The reliability of regulatory reporting has been a subject of concern to the PRA for some time, with the regulator having first written to banking CEOs in October 2019, and following that up by commissioning a number of Section 166 reviews of insurers’ practices. The latest ‘Dear CEO’ letter to banks delivers its verdict, summed up in the following paragraph excerpts:
Although the 'Dear CEO' letters have been targeted at banks, individual insurers will also identify with some of the common issues and pitfalls that we see hindering regulatory reporting work in each of the following three areas of concern highlighted in the PRA's letter:
Frequently, problems stem from a lack of accountability for the end-to-end regulatory process and, from that, poor understanding of what the holistic process entails. This lack of cohesion often creates an inefficient and error prone process that, in turn, leads to low confidence in results and high risk of misstatement of results.
Further challenges within those regulatory reporting processes include poor governance and transparency of key assumptions and interpretations, many of which have become hard coded into the process. And frequently, these kinds of issues are exacerbated by over-reliance on certain teams or individuals with limited oversight and a lack of basic documentation, periodic reviews and appropriate sign-offs.
The PRA’s perception of the lack of controls in regulatory reporting processes stems from the lack of ownership as outlined in the section on governance and ownership above. This is often exacerbated by the high degree of manual intervention and use of spreadsheets that are vulnerable to overwriting, poor record keeping of original and updated model documentation and approvals, and a failure to identify instances that require regulatory approval or notification.
A hesitancy on the part of some insurers to invest in the overall regulatory reporting process has left them with outdated system infrastructure that stores data in disconnected silos, limits modelling capacity and increases the possibility of errors and mis-stated returns. Moreover, that lack of strategic and fit-for-purpose systems often results in a proliferation of ill-suited tactical solutions that fail to address the underlying root causes of issues. Further complications can arise where companies are using unsupported technology platforms.
We believe that the PRA could be doing insurers a favour by shining a light on the rigour of regulatory submissions.
The bottom line of inefficient and inaccurate regulatory reporting processes is not just that the PRA is dissatisfied and wants solutions.
The result is insurers need to revisit current processes and their technology, to avoid management distraction and unwanted regulatory scrutiny, which may slow down execution of strategy. This is also a gilt-edged opportunity for insurers to increase trust in regulatory results, reduce compliance costs, and avoid having to regularly deploy extra resources to regulatory work when they could be doing things that provide more business value.
What kind of measures can bring that about in our experience?
For simplicity and consistency, let’s break them down again into the three elements of the PRA letter;
Having a clearly defined governance structure can help avoid the common pitfalls outlined above, reducing the risk of errors, maximising efficiency and delivering trustworthy results. This includes measures such as:
Having well-established controls can work to address the challenges insurers face as a result of compromising control factors, for example high-degrees of manual intervention and failures that may result in regulatory intervention. Actions might include:
While this is the last mentioned of the corrective components of the PRA letter, better investment in data and technology will often be an essential part of achieving improvements in the other components of regulatory reporting. Modern insurance technology, when applied to regulatory needs, can offer insurers:
Quite simply, many insurers will have to make adjustments in their regulatory reporting processes to adhere to what the PRA is asking of them now and expects of them in the future. The PRA pressure to improve regulatory reporting processes is likely to increase over time rather than go away. Therefore, we believe insurers are now at a cross-roads in deciding how they respond.
Leading insurers we are working with are taking a more strategic approach to deal with this and using it as a catalyst for wider reporting process improvements, driven by other regulatory and commercial demands', including the embedding of IFRS 17 into business as usual. Continuing to take a tactical approach is unlikely to be sustainable and will cost insurers more time and costs in the long-run, together with running an on-going risk relating to regulatory scrutiny and possibly intervention.
The question of the extent of those adjustments then comes down to whether insurers take a narrow, exclusively compliance-driven view or see regulatory obligations as an extension of the data management, analytics, modelling and reporting of the business as a whole.
Source: WTW
Increasingly, we believe best practice regulatory reporting processes will move towards the latter (Figure 1), driving out inefficiency and cost in the bargain.
For more information on how our consulting and technology offering can assist you in adopting a strategic approach to and wider transformation, get in touch with the authors of this article or email us at ict@willistowerwatson.com
For over a decade, Charlie has provided transformational insurance solutions with specific focus on automation, cost reduction, internal efficiency, system integration, legacy system modernisation and distribution channel connectivity. Charlie is acutely focussed on ensuring our solutions and services exceed client expectations.