By Ralph Baxter, CEO at ClusterSeven
Insurers face an uncertain future as the final stages of Solvency II and its accompanying internal models for managing capital adequacy are debated and finalised.
Actuaries and insurance companies have already registered their concerns about the Financial Services Authority’s approach to checking up on the readiness of companies’ internal models under the Internal Model Approval Process (IMAP). Under this process, the FSA will reduce its direct engagement with many firms and concentrate instead on the UK’s top 10 insurers, Lloyds and subsidiaries of large EU insurers.
Other firms will be asked to reduce their reliance on external review and to use a set of tools to manage this process internally instead. The focus therefore turns to how actuarial teams and firms should go about managing and measuring their internal models. What should they be considering in the run-up to Solvency II implementation, and how can they avoid unnecessary risks in the area of data management and review?
Clearly, the aggregation and analysis of high volumes of risk-related information dominates many actuarial and insurance activities. The collection and distribution of this information to and from disparate locations and systems across the organisation requires flexible and compatible toolsthat are familiar to multiple parties.
For these reasons spreadsheets are one of the most common tools within the actuarial function. Indeed, this is only underlined by the use of the QIS5 spreadsheet for regulatory data collection.
However, manipulating and checking spreadsheet information to support regulatory and risk activities such as for the NAIC Model Audit Rule or theSolvency II Use Test is expensive and time consuming. And as the pressure for more immediate information increases, errors will inevitably multiply.
The FSA has already stated that one of the biggest risks for insurance companies in the run-up to Solvency II is managing the data contained in large estates of spreadsheets that exist within the business.
On their own, user-developed applications such as spreadsheets and Access databases have demonstrated the flexibility to support many insurance processes over recent decades. However, it is becoming clear that without careful monitoring and management they may lack the robustness to meet the demands of increasing compliance with regulation such as Solvency II in Europe. This is not because of user error: by the nature of their work actuaries are extremely accurate in their calculations. It is the sheer complexity of interdependent spreadsheets across the business that organisations need to be aware of.
Indeed, there is no question that actuaries would be very unhappy if asked to relinquish their use of spreadsheets for calculating risk. Spreadsheets are a vital component of day-to-day actuarial calculations, tasks and processes. For companies facing the obligations of new regulation it is therefore a major challenge to see how they can maintain this critical flexibilty but also demonstrate control to the authorities.
So rather than attempt to eliminate spreadsheets from the business, insurance companies need to accept that spreadsheets need to be used - but that in order to satisfy the regulators, they need to know when and where spreadsheets are being used.
The first step for insurance and actuarial firmsis therefore to understand what they have, where it is and how it is connected to their business applications. Using the right tools, they can automatically scan their networks to intelligently locate key spreadsheets and Access databases. This builds a complete dependence tree that demonstrates the relationships between files with multiple connections.
Actuaries are typically surprised not just by how many spreadsheets they are using across the business but also how they are connected – firms can discover as many as 500 individual spreadsheets feeding into hubs that support the main actuarial process. They contain information about a variety of processes, including running claims, the reserving process and reinsurance.
While head actuaries feel that they manage these processes accurately and effectively, it is unlikely that they will have seen the full extent of the spreadsheet estate, and their interdependent relationships. They may even be surprised when asked by the CIO or CEO to provide a detailed picture of spreadsheet use, as their department will necessarily have been running smoothly with regular checks and balances over many years.
This means that the main trigger for insurance and actuarial firms to invoke an investigation is a request from the business to document and explain their internal model. Of course it is possible to trawl through every user application manually, but this can result in a discovery outcome that not only takes an extraordinary amount of time, but that is also out of date once completed.
Insurers and actuarial firms have little choice but to face up to the need to lift the bonnet on in-house user applications in order to satisfy the need to build a demonstrably robust internal model. Given the tight timescales involved, automation of this process is vastly preferable to a manual trawl and documentation initiative.
|