Solvency II compliance requires insurers to address all three pillars of the
regulation, namely:
Pillar1: Capital Requirements
Pillar 2: Workflow, Audit and Governance
Pillar 3: Reporting
In preparing for Solvency II, many insurers have up to this point been focusing
their efforts on addressing the quantitative requirements of Pillar 1 and are
only now turning their attention to Pillars 2 and 3. Under the new regime
insurers will face more frequent and prescriptive reporting alongside
increased levels of controls and governance.
In this paper, industry leading practitioners provide insight into the key
challenges and issues arising when managing the workflow around internal
models. They also discuss processes surrounding reporting and the integration
with risk modeling and capital calculations.
2. WORKFLOW, GOVERNANCE AND REPORTING
Solvency II compliance requires insurers to address all three pillars of the
regulation, namely:
Pillar1: Capital Requirements
Pillar 2: Workflow, Audit and Governance
Pillar 3: Reporting
In preparing for Solvency II, many insurers have up to this point been focusing
their efforts on addressing the quantitative requirements of Pillar 1 and are
only now turning their attention to Pillars 2 and 3. Under the new regime
insurers will face more frequent and prescriptive reporting alongside
increased levels of controls and governance.
In this paper, industry leading practitioners provide insight into the key
challenges and issues arising when managing the workflow around internal
models. They also discuss processes surrounding reporting and the integration
with risk modeling and capital calculations.
We hope that readers will find this a useful insight into this important topic
as they continue with their Solvency II preparations. We would like to thank
Allianz, ING, Legal & General and Second Floor for their involvement which
made producing this paper possible.
Kind regards,
Dr. Andrew Aziz
Executive Vice President, Buy Side Solution Management
Algorithmics, an IBM Company
2
3. WORKFLOW, GOVERNANCE AND REPORTING
When insurers set out on their Solvency II internal model projects, it is usually the analytics that gets
the initial attention. As organizations progress with their implementation, it inevitably becomes clear
that the workflow and governance surrounding the capital calculations, and the reporting that follows
from it, are an equally significant challenge. Indeed, industry experience suggests that projects which,
from the start, give at least equal weight to workflow, governance and reporting as they do to analytics,
progress more quickly and successfully.
Workflow is more than just a schedule of actions. It must model the organizational hierarchy of the
company, recognizing its businesses and legal entities and how they relate to each other. It must also
identify its people and their roles, how they interact with one another, and the permissions they have
to access and contribute to the calculation and reporting processes. In addition, the workflow must
reflect the work model of an organization – whether it is centralized with all the key functions
performed in one location, or distributed with teams in a number of locations performing various
tasks, or a hybrid of both.
Each reporting period requires its own workflow, which will define the start date, the key stages, the
deadlines and the final reporting and archiving of data. In essence, these processes are something that
insurers have been doing for years, but Solvency II raises the bar on how they are done, how they are
monitored and with what frequency and deadlines.
“Under Solvency II, firms will face dramatically increased reporting requirements with tighter deadlines
and a much higher level of required controls,” says Thomas Wilson, chief risk officer at Allianz.
Meeting these requirements is a challenge because of the complexity of the task. “We are talking about
one integrated workflow dealing with multiple building blocks,” says Emmanuel Noblet, deputy chief
risk officer at ING Insurance and head of the company’s Economic Capital System (ECAPS). The building
blocks deal with the data, the solvency capital calculations and the interpretation and reporting of
those calculations. Each of these has its own issues and challenges, he says.
The data – which will include asset, liability, market and other internal and external data – must be
collected, cleaned (checked for errors and format), completed (verified that no data is missing) and
approved. Often this approval must be by someone other than the person who loaded the data, following
the Solvency II ‘four eyes’ principle whereby key elements in decision making processes must be overseen
by at least two people. One of the objectives of a workflow and governance system will be to ensure
that the four-eyes principle is applied at all key points in the capital calculation and reporting process.
