The FSA held a half-day briefing on The future regulation of insurance on 4th December 2002. Nearly 200 people attended, from a variety of organisations: insurance companies, banks, building societies, solicitors, accountants and other consultants.
The main points concerning risk management to emerge from the briefing were:
- Risk Management Framework
- Senior Management Responsibility
See below for further details.
The briefing was chaired by John Tiner, recovering from a bout of flu. Instead of giving a presentation, he confined himself to introducing the speakers and responding to points made by them and from the floor. There were five speakers, whose topics and main points were:
- David Strachan
Director of the Insurance Firms Division at the FSA
What does the Tiner Project mean for you?
- If insurance firms have not yet done so, they should urgently review their operations, systems and controls. Proportionality is important: although their risk management processes and framework should be comprehensive, their complexity should depend on the size and complexity of the firm and the risks it faces. The ultimate responsibility of senior management cannot be delegated, whether within the firm or through outsourcing arrangements.
- Richard Harvey
Group Chief Executive, Aviva plc
An insurer’s perspective
- Things have changed a lot since pre-FSA days. There is a big learning curve for both the regulated and the regulator. There are enormous demands on management time: about 70 or 80 senior management meetings a year. The hope is that the confidence and trust built up will lead to a lower level of intervention in the future. There are a number of issues about the relationship between the FSA and the regulated firms that must be resolved.
- Bill Lowe
Prudential Standards Division, FSA
The Role of the Risk Review Team
- The risk review department supports all the regulatory and supervisory teams in the FSA. In particular it is heavily involved in visits to regulated firms, both the general discovery (ARROW) visits and themed visits. Several areas of concern have been identified from the visits undertaken so far, including outsourcing, documentation, delegation by senior management, business continuity planning and stress and scenario testing.
- Andrew Campbell-Hart
Grey Panther, FSA
Emerging risks in the industry
- Grey panthers are apparently not predators, but are there to build bridges between industry and the FSA, and between the promulgation and application of policy. They also support the line supervisors, and provide international contacts and experience. There are four economic drivers that will result in major challenges of the next decade, and appropriate regulation can help to balance the forces.
- Mary Francis
Director General, ABI
The future regulation of insurance: considerations for firms
- The FSA has a huge task, integrating nine regulators and their rulebooks during the worst market conditions for a quarter of a century and as international developments are changing rapidly (Basel, IAS, EU). It is important that regulatory creep is minimised: don’t go too far towards protecting people from risk rather than educating them to understand it and take responsibility for themselves.
Risk Management Framework
- • If insurance firms haven’t started already, they should urgently review their operations.
- • However elaborate the risk management framework (see proportionality), it must be comprehensive. It must cover the full range of risks in an integrated manner, not just insurance risk.
- • The risk assessments that have been performed so far have shown some examples of good practice, but overall there are some significant question marks. Risk management frameworks have not always been integrated over the whole firm, or presented a coherenct picture, even when some risks have been identified.
- • Good controls and compliance culture should lead to less crystalisation of risk and hence less regulatory intervention.
- • Risk assessment should be integrated over the whole firm. Operational risk are currently handled poorly, with not enough data collection.
- • There is a definite trade-off: good controls will lead to less intrusive regulation, but firms must deliver on their side of the bargain.
Senior Management Responsibility
- • Senior management must take responsibility for risk management.
- • Boards and senior management should read the report, The future regulation of insurance: A progress report, which sets out the regulatory agenda for the next few years.
- • Management responsibilities should be clearly defined and documented, not only for risk issues but for other responsibilities too. There should be a clear view of the risk appetite of the firm, which should be communicated to all levels.
- • Outsourcing is a key issue. Senior management remains responsible and should ensure that they get the requisite information from the outsourcer.
- • In the risk assessment exercise, the FSA can tell a great deal by looking at the risk pack that goes to members of the board: Is there one? Does it cover key risks in an accessible manner?
- • The inability to demonstrate proper control of outsourcing, and poor disciplines over delegation, are major areas of concern. Senior management cannot opt out of their regulatory obligations.
- • Insurance firms themselves must implement a more efficient approach to managing risk. Costs must outweigh benefits.
- • Firms needn’t necessarily have an elaborate framework for risk management. It should depend on the size and complexity of the firm and the risks they face.
- • There should be a genuinely risk-based approach to internal audit: higher risk areas should be looked at more frequently.
The following external links are relevant: