minimum the following
areas:
−−Risk assumption and reserving
−−Asset-liability management (ALM)
−−Investments, especially derivatives
−−Management of the liquidity and
concentration risks
−−Management of operational risks
−−Reinsurance and other risk-mitiga­
tion techniques
The core tasks of a risk-management
function thus comprise the following:
−−Overall coordination and control of
the risk-management tasks
−−Measurement and assessment of
the overall risk situation, including
early identification of potential
future risks
−−Reporting to the Board
The risk-management function is
responsible for producing correct
guidelines for the development of
strategies and processes for identify­
ing, measuring, monitoring, manag­
ing and reporting risks at a company.
Besides that, the function must
report to Board on the effectiveness
of and any shortcomings in the riskmanagement system, and on the
ORSA3 results (e.g. the development
of risk capital in the coming years).
The risk-management function
shares responsibility for the risk
strategy and determination of the
risk distribution, and prepares the
documentation needed by the Board
to enable it to take the necessary
decisions (e.g. on risk appetite).
If a company uses an internal model
or partial model to calculate its risk
capital requirements, the risk-man­
agement function has additional sig­
nificant responsibilities pursuant to
Article 44, paragraph 5 of the direc­
tive, including the design, implemen­
tation, validation and operation of the
internal model.
In addition to the above-mentioned
“fit and proper” requirements, the
risk-management function will no
doubt have to include people with a
professional scientific and math­
ematical background, ideally backed
up by appropriate qualifications (e.g.
actuaries).
It is also responsible for calculating
the solvency capital requirements,
the agreement and management of
the risk profile, the appropriate con­
sideration of interactions between
different risk categories and the
identification and systematic inte­
gration of emerging risks.
Compliance function
Article 46 of the directive sets out
the requirements for the compliance
function, which is a component of
the internal control system and is
responsible for compliance with that
system.
An internal control system must
incorporate at least the following
three areas:
−−Administrative and accounting
­procedures
−−Internal control framework
−−Appropriate reporting arrange­
ments at all levels in the company
In addition to supervision of the
internal control system, the compli­
ance function has the following
three core areas of responsibility:
−−Risk control
−−Early warning
−−Provision of advice to management
According to the implementing
measures, the function is responsible
for risk control, i.e. the identification,
assessment, monitoring and reporting
of compliance risks. “Compliance risk”
is defined as the risk of incurring legal
or regulatory sanctions, significant
financial loss or damage to reputation
resulting from the company’s failure
to comply with laws or regulations.
Any violation of the law at a company
must be investigated and followed
up by the compliance function and
reported to the Board, and in certain
circumstances to outside bodies such
as the financial supervisory authority.
To enable it to fulfil its responsibility
to provide early warning of problems,
the compliance function must con­
sider possible future changes in the
legal environment and their potential
effect on the company. This also
includes the “compliance plan” to be
produced by the compliance function
mentioned in Guideline 41 of the
framework directive, which should
cover as a minimum the compliance
risk and the legal-changes risk for the
following financial year.
In addition to coordinating the over­
arching risk-management activities,
the risk-management function
should also identify potential risks
and recommend appropriate coun­
termeasures to the Board.
3
Own Risk and Solvency Assessment.
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Page 4/8
Another key responsibility of the
compliance function is to advise the
administrative, management or
supervisory body on compliance with
the laws, regulations and administra­
tive provisions adopted pursuant to
the Solvency II framework directive,
as stated in Article 46, paragraph 2.
The core tasks of internal audit are:
The advice should include the prepa­
ration of rules, including the training
of staff in compliance with legal
requirements. The compliance func­
tion should also provide operational
areas and the risk-management
function with support on legal
requirements when new products
and services are to be launched or
when the company intends to enter
a new market.
In summary, the compliance function
is first and foremost concerned with
monitoring and controlling compli­
ance with and application of laws
and regulations from an internal per­
spective, with particular attention
paid to the management of opera­
tional risks. This function is not the
same as that of a traditional legal
department, which tends to concen­
trate on operational tasks rather than
providing advice or having preven­
tion and control responsibilities.
In addition to the “fit and proper”
requirements described above, the
compliance function will have to
include staff with a legal background.
Internal audit
In contrast to the other key functions,
internal audit is a function that is not
permitted to undertake either opera­
tional tasks or the tasks of other key
functions. According to Recital 32 of
the framework directive, the inde­
pendence of internal audit must be
guaranteed. It constitutes the third of
the three lines of defence.
