Erwartungen der Schweizer Aufsicht an die interne Revision

advertisement
IIR - Dreiländertreffen 18. – 19. Januar 2007
Erwartungen der Schweizer Aufsicht an
die Interne Revision in der Schweiz
Philipp Keller, Bundesamt für
Privatversicherungen
18. Januar 2007
©
Contents
 Principles-Based
•
•
•
Supervision in the Past: Solvency1
Principles vs. Rules
New Swiss Insurance Regulation
 Swiss
 Risk
Supervision
Solvency Test
Management
 Internal Audit
18. Januar 2007
©
Seite 2
Supervision in the Past
“The actuarial convention according to which the composition of the assets determines the
size of the liabilities is one of the weirdest emanations of the human mind. It's a metaphor - like
saying that the advent of jet planes made the Atlantic narrower - and metaphor has a limited
place in finance”
Speech given by Martin Taylor to the National Association of Pension Funds conference
• Discount rates for liabilities were
set with reference to an expected
asset profit based on past
experience
• Implicit - often unknown - prudence
in liabilities
• No explicit valuation of embedded
options and guarantees
• Amortized cost for bonds
• Solvency 1: No capital requirement
for market and credit risk
18. Januar 2007
©
• High risk assets resulted in reduction of
liabilities
• Sales-forces pushed for adding high
guarantees to life policies
• Foreclosing of investment opportunities
due to amortized cost approach for bonds
• Cash flow underwriting
• Downward spiral when business contracts
• Underwriting cycles are exacerbated
Seite 3
Correlation Solvency 1 and SST
The correlation between the Solvency 1 ratio and the SST solvency ratio is 0 for nonlife
and approx. 0.5 for life (based on provisional data from field test 2006)
Life
Solvency 1 ratio
Solvency 1 ratio
Nonlife
Risk bearing capital / target capital
Risk bearing capital / target capital
correlation  0.56
correlation  -0.178
18. Januar 2007
©
Seite 4
Principles vs Rules
“.. in designing Solvency 2 our principal aim should be to incentivise insurance firms
to use, and reward them for using, modern risk management practices appropriate to
the size and nature of their business.”
Speech by John Tiner, Chief Executive, FSA, ABI conference on Solvency II and
IASB Phase II, 6 April 2006
A risk based solvency system has to rely on principles rather than rules if it has
to give incentives for risk management
Principles-based standards describe the objective sought in general terms and
require interpretation according to the circumstance.
A rule-based approach is not be possible if internal models will be used for
regulatory purposes
A principles based approach however only works with a responsibility culture
and not with a compliance culture
18. Januar 2007
©
Seite 5
New Swiss Insurance Regulation
Main Aims
• Policy holder protection from fraud
• Policy holder protection from the
consequences of insurance failures
The strategy of FOPI promotes
the necessary preconditions
to achieve its main aims:
• Functioning and innovative insurance
market
• Risk based supervision
Preconditions
• Principles based
supervision
• Pervasive responsibility culture
• People act with integrity
• Enabling competition within
the market
• Being professional, efficient
and transparent
• Existence of a risk culture
• Transparency
• Rule of Law
18. Januar 2007
©
Seite 6
Contents
 Principles-Based
 Swiss
•
•
•
 Risk
Supervision
Solvency Test
SST Principles
The Economic View
Standard- vs. Internal Models
Management
 Internal Audit
18. Januar 2007
©
Seite 7
Swiss Solvency Test: Principles
1. All assets and liabilities are valued market
consistently
4. Target capital is defined as the sum of the
Expected Shortfall of change of risk-bearing
capital within one year at the 99% confidence
level plus the market value margin
5. The market value margin is approximated by the
cost of the present value of future required
regulatory capital for the run-off of the portfolio
of assets and liabilities
6. Under the SST, an insurer’s capital adequacy is
defined if its target capital is less than its risk
bearing capital
Transparency
Defines Output
2. Risks considered are market, credit and insurance
risks
3. Risk-bearing capital is defined as the difference of
the market consistent value of assets less the
market consistent value of liabilities, plus the
market value margin
Defines How-to
9.
All relevant probabilistic states have to
be modeled probabilistically
10. Partial and full internal models can and
should be used. If the SST standard
model is not applicable, then a partial
or full internal model has to be used
11. The internal model has to be integrated
into the core processes within the
company
12. SST Report to supervisor such that a
knowledgeable 3rd party can
understand the results
13. Public disclosure of methodology of
internal model such that a
knowledgeable 3rd party can get a
reasonably good impression on
methodology and design decisions
14. Senior Management is responsible for
the adherence to principles
7. The scope of the SST is legal entity and group /
conglomerate level domiciled in Switzerland
8. Scenarios defined by the regulator as well as
company specific scenarios have to be evaluated
and, if relevant, aggregated within the target
capital calculation
18. Januar 2007
©
Seite 8
Swiss Solvency Test: Economic View
The measurement of risks: Accounting risk or economic risk?
