Innovation and insurance in Ireland: a supervisory perspective - Deputy Governor Prudential Regulation, Ed Sibley
29 November 2017
Speech
Speech delivered to the Insurance Ireland, Annual President’s Conference
Introduction1
Good morning Ladies and Gentlemen. I would like to thank Insurance Ireland for the invitation to speak to you today, at its Annual President’s Conference.
As this is my first speech to an insurance audience since my appointment as Deputy Governor, I will cover three broad topics: i) the work of the Central Bank of Ireland (Central Bank) in the context of the European Supervisory Framework, ii) regulatory
priorities for 2018; and iii) matters most relevant to the theme of your conference today, “InsurTech & Innovation”.
Let me begin by acknowledging the insurance industry’s important role in Ireland for both individuals and businesses. From the provision of motor insurance to saving for the future and a myriad of services in between, insurance firms play an important
role in people’s lives on a daily basis and play a vital role in the functioning of the economy.
As insurance is such an important activity, effective prudential and conduct regulation and supervision is of fundamental importance. Insurance policyholders need to understand the products they purchase and know that an insurance firm will provide cover
throughout the term of the insurance contract and have the financial strength to pay valid claims in the future.
1) European Supervisory framework
This brings me to the European insurance regulatory framework, which is part of the broader European System of Financial Supervision. This includes the European Central Bank (ECB), the Single Supervisory Mechanism (SSM); the European Systemic Risk Board
(ESRB); the European Supervisory Authorities (ESAs), including the European Insurance and Occupation Pensions Authority (EIOPA); and National Competent Authorities (NCAs), such as the Central Bank.
In the banking sector, the ECB is ultimately responsible for supervision, discharged through the SSM, which comprises the ECB and NCAs. In the insurance sector, this is the responsibility of the national authorities, operating as part of the wider European
regulatory ecosystem, albeit one that it is less hard-wired than for banking supervision.
Throughout the European Union (EU), insurance supervision is undertaken in line with the Solvency II framework. This aims to ensure that insurance firms operating across the EU are subject to the same regulatory and supervisory standards wherever they
are based. EIOPA’s key priorities include supporting this aim through the driving of supervisory convergence and the building up of a common European supervisory culture2. This reflects and supports the benefits of a level playing
field for the significant amount of cross border insurance activity across the EU.
EIOPA’s approach to delivering greater convergence includes, inter alia: conducting peer reviews of national authorities, arranging platform3 meetings between supervisory authorities, facilitating bilateral engagements between supervisory
authorities, and attending supervisory colleges. EIOPA also publishes guidelines4 on areas not covered by regulatory or implementing technical standards and recommendations on the application of EU law.
National authorities are required to comply or explain why they are not in compliance with EIOPA guidelines. EIOPA has also recently published a common supervisory culture5 document, in which it describes the key characteristics of high quality
and effective supervision.
Central Bank of Ireland in context of European Supervisory Framework.
This backdrop is important context to the Central Bank’s approach to regulation and supervision of the insurance sector. Our approach recognises the fundamental importance of this framework, as a supervisor of purely domestic firms, of outwardly
focused firms and for those operating in Ireland through the right of establishment or freedom to provide services6.
The importance of the European framework is reflected directly in my role as Deputy Governor. I am a member of the Supervisory Board of the SSM, of the General Board of the ESRB, of the Board of Supervisors of the European Banking Authority (EBA), and
of the Board of Supervisors of EIOPA. More importantly, my teams are heavily involved with the various bodies in the European supervisory framework, to ensure that we understand, operate to and influence its continued development and evolution.
Ireland plays an important role in the European insurance sector, with significant cross border activity, with both business coming into and from Ireland. It is important that our supervisory framework is designed to a high standard, continually updated
and consistently implemented. The strength of the regulation and supervision of the firms providing services from Ireland across the EU is critical to the reputation and attractiveness of Ireland as a prominent location of EU insurance provision,
as well as to the discharging of our European financial stability responsibilities. Driving greater convergence of supervision and regulation in other EU jurisdictions is critical to Irish financial stability and protecting Irish customers, as well
as levelling the playing field for domestic players.