The responsibilities of the internal
audit function are set out in Article 47
of the framework directive. They
include the “evaluation of the ade­
quacy and effectiveness of the internal
control system and other elements
of the system of governance”. The
resultant findings and recommenda­
tions must be the subject of reports.
−−audits and
−−reporting
In principle, all of a company’s activi­
ties are subject to internal audit.
Under Solvency II, the emphasis will
be on auditing the operation, effec­
tiveness and appropriateness of the
system of governance, with the inter­
nal control system as an integral part
thereof being explicitly mentioned.
The internal audit function must con­
duct its audits and communicate its
findings in a totally objective manner,
and not be subject to any instruc­
tions from any other department or
function.
The areas to be examined by the
internal audit function are laid down
in the implementing measures:
−−Effectiveness and efficiency of
­processes and controls
−−Compliance with rules and instruc­
tions and requirements relating to
risk controls and operational capa­
bility (including reliability, accuracy
and completeness)
−−Timing and frequency of reports
(including external reporting)
−−Availability and reliability of IT
­systems
Internal audit should prepare an
audit plan based on its own risk
assessment of the entire system of
governance and ensure that all sig­
nificant activities are audited at
appropriate intervals. Internal audit
may well request other units to pro­
vide reports or opinions on the inter­
nal controls to be performed. The
actual performance of the audits and
the assessments given are the sole
responsibility of the function itself,
which must act on its own initiative
and not be subject to external influ­
ence. The function is permitted to
advise other units on controls to be
performed provided that the giving of
such advice does not jeopardise its
independence. To avoid conflicts of
interest, Guideline 43 of the imple­
menting measures recommends that
the function’s staff be rotated at
appropriate intervals.
Internal audit work should be docu­
mented in working papers. A written
report on every audit should be pro­
vided as soon as possible to the
audited unit and in summary form to
the Board.
Pursuant to Guideline 47 of the
implementing measures, internal
audit should report possible short­
comings and recommend remedial
action with deadlines for completion
specifying the persons responsible.
The function should also monitor
rectification of the shortcomings.
The “Audit Report”, to be produced at
least annually, should contain infor­
mation on internal audit’s achieve­
ment of its objectives and the degree
of completion of the audit plan.
Since the internal audit function is
responsible for reviewing all parts of
the system of governance and hence
the other key functions, it is difficult
to provide a clear definition of the “fit
and proper” requirements. It is advis­
able to include a broad spectrum of
skills and experience, where appro­
priate outsourcing certain activities
or using specialists from inside or
outside the company if the required
knowledge is not available within the
internal audit function, though, of
course, it is necessary to ensure
objectivity if staff from elsewhere in
the company are used.
Actuarial function
Article 48 of the Solvency II frame­
work directive requires companies to
have an “effective actuarial function”.
This function will have a wide range of
responsibilities, which can be broken
down into three core areas:
−−Coordination and monitoring of the
evaluation of technical provisions,
including methodology, assump­
tions and data
−−Reporting
−−Supporting the risk-management
function
According to the implementing
measures, within the actuarial func­
tion there must be a clear separation
of responsibilities and appropriate
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Page 5/8
controls for the evaluation of the
technical provisions. The function is
not responsible for calculating the
technical provisions, but for coordi­
nating the calculation process and
assessing the methods, tools and
data used for the evaluation.
−−To analyse the appropriateness of
premiums and the technical provi­
sions, taking account of changes in
the underwriting strategy or the
market environment (e.g. inflation
risks or legal changes)
One of the main tasks of the function
is to coordinate and monitor the
appropriateness of the methodologies
and models used to calculate the
technical provisions. The function’s
responsibilities can be summarised
as follows:
−−To understand the individual model
components, their interdependen­
cies and the way the model depicts
and takes account of the resultant
diversification effects
−−To develop and regularly review the
reserving methodology (stochastic
simulation, deterministic approach,
etc.)
