The clock is ticking for compliance with Solvency II, the new set of regulatory requirements for insurance firms operating in the European Union. The regulation comes into force on December 31, 2012, but firms will need to allow a year for dry runs and testing.
The move to Solvency II, which is likely to cost larger firms millions of pounds, is, according to Martha Bennett, practice leader for financial services technology at Ovum, the biggest IT project since Y2K.
At the same time, the move provides CIOs with a golden opportunity to transform the information management landscape in their business and provide a sharper competitive edge.
Solvency II represents a major change in the way insurance companies are regulated. While Solvency I was simply a framework for calculating capital requirements, Solvency II – as well as strengthening the requirements on capital adequacy – is based on a set of principles for the management of risk.
As Norman Black, European business development manager for insurance at SAP, puts it: “The regulator has realised that when insurers have failed over the past 20 years, it hasn’t necessarily been because of poor capital management, it’s because of poor risk management.”
Regulators believe the new regime will help the creation of a single European market in insurance and provide consumers with information that will improve their ability to compare the policies offered by different companies.
The principal components of Solvency II are known as the three pillars:
- Pillar 1 requires firms to demonstrate that the firm has adequate financial resources, which includes holding enough capital. In this, it is similar to Solvency I.
- Pillar 2 requires them to show that they have an adequate system of governance, including an effective risk management system
- Pillar 3 entails reporting both qualitative and quantitative information about the business’s capital adequacy and risk management.
“This is not just some sort of minor technical change to the regulation – it’s a fundamental change in its emphasis and coverage,” says Black. “It’s understanding the impact from a capital and risk point of view of every key business decision and investment that you make.”
IT functions will need to provide new or improved systems for the management of risk. Many major vendors such as IBM, SAP and Oracle have relevant offerings, but the magnitude and complexity of the requirements mean that it isn’t possible to buy a single Solvency II solution.
Katherine Williams, Solvency II expert in Accenture’s Insurance Industry practice, says that the IT requirements for Pillar 1 are most likely to be about data availability, to feed into all those risk capital calculations.
“Businesses need to adopt tools that allow data to be aggregated together or data warehousing to be improved,” she says. "Many firms are focusing their IT efforts on Pillar 1, because the task of developing systems for making quantitative calculations is one they are familiar with. The real challenge comes with Pillars 2 and 3. Pillar 2 will entail putting recording systems in place for the implementation of risk management procedures."
Pillar 3 will require, as Williams puts it, a “mighty effort [from the IT function] in terms of interpreting what’s required of disclosure, and then developing the internal reporting mechanism to produce the relevant reports.”
The key to success, Williams believes, is to take a long-term view. Business and IT need to think strategically about the creation of an environment in which, to quote a recent Accenture white paper:
“Risk issues are integrated into the enterprise culture and all decision making, not siloed within business segments or operational processes.”
In this integrated environment, the paper says, risk management is aligned with business strategy, resulting in “stronger stakeholder confidence in risk control and in reserves, better capital and portfolio management, enhanced pricing competitiveness and consistent management of operational risk."
The real work of moving to Solvency II is in information management, beginning with identifying the processes that need to be implemented and pinpointing the data that will be used as the basis for reporting.
IT is in a position to take a lead on this, says Ovum’s Bennett. “IT is the only part of the company that knows how all the systems hang together,” she says.
Because most large insurance companies have data stored in multiple locations and in different formats, the initial job of understanding what data is held where and how it relates to other data held in the firm, is a substantial task.
“The problem is that large firms may have numerous divisions around the world, and they operate in multiple lines of business such as group and life insurance,” says Jojy Mathew, vice president of business information management at Capgemini. “Most of these firms have come together through acquisitions, so these policies are often sitting in some monolithic system in databases in all kinds of applications. The information landscape is very disparate.”
Mathew believes that creating the information foundation (identifying data, standardising it and cleaning it) represents about 60 to 70 per cent of the overall work for Solvency II. Each division may be using different definitions of terms such as policy or premium, and Mathew argues that every company needs a business dictionary – a taxonomy that provides precise definitions of those terms that can be used across the business.
It’s impossible, he says, to report accurately on data if terms are used inconsistently in different business divisions.
Ovum’s Bennett agrees about the importance of good information management.
“Any risk model you build is only as good as the data you put into it,” she says. “What it boils down to in the final instance is reporting, not only being able to access your internal data but being able to rely on the timeliness and accuracy of your internal data.”
She points out that in many insurance companies, reporting is carried out through a proliferation of spreadsheets, with data from one spreadsheet often feeding into another.
“Insurers need much stronger rules regarding spreadsheets. If somebody uses a spreadsheet extract to do the sales planning for their own business unit, then it needs to be absolutely clear that nothing from that spreadsheet should be fed back into the system.”
Single data platform
Bennett is optimistic, however, about the potential Solvency II offers for bringing greater benefits to the business, citing one insurance company that decided, as part of its Solvency II efforts, to put all parts of the business on a single reporting platform.
“That does away with forever having to do data normalisation, data cleansing and figuring out how to feed from this system to that system,” she says.
The adoption of a single reporting platform makes it possible to obtain a view of the data held in different places, not only providing an enterprise-wide view of risk but enabling the business to use the data to create business benefits – to market new products, for example, or to monitor the success of existing offerings.
“If a large insurance group takes an approach that’s given everybody better visibility over their business and a much more real-time understanding of what’s happening to the key indicators for their business, that can provide competitive advantage,” says Bennett.
Above all, Solvency II requires IT and the business to understand the importance of having quality information and using it intelligently, says Williams.
“It’s all about the level of integration of your systems, making sure that everything from the data warehouse to the reporting is at the right level, and that it has timely and relevant information. The business really needs to think about what information it might need to operate more efficiently in a fast-moving environment.”