Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA Name of Company: Disclosure of comments:
Please indicate if your comments should be treated as confidential: Please follow the following instructions for filling in the template: Do not change the numbering in the column “reference”; if you change numbering, your comment cannot be processed by our IT tool Leave the last column empty. Please fill in your comment in the relevant row. If you have no comment on a paragraph or a cell, keep the row empty. Our IT tool does not allow processing of comments which do not refer to the specific numbers below. Please send the completed template, in Word Format, to cp008@eiopa.europa.eu. Our IT tool does not allow processing of any other formats. The numbering of the paragraphs refers to Consultation Paper 008.
Reference General Comment
Comment
Comments by Enterprise Risk Advisory, LLC, an ERM advisory, consulting and research firm dedicated to enterprise risk management best practice s. CP8 draft proposal reviewed and commented by Mr. Michel Rochette, FSA, MBA, PhD student in public financial policy at ENAP. Web Site: www.enterprise-risk-advisory.com
3.1.
Agreee with proposal. In line with principle-based approach to regulation.
3.2. 3.3. 3.4. Template comments
1/14
Public
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 3.5.
Taking an all risk approach is relevant. From an ERM perspective, correlation should be explicitely embedded. It remains fuzzy throughout the document.
3.6. 3.7. 3.8. 3.9. 3.10. 3.11. 3.12. 3.13. 3.14. 3.15.
3.16.
Should add culture as well in addition to structure and risk system. Interaction of risks should be added after “nature, scale and complexity...and interaction or correlation ...” Agree with the proposal. This is also in line with another proposal by the European Commission on Governance for private companies in the EU, which involves the Board and management in these high-level risk assessment.
3.17.
ORSA should include more than just “consideration of the link ..” Should be explicit about and explain clearly how the ORSA will tie operationally between the risk appetite or tolerance statement, usually adopted at the Board level, the risk profile of exposures as measured internally and continually by the risk unit and the solvency needs expressed in capital requirements. Information on should include scenarios as well and how stress tests and scenarios will be conceived, discussed, approved and executed or a link with such a policy. Data quality should refer to some sort of IT policy on data management. 3.18.
Template comments 2/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA
The ORSA policy should include a role identification and pictogram of relationships between parties involved in the process The ORSA policy should mandate that the people involved in such a process sign in and that the required work become part of their job description and annual evalution of performance. 3.19. 3.20. 3.21.
Should the signing off the ORSA be subject to a Sox-type requirements as for the other financial statements? Who are the members of AMSB who will sign off? When you say “overall solvency needs” do you mean “required or regulatory capital” or something else? Maybe you could refer to some common documents on definitions.
3.22. 3.23.
3.24. 3.25.
3.26.
When you say that the overall solvency needs should be in quantitative terms, do you mean “Euro” value, thus money, or something else? When you say the “identified risks”, where does the info come from?” Whose identified risks are we talking about? The ones that a risk unit could come up with through its internal risk identification processes, the Board-level approved risks, the Auditor’s risks, the rating agencies’ identified risks or a combination of the above? How wide does the organization is expected to go? What do you mean by “forward-looking”? Do you mean that a forecast of solvency needs must be conducted for the business planning horizon? What about beyond the “planning horizon”? This requirement should be expressed differently. A monitoring requirement where the word continuous should be dropped. A process by which the ORSA is made dynamic to respond to emerging trends and risks, both internally and externally. An explicit link to the capital management of the business, which is usually done by a Treasury group and under the supervision of the CFO.
3.27.
3.28.
I don’t agree with the proposed requirement which assumes implicitely that the business function, usually actuarial, involved in the estimation of the SCR calculation operates separately from the function which will perform the ORSA. If you want that situation, this requirement is a compromise. However, you should not settle for that. You should make explicit that both functions, those who
Template comments 3/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA
do the SCR and those who will perform the ORSA, like a risk group, be in continuous discussion so that the two processes are alined. Which is the overall goal of performing the ORSA, an ERM-type requirement, to align all those who are involved in risk estimation. If you settle for this requirement, both groups will continue to function separately , thus defeating the purpose of the ORSA. ORSA will, from the perspective of the SCR group, become like the audit group of their work, not part of it.
3.29.
The whole detailed proposals of this guideline should be rewritten from this perspective whether an entity uses internal model, partial models or just the SCR. Or make the approval of internal models the models behind the ORSA as a requirement coupled with other requirements aimed at emerging risks. This guideline could make some links with other proposals on gouvernace at the EU.
