Spreadsheet Control And Management Is Core To Solvency II Compliance
Henry Umney, Director, ClusterSeven
Insurers are undertaking actuarial transformation, as they move from manual processes to IT-led production systems to modernise and standardise modelling platforms as well as manage risk data. According to CEB TowerGroup Insurance, this approach will lower the operational risks of insurers as regulation tightens. However, a report by the research house reveals that many insurance firms are still struggling to meet both quantitative and qualitative requirements set in Solvency II. 76 per cent of companies say they have only partially met or have yet to meet any requirements thus far. Automation of many risk management activities, particularly reporting, remains relatively low and only 20 per cent of companies have determined their risk management system is effective through a formal assessment. In addition, 83 per cent of companies either don’t have or only have a partial internal model for solvency-related risk assessment, and are still manually reporting and calculating key risk management metrics.
The spreadsheet management challenge
Good quality data underlies accuracy of any risk calculation, regardless of the type of risk assessment models that insurers use. While organisations are deploying different types of very expensive systems to manage and ensure the integrity of data in the business, the fact is that insurers rely very heavily on spreadsheet and end user computing (EUC) applications for their day-to-day business processes, complex calculations and financial manipulations. These files are numerous with data being fed into them from a variety of internal and external sources such as brokers, cat models, clients and actuaries.
Due to the number of spreadsheet applications in use, manual supervision and management of these complex files for data quality and integrity of data is unachievable. Often, the knowledge of their existence and the information they contain is poor. This means that access to the right data or the understanding of what might be critical to these solvency risk-related calculations can be difficult, if not impossible to harness because it is spread across a sea of low value spreadsheets and EUC files.
Spreadsheet management supports Solvency II compliance
For solvency-related risk assessment, data validation is key. The regulation demands that insurers must use the correct and fully auditable data for calculations including minimum capital requirements (MCR) and solvency capital requirements (SCR). It also demands the existence of a data directory – i.e. a repository to which different end-users can refer to understand how input data is being used in the financial models.
An unmanaged spreadsheet and EUC applications estate is a significant operational risk to an insurance organisation, which can significantly impact Solvency II compliance.
Insurance companies must institute automated processes to facilitate spreadsheet and EUC application management. Automation provides visibility and an in-depth understanding of the spreadsheet and EUC landscape, enabling organisations to identify the relevant spreadsheet data sources that are being used for solvency-related risk assessments.
Also, to support data quality, an accurate view of data lineage is essential. Automated processes highlight the data connections between the various spreadsheets and EUC files, as well as establish controls to monitor data tolerances and data staleness. This is essential to ensuring that only the most current and appropriate data is used for solvency risk assessments. It is also a requirement that is in fact clearly outlined in the Solvency II regulation. Solvency risk assessments aren’t one-off processes, they are required to be undertaken periodically over a length of time so that the organisation’s changing circumstances can be taken into consideration – against the backdrop of a continuously evolving market and macroeconomic landscape.
Additionally, it’s imperative that the theoretical calculations of insurers align with the real-world scenario. Automated processes securely allow the imposition of expert human judgement on data so that it be suitably manipulated for risk-based calculations.
Creating processes that continually monitor changes to data by capturing the metadata attached to spreadsheets to provide the level of transparency needed to enable senior management to demonstrate to auditors that they understand how the business is preparing the reports and calculations. This is vital to enable companies to demonstrate their qualitative standards for risk management governance and process supervision, which is yet another key element of the Solvency II legislation. The metadata highlights the important links across the governance hierarchy – from policies and stewardship roles down to front-line user activity and remediation.
A technological approach will make Solvency II compliance less costly, near fail-safe and achievable. Control over the spreadsheet and EUC applications estate will also assist insurance firms in complying with many other regulations too such as the EU General Data Protection Regulation, ORSA and so on. Aside from minimising compliance and operational risk, perhaps the biggest benefit of regulatory compliance to insurers, if done correctly, is that it will deliver capital efficiency and boost profits.
Originally posted on Finance Digest