The Central Bank will continue to prioritise delivering in line with, and making a strong contribution to, the evolution of the European supervisory framework. This remains a cornerstone of our approach to both business as usual supervision and changes
driven by Brexit.
One area where greater regulatory convergence is needed is in relation to recovery and resolution. The Central Bank does not operate a zero failure regime. All firms can face difficulties. Some may recover, but others may fail. Where failure does occur,
it should happen in an orderly manner without significant financial stability or consumer protection issues. An appropriate framework is necessary to ensure failure is managed in a manner that minimises the impacts on financial stability, policyholders
and beneficiaries in both home and host member states.
In banking, the recovery and resolution framework, while not perfected, is further advanced than in the insurance sector and lessons can be learned from this framework. In 2017, EIOPA published an opinion calling for a minimum degree of harmonisation
in the field of recovery and resolution for insurers7. In August, the ESRB published its view that an effective recovery and resolution framework would reduce risks to financial stability from a failure in the insurance sector8.
In 2018, EIOPA will start to assess the need of a harmonised approach to national insurance guarantee schemes. I am supportive of these efforts in this area.
2) Supervisory and regulatory priorities
I will turn now to our supervisory priorities for insurance firms.
The main, overarching objectives of prudential supervision of insurance firms is the safeguarding of financial stability and the protection of policyholders and beneficiaries. In the Central Bank, we are focussed on delivering an effective, intrusive,
analytical and outcomes-focused approach to supervision. This is risk-based and anchored by our PRISM9 supervisory methodology.
These objectives, which are directly relevant to any consideration of the opportunities and risks relating to Insurtech & innovation, require that insurance firms:
- have sufficient financial resources including under a plausible but severe stress;
- have sustainable, capitally accretive business models, over the long-term;
- are well governed, have an appropriate culture, with effective risk management and control arrangements in place, which are commensurate with their nature, scale and complexity;
- can recover if they get into difficulty, and if they cannot, are resolvable in an orderly manner without significant externalities or taxpayer costs; and
- fully meet reporting and disclosure requirements.
Observations
So, if this is what I expect of insurance firms, what do I see? In my initial engagements, and reflecting on the diligent work of my colleagues in insurance supervision, it is clear that there is work to be done across the sector to meet these expectations
(recognising that recovery and resolution is a work in progress from a regulatory perspective).
When considering the sufficiency of financial resources, the prominence of significant amounts of risk transfer is noteworthy. This is clearly a legitimate and common risk management technique. However, the elevated use of reinsurance and associated capital
relief and counterparty exposure raises questions regarding the true financial strength of a firm, its substance and counterparty credit risk. Unfortunately, we are also dealing with isolated examples of deficiencies in the calculation of technical
provisions, which is clearly of critical importance to the financial strength of an insurance firm.
On a more positive note, the processes regarding Own Solvency and Risk Assessments, while still requiring enhancement and bedding in, are proving to be a useful approach to determining overall solvency needs.
In relation to the sustainability of business models, it is clear that there has been some recovery in the non-life sector in Ireland. But challenges remain across both life and non-life, not least because of the sustained low interest environment. Furthermore,
as I will come to, digital transformation will have a significant impact on the sector.
Solvency II requires that the system of governance shall be proportionate to the nature, scale and complexity of the operations of the insurance undertaking. Many firms have complex products, significant outsourcing with high levels of reinsurance, and
there is a need to enhance governance, risk management and control arrangements in line with this complexity and the associated risks.
Specific priorities for 2018
I will turn now to specific priorities for insurance supervision for 2018. The following areas will feature in our priorities for next year:
i) Core supervisory activity: As referred to earlier, my number one priority is to ensure that my teams deliver an effective, intrusive, analytical and outcomes-focused approach to supervision. This involves our day to day supervisory team engagement
with regulated firms, inspections and analysis – the three core functions of prudential supervision. We will follow and continue to enhance the PRISM framework with an emphasis on the core insurance risks including Pricing, Underwriting, Investment,
Reserving and Governance. We will also relentlessly pursue improvements in those areas that I identified earlier, to bring insurance firms within our supervisory risk appetite.
ii) Brexit: Brexit will have a direct and negative impact on the Irish economy. This impact will have knock on effects on the Irish financial services system. Even in a best-case scenario, new frictions and duplications, with associated costs, will emerge
in the European financial services system. The loss of the UK voice from the European system of financial regulation is also negative for Ireland.
