IIR - Dreiländertreffen 18. – 19. Januar 2007 Erwartungen der Schweizer Aufsicht an die Interne Revision in der Schweiz Philipp Keller, Bundesamt für Privatversicherungen 18. Januar 2007 © Contents Principles-Based • • • Supervision in the Past: Solvency1 Principles vs. Rules New Swiss Insurance Regulation Swiss Risk Supervision Solvency Test Management Internal Audit 18. Januar 2007 © Seite 2 Supervision in the Past “The actuarial convention according to which the composition of the assets determines the size of the liabilities is one of the weirdest emanations of the human mind. It's a metaphor - like saying that the advent of jet planes made the Atlantic narrower - and metaphor has a limited place in finance” Speech given by Martin Taylor to the National Association of Pension Funds conference • Discount rates for liabilities were set with reference to an expected asset profit based on past experience • Implicit - often unknown - prudence in liabilities • No explicit valuation of embedded options and guarantees • Amortized cost for bonds • Solvency 1: No capital requirement for market and credit risk 18. Januar 2007 © • High risk assets resulted in reduction of liabilities • Sales-forces pushed for adding high guarantees to life policies • Foreclosing of investment opportunities due to amortized cost approach for bonds • Cash flow underwriting • Downward spiral when business contracts • Underwriting cycles are exacerbated Seite 3 Correlation Solvency 1 and SST The correlation between the Solvency 1 ratio and the SST solvency ratio is 0 for nonlife and approx. 0.5 for life (based on provisional data from field test 2006) Life Solvency 1 ratio Solvency 1 ratio Nonlife Risk bearing capital / target capital Risk bearing capital / target capital correlation 0.56 correlation -0.178 18. Januar 2007 © Seite 4 Principles vs Rules “.. in designing Solvency 2 our principal aim should be to incentivise insurance firms to use, and reward them for using, modern risk management practices appropriate to the size and nature of their business.” Speech by John Tiner, Chief Executive, FSA, ABI conference on Solvency II and IASB Phase II, 6 April 2006 A risk based solvency system has to rely on principles rather than rules if it has to give incentives for risk management Principles-based standards describe the objective sought in general terms and require interpretation according to the circumstance. A rule-based approach is not be possible if internal models will be used for regulatory purposes A principles based approach however only works with a responsibility culture and not with a compliance culture 18. Januar 2007 © Seite 5 New Swiss Insurance Regulation Main Aims • Policy holder protection from fraud • Policy holder protection from the consequences of insurance failures The strategy of FOPI promotes the necessary preconditions to achieve its main aims: • Functioning and innovative insurance market • Risk based supervision Preconditions • Principles based supervision • Pervasive responsibility culture • People act with integrity • Enabling competition within the market • Being professional, efficient and transparent • Existence of a risk culture • Transparency • Rule of Law 18. Januar 2007 © Seite 6 Contents Principles-Based Swiss • • • Risk Supervision Solvency Test SST Principles The Economic View Standard- vs. Internal Models Management Internal Audit 18. Januar 2007 © Seite 7 Swiss Solvency Test: Principles 1. All assets and liabilities are valued market consistently 4. Target capital is defined as the sum of the Expected Shortfall of change of risk-bearing capital within one year at the 99% confidence level plus the market value margin 5. The market value margin is approximated by the cost of the present value of future required regulatory capital for the run-off of the portfolio of assets and liabilities 6. Under the SST, an insurer’s capital adequacy is defined if its target capital is less than its risk bearing capital Transparency Defines Output 2. Risks considered are market, credit and insurance risks 3. Risk-bearing capital is defined as the difference of the market consistent value of assets less the market consistent value of liabilities, plus the market value margin Defines How-to 9. All relevant probabilistic states have to be modeled probabilistically 10. Partial and full internal models can and should be used. If the SST standard model is not applicable, then a partial or full internal model has to be used 11. The internal model has to be integrated into the core processes within the company 12. SST Report to supervisor such that a knowledgeable 3rd party can understand the results 13. Public disclosure of methodology of internal model such that a knowledgeable 3rd party can get a reasonably good impression on methodology and design decisions 14. Senior Management is responsible for the adherence to principles 7. The scope of the SST is legal entity and group / conglomerate level domiciled in Switzerland 8. Scenarios defined by the regulator as well as company specific scenarios have to be evaluated and, if relevant, aggregated within the target