3
4. WORKFLOW, GOVERNANCE AND REPORTING
“Not only are the validation standards for data onerous under Solvency II, but on top of that the technical
actuarial standards require that you don’t just use data blindly. For example, where data feeds an
actuarial model, the actuary will have to ensure that the data is fit for purpose,” says Stuart Carroll,
director, savings actuarial at Legal & General Assurance Society (L&G).
“Regulators will want to see proof that data was approved – that someone signed off on it,” says Curt
Burmeister, vice president of risk solutions at Toronto-based Algorithmics. In the same way that
modern databases log and track all actions on data, so the workflow should provide a similar audit trail.
To highlight the importance of logging and tracking actions along with the management of processes,
ING uses the term ‘process control and auditability’ internally rather than workflow.
Key data elements for capital calculation and reporting include the reporting hierarchy, risk factors,
modeling data and risk correlation matrices. The reporting hierarchy will incorporate the various
organizational elements that contribute to the capital calculations, such as subsidiaries with their
associated percentage ownership information, local tax rates, and risks modeled at that location.
Risk factors will cover market and non-market risks such as mortality, longevity and lapse rates – and here
things can become especially complex.
“For non-market risk the definitions not only differ between the standard and internal models, they are
also somehow misleading,” says Noblet of ING. “For example, lapse risk is part of life and non-life, with
health excluded, in the standard model, but it is part of business risk in the internal model.” This leads
to questions of what exactly the data input to each model should be and who should be responsible
for it, as well as at which level sign-off should occur. “The regulatory view prevails for the standard
model, managerial view prevails for the internal model,” says Noblet.
Even when such issues are resolved, the data collection, checking and approval process is not necessarily
straightforward. “The real complexity comes in when not all the data is available, or someone declines
to approve part of the data because something is missing or wrong,” says Martin Knook, chief executive
officer of Amsterdam-based IT services provider SecondFloor, a long standing strategic partner of
Algorithmics. A workflow process must allow for such exceptions and manage the rejection, correction
and resubmission processes. This view is sup-
ported by Burmeister of Algorithmics but he
warns against trying to incorporate all excep-
“The real complexity comes in
tions into the design of a workflow from the out- when not all the data is available,
set. It is better to start simple and create a well or someone declines to approve
designed process that will allow for new actions
part of the data because some-
to be added when exceptions are encountered
than to get bogged down in trying to devise an thing is missing or wrong.”
all-encompassing design, he says.
Knook points out an added complication. It is not only the diversity and the many different sources of
the data that presents a challenge, but the relationship and dependencies between different data ele-
ments, he says. “For example, market and correlation data are heavily dependent on each other and
have a strong influence on economic scenarios, which in turn influence the capital calculations. These
dependencies need to be properly understood and reflected in the workflow,” he says.
4
5. WORKFLOW, GOVERNANCE AND REPORTING
Once the key data elements have been identified, the workflow should then identify the various user actions.
These can be broadly divided into administration actions and business user actions. Administration
actions include setting up of the reporting period, rolling forward data from the previous period, editing
the reporting hierarchy, defining the risks to be modelled at each point and loading market data.
Business user actions include loading the asset and liability cash flows, running proxy modeling
processes such as replicating portfolios or curve fitting, editing risk factor correlations and generating
scenario sets.
Then there is the governance around these actions. Who has responsibility and permission to perform
each action? Who is permitted to load what data? Who is permitted to perform what process? Who is
permitted to view which results? The workflow needs to identify and control the users and permissions.
Managing and tracking the data, actions and permissions for a single reporting period is challenge
enough in itself. However, as Wilson of Allianz points out, insurers applying for internal model approval
must plan on three concurrent closing processes for quarterly or year-end reporting, at least for the
next few years – for the internal model, the standard model (which will be necessary for comparison
purposes) and the market value balance sheet. In addition, a detailed movement analysis of each will be
required. “The fact that each of these views will have to be based on reconciled input information and
the end results cross-reconciled in an accelerated closing process with adequate reporting controls is
an issue,” he says.