3.30. 3.31.
There is no mention of Group ORSA that may already be done in other types of FIs, like ICAAAP type approach, ERM. The language issue. In line with Europe, you should demand that for major FIs, that the ORSA reporting to the supervisor should be translated and available at least in French, English, German, maybe Spanish as well in addition to the local EU language of the location of the FI. Will this report or a consolidation of ORSA reports to Supervisors be made available to the public? It would be relevant to be able to compare specific ORSA reports with similar ones conducted by rating agencies’ ERM assessment, external auditors.
3.32.
Will these reports be accessible through public access laws?
3.33.
3.34.
The first part of this requirement should be rephrased as follows. The ORSA and its impact on the group...saying the group ORSA is a contraction that is not relevant. Also, when you mention “interdependencies”, the requirement limits it to within the Group. It should be made explicit that
Template comments 4/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA
“interdependencies” exist within risks, between risks within an entity in a group and that they exist also between enties in a group. This should be made more explicit. 3.35.
3.36.
You seem to want to make explicit that the group ORSA should be set in advance and aligned with a business planning horizon. I think that such a link should not be required. An ORSA should be forward looking and anticipate emerging risks that may affect the business over time..the risks may materialize within the business planning but not necessarily. Think about climate change and its long-term potential impact on some insurance hurricane business. IF you limit it to the business planning horizon, you should make explicit if the ORSA has envisioned risks after the planning horizon or not.
3.37. 3.38. 3.39. 3.40. 3.41. 3.42. 3.43. 3.44. 3.45. 4.1.
Again, this concept of “overall solvency needs” need to be better explained and defined and the link to other risk processes like ERM. The purposed of many ERM programs is to prevent failure and bankruptcy by entities. So, would the overall solvency needs be a requirement above that, in line with the MCR and SCR or somewhere in between. Or an overall integration of all risk identification, measurement and management efforts?
4.2. 4.3. 4.4. 4.5. Template comments
5/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 4.6. 4.7. 4.8. 4.9. 4.10. 4.11.
Again, you say that AMSB should challenge the SCR calculations. You are asking the AMSB to act like an auditor. The SCR calculations and its embedded assumptions should not be performed without the consent of the AMSB in the first place. This is like letting actuaries do the SCR and then have AMSB challenge them. As you know, AMSB are usually not technician and with the poor communication skills of actuaries in the first place, this challenging will not occur. Also, due to time constraint, you run the risk of having AMSB not challenge the SCR calculations after the fac t the lack of time to redo them and the expense as well. So, the actuaries’s point of view will prevail to the detriment of the ORSA.
4.12. 4.13. 4.14.
Point g should be repealed in line with my previous comments of not separating the SCR and the ORSA processes.
4.15. 4.16. 4.17. 4.18. 4.19.
4.20.
Is it realistic to assume that an entity can identify all risks in advance? You mean all knowns risks but the purpose of ERM is to go beyond known risks and assess potential surprises, emerging trends.. How do you determine if a risk is material? Any standard here?
4.21.
Template comments 6/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 4.22.
4.23.
Risks should be measured over the long-term irrespective of the timeframe envisioned by its business planning horizon. Some risks take a long time to materialize. Think about Asbestos. What about cellular phone usage on cancer? OGM in food and health? Contaminated water? Pollution?
4.24. 4.25. 4.26. 4.27. 4.28. 4.29. 4.30. 4.31.
This section should be divided in four sections. The overall solvency needs for the existing assets and liabilities and the impact of internal operational risks and the impact of external factors and events on them. The second major element should be strategic and explicit decisions made by management including potential management actions resulting form stress situations. The last element should be geared towards an emerging risk type analysis that would try to assess potential Black Swans, surprises, known unknowns, unknown unknown and negligence on the overall capacity of the enterprise to survive. If a firm can’t survive, the overall solvency needs don’t mean much anyway. Once this is done, an explicit evaluation and discussion of financial capacity and condition is warranted under stress situations, making comparaison to own and other similar situations. An involvement of the CFO and treasury should be done at that point and become part of the analysis and report.
4.32. 4.33.
Again, I disagree with this proposal. You are taking a backward looking approach between the processes of the SCR calculation, usually done as part of Pillar I, and the proposed ORSA, Pillar II. Although expressed as two regulatory pillars, they have to mesh together in the reality of FIs. They can’t function separately.
4.34.