−−To compare the current assump­
tions with those for the previous
year and those for the previous year
with the actual figures to calculate
the technical provisions (best-esti­
mate comparison), and identify the
reasons for the variances
−−To express an opinion on the
reserving and the underwriting
guidelines (e.g. the consistency
between the underwriting guide­
lines and pricing, or the financial
effect of changes in the general
business conditions)
−−To express an opinion on the rein­
surance covers, to include a review
of the consistency of the reinsur­
ance programme with the com­
pany’s risk appetite, the impact of a
cover on financial volatility and the
effect of covers under a range of
stress scenarios (e.g. a catastrophe
event or the reinsurer’s financial
strength being inadequate)
−−To analyse the interdependencies
between reinsurance programmes,
reserving and the underwriting
guidelines
−−To take account of relevant market
information
−−To express an opinion on the main
risk factors and their influence
on profitability in the next financial
year
−−To assess and validate the appro­
priateness, quality and complete­
ness of the (internal and external)
data and IT systems used
Due to the types of task to be per­
formed by the actuarial function, it is
likely that it will have to provide con­
siderable support to the risk-man­
agement function by supplying actu­
arial expertise. In particular, it will be
necessary for it to help with the cal­
culation and modelling of the under­
writing risks and contribute actuarial
methodology to the calculation of
capital (own funds) and risk capital
requirements. As mentioned above,
the actuarial function will also be
required to give its opinion on the
effectiveness of the reinsurance cov­
ers. This will concern a number of
areas. In addition to the effect of rein­
surance on risk capital, diversifica­
tion and the economic balance sheet,
it will also be important to assess the
expected development of business
and the ensuing need for reinsurance
cover in the following years.
Where internal models are used, the
function will be required to perform
in-depth analyses of and express its
views on their design and use. In this
area in particular, it will need to work
closely with the risk-management
function to ensure consistency
between reserving and the calcula­
tion of the risk capital requirement.
It will also be necessary for the actu­
arial and risk-management functions
to work together on certain parts of
the ORSA, especially the confirma­
tion that the technical provisions
have been calculated in accordance
with the Solvency II requirements.
In the reporting area, the actuarial
function will be required to commu­
nicate regularly with the Board and
advise other units on technical provi­
sions. It must submit an annual
report to the Board essentially cover­
ing the results of the above-men­
tioned activities. On the basis of this
report, the Board should be in a posi­
tion to form an opinion on the appro­
priateness of the calculation of the
technical provisions, the underwrit­
ing guidelines and the reinsurance
guideline. The report should also
­provide detailed explanations of
changes in the assumptions and the
reasons for the changes (best esti­
mates compared to experience val­
ues). An assessment of the reserving,
the underwriting policy and the rein­
surance cover and the interaction
between them is also required. Pos­
sible weaknesses and deficiencies in
all the areas mentioned must also be
reported with recommendations for
rectification. Deficiencies can be due
to a lack of expertise or specialist
knowledge (e.g. in the case of new
and complex products).
Considering the responsibilities of
the actuarial function, it is clear that,
in addition to satisfying the “fit and
proper” requirements, its staff must
have in-depth actuarial and mathe­
matics knowledge. The new function
will have to undertake more tasks
than the function of “designated
actuary” that currently exists at
­companies, (e.g. analysing the effect
of reinsurance solutions), so that
some training and preparation will be
required. Companies must ensure
that the actuarial function is able to
perform its tasks objectively, appro­
priately and independently. This
means, for example, that there must
be a clear separation of responsibility
for calculation of the technical
­prov­isions and the monitoring of that
calculation, with different reporting
lines.
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Page 6/8
Interfaces between the key
functions
For example, the compliance function
is responsible for monitoring compli­
ance with all laws and supervisory
regulations. Not shown in Figure 2 is
the compliance function’s responsi­
bility for checking that the other key
functions are working properly. An
interface with the risk-management
function is the compliance risk, which
is an operational risk. Via the internal
control system, the compliance func­
tion has a preventive role of avoiding
violations and following up any
potential infringements, whilst the
risk-management function is respon­
sible for analysing and assessing
the compliance risk as an operational
risk and taking it into account in the
overall risk profile and risk-manage­
ment process.
It is evident the will be some overlap
between the four key functions.
Since companies will be able to tailor
the structure of the functions and
their precise tasks to their own busi­
ness and risks, this Knowledge
Series will provide only a brief over­
view of the evident interfaces. As
with the organisational structure,
companies themselves have to
define the separation of responsibili­
ties in their guidelines.
To ensure that the system of govern­
ance is appropriate and effective, the
key functions should work closely
together and there should be a regu­
lar exchange of information.
Figure 2 shows the core tasks of
the four key functions, the interfaces
between them, and the different
focuses the functions concerned
have for each interface.
