[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

N2 and beyond

What is the point of regulation if it serves only to stifle competition, and leave the UK insurance industry drowning in a quagmire of red tape and unnecessary administration? Exactly. Do you think regulation is boring, onerous, and irrelevant to the way you run your business? Read on.
In last month’s issue Nick Dexter outlined what will happen at N2, or 30 November 2001, when the Financial Services and Markets Act 2000 comes into play. This article will explain more about where the new regulatory regime is heading and put N2 into the wider context.

Risk-based regulation
The new regulatory regime will be risk-based. All financial services companies, including insurance companies, banks, and building societies, will eventually be regulated on a level playing field. All existing legislation and guidance will then be codified into the Integrated Prudential Source Book (IPSB). The minimum capital required will depend on the underlying risks, more for riskier players and more for companies with less sophisticated systems and controls. There will be an onus on companies themselves to justify their capital requirements. All this follows largely from the international Basel Accord, which sets out how banks will be regulated on risk-based assessment criteria. The current implementation date for Basel is likely to be 2005 and the IPSB solvency regulation will probably apply from the same date, but the spirit of the new regime will come into play from N2. The Basel Accord allows a continuum of approaches to measuring risk, and the better the control environment, the lower the capital requirements.
The new framework is intended to align capital adequacy assessment more closely with the key elements of banking risks and to provide incentives for banks to enhance their risk measurement and management capabilities. (Basel Committee on banking supervision)
Another external driver for risk-based supervision, of which actuaries may not be aware, is the Turnbull code of corporate governance:
The board’s annual assessment should, in particular, consider changes since the last review in the nature and extent of significant risks and the company’s ability to respond effectively to changes in its business and external environment. (Turnbull, paragraph 33)
Both Basel and Turnbull are setting the foundations for the new regulatory regime which is being envisaged by the Financial Services Authority (FSA). In a keynote speech in July 2000, Sir Howard Davies, chairman of the FSA said:
There is a clear danger that compliance with rules and regulations is seen as a substitute for genuine risk assessment and risk management.
The risks examined under the new framework will be wider than those with which actuaries are familiar. The IPSB specifically sets out six:
– market risk (for example, changes in interest rates);
– credit risk (for example, your financing reinsurer going bust);
– operational risk (your IT systems have been giving incorrect information for years);
– insurance risk (with which we are perhaps more familiar);
– group risk (to sweep up any additional risks resulting from the overall structure of a group and its component parts); and
– liquidity risk (rules still to be issued).
The new regime will steer away from implicit margins and towards explicit reserves. For example, a reserve will be required for terminal bonuses based on asset shares. There will be less opportunity for holding of implicit reserves. Appointed actuaries may have to spend more time communicating with their boards, and ensuring they have evidence to justify decisions such as increases in reserves.
In future there will be more emphasis on the dynamics of the situation looking at business plans and strategic direction, rather than the simple static situation. Stress and scenario testing will provide the regulator with important information on issues which could threaten the solvency of the company.
The FSA will place great importance on the personal responsibility of the officers of the company, including the appointed actuary, so that in any future débâcles the guilty parties could be held to account. Tasks can be delegated, but responsibilities cannot. There is great emphasis on there being sufficient management information, and controls on those systems which produce it, to ensure that management can carry out their its to the required regulatory standards. In some companies this may mean that the organisational structure needs to be reviewed and simplified. ‘Dotted line’ reporting, matrix management, and project-based teams or committees may present problems where this involves conflicts of interest for actuaries. Actuaries may need to be particularly vigilant in not assuming responsibility for areas over which they have no authority. Unit pricing, tax, and derivatives are typical areas where the appointed actuary has regulatory responsibility, although the operational staff are reporting to the finance function.
The new regulatory regime will be largely controls-based, just as many external audits are today. This means that, rather than check the actual answer, the regulator will require proof that the firm has effective systems and controls in place. If necessary, the regulator will be able to enter the firm and check this. This will require documentation to be of a high standard and immediately accessible.
All these trends will lead to more sophisticated methods of modelling risk dynamically, such as asset/liability modelling (ALM). They will carry out scenario testing, such as examining the effects of a recession, rather than simple sensitivity tests where just discrete changes in one or two parameters are made. The models will include parameters which have traditionally been seen as out of the scope of actuarial models, such as changes in social, political, or economic factors. Some of these factors may not be easily incorporated into financial models and ‘softer’ methods of risk assessment may need to be used. Past experience has shown that it is often the ‘impossible’ which catches us all by surprise. Guaranteed annuity options (GAOs) and interest rates, mortgage indemnity and property prices didn’t our systems pick them up, or were they brushed aside?
And why should risk assessment be limited to downside risk? If companies are missing potential upsides, then this is a risk too. The duty of the management of the company is to maximise stakeholder value stakeholders in the case of insurance companies being principally the policyholders, shareholders, staff, and the regulator. A world-class risk management system would be one which manages the company for the benefit of all stakeholders, not just one group.

Integrated risk management
The systems and information in place would be used to maximise value and make management decisions which lines of business or customers to drop, which to expand. Consistent value decisions would be made in all areas of the firm. Information would be dynamic, looking at the future possible scenarios implicated by each decision. External influences, such as competitors’ rates, and economic and political conditions, would be as much part of the model as internal influences. This all implies that insurance companies should be using integrated risk management systems to run their companies.

Figure 1 Integrated risk management (see above)
This integrated risk management system would not only need to look at the quantification of different sorts of risk, it would need to examine the philosophy of the operation and ensure that attitudes to risk become deeply ingrained within the culture of the company. The internal systems and key performance indicators used should influence the daily behaviour of those within the company, both in terms of incentives, and risk assessment. The management information should provide the board with a clear picture of performance, identify possible adverse risk situations, and enable strategy to be converted to achievable business objectives.
The organisation’s risk appetite would be explicitly and clearly identified. Where there is a gap between the actual risk profile of the business and the organisation’s risk appetite there is a system for developing action plans to align the two more closely. All in all, risk management systems and controls are integral to the management of the business and achievement of objectives and strategy. To think of risk management as another layer of red tape is to miss the point entirely.

Figure 2 Risk management diagnostic
So, in summary, there is a tremendous opportunity in the years ahead for actuaries to increase their role within insurance companies and within the wider context of financial service groups. Let us live by our motto certum ex incertis in the broadest sense.