Module 5: Risk frameworks (mandatory)

Question 1

5 Stakeholders with roles involving supervision and control of companies

Answer 1

• professional bodies
• professional regulators
• industry bodies
• industry regulators
• governments

Question 2

Functional regulation

Answer 2

Regulation with different supervisory bodies regulating different activities.

(eg separate regulators for banks, insurance companies, charities, etc.)

Question 3

United regulation

Answer 3

Regulation with a single supervisory body regulating all activities.

Question 4

3 Pillars of the Basel Accord

Answer 4

1. minimum capital requirements for
   - credit,
   - market and
   - operational risk
2. supervisory review of
   - internal systems,
   - processes and
   - risk limits
3. adequate disclosure facilitating market discipline via pricing of capital

Question 5

What do the 3 Basel accords comprise?

Answer 5

• Basel I - minimum capital requirements for credit (and later market) risk
• Basel II - superseded Basel I
• Basel III - established in response to the global financial crisis - focuses on liquidity, counterparty and systemic risk - works alongside Basel II.

Question 6

Solvency II

Answer 6

Solvency II is the mandatory risk framework for insurance companies operating in EU member states.

It is modelled on Basel II, and comprises 3 pillars:

1. quantitative requirements
2. qualitative requirements
3. disclosure

Question 7

Solvency II:

2 Quantitative requirements

Answer 7

• A solvency capital requirement (SCR)

- A minimum capital requirement (MCR)

Question 8

Solvency II:

Qualitative requirement

Answer 8

Under Pillar 2, insurance companies must carry out an Own Risk and Solvency Assessment (ORSA), which assesses the adequacy of risk management and likely future solvency.

Question 9

Sarbanes-Oxley

Answer 9

The Sarbanes-Oxley Act of 2002 (SOX) is primary legislation in the US designed to protect shareholders.

It comprises reforms in relation to:

• disclosure
• the role of the external auditor
• corporate governance

Question 10

COSO

Answer 10

The Committee of Sponsoring Organisations of the Treadway Commission.

Question 11

COSO ERM Integrated Framework

Answer 11

Their published framework is advisory (rather than mandatory), but many companies use the framework to demonstrate that they have adequate internal controls for SOX purposes.

A key component of the framework is the “COSO cube” which considers the:

• ERM components / processes,
• in each business area covered by the framework,
• and at each business level of application.

Question 12

5 Processes that can form part of a system of prudential supervision

Answer 12

Prudential supervision involves:

1. Oversight
2. Licensing
3. A requirement to maintain minimum standards (eg operational)
4. Procedures for monitoring compliance with standards and licences
5. Processes to take action against those who fail to comply

Question 13

Why might different parts of a business be subject to different regulatory regimes and capital adequacy requirements?

Answer 13

This can arise for a number of reasons, including:

• for international business, having operations that are regulated by DIFFERENT TERRITORIES
• having subsidiaries that operate in DIFFERENT INDUSTRY SECTORS, eg financial and manufacturing
• having subsidiaries that operate in DIFFERENT AREAS WITHIN THE SAME SECTOR, eg banking and insurance
• having subsidiaries or portfolios within the same sector that are subject to DIFFERENT REGULATORY REQUIREMENTS, eg traditional insurer and captive insurer
• having subsidiaries which are new ventures or acquisitions and are at DIFFERENT LIFECYCLE STAGES

Question 14

4 Categories of supervisors (other than governments) and name a specific example of each

Answer 14

In addition to governments, supervision and control may be exercised by:

1. Professional bodies
   - — e.g. IFoA
2. Professional regulators
   - — e.g. Chartered Financial Analyst Institute or the Financial Reporting Council
3. Industry bodies
   - — such as the British Bankers’ Association (BBA), British Sandwich Association and the Association of British Insurers (ABI)
4. Industry regulators
   - — such as the PRA, FCA and LSE

Question 15

Outline the specific role of:

Professional bodies

Answer 15

Professional bodies ensure:

• members are ADEQUATELY TRAINED, usually through a process of examination
• members MAINTAIN THEIR COMPETENCE, through continuing professional development (CPD)

Some professional bodies also have the power to discipline members who fail to maintain appropriate standards.

Question 16

Outline the specific role of:

Professional regulators

Answer 16

Where a profession has statutory responsibilities, for example, in the accounting and auditing professions, it is more likely to be subject to external regulation.

Professional regulators MAINTAIN PUBLIC CONFIDENCE in the profession by:

• setting standards
• monitoring adherence to the standards
• disciplining in cases of non-adherence

Question 17

Outline the specific role of:

Industry Bodies

Answer 17

The main purpose of industry bodies is to PROMOTE THE INTEREST OF THEIR MEMBERS, through lobbying and other activities, such as shared research projects.

Question 18

Outline the specific role of:

Industry Regulators / Supervisors

Answer 18

Regulators act on behalf of government to PROTECT THE PUBLIC by controlling the activities of firms and individuals operating in a particular industry.

The main aim of regulation (or supervision) is to prevent problems from occurring, rather than punishing those who are responsible for problems.