capital calculation 18. Januar 2007 © Seite 8 Swiss Solvency Test: Economic View The measurement of risks: Accounting risk or economic risk? Reported earnings follow the rules and principles of accounting. The results do not always create measures consistent with underlying economics. However, corporate management’s performance is generally measured by accounting income, not underlying economics. Therefore, risk management strategies are directed at accounting, rather than economic performance. Enron in-house risk-management handbook For a risk-based solvency system, risks need to be measured objectively and consistently 18. Januar 2007 © Seite 9 Swiss Solvency Test: Economic View The market consistent (economic) balance sheet Free capital Available capital SCR: Required capital for 1-year risk Cost of Capital Margin Market value of assets Market consistent value of liabilities 18. Januar 2007 © Discounted best estimate of liabilities Market Value Margin Market value of the replicating portfolio Seite 10 Standard vs. Internal Models Risk Quantification: • Using standard models for life, P&C and health companies, if the standard models capture the risk the companies are exposed to appropriately • Using internal models for reinsurers, insurance groups and conglomerates and all companies for which the standard model is not appropriate (e.g. if they write substantial business outside of Switzerland) The use of an internal model is the default option, the standard models can only be used if they adequately quantify the company‘s risks 18. Januar 2007 © Seite 11 Contents Principles-Based Swiss Risk • • Supervision Solvency Test Management Corporate Governance Senior Management & The Board of Directors Internal Audit 18. Januar 2007 © Seite 12 Risk Management Warren Buffett‘s three key principles for running a successful insurance business: • They accept only those risks that they are able to properly evaluate (staying within their circle of competence) and that, after they have evaluated all relevant factors including remote loss scenarios, carry the expectancy of profit. These insurers ignore market-share considerations and are sanguine about losing business to competitors that are offering foolish prices or policy conditions. • They limit the business they accept in a manner that guarantees they will suffer no aggregation of losses from a single event or from related events that will threaten their solvency. They ceaselessly search for possible correlation among seemingly-unrelated risks. • They avoid business involving moral risk: No matter what the rate, trying to write good contracts with bad people doesn't work. While most policyholders and clients are honorable and ethical, doing business with the few exceptions is usually expensive, sometimes extraordinarily so. February 28, 2002, Warren E. Buffett 18. Januar 2007 © Seite 13 Corporate Governance Principles based supervision will depend on a web of relationships between the company, professional bodies and the supervisor Supervisor Direct supervision and check that oversight responsibilities are implemented For a liberal, principles based approach to function, all have to see to it that the system of checks and balances works Implications for supervision: closer contact and dialogue with the board, professional bodies and all relevant functions within the company 18. Januar 2007 Indirect supervision to ascertain that professional standards are defined and in-line with regulatory expectations Actuarial Profession Accounting Profession Professional guidance and enforcement of code of conduct Board of Directors Senior Management Risk Management © Responsible Actuary Internal Audit Seite 14 Senior Management & the BoD The Board of Directors is responsible for: • the governance, guidance and oversight responsibilities that are critical to an effective internal control structure • defining necessary board committees (e.g. audit committee, nomination and compensation committee,…) • The Board as a whole needs to have sufficient technical as well as strategical insurance know-how to be able to supervise and guide the company as well as the necessary stature and mindset • A Board must be prepared to question and scrutinise management’s activities, present alternative views and have the courage to act in the face of obvious wrongdoing • The Board and management need to know how adverse a risk must be for it to impair the insurer’s financial position. This should include all risks arising from the insurer’s assets and liabilities • The members of the Board need to satisfy fit and proper requirements and have to minimize conflict of interests • The Board needs to define the risk appetite and see to it that it is in line with the actual risk capacity of the company 18. Januar 2007 © Seite 15 Senior Management & the BoD As of 2007, FOPI will meet external Board of Directors and Senior Management to discuss risk positions of companies and alignment of strategy with risk capacity For large or complex companies or companies with a high risk exposure, the meetings will be at least yearly FOPI will discuss with the