Reported earnings follow the rules and principles of accounting. The
results do not always create measures consistent with underlying
economics. However, corporate management’s performance is
generally measured by accounting income, not underlying economics.
Therefore, risk management strategies are directed at accounting,
rather than economic performance.
Enron in-house risk-management handbook
For a risk-based solvency system, risks need to be measured objectively
and consistently
18. Januar 2007
©
Seite 9
Swiss Solvency Test: Economic View
The market consistent (economic) balance sheet
Free capital
Available
capital
SCR: Required capital for
1-year risk
Cost of Capital Margin
Market
value of
assets
Market
consistent
value of
liabilities
18. Januar 2007
©
Discounted best
estimate of
liabilities
Market
Value
Margin
Market value of
the replicating
portfolio
Seite 10
Standard vs. Internal Models
Risk Quantification:
• Using standard models for life, P&C and health companies, if the standard
models capture the risk the companies are exposed to appropriately
• Using internal models for reinsurers, insurance groups and conglomerates and
all companies for which the standard model is not appropriate (e.g. if they write
substantial business outside of Switzerland)
The use of an internal model is the default
option, the standard models can only be used if
they adequately quantify the company‘s risks
18. Januar 2007
©
Seite 11
Contents
 Principles-Based
 Swiss
 Risk
•
•
Supervision
Solvency Test
Management
Corporate Governance
Senior Management & The Board of Directors
 Internal Audit
18. Januar 2007
©
Seite 12
Risk Management
Warren Buffett‘s three key principles for running a successful insurance
business:
• They accept only those risks that they are able to properly evaluate (staying
within their circle of competence) and that, after they have evaluated all
relevant factors including remote loss scenarios, carry the expectancy of profit.
These insurers ignore market-share considerations and are sanguine about
losing business to competitors that are offering foolish prices or policy
conditions.
• They limit the business they accept in a manner that guarantees they will suffer
no aggregation of losses from a single event or from related events that will
threaten their solvency. They ceaselessly search for possible correlation
among seemingly-unrelated risks.
• They avoid business involving moral risk: No matter what the rate, trying to
write good contracts with bad people doesn't work. While most policyholders
and clients are honorable and ethical, doing business with the few exceptions
is usually expensive, sometimes extraordinarily so.
February 28, 2002, Warren E. Buffett
18. Januar 2007
©
Seite 13
Corporate Governance
Principles based supervision will
depend on a web of
relationships between the
company, professional bodies
and the supervisor
Supervisor
Direct supervision
and check that
oversight
responsibilities
are implemented
For a liberal, principles based
approach to function, all have to
see to it that the system of
checks and balances works
Implications for
supervision: closer
contact and dialogue
with the board,
professional bodies and
all relevant functions
within the company
18. Januar 2007
Indirect supervision to ascertain
that professional standards are
defined and in-line with
regulatory expectations
Actuarial
Profession
Accounting
Profession
Professional
guidance and
enforcement of
code of conduct
Board of
Directors
Senior
Management
Risk
Management
©
Responsible
Actuary
Internal
Audit
Seite 14
Senior Management & the BoD
The Board of Directors is responsible for:
• the governance, guidance and oversight responsibilities that are critical
to an effective internal control structure
• defining necessary board committees (e.g. audit committee, nomination
and compensation committee,…)
• The Board as a whole needs to have sufficient technical as well as strategical
insurance know-how to be able to supervise and guide the company as well as
the necessary stature and mindset
• A Board must be prepared to question and scrutinise management’s activities,
present alternative views and have the courage to act in the face of obvious
wrongdoing
• The Board and management need to know how adverse a risk must be for it to
impair the insurer’s financial position. This should include all risks arising from
the insurer’s assets and liabilities
• The members of the Board need to satisfy fit and proper requirements and have
to minimize conflict of interests
• The Board needs to define the risk appetite and see to it that it is in line with the
actual risk capacity of the company
18. Januar 2007
©
Seite 15
Senior Management & the BoD
As of 2007, FOPI will meet external Board of Directors and Senior Management
to discuss risk positions of companies and alignment of strategy with risk
capacity
For large or complex companies or companies with a high risk exposure, the
meetings will be at least yearly
FOPI will discuss with the Board the results of the SST/internal models and
specific risk exposures of the company
FOPI will discuss with senior management in addition the embedding of the
SST/internal model within the company, the relevance of risk management as
well as the influence of risk on the strategic
FOPI has no intention to set the strategies of the supervised
companies but wants to have comfort that strategic decisions are
discussed within senior management and with the board in the
context of the company’s actual risk capacity
18. Januar 2007
©
Seite 16
Contents
 Principles-Based
 Swiss
 Risk
Supervision
Solvency Test
Management
 Internal Audit
•
•
18. Januar 2007
Rights and Obligations
Supervisory Assessment
©
Seite 17
Internal Audit
Appoints the head of IA
Board of
Directors
In case of problems:
immediate reporting
to the board
At least yearly
complete report
Head IA
External
Audit
Internal Audit
Discusses IA
reports and reacts
in a timely manner
Quality review min.