Question 19

6 Advantages (claimed) of a unified system

Answer 19

• it is easier to regulate financial CONGLOMERATES
• it ensures a CONSISTENT APPROACH across various financial services activities
• limits any incentive for REGULATORY ARBITRAGE (firms picking and choosing the most favourable regulatory environment)
• ECONOMIES OF SCALE
• better SHARING OF IDEAS between regulatory staff
• improved ACCOUNTABILITY (less chance of buck-passing between regulators)

Question 20

List the aspects considered by a supervisor when developing their understanding of an insurer

Answer 20

In addition to the nature of the business, regulators typically seek to understand an organisation’s:

• governance arrangements
• business plans
• financial (condition) reports
• risk management strategies and processes

Question 21

Outline the reasons an insurer should engage proactively with their supervisors

Answer 21

A practical argument would be that the insurer-regulator relationship should be a key component of an insurer’s ERM framework.

Proactive engagement helps to reduce the level of risk a supervisor places on a particular insurer and therefore reduces the supervisory burden on that insurer.

Regulators see a wide range of risk management practices in operation and are well placed to advice on what is best practice. Proactive engagement provides greater opportunity to benefit from such advice.

Question 22

Risk-Based Regulation

Answer 22

Although regulators monitor all institutions, they focus their attention on those institutions that, in their opinion, represent the greatest risk.

Question 23

FCA

Answer 23

The Financial Conduct Authority (FCA) regulates the financial services industry in the UK.

Their aim is to

• protect consumers,
• ensure the industry remains stable and
• promote healthy competition between financial services providers.

Question 24

PRA

Answer 24

The Prudential Regulation Authority (PRA) is a part of the Bank of England and is responsible for the prudential regulation and supervision of

• banks,
• building societies,
• credit unions,
• insurers and
• major investment firms.

It sets standards and supervises financial institutions at the level of the individual firm.

Question 25

UKLA

Answer 25

One important part of the FCA is the UK Listing Authority (UKLA), which:

• ensures that listed companies (or companies seeking a listing on the UK exchange) comply with certain standards set out in the LISTING RULES
• requires that listed companies comply with certain DISCLOSURE RULES on an ongoing basis
• ensures that companies either comply with the Combined Code of Corporate Governance 2003, or that they state where they do not comply and why
• has the power to suspend trading in a company’s shares or cancel their listing.

Question 26

2 Main traded markets of the London Stock Exchange (LSE)

Answer 26

• the main market

- the alternative investment market (AIM)

Question 27

SIMR

Answer 27

The UK financial services regulators introduced a Senior Insurance Managers Regime (SIMR) at the start of 2016.

This regime brought together a number of rules (including Solvency II requirements) to ensure that individuals who run insurance companies:

• have clearly defined responsibilities
• behave with integrity, honesty and skill.

Question 28

2 Main parts to the SIMR

Answer 28

1. The development of a GOVERNANCE MAP giving details of:
   - – the company and corporate governance structure
   - – identified “Key Functions” (including the Risk Management Function), “Key Function Holders” who are ultimately accountable for these functions and “Key Function Performers” who support the Key Function Holder in the execution of their duties
   - – all individuals included within the SIMR regime, their responsibilities and reporting lines
   - – the rationale applied in identifying those individuals and allocating responsibilities to them.
2. The requirement to carry out an ASSESSMENT OF FITNESS and proprietary of senior insurance managers and directors, based on their responsibilities as allocated through the governance map. Of particular note is the inclusion of the Chief Risk Officer and the Chair of the Risk Committee.

Question 29

Main Criticisms of Basel II

Answer 29

• too much emphasis may be being placed on a SINGLE NUMBER that aggregates a wide variety of risks
• some risks (eg operational) are very difficult to quantify
• some risks (eg liquidity) are only given cursory consideration
• more complex calculations does not necessarily imply more reliable calculations
• the new regime costs a lot to implement, particularly if banks want to take advantage of the more beneficial capital regimes by using their own advanced credit and market risk models
• banks all measure risk in the same way, and may be trying to protect themselves in the same way at the same time of crisis - a feature called risk herding
• market values may under-value certain assets
• implied levels of confidence could be spurious as some securities (eg CDOs) have not existed for very long
• pro-cyclicality, the (systemic) risk that assets may need to be sold if their market value falls - forcing prices down even further
• banks could become overconfident in their risk control due to the complexity of the risk modelling.

Question 30

Basel III aims

Answer 30

• STRENGTHENS CAPITAL REQUIREMENTS for banks, including limiting cross-holding in other financial institutions and associated assets to limit systemic risk
• introduces a CONSERVATION BUFFER to provide breathing space in times of financial stress
• CHANGES MINIMUM RATIOS of Tier 1 and Tier 2 capital
• allows some flexibility in capital requirements in times of financial crises to LIMIT PRO-CYCLICALITY.

