Ed Sibley: Innovation and insurance in Ireland - a supervisory perspective
Speech by Mr Ed Sibley, Deputy Governor (Prudential Regulation) of the Central Bank of Ireland, to the Insurance Ireland, Annual President's Conference, Dublin, 29 November 2017.
With thanks to Tim O'Hanrahan for his assistance in preparing these remarks.
Good morning Ladies and Gentlemen. I would like to thank Insurance Ireland for the invitation to speak to you today, at its Annual President's Conference.
As this is my first speech to an insurance audience since my appointment as Deputy Governor, I will cover three broad topics: i) the work of the Central Bank of Ireland (Central Bank) in the context of the European Supervisory Framework, ii) regulatory priorities for 2018; and iii) matters most relevant to the theme of your conference today, "InsurTech & Innovation".
Let me begin by acknowledging the insurance industry's important role in Ireland for both individuals and businesses. From the provision of motor insurance to saving for the future and a myriad of services in between, insurance firms play an important role in people's lives on a daily basis and play a vital role in the functioning of the economy.
As insurance is such an important activity, effective prudential and conduct regulation and supervision is of fundamental importance. Insurance policyholders need to understand the products they purchase and know that an insurance firm will provide cover throughout the term of the insurance contract and have the financial strength to pay valid claims in the future.
1) European Supervisory framework
This brings me to the European insurance regulatory framework, which is part of the broader European System of Financial Supervision. This includes the European Central Bank (ECB), the Single Supervisory Mechanism (SSM); the European Systemic Risk Board (ESRB); the European Supervisory Authorities (ESAs), including the European Insurance and Occupation Pensions Authority (EIOPA); and National Competent Authorities (NCAs), such as the Central Bank.
In the banking sector, the ECB is ultimately responsible for supervision, discharged through the SSM, which comprises the ECB and NCAs. In the insurance sector, this is the responsibility of the national authorities, operating as part of the wider European regulatory ecosystem, albeit one that it is less hard-wired than for banking supervision.
Throughout the European Union (EU), insurance supervision is undertaken in line with the Solvency II framework. This aims to ensure that insurance firms operating across the EU are subject to the same regulatory and supervisory standards wherever they are based. EIOPA's key priorities include supporting this aim through the driving of supervisory convergence and the building up of a common European supervisory culture1. This reflects and supports the benefits of a level playing field for the significant amount of cross border insurance activity across the EU.
EIOPA's approach to delivering greater convergence includes, inter alia: conducting peer reviews of national authorities, arranging platform2 meetings between supervisory authorities, facilitating bilateral engagements between supervisory authorities, and attending supervisory colleges. EIOPA also publishes guidelines3 on areas not covered by regulatory or implementing technical standards and recommendations on the application of EU law.
National authorities are required to comply or explain why they are not in compliance with EIOPA guidelines. EIOPA has also recently published a common supervisory culture4 document, in which it describes the key characteristics of high quality and effective supervision.
Central Bank of Ireland in context of European Supervisory Framework
This backdrop is important context to the Central Bank's approach to regulation and supervision of the insurance sector. Our approach recognises the fundamental importance of this framework, as a supervisor of purely domestic firms, of outwardly focused firms and for those operating in Ireland through the right of establishment or freedom to provide services5.
The importance of the European framework is reflected directly in my role as Deputy Governor. I am a member of the Supervisory Board of the SSM, of the General Board of the ESRB, of the Board of Supervisors of the European Banking Authority (EBA), and of the Board of Supervisors of EIOPA. More importantly, my teams are heavily involved with the various bodies in the European supervisory framework, to ensure that we understand, operate to and influence its continued development and evolution.
Ireland plays an important role in the European insurance sector, with significant cross border activity, with both business coming into and from Ireland. It is important that our supervisory framework is designed to a high standard, continually updated and consistently implemented. The strength of the regulation and supervision of the firms providing services from Ireland across the EU is critical to the reputation and attractiveness of Ireland as a prominent location of EU insurance provision, as well as to the discharging of our European financial stability responsibilities. Driving greater convergence of supervision and regulation in other EU jurisdictions is critical to Irish financial stability and protecting Irish customers, as well as levelling the playing field for domestic players.