There is considerable uncertainty and complexity for firms in dealing with Brexit, regarding, for example contract continuity, portfolio transfers, reinsurance, appropriate governance structures and regulatory treatment of third country branches by both
the home and host state.
While some firms have robust plans that deal with a range of scenarios, other firms’ plans are not as advanced as they need to be. Some firms have not considered a scenario of a ‘hard’ Brexit with no transition period. More work is required
to be prepared for this plausible scenario.
With regard to Brexit related authorisations and approvals, we will continue to prioritise our authorisation activity and continue to deliver on our commitment of being transparent, predictable and consistent in our approach to authorisations and material
business changes. Where Brexit has a material impact on business strategy and business models, we will challenge firms to ensure they appropriately address associated risks.
iii) Outsourcing: Outsourcing risks are a priority across the entire European supervisory system. The issue is prominent in existing firms, and also in relation to Brexit related applications. There are clear guidelines regarding material outsourcing,
which in too many cases are not being adhered to. We will continue to review how regulated entities demonstrate that they are discharging their regulatory obligations when they outsource functions or any insurance or reinsurance activities, to both
group and / or non-group companies.
iv) Reporting and Disclosure: I recognise the very significant increase in reporting obligations associated with Solvency II, and the challenges these give rise to. In fact, the Central Bank is having to assess and evolve its own processes to deal with
the very sizeable increase in regulatory data submissions across all sectors. Nonetheless, accurate, timely and complete regulatory reporting is critical to the effectiveness of supervision. We will continue to assess firms’ compliance with
reporting and disclosure requirements on an on-going basis.
I will focus the remainder of my remarks on the main topic of today’s conference.
3) InsurTech & Innovation
The risks, impacts and opportunities for the insurance industry arising from technology changes are a key focus both locally and internationally. EIOPA10 and the IAIS11 have held roundtables and issued papers on insurance technology
(Insurtech) and financial technology (Fintech) firms.
History is replete with examples of industries being transformed, created and disrupted by technology changes. This dates back centuries, but the pace of this change and the risks associated with it are increasing, in what seems like an exponential way.
If one looks at the motor industry, some of the world’s largest technology companies and the world’s leading car manufacturers are all investing heavily in the development of autonomous systems that will change the very nature of driving,
and, therefore, of motor insurance. In this context, it is noteworthy that motor insurance is the most important non-life line of business representing over 50% of the non-life market in several EU member states.
It is clear that change is coming. On this specific example, many questions arise, including:
- who will be insured?
- who will own the data generated by these vehicles?
- how will the data be shared?
- can the owner of the data better understand the risk profile of the vehicle and be able to offer more tailored insurance?
It is clear that insurtech not only raises question in relation to what is insured, but how it will be insured, and how the different channels, providers and products combined with changing customer demands will impact on existing insurance firms. Future
viability is dependent on answering these questions, and the successful adaption of business models to meet these challenges.
As you will doubtless hear from other speakers, the exponential increase in the availability, collection, and interrogation of data is but one of these opportunities and challenges. Again, using the motor insurance industry as an example, we can see a
sharp increase in the use of telematics and data analysis to improve the understanding of drivers’ behaviours. This provides an ability to track behaviour, better price for risk and actively incentivise the reduction in risky behaviours –
so delivering positive impacts for road safety. This may reduce the number and the severity of claims, which would be of obvious benefit to all, and ultimately should result in lower premiums for policyholders.
As the volume of data increases, firms must invest in a proper data governance framework. There are a host of challenges in collecting, analysing and understanding the data to make appropriately informed decisions. The ability to collect large volumes
of data also poses questions of how that data is processed and used. EIOPA has identified possible price discrimination issues in its response to the European Commission’s public consultation on Fintech12 and US regulators13 have spent time considering "price optimization" tools, which determine the premium to be charged to policyholders.
