Meeting the implementation deadlines demanded by Solvency II and being compliant on time will inevitably require some short cuts. However quick fixes, for example, a manual workaround, build in inefficiencies. A more sustainable approach that integrates model outputs into the day-to-day running of the business will make it easier to demonstrate the ‘use test’ and help to realise the benefits of investment in risk and capital modelling. The process of building Solvency II into business as usual can be likened to ‘industrialisation’.
Many of the necessary risk management systems and processes may already be in place. Compliance with the directive will require more rigour as models become both more important and more time critical. This means that actuarial checks and balances will often need to become more formal to demonstrate sound governance and validation of risk and capital models.
Business teams also need to develop the necessary confidence in the value and reliability of the model outputs that would, in turn, provide the impetus for their systematic use within decision making. Today, this buy-in is still a work in progress. Risk information is not being used systematically enough in the running of the business, and risk and business management are not adequately aligned within most insurers.
As Figure 1 indicates, this disconnect can often stem from the way risk data is generated by risk teams on the one side and is viewed by business teams on the other. Even with the latest technology, the regulatory focus of much of the risk analysis means that it can be too backward looking and slow in coming to be of much use to frontline teams. In turn, many companies lack the necessary training, incentives and performance metrics to encourage people to make decisions on a risk-adjusted basis.
So how can insurers make risk information more usable and encourage greater buy-in from their frontline teams? A useful way to bring this all together is to think of risk management as a ‘service’ and then ask what it could and should be doing for the business. As the illustrative framework in Figure 2 outlines, companies can then build their operating model around their service needs.
The first link in the chain is engagement. To bring ‘customers’ such as underwriters on board, it is important to ask them what kind of information would help them to make better decisions and what would encourage them to make more use of the risk analysis they receive.
The next stage is delivery. Key considerations are what functions are needed to provide a particular service, whether their responsibilities are defined clearly enough and how they should interact. One of the most important aspects of sustaining delivery is identifying the dependencies. This includes finding out what data one function needs from another to carry out its part of the process. Some form of service level agreement might be one way to make sure the information is provided on time and in the right format.
It is then possible to judge how this analysis could be best used. An example might be deciding when risk appetite should be considered in the business planning process, by whom and what actions should be taken in response.
The foundations of this model are the systems, processes and controls. The key consideration is ensuring that the infrastructure is equipped to deliver the required risk management ‘service’, bearing in mind that a lot of the analysis that now takes three months will need to be delivered in real time.
Looking now at what the service model should deliver and how it should work will support embedding and minimise the detours and iterations in model development. However, even the earliest starters may not have the time and resources to get it all designed, built and working properly by 2013. It may therefore be necessary to confine the initial focus to a few key business decisions such as capital allocation or reinsurance buying.
Companies can then evaluate, refine and roll out their model into new areas over time.
The Own Risk and Solvency Assessment (ORSA) can be very useful in getting people from outside the project team to think about their approach to risk, how it impacts on their decisions and what would make the service model more useful. For some companies, the ORSA could indeed provide the ‘light bulb’ moment when Solvency II suddenly makes sense and all its seemingly disparate elements fit together.
Solvency II is a journey. The first stage is to get over the line in 2013, which will inevitably require some compromises. However, this should not stop companies thinking now about what they would like to achieve on the back of compliance and how to turn Solvency II from an implementation project into an everyday feature of the business.
A service-orientated approach to risk management can help to encourage organisational buy-in, build model outputs into key decisions and ultimately make the most of the investment in implementation. Companies will know that Solvency II is part of business as usual when frontline teams begin to behave differently, when they talk about the impact of risk on their performance rating and rewards and when they are keen to take an active part in the design and development of the model.
www.pwc.com
© 2010 PricewaterhouseCoopers. All rights reserved. "PricewaterhouseCoopers" and "PwC" refer to the network of member firms of PricewaterhouseCoopers International Limited (PwCIL). Each member firm is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of any other member firm nor can it control the exercise of another member firm's professional judgment or bind another member firm or PwCIL in any way.