This is particularly complex for insurance groups that have various business units and geographically
distributed subsidiaries. “The input and reporting baseline for the standard model is the legal entity.
For the internal model it is business unit. These might not necessarily match one to one,” says ING’s
Noblet. Where they do not match, it can mean that different people are required to validate input data for
the standard and the internal models. To ease the problems of managing and tracking, ING attempts to
standardize its processes across both models.“We take the same steps for standard and internal models,
although they won’t necessarily involve the same people. All this must be captured in a single workflow,”
says Noblet.
5
6. WORKFLOW, GOVERNANCE AND REPORTING
The workflow must also tightly integrate risk modeling
and capital calculation with reporting. Knook of “I would rather focus on
SecondFloor says that capital calculation and reporting
are intimately related and cannot be separated from
getting a reasonably stable
one another, and that the workflow should reflect that. and accurate ‘risk yardstick’
Carroll of L&G adds: “It is essential that the interaction to managers quickly so that
between the calculation and reporting systems is
we can begin the risk man-
streamlined and seamless.” The intimate relationship
between risk modeling and risk reporting is reflected agement dialogue, allowing
in a policy that Wilson has put in place at Allianz where us as an organization to use
no advanced model enhancements are considered our judgement and business
unless they can be implemented in a well controlled,
robust and efficient reporting process. “I would rather
experience rather than solely
focus on getting a reasonably stable and accurate ‘risk relying on the models.”
yardstick’ to managers quickly so that we can begin
the risk management dialogue, allowing us as an organization to use our judgement and business
experience rather than solely relying on the models,” he says.
Given the diversity and complexity of the tasks involved in capital calculation and reporting, and the
opportunities for omissions and errors, automation of the workflow is essential. “If you don’t have
automation of systems and processes you are building a monster that will be prone to manual input
error or interpretation error. The key to minimizing complexity is maximizing automation. The fewer
the manual interventions, the better the coherence and accuracy of the data,” says Noblet of ING.
Wilson of Allianz agrees. “An automated workflow process, tying together the myriad of data flows and
analysis systems, is absolutely required by large complex financial services institutions if they are to
develop efficient, controlled and robust reporting processes across the internal and standard models
and market value balance sheets under a management and legal entity view within the time horizons
dictated by public and supervisory disclosures. The days when the internal model and valuation could
be done through a manual and ‘artisanal’ process are over,” he says.
6
7. WORKFLOW, GOVERNANCE AND REPORTING
ING and Allianz both selected Algorithmics to provide the analytical technology framework for their
internal models, supported by SecondFloor to develop the workflow to support their capital calculations.
Realizing that many insurers were going to face similar challenges in terms of the workflow, governance
and reporting around their internal models for Solvency II, Algorithmics and SecondFloor collaborated to
develop a product called Capital Workflow Manager (CWM). L&G has implemented CWM, with some
internally developed extensions, along with Algorithmics’ analytics. For insurers with highly bespoke
businesses, SecondFloor will customise CWM.
Many insurers underestimate how hard the task of managing the workflow, governance and reporting
for Solvency II will be, says Burmeister of Algorithmics. “In effect, you need to model how an organization
works and how the people interact with one another. It’s a massive undertaking,” he says.
Carroll of L&G adds: “The workflow has to be utterly seamless so it can run efficiently and effectively to
achieve the very onerous timescales of Solvency II. And even if you have that seamless workflow, you will
only have the opportunity to run it once, so accuracy first time is critical.”
In an ideal world, insurers would be able to look at the end requirements of Solvency II and work backwards
to devise their workflow. But with Solvency II still a work in progress even as its implementation deadlines
approach, insurers have to be creative while remaining flexible to accommodate the final specifications.
“Insurers should try to build a workflow and governance system that is as simple as possible that will
enable them to streamline and automate processes as easily as possible. And they should make sure it’s
extensible so they don’t get caught out if they have to make changes,” advises Carroll.
Knook of SecondFloor concludes: “Don’t do the modeling first and then the auditibility and workflow
later. Do it hand in hand – it saves money and time.”
7