The Central Bank does not have a role in the setting of premiums. In fact, all supervisory authorities in the EU are explicitly prohibited by European law from doing so. However, we do have a role from both a conduct and prudential perspective in considering
how this data is used, in both the interests of the firm and its shareholders, and its customers.
IT Risk
As the digital transformation continues in the insurance industry, information technology risks increase, both in terms of probability and impact. The insurance industry holds particularly sensitive personal data and there is a history of cyber attacks
against insurance firms.
The Central Bank continues to build and enhance its approach to IT risks to enable the assessment and challenge of the effectiveness of regulated firms’ mitigation of these risks.
A year ago, we published Cross Industry Guidance on IT and Cybersecurity Risks14. This set out in relatively straightforward terms, our minimum expectations of firms, of all types, and in particular of their boards and senior management when
it comes to addressing IT and cyber risk. We have required assurance from external auditors of high impact insurance firms, regarding their governance of cyber security risk and issued questionnaires to other insurance firms to gain sectoral insights.
We now have a dedicated IT risk inspection team that will cover all sectors in 2018. While this is still a relatively small team - particularly compared to the resources applied by regulated firms - we are still identifying material issues in too many
firms.
The evidence from our increasingly intrusive IT risk supervision indicates that neither the IT investment nor the governance and control arrangements are adequate to satisfactorily mitigate these risks, and to be truly prepared to meet the challenges
of technology and business model change associated with InsurTech & Innovation.
Conclusion
I will conclude here.
The insurance industry plays a critical role in the Irish financial services industry and for the economy and its citizens. The intensity and intrusiveness of our approach to supervision of the sector will continue to reflect this importance. We will
continue to ensure that we are both operating to and influencing European norms of supervision, which I firmly believe is of significant benefit to the long-term sustainability of the insurance firms operating in Ireland – whether serving the
domestic market or operating on a cross-border basis.
While the sector has not suffered the same extent of failures as others, we are not complacent and it is clear that improvements are required in the governance and operations of many insurance firms operating in and from Ireland. By delivering these improvements,
insurance firms will be best placed to rise to the considerable challenges and opportunities arising from InsurTech & Innovation.
Thank you for your attention.
----------------------------------------------------
1
With
thanks to Tim O’Hanrahan for his assistance in preparing these remarks.
2
Speech by Gabriel Bernardino, Chairman of EIOPA at the 7th Annual Conference: Insurance
and Pensions Reloaded: A Game Changer
3
EIOPA has developed co-operation platform meetings in relation to cross border insurance. Platform meetings between relevant national supervisory authorities are set up when issues of supervisory concerns are detected. The platform meetings facilitate
the sharing of information and coordination of actions by the home supervisory authority. Several platforms have been established in 2017.
4 In
accordance with Article 16 of Regulation (EU) No 1094/2010 of the European
Parliament and of the Council, the European Insurance and Occupational Pensions
Authority
5 EIOPA
- Infographic:
A Common Supervisory Culture
6 Insurance
firms authorised in one EU member state have a right to provide insurance in
other EU member states. Such firms operate on either a right of establishment
basis or a freedom to provide services basis. The right of establishment basis
involves the setting up of a branch in the host member state and providing insurance
from that branch. The freedom to provide services basis involves the provision
of insurance services directly from the home member state.
7 EIOPA - Opinion
to Institutions of the European Union on the harmonisation of recovery and
resolution frameworks for (re)insurers across member states
8
European Systemic Risk Board – Advisory Technical Committee – Insurance Expert
Group - Recovery
and resolution for the EU insurance sector: a macroprudential perspective
August 2017
9
The
Probability Risk and Impact System (PRISM) is the Central Bank’s risk-based
framework for the supervision of regulated firms. It supports our challenging firms, judging the risks they pose to the economy and the consumer and mitigating those risks we judge to be unacceptable.
See Introduction to PRISM
10
EIOPA – Round
Table on InsurTech
11
IAIS –
Report on
Fintech Developments in the Insurance Industry
12
EIOPA Response to the Commission’s public consultation on FinTech: A more competitive and innovative European Financial Sector
13
National Association of Insurance Commissioners - Price
Optimization
14
Cross
Industry Guidance on IT and Cybersecurity Risks