Outstanding issues in Solvency II data management requirements

Transcription

1

2 Outstanding issues in Solvency II data management requirements Dean Buckner 16 May 2013

3 Agenda Regulatory update Data review update Work in progress Thoughts on Data management framework Data directory Data quality controls Information technology

4 Regulatory update General Data governance continues to be important in a changing context The PRA s revised Solvency II planning horizon provides opportunity to embed data governance framework into business as usual to continue the dialogue about effective implementation of data governance for firms to build on existing preparations for Solvency II / ICAS + and leverage their original investment

5 Regulatory update ORSA Own Risk and Solvency Assessment Objectives Create incentives for EU insurers to measure and manage their risks better Promote a better understanding of the undertaking s overall solvency needs and capital allocation For data, firms entering IMAP need only cross-reference their own 'external review' data assessment. No additional requirements (unless the external review covered model only. Specific data requirements in the directive are for technical provisions as well as internal models). Non-IMAP firms may want to use the external review template as a basis for self-assessment (mindful of the principle of proportionality).

6 Data review update external review For internal model firms, the process is two thirds complete Act 1 (setting the scope) complete for most firms Act 2 (review, remediation) complete for most GI firms in the sample Act 3 (deep dive) in pilot Q1 2013

7 Data review update Act 3 Objective Test the external review audit Get overall assurance over compliance Provide guidance Process. In pilot, but so far, it looks as follows. Decide sample data flow and sample records Details of records at different points on stream Details of significant operations on data Details of controls over those operations

8 Data management framework Ownership of and accountability for data is not specifically covered in the Solvency II Directive. A firm s change management process should be able to rely on the data directory to identify provenance and responsibilities across the data flow and enable effective communication between upstream and downstream users. We will look to firms to apply consistency in the standards adopted and the metrics used for monitoring and escalation, even though the individual processes at entity level may be different. There should be a strong process for challenging and auditing self-assessments.

9 Data directory The underlying purpose of the data directory requirement in the November 2011 draft Level 2 text is to ensure that there is good governance over data quality, and to ensure firms think carefully about their approach to governance. A data directory should not be confused with a data dictionary. Nearly all firms struggled with an appropriate classification of data in the data directory. Classification is generally only useful if it corresponds to a common risk, or impact, or control method or other characteristic relevant to data governance.

10 Data quality controls There should be a control framework, clearly setting out what controls are required, and where. They should be in BAU! Firms should be able to demonstrate that the control process is operating properly. Controls should be maintainable. The four Es Expectation (what ought to be there?) Existence (is it actually there?) Evidence (how do you know it exists?) Explanation (do you understand how it works?)

11 Information technology Spreadsheets again! They should be appropriately controlled. Automation of spreadsheets reduces the risk of manual error, but can also introduce different problems: reduced oversight, inadequate transparency about linking, proliferation of nested linked spreadsheets. Data warehouses can bring their own problems if they have been poorly designed or are not operating in an appropriately controlled environment. Don t be fooled into thinking you can get rid of spreadsheets.

12 Questions