every 5 years
Independent
Professional
Audit reports
On request, internal audit
supplies external audit with
reports to specific topics
IA is independent
from all operative
processes
IA has full access to
all of the company
18. Januar 2007
©
Seite 18
Internal Audit
Definition
Die Interne Revision ist ein Kontrollinstrument des Verwaltungsrates. Sie führt
objektive, unabhängige und risikoorientierte Prüfungen der Prozesse und
Strukturen eines Versicherungsunternehmens, einer Versicherungsgruppe oder
eines –konglomerates durch. Sie unterstützt die Organisation bei der Erreichung
ihrer Ziele, indem sie mit einem systematischen und zielgerichteten Ansatz die
Effektivität des Risikomanagements, des internen Kontrollsystems sowie der
Führungs- und Überwachungsprozesse analysiert, beurteilt und darüber Bericht
erstattet.
Sie handelt im Auftrag des Verwaltungsrates oder des Prüfungsausschusses
(Audit Committee) und erstattet diesen Gremien Bericht.
RICHTLINIE Nr. 1/2007 des BPV vom 12. Dezember 2006 zur Internen Revision
18. Januar 2007
©
Seite 19
Internal Audit: Rights and Obligations
Internal Audit (IA) is tasked with analyzing, reviewing and documenting the
quality and effectivity of risk management, the internal control system and
management- and control processes. The focus of the internal audit is on the
operative processes of the company
• IA informs the BoD in writing on all relevant findings. The BoD needs to be
informed at once in case of problems.
• IA writes at least yearly a complete audit report for the BoD or the audit
committee. The audit report is then to be sent to external audit. The audit
report is a compilation of all relevant internal audit reports sufficiently detailed
to show the adequacy of the processes and operative risks
• On request, IA supplies external audit with reports on specific topics
RICHTLINIE Nr. 1/2007 des BPV vom 12. Dezember 2006 zur Internen Revision
18. Januar 2007
©
Seite 20
Internal Audit: Rights and Obligations
• The head of internal audit is assigned by the Board of Directors (BoD)
• IA is directly responsible to the BoD and is independent from the operative
organization of the company. In particular, the function of responsible actuary is
not commensurate with an audit function
• The BoD is responsible that IA is adequately staffed and has enough
resources and know-how to fulfill its function
• The BoD is responsible to have a quality review of IA performed at least every
5 years. The quality review has to be done by external, independent persons
• IA has full access to all documents, systems, processes and functions and the
right to do any reviews within the company.
• IA has the right to request any information necessary to fulfill its duties
RICHTLINIE Nr. 1/2007 des BPV vom 12. Dezember 2006 zur Internen Revision
18. Januar 2007
©
Seite 21
Internal Audit: Supervisory Assessment
• FOPI will meet regularly with the BoD to assess whether the Board is aware of
its responsibility vis-à-vis internal audit and ensures that IA is adequately
staffed and has access to the company
• FOPI will meet with IA to assess if it is adequately staffed with personnel with
sufficient know-how
• FOPI will ensure that SIIA ‘s (Swiss Institute of Internal Audit) self-governance
and enforcement of its code of conduct is adequate
18. Januar 2007
©
Seite 22
Outlook
I believe we are on an irreversible trend toward more
freedom and democracy - but that could change
Dan Quayle
The success of principles based supervision will depend crucially on:

Trust and an open and informed dialog between the industry and the
supervisor

Development of a responsibility culture  the willingness to do the right thing
rather than purely complying with a minimal set of rules

Adequate self-governance of the industry and relevant professional
associations (actuaries, accountants,…)
The ultimate responsibility for ascertaining adherence to principles lies with the
supervisor but a principles based supervisory framework will depend on
devolving responsibility for implementing the principles away from the supervisor
to the board of directors, senior management and professional organizations
18. Januar 2007
©
Seite 23
Download