What is the Control Framework?

advertisement
< Picture to go here >
Lloyd’s control framework
for Regulatory & tax reporting
Phase II- Coverholders
2014
© Lloyd’s
Lloyd’s Control Framework
 Why it’s important
 What is it and who does it affect?
 How is it implemented?
 The risk model and how it applies
 Coverholder audit
 Delivery roadmap 2013-2015
 Board sign off…
 Questions?
© Lloyd’s
WHY it’s important
 Increasing regulatory and tax authority scrutiny around the
information that Lloyd’s returns are based upon.
The increasing number of tax audits, notably in Europe, both in
the Lloyd's environment and the general insurance market mean
that it is even more important to “raise the bar” on information
standards to ensure Lloyd's can satisfy tax authorities that
requirements have been met.
 Increasing sophistication of the business being written (cross
border) through coverholders resulting in regulatory risk
increasing.
 Confidence in data quality is not currently based on evidence
and so is difficult to demonstrate.
© Lloyd’s
What is it?
 Identifies for the first time explicit minimum information
requirements covering tax and regulatory reporting.
 Going through a process to implement the Control Framework
ensures accuracy and completeness of the minimum regulatory
and tax information requirements.
 A structured, documented process that allows managing agents
to demonstrate they have adequate controls in place.
 Nothing new!
© Lloyd’s
WHO does it affect?
Control Framework is the managing agents responsibility
Phase I
Service Companies – Completed
Phase II
Coverholders – Deadline 31st December 2015
Phase III
Open Market - TBA
Phase I – Completed
39 managing agents successfully signed off on time!
Phase II – Commenced in July 2013

Framework does not change it simply extends the scope to include coverholder
business.

Assurance gained through coverholder audits.

Project pack of templates to help managing agents with their delivery.

Presentations at Market Forums to raise awareness on “raising the bar” around
quality of information.

Our own page on Lloyds.com.

Quarterly Breakfast Group for managing agents and brokers.
© Lloyd’s
How it’s implemented
Process for continuous improvement to “raise the bar”
Information
Requirements
Confidence
gained
Risks
Evidence
gathered
How the risks
apply
Controls
described or
defined
© Lloyd’s
The risk model
RISK
1
Requirements are not
understood
2
Data capture is
inadequate
3
Data is processed
incorrectly
4
HOW IT MAY TRANSPIRE
There are many reasons why this risk may crystallise. It could be that the person interpreting
the requirements does not have the requisite skills or experience, human error, or the
requirements being unclear or ambiguous
This may relate to data not being captured, being captured more than once (duplicate) or that the
data captured is erroneous. It may also be that data is not refreshed at the appropriate point (if
relevant).
Between capture and reporting data will undergo some form of processing. In some cases this
will be about using different elements of data to compute other information, but it also relates to
things such as erroneous report definitions. Typically, this risk can also be used to cover
security and continuity risks, but given the specific focus in the Operating Principles these have
been broken out.
Data may be corrupted accidentally or on purpose. Typically this involved inadvertent or
erroneous changes to data when it is being adapted outside of core processing systems.
Data is corrupted
5
Data is lost and cannot
be recovered
This is most likely to crystallise where historic information is not contained in core processing
systems that are subject to a robust backup regime, but in end user computing facilities such as
spreadsheets or user maintained databases.
© Lloyd’s
How the risks apply
 How these risks might apply to your organisation or any
associated third party undertaking information capture or
processing on your behalf.
 Understand how these risks could be addressed
 What existing controls are in place?
 How are these risks currently mitigated and managed?
© Lloyd’s
Coverholder audit
New coverholder audit scope extended to include
questions addressing the Control Framework
Areas of focus include:

Location of risk
 How this is determined for system entry
 What considerations are taken when cross-border business is written

How tax liability is determined

Collation/ creation of the bordereaux

Whether Lloyd’s tools are used in the process of determining risk location and
tax liability (Crystal, Risk Locator Tool, etc).
© Lloyd’s
Delivery road map 2013
© Lloyd’s
Delivery road map 2014-2015
© Lloyd’s
Board Sign-off…
Managing agent certification report
Internal controls over Regulatory and Tax reporting (coverholders)
Managing Agent’s Responsibilities
[Name of managing agent] acknowledges its responsibility for compliance with the regulatory and tax information requirements
set out by Lloyd's, including the completeness, accuracy, and presentation of the information where we lead contracts.
We understand that a risk based approach to coverholders applies, and it is not necessary for [Name of managing agent] to
collect and hold all of the relevant information, but that we must be able to access and present the relevant information if required.
This includes designing, implementing and operating effective controls, or gaining sufficient assurance over the adequacy of
controls operated by others on which we rely, to achieve the related control objectives relating to the relevant tax and regulatory
information for each territory in which we, [Name of managing agent], and the coverholder are carrying out business.
Managing Agent Statement
On the basis of enquiries of management and staff with relevant knowledge and experience, sufficient to satisfy ourselves that we
can properly make the following statements, we confirm that we meet the requirements of the Lloyd’s Control Framework for
Regulatory and Tax Reporting, including:
a) the processes described on pages [ ] to [ ] are a fair representation of the systems and controls that have been implemented
at [Name of managing agent]; and
b) the controls relating to the relevant information requirements are suitably designed to provide reasonable assurance that
control objectives are being achieved and operated effectively as at [insert date]; and
c) sufficient assurance on accuracy, quality and completeness of information captured by coverholder(s) has been gained.
On behalf of The Board
Managing Agent
[Date]
© Lloyd’s
< Picture to go here >
Any questions?
© Lloyd’s
© Lloyd’s
Download