Board the results of the SST/internal models and specific risk exposures of the company FOPI will discuss with senior management in addition the embedding of the SST/internal model within the company, the relevance of risk management as well as the influence of risk on the strategic FOPI has no intention to set the strategies of the supervised companies but wants to have comfort that strategic decisions are discussed within senior management and with the board in the context of the company’s actual risk capacity 18. Januar 2007 © Seite 16 Contents Principles-Based Swiss Risk Supervision Solvency Test Management Internal Audit • • 18. Januar 2007 Rights and Obligations Supervisory Assessment © Seite 17 Internal Audit Appoints the head of IA Board of Directors In case of problems: immediate reporting to the board At least yearly complete report Head IA External Audit Internal Audit Discusses IA reports and reacts in a timely manner Quality review min. every 5 years Independent Professional Audit reports On request, internal audit supplies external audit with reports to specific topics IA is independent from all operative processes IA has full access to all of the company 18. Januar 2007 © Seite 18 Internal Audit Definition Die Interne Revision ist ein Kontrollinstrument des Verwaltungsrates. Sie führt objektive, unabhängige und risikoorientierte Prüfungen der Prozesse und Strukturen eines Versicherungsunternehmens, einer Versicherungsgruppe oder eines –konglomerates durch. Sie unterstützt die Organisation bei der Erreichung ihrer Ziele, indem sie mit einem systematischen und zielgerichteten Ansatz die Effektivität des Risikomanagements, des internen Kontrollsystems sowie der Führungs- und Überwachungsprozesse analysiert, beurteilt und darüber Bericht erstattet. Sie handelt im Auftrag des Verwaltungsrates oder des Prüfungsausschusses (Audit Committee) und erstattet diesen Gremien Bericht. RICHTLINIE Nr. 1/2007 des BPV vom 12. Dezember 2006 zur Internen Revision 18. Januar 2007 © Seite 19 Internal Audit: Rights and Obligations Internal Audit (IA) is tasked with analyzing, reviewing and documenting the quality and effectivity of risk management, the internal control system and management- and control processes. The focus of the internal audit is on the operative processes of the company • IA informs the BoD in writing on all relevant findings. The BoD needs to be informed at once in case of problems. • IA writes at least yearly a complete audit report for the BoD or the audit committee. The audit report is then to be sent to external audit. The audit report is a compilation of all relevant internal audit reports sufficiently detailed to show the adequacy of the processes and operative risks • On request, IA supplies external audit with reports on specific topics RICHTLINIE Nr. 1/2007 des BPV vom 12. Dezember 2006 zur Internen Revision 18. Januar 2007 © Seite 20 Internal Audit: Rights and Obligations • The head of internal audit is assigned by the Board of Directors (BoD) • IA is directly responsible to the BoD and is independent from the operative organization of the company. In particular, the function of responsible actuary is not commensurate with an audit function • The BoD is responsible that IA is adequately staffed and has enough resources and know-how to fulfill its function • The BoD is responsible to have a quality review of IA performed at least every 5 years. The quality review has to be done by external, independent persons • IA has full access to all documents, systems, processes and functions and the right to do any reviews within the company. • IA has the right to request any information necessary to fulfill its duties RICHTLINIE Nr. 1/2007 des BPV vom 12. Dezember 2006 zur Internen Revision 18. Januar 2007 © Seite 21 Internal Audit: Supervisory Assessment • FOPI will meet regularly with the BoD to assess whether the Board is aware of its responsibility vis-à-vis internal audit and ensures that IA is adequately staffed and has access to the company • FOPI will meet with IA to assess if it is adequately staffed with personnel with sufficient know-how • FOPI will ensure that SIIA ‘s (Swiss Institute of Internal Audit) self-governance and enforcement of its code of conduct is adequate 18. Januar 2007 © Seite 22 Outlook I believe we are on an irreversible trend toward more freedom and democracy - but that could change Dan Quayle The success of principles based supervision will depend crucially on: Trust and an open and informed dialog between the industry and the supervisor Development of a responsibility culture the willingness to do the right thing rather than purely complying with a minimal set of rules Adequate self-governance of the industry and relevant professional associations (actuaries, accountants,…) The ultimate responsibility for ascertaining adherence to principles lies with the supervisor but a principles based supervisory framework will depend on devolving responsibility for implementing the principles away from the supervisor to the board of directors, senior management and professional organizations 18. Januar 2007 © Seite 23