We have already considered the
many interfaces between the riskmanagement and actuarial functions
in the “Actuarial function” section
above. They result mainly from the
support received by the risk-manage­
ment function from the actuarial
function, which provides data (e.g.
cash flows) for the risk modelling
used by the risk-management func­
tion to calculate the risk capital
requirements or in calculations per­
formed for the ORSA. Thus, it is
essential for the two functions to
work closely together to guarantee,
for example, consistency of method­
ology and models. Moreover, the riskmanagement function may itself
request assistance with methodol­
ogy from the actuarial function.
Not only these two functions are
expected to provide opinions on
underwriting and acceptance policy
and reinsurance treaties – the inter­
nal audit function is expected to do
so too. However, the three functions
have different focuses:
−−Risk-management function: analy­
ses the impact of each area on the
company’s overall risk situation.
−−Actuarial function: considers in
particular the interdependencies
between the underwriting and
acceptance policy and the reinsur­
ance contracts, and the implica­
tions for reserving.
Fig. 2: Interfaces between the four key functions
Appropriateness
of assessment;
interaction
Actuarial
function
Review of assessment process;
opinions on underwriting
and acceptance policy and
­reinsurance contracts
Actuarial appro­
priateness of
assessment and
methodology
Help with risk
modelling/data
In context of
audit plan
Risk-management
function
Interfaces
Appropriateness
and effectiveness
Risk analysis;
risk control of first
line of defence
Measurement/
assessment
of overall risk
­situation
In context of overall
risk situation
Analysis and
assessment
Core task
Internal
audit
Monitoring and
audit
Opinion on underwrit­
ing and acceptance
­policy and reinsurance
contract
Requests for
methodological
support
Proper perfor­
mance of internal
controls
Compliance risk as
operational risk
Mutual audit
and monitoring
Monitoring of laws
and regulations
(compliance risk
only)
Avoidance/follow-up
of v­­iolations
Preventive;
­measures to
­prevent violations
Compliance
function
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Page 7/8
−−Internal audit: checks the opera­
tional capability and effectiveness
of the internal control system with
reference to the assessment and
decision-making processes.
vice provider performs a process,
a service or an activity, […] which
would otherwise be performed by
the insurance or reinsurance under­
taking itself”.
should be documented in a guideline.
A formal agreement clearly defining
the rights and obligations of the
company and the service provider is
also required.
Since all four functions have a direct
reporting line to the Board, there
should be regular exchange of infor­
mation to ensure “consistent com­
munication”, though assessments
may not always be the same and
there can be differences of opinion.
Efficient and consistent communica­
tion will be facilitated by uniform
definitions and materiality thresh­
olds, the latter being especially
important for the identification and
assessment of significant risks. Both
the internal-audit and risk-manage­
ment functions are responsible for
monitoring the operational effective­
ness of the risk-management system
and identifying potential risks at an
early stage. Monitoring by the riskmanagement function is directed pri­
marily at the operational units in the
first line of defence, whilst internal
audit is concerned with both the first
and second lines, the latter including
the risk-management function itself.
Use of the monitoring results or
reports of one function by the other
with no check or analysis of its own is
therefore not permissible, as the sep­
aration of the functions would not
then be assured.
The one-off use of a service provider
for a short period of time (“specialist
consultant”) is not deemed to consti­
tute outsourcing.
The supervisory authorities will
expect to see the following condi­
tions in an outsourcing contract:5
Once the functions are actually work­
ing in practice, more interfaces not
shown in the diagram will doubtless
become apparent. It will then be the
Board’s responsibility to define, doc­
ument and communicate a clear seg­
regation of duties.
Outsourcing
In principle, any task and function
may be outsourced to a service pro­
vider under Solvency II. According to
paragraph 28 of the definitions in the
framework directive (Article 13), “out­
sourcing” for the purposes of Sol­
vency II means “an arrangement of
any form between an insurance or
reinsurance undertaking and a ser­
vice provider, […] by which that ser­
A company must itself decide whether
performance of a service by a provider
constitutes outsourcing.
A company may select service pro­
viders that are:
−−part of the group to which the
­company belongs or outside it,
−−inside or outside the EU,
−−supervised or not supervised.