The Central Bank will continue to prioritise delivering in line with, and making a strong contribution to, the evolution of the European supervisory framework. This remains a cornerstone of our approach to both business as usual supervision and changes driven by Brexit.
One area where greater regulatory convergence is needed is in relation to recovery and resolution. The Central Bank does not operate a zero failure regime. All firms can face difficulties. Some may recover, but others may fail. Where failure does occur, it should happen in an orderly manner without significant financial stability or consumer protection issues. An appropriate framework is necessary to ensure failure is managed in a manner that minimises the impacts on financial stability, policyholders and beneficiaries in both home and host member states.
In banking, the recovery and resolution framework, while not perfected, is further advanced than in the insurance sector and lessons can be learned from this framework. In 2017, EIOPA published an opinion calling for a minimum degree of harmonisation in the field of recovery and resolution for insurers6. In August, the ESRB published its view that an effective recovery and resolution framework would reduce risks to financial stability from a failure in the insurance sector7. In 2018, EIOPA will start to assess the need of a harmonised approach to national insurance guarantee schemes. I am supportive of these efforts in this area.
2) Supervisory and regulatory priorities
I will turn now to our supervisory priorities for insurance firms.
The main, overarching objectives of prudential supervision of insurance firms is the safeguarding of financial stability and the protection of policyholders and beneficiaries. In the Central Bank, we are focussed on delivering an effective, intrusive, analytical and outcomes-focused approach to supervision. This is risk-based and anchored by our PRISM8 supervisory methodology.
These objectives, which are directly relevant to any consideration of the opportunities and risks relating to Insurtech & innovation, require that insurance firms:
- have sufficient financial resources including under a plausible but severe stress;
- have sustainable, capitally accretive business models, over the long-term;
- are well governed, have an appropriate culture, with effective risk management and control arrangements in place, which are commensurate with their nature, scale and complexity;
- can recover if they get into difficulty, and if they cannot, are resolvable in an orderly manner without significant externalities or taxpayer costs; and
- fully meet reporting and disclosure requirements.
So, if this is what I expect of insurance firms, what do I see? In my initial engagements, and reflecting on the diligent work of my colleagues in insurance supervision, it is clear that there is work to be done across the sector to meet these expectations (recognising that recovery and resolution is a work in progress from a regulatory perspective).
When considering the sufficiency of financial resources, the prominence of significant amounts of risk transfer is noteworthy. This is clearly a legitimate and common risk management technique. However, the elevated use of reinsurance and associated capital relief and counterparty exposure raises questions regarding the true financial strength of a firm, its substance and counterparty credit risk. Unfortunately, we are also dealing with isolated examples of deficiencies in the calculation of technical provisions, which is clearly of critical importance to the financial strength of an insurance firm.
On a more positive note, the processes regarding Own Solvency and Risk Assessments, while still requiring enhancement and bedding in, are proving to be a useful approach to determining overall solvency needs.
In relation to the sustainability of business models, it is clear that there has been some recovery in the non-life sector in Ireland. But challenges remain across both life and non-life, not least because of the sustained low interest environment. Furthermore, as I will come to, digital transformation will have a significant impact on the sector.
Solvency II requires that the system of governance shall be proportionate to the nature, scale and complexity of the operations of the insurance undertaking. Many firms have complex products, significant outsourcing with high levels of reinsurance, and there is a need to enhance governance, risk management and control arrangements in line with this complexity and the associated risks.
Specific priorities for 2018
I will turn now to specific priorities for insurance supervision for 2018. The following areas will feature in our priorities for next year:
i) Core supervisory activity: As referred to earlier, my number one priority is to ensure that my teams deliver an effective, intrusive, analytical and outcomes-focused approach to supervision. This involves our day to day supervisory team engagement with regulated firms, inspections and analysis - the three core functions of prudential supervision. We will follow and continue to enhance the PRISM framework with an emphasis on the core insurance risks including Pricing, Underwriting, Investment, Reserving and Governance. We will also relentlessly pursue improvements in those areas that I identified earlier, to bring insurance firms within our supervisory risk appetite.
ii) Brexit: Brexit will have a direct and negative impact on the Irish economy. This impact will have knock on effects on the Irish financial services system. Even in a best-case scenario, new frictions and duplications, with associated costs, will emerge in the European financial services system. The loss of the UK voice from the European system of financial regulation is also negative for Ireland.