Question 31

Solvency II aims

Answer 31

Solvency II aims to introduce:

1. ECONOMIC RISK-BASED SOLVENCY REQUIREMENTS across all EU Member States
2. MORE COMPREHENSIVE requirements than in the past taking account of the asset side as well as liability side risks
3. A requirement to hold capital against:
   - – market risk,
   - – credit risk,
   - – operational risk and
   - – underwriting (life, non-life and health) risk.
4. An emphasis that capital is not the only (or the best) way to militate (this means “to have influence on something or bring about a change”) against failures.
5. A more PROSPECTIVE FOCUS.
6. A STREAMLINED APPROACH which aims to recognise the economic reality of how groups operate.

Question 32

Solvency II:

Pillar 1

Answer 32

Contains the quantitative requirements designed to capture

• underwriting,
• credit,
• market,
• operational,
• liquidity and
• event risk.

These can be assessed using a standardised approach or a company’s own internal model.

There are two parts to the requirements:

• the Solvency Capital Requirement (SCR - below which regulatory action is taken)
• the Minimum Capital Requirement (MCR - below which authorisation is foregone)

Question 33

Solvency II:

Pillar 2

Answer 33

Contains qualitative requirements on undertakings such as risk management as well as supervisory activities.

Specifically, insurers must carry out their Own Risk and Solvency Assessment (ORSA) to quantify their ability to continue to meet the SCR and MCR in the near future, given their identified risks and associated risk management processes and controls.

Question 34

Solvency II:

Pillar 3

Answer 34

Covers supervisory reporting and disclosure.

Question 35

The purpose of ORSA

Answer 35

To provide the board and senior management of an insurance company with an assessment of:

• the adequacy of its risk management, and
• its current, and likely future, solvency position.

Question 36

The ORSA requires each insurer (5)

Answer 36

• to IDENTIFY THE RISKS to which it is exposed
• to IDENTIFY THE RISK MANAGEMENT PROCESSES and controls in place, and
• to quantify its ongoing ability to continue to meet its solvency capital requirements (both MCR and SCR)
• —- involving projections of financial position over terms longer than that normally required to calculate regulatory capital requirements
• to analyse quantitative and qualitative elements of its business strategy
• to identify the relationship between risk management and the level and quality of financial resources available.

Question 37

Outline the main similarities between Basel II and Solvency II

Answer 37

• They both describe requirements in three pillars, and each pillar deals with similar aspects of the company’s risk (capital, supervisory and disclosure).
• Both frameworks are largely risk-based (solvency I was purely volume-based) in that they allocate capital to business areas that run the highest risk. This means that they deal with embedded options, guarantees and other non-volume related risks.
• Both frameworks are designed to be suitable for multi-national firms.
• Companies that have both banking and insurance arms should find that the approaches to regulation are consistent for both types of business.

Question 38

Main difference between Basel II and Solvency II

Answer 38

The key difference is that Basel II is based on the concept that the market participants are dependant on one another and that there is SIGNIFICANT CONTAGION RISK in the banking sector (the demise of one bank can affect another).

However, the Solvency II framework is not designed with systemic risk in mind as it is considered unlikely that the demise of one insurer will affect others.

Overall Basel II takes a more prescriptive approach than Solvency II, which is more principles based, leaving the details to the regulators in individual countries.

Question 39

Key features of the Sarbanes-Oxley Act of 2002

Answer 39

• the formation of a Public Accounting Oversight Board (PAOB) to inspect the published accounts of quoted firms and to prosecute any accountancy firm deemed to be in breach of the regulations.
• increase accountability of CEOs and CFOs of public companies, whereby they are required to certify that the financial statements do not contain any untrue facts and are personally responsible for financial disclosures in the financial reports
• that each published report must contain an internal control report (ICR), which commits management to maintain proper internal controls and review their effectiveness
• the requirement for external auditors to on the assessment made by the management
• that it is illegal for for management to interfere with the audit process
• to make it illegal to destroy records or documents with intent to influence an investigation

Question 40

Key themes for management to consider as part of their governance, risk and compliance (GRC) systems

Answer 40

• Are controls identified and documented?
• Are controls consistent across the business?
• Do controls address the critical factors - ie are the right controls in place?
• Do the controls include risk management?
• What testing procedures are required before signing off the ICR?

Question 41

COSO

Answer 41

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a US private sector organisation, sponsored by professional accounting associations.

It has issued a set of definitions and standards against which organisations can assess their internal control systems.

Question 42

State the principles embedded in the COSO framework

Answer 42

• risk represents opportunity as well as potential downside
• ERM is a parallel and iterative process
• everyone has a role in risk management (at all levels)
• any risk management process is imperfect
• implementation of risk management must balance cost with potential benefit.

Question 43

3 Dimensions of the COSO cube

Answer 43

1. ERM components / processes
   (eg risk assessment, monitoring)
2. … in each BUSINESS OBJECTIVE covered by the framework
   (eg operational, strategic)
3. … and at each BUSINESS LEVEL of application
   (eg subsidiary, unit)

Question 44

Swiss Solvency Test

Answer 44

A risk-based regulatory capital regime which has been fully in-force in Switzerland since 1 January 2011.

It takes a market consistent approach and has similarities with the Solvency II Pillar 1 requirements.

Differences include calibration to a Tail Value at Risk (TVaR) measure at 99% confidence rather than Value at Risk (VaR) at 99.5% confidence.