The outsourcing of individual tasks
to be performed by the four key
­functions is thus permitted, as is the
outsourcing of an entire function
to a service provider, provided that
the requirements laid down in Art­­­
icles 39 and 49 are satisfied. Com­
panies using an external service pro­
vider will remain “fully responsible for
­discharging all of their obligations”4
gunder the Directive.
Special requirements and additional
reporting obligations apply to the
outsourcing of critical and important
functions.
Any company outsourcing a function
must appoint an internal member of
staff to continue to be responsible for
the function. The person concerned
must be named in a written work
instruction and will be required to
verify performance of the outsourced
tasks and the quality of the service
provider’s work. In addition, a named
person at the service provider must
satisfy the “fit and proper” require­
ments applicable to the function.
−−Service provider to cooperate with
the supervisory authorities
−−The company, its auditors and the
supervisory authorities to have
access to relevant data at the ser­
vice provider
−−Supervisory authorities to have
effective access to the service pro­
vider’s business premises
This means that the service provid­
er’s processes, employees and data
may be subject to on-site audit by the
supervisory authorities at any time.
Such audits will verify whether the
service provider is capable of assum­
ing the function transferred to it to a
satisfactory standard and whether
there are any conflicts of interest.
Article 49 of the directive stipulates
that critical or important operational
functions may not be outsourced if
outsourcing would lead to
−−material impairment of the quality
of the system of governance;
−−an undue increase in the oper­
ational risk;
−−impairment of the ability of the
supervisory authorities to monitor
the compliance of the undertaking
with its obligations;
−−continuous and satisfactory service
to policyholders being undermined.
These points must be monitored at
the company by the risk-management
function and through the intern­al
­control system.
The selection process, the terms of
contracts with service providers, the
day-to-day working arrangements
and emergency plans required
A company must notify the supervi­
sory authorities “in a timely manner” of
any intended outsourcing or changes
in outsourcing arrangements. Level 3
defines “in a timely manner” as at least
six weeks in advance.
4Solvency
5Solvency
II Directive, Article 49, paragraph 1.
II Directive, Article 38, paragraph 1.
Munich Re
Key functions in the system of governance
Solvency Consulting Knowledge Series
Page 8/8
Outsourcing enables companies to
meet the requirements of Solvency II
regarding the key functions without
making major changes to their own
structure or employing additional staff.
Conclusion
There is no doubt that there are dif­
fering prerequisites for outsourcing
the functions. It is very important for
the risk-management and compli­
ance functions to be close to the
operational units and central divi­
sions of a company.
For the actuarial function in particu­
lar, outsourcing certain tasks can be
an attractive way of meeting the
wide range of requirements.
In the main, consultant actuaries or
reinsurance companies are appropriate
external service providers in this area.
Reinsurers subject to Solvency II are
obliged to set up the same key func­
tions and meet the same require­
ments. They have in-depth and wideranging actuarial expertise, as it is of
core importance to their own business.
Munich Re already offers numerous
services and specialist consultancy to
help companies with the Solvency II
requirements. Many of Munich Re’s
centralised services and tools are ready
for Solvency II. These include, for
example, biometric portfolio analyses
and underwriting services in the life
segment as well as risk-assessment
and pricing tools, also in the health
and property/casualty segments.
Not if, but how
The establishment of the four key
functions for Solvency II should not
merely be considered as a regulatory
requirement, but also as a way of
optimising a company’s own system
of governance, thus having a positive
effect on processes and decisionmaking. Introduction of Solvency II
will make a number of changes to
companies’ systems of governance
necessary. The responsibilities laid
down in the framework directive and
defined in the Level 2 and Level 3
papers are likely to lead to an increase
in the activities of the functions con­
cerned. It will be particularly chal­
lenging for companies to ensure effi­
cient interaction between the four
key functions while establishing
clear separation of responsibilities,
and in practice they will need time to
prepare for it. Application of the prin­
ciple of proportionality will give them
a degree of discretion in their struc­
tures and processes. There is there­
fore no catch-all standard that would
meet all of the regulator’s require­
ments if implemented. On the con­
trary, a company’s specific circum­
stances must be taken into account,
which presents both a challenge and
an opportunity.
Munich Re is the right partner for
companies intending to exploit that
opportunity. We provide insurers
with support in adapting to Solvency II
and offer them services that are tar­
geted at helping them comply with
the new requirements. In addition,
we offer consultancy and workshops
to help companies prepare for the
Solvency II Pillar 2 requirements.