< Picture to go here > Lloyd’s control framework for Regulatory & tax reporting Phase II- Coverholders 2014 © Lloyd’s Lloyd’s Control Framework Why it’s important What is it and who does it affect? How is it implemented? The risk model and how it applies Coverholder audit Delivery roadmap 2013-2015 Board sign off… Questions? © Lloyd’s WHY it’s important Increasing regulatory and tax authority scrutiny around the information that Lloyd’s returns are based upon. The increasing number of tax audits, notably in Europe, both in the Lloyd's environment and the general insurance market mean that it is even more important to “raise the bar” on information standards to ensure Lloyd's can satisfy tax authorities that requirements have been met. Increasing sophistication of the business being written (cross border) through coverholders resulting in regulatory risk increasing. Confidence in data quality is not currently based on evidence and so is difficult to demonstrate. © Lloyd’s What is it? Identifies for the first time explicit minimum information requirements covering tax and regulatory reporting. Going through a process to implement the Control Framework ensures accuracy and completeness of the minimum regulatory and tax information requirements. A structured, documented process that allows managing agents to demonstrate they have adequate controls in place. Nothing new! © Lloyd’s WHO does it affect? Control Framework is the managing agents responsibility Phase I Service Companies – Completed Phase II Coverholders – Deadline 31st December 2015 Phase III Open Market - TBA Phase I – Completed 39 managing agents successfully signed off on time! Phase II – Commenced in July 2013 Framework does not change it simply extends the scope to include coverholder business. Assurance gained through coverholder audits. Project pack of templates to help managing agents with their delivery. Presentations at Market Forums to raise awareness on “raising the bar” around quality of information. Our own page on Lloyds.com. Quarterly Breakfast Group for managing agents and brokers. © Lloyd’s How it’s implemented Process for continuous improvement to “raise the bar” Information Requirements Confidence gained Risks Evidence gathered How the risks apply Controls described or defined © Lloyd’s The risk model RISK 1 Requirements are not understood 2 Data capture is inadequate 3 Data is processed incorrectly 4 HOW IT MAY TRANSPIRE There are many reasons why this risk may crystallise. It could be that the person interpreting the requirements does not have the requisite skills or experience, human error, or the requirements being unclear or ambiguous This may relate to data not being captured, being captured more than once (duplicate) or that the data captured is erroneous. It may also be that data is not refreshed at the appropriate point (if relevant). Between capture and reporting data will undergo some form of processing. In some cases this will be about using different elements of data to compute other information, but it also relates to things such as erroneous report definitions. Typically, this risk can also be used to cover security and continuity risks, but given the specific focus in the Operating Principles these have been broken out. Data may be corrupted accidentally or on purpose. Typically this involved inadvertent or erroneous changes to data when it is being adapted outside of core processing systems. Data is corrupted 5 Data is lost and cannot be recovered This is most likely to crystallise where historic information is not contained in core processing systems that are subject to a robust backup regime, but in end user computing facilities such as spreadsheets or user maintained databases. © Lloyd’s How the risks apply How these risks might apply to your organisation or any associated third party undertaking information capture or processing on your behalf. Understand how these risks could be addressed What existing controls are in place? How are these risks currently mitigated and managed? © Lloyd’s Coverholder audit New coverholder audit scope extended to include questions addressing the Control Framework Areas of focus include: Location of risk How this is determined for system entry What considerations are taken when cross-border business is written How tax liability is determined Collation/ creation of the bordereaux Whether Lloyd’s tools are used in the process of determining risk location and tax liability (Crystal, Risk Locator Tool, etc). © Lloyd’s Delivery road map 2013 © Lloyd’s Delivery road map 2014-2015 © Lloyd’s Board Sign-off… Managing agent certification report Internal controls over Regulatory and Tax reporting (coverholders) Managing Agent’s Responsibilities [Name of managing agent] acknowledges its responsibility for compliance with the regulatory and tax information requirements set out by Lloyd's, including the completeness, accuracy, and presentation of the information where we lead contracts. We understand that a risk based approach to coverholders applies, and it is not necessary for [Name of managing agent] to collect and hold all of the relevant information, but that we must be able to access and present the relevant information if required. This includes designing, implementing and operating effective controls, or gaining sufficient assurance over the adequacy of controls operated by others on which we rely, to achieve the related control objectives relating to the relevant tax and regulatory information for each territory in which we, [Name of managing agent], and the coverholder are carrying out business. Managing Agent Statement On the basis of enquiries of management and staff with relevant knowledge and experience, sufficient to satisfy ourselves that we can properly make the following statements, we confirm that we meet the requirements of the Lloyd’s Control Framework for Regulatory and Tax Reporting, including: a) the processes described on pages [ ] to [ ] are a fair representation of the systems and controls that have been implemented at [Name of managing agent]; and b) the controls relating to the relevant information requirements are suitably designed to provide reasonable assurance that control objectives are being achieved and operated effectively as at [insert date]; and c) sufficient assurance on accuracy, quality and completeness of information captured by coverholder(s) has been gained. On behalf of The Board Managing Agent [Date] © Lloyd’s < Picture to go here > Any questions? © Lloyd’s © Lloyd’s