Template comments 7/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 4.35. 4.36.
In fact, this whole section should be written in terms of factors that could affect the survival of the entity. In this respect, a link would be done with the ERM processes put in place for that purpose including indicators, scenarios, data mining, predictive modeling. Then, value their risk impact on the business, their threat on the survival of the entity. That is what ORSA is interested in. Not just known and short-term risks but these long-term and difficult to assess and emerging new situations.
4.37. 4.38. 4.39. 4.40. 4.41.
4.42.
ORSA and risk management, particularly ERM, exist for the situations of stress situations. That is when you see the benefit of an effective risk culture at work. In ordinary risk management, you could get it with it. So ORSA has to be geared towards assessing those situations, those fat-tail events that can kill the entity. That is what you want to find out as a regulator and that is what you want to management to worry about. SCR is fine for stable situations and system but risk management shows its potential during crises. The recent 2008 financial crisis showed that where risk management was effective, FIs survived and other FIS failed where risks was not effect tive even though all of them had adequate capital. In times of crises, the most valued capital is the liquid one. So, liquidity of capital has to be one of you primary concern. Since most insurance companies don’t have access to liquidity capital by central banks, although it occurred during the recent 2008 financial crisis for some insurers, this liquidity criteria for the quality and availability of funds is crucial. This requirement should be written from this perspective.
4.43. 4.44. 4.45. 4.46.
Template comments 8/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 4.47. 4.48. 4.49.
There would be no need to have these criteria if both the ORSA and SCR are better integrated as they should be in an ERM framework.
4.50. 4.51. 4.52. 4.53. 4.54. 4.55. 4.56. 4.57. 4.58. 4.59. 4.60. 4.61.
For entities that use internal models, should ORSA become the audit of that process itself. That is the way that it is actually written. ORSA should not be viewed and implemented as a complement to the internal models and be restricted to assessing elements and risks that were not assessed during the Pillar I internal model approval. It makes ORSA a second hand process while the input of ORSA should go into the internal model and vice versa. For example, reputational risks are usually not included in an internal model calculation but they may have a huge impact on the survival of the entity as a going concern. The same with long-term trends and other unkown risks, surprises, risk management failures.
4.62. 4.63. 4.64. 4.65.
Template comments 9/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 4.66. 4.67. 4.68. 4.69. 4.70. 4.71. 4.72. 4.73 4.74. 4.75. 4.76. 4.77. 4.78. 4.79. 4.80. 4.81. 4.82. 4.83. 4.84. 4.85. 4.86. 4.87. 4.88. 4.89.
Template comments 10/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 4.90. 4.91. 4.92. 4.93. 4.94. 4.95. 4.96. 4.97. 4.98. 4.99. 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.7. 5.8. 5.9. 5.10. 5.11. 5.12. 5.13. 5.14. 5.15. Template comments 11/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 5.16. 5.17. 5.18. 5.19. 5.20. 5.21. 5.22. 5.23. 5.24. 5.25. 5.26. 5.27. 5.28. 5.29. 5.30. 5.31. 5.32. 5.33. 5.34. 5.35. 5.36. 5.37. 5.38. 5.39. 5.40. 5.41. Template comments 12/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA 5.42. 5.42. 5.44. 5.45. 5.46. 5.47. 5.48. 5.49. 5.50. 5.51. 5.52. 5.53.
Guideline 13 should be rewritten in line with previous comments as to the overall role of ORSA.
Q1. Q2. Q3. Q4. Q5. Q6. Q7. Q8.
The idea of ORSA is assist management and the regulator evaluate the chance of survival of the entity so that its obligations to its policyholders can be satisfied and that society and the public don’t have to pay for private obligations like it occured during the last financial crisis. For this purpose, like we say in French, “plusieurs têtes valent mieux qu’une”, assessing that situation from other perspectives would be warranted. From that perspective, it would be relevant for the public to be able to relate ORSA to other similar documents as produced by other entities like other ERM documents, audit ERM
Q9. Template comments
13/14
Deadline 20 January 2012 12:00 CET
Comments Template on CP8 -Draft proposal for Guidelines on ORSA
documents, rating agencies’ ERM reviews, financial analysis. So, these ORSA or a consolidation of them should be made available, particularly for large FIs and those judged to be systematically important as viewed by the Financial Stability Board. That would be consistent with the objective of Financial Stability. /
Template comments 14/14
Deadline 20 January 2012 12:00 CET