There is considerable uncertainty and complexity for firms in dealing with Brexit, regarding, for example contract continuity, portfolio transfers, reinsurance, appropriate governance structures and regulatory treatment of third country branches by both the home and host state.
While some firms have robust plans that deal with a range of scenarios, other firms' plans are not as advanced as they need to be. Some firms have not considered a scenario of a 'hard' Brexit with no transition period. More work is required to be prepared for this plausible scenario.
With regard to Brexit related authorisations and approvals, we will continue to prioritise our authorisation activity and continue to deliver on our commitment of being transparent, predictable and consistent in our approach to authorisations and material business changes. Where Brexit has a material impact on business strategy and business models, we will challenge firms to ensure they appropriately address associated risks.
iii) Outsourcing: Outsourcing risks are a priority across the entire European supervisory system. The issue is prominent in existing firms, and also in relation to Brexit related applications. There are clear guidelines regarding material outsourcing, which in too many cases are not being adhered to. We will continue to review how regulated entities demonstrate that they are discharging their regulatory obligations when they outsource functions or any insurance or reinsurance activities, to both group and / or non-group companies.
iv) Reporting and Disclosure: I recognise the very significant increase in reporting obligations associated with Solvency II, and the challenges these give rise to. In fact, the Central Bank is having to assess and evolve its own processes to deal with the very sizeable increase in regulatory data submissions across all sectors. Nonetheless, accurate, timely and complete regulatory reporting is critical to the effectiveness of supervision. We will continue to assess firms' compliance with reporting and disclosure requirements on an on-going basis.
I will focus the remainder of my remarks on the main topic of today's conference.
3) InsurTech & innovation
The risks, impacts and opportunities for the insurance industry arising from technology changes are a key focus both locally and internationally. EIOPA9 and the IAIS10 have held roundtables and issued papers on insurance technology (Insurtech) and financial technology (Fintech) firms.
History is replete with examples of industries being transformed, created and disrupted by technology changes. This dates back centuries, but the pace of this change and the risks associated with it are increasing, in what seems like an exponential way.
If one looks at the motor industry, some of the world's largest technology companies and the world's leading car manufacturers are all investing heavily in the development of autonomous systems that will change the very nature of driving, and, therefore, of motor insurance. In this context, it is noteworthy that motor insurance is the most important non-life line of business representing over 50% of the non-life market in several EU member states.
It is clear that change is coming. On this specific example, many questions arise, including:
- who will be insured?
- who will own the data generated by these vehicles?
- how will the data be shared?
- can the owner of the data better understand the risk profile of the vehicle and be able to offer more tailored insurance?
It is clear that insurtech not only raises question in relation to what is insured, but how it will be insured, and how the different channels, providers and products combined with changing customer demands will impact on existing insurance firms. Future viability is dependent on answering these questions, and the successful adaption of business models to meet these challenges.
As you will doubtless hear from other speakers, the exponential increase in the availability, collection, and interrogation of data is but one of these opportunities and challenges. Again, using the motor insurance industry as an example, we can see a sharp increase in the use of telematics and data analysis to improve the understanding of drivers' behaviours. This provides an ability to track behaviour, better price for risk and actively incentivise the reduction in risky behaviours - so delivering positive impacts for road safety. This may reduce the number and the severity of claims, which would be of obvious benefit to all, and ultimately should result in lower premiums for policyholders.
As the volume of data increases, firms must invest in a proper data governance framework. There are a host of challenges in collecting, analysing and understanding the data to make appropriately informed decisions. The ability to collect large volumes of data also poses questions of how that data is processed and used. EIOPA has identified possible price discrimination issues in its response to the European Commission's public consultation on Fintech11 and US regulators12 have spent time considering "price optimization" tools, which determine the premium to be charged to policyholders.
The Central Bank does not have a role in the setting of premiums. In fact, all supervisory authorities in the EU are explicitly prohibited by European law from doing so. However, we do have a role from both a conduct and prudential perspective in considering how this data is used, in both the interests of the firm and its shareholders, and its customers.
As the digital transformation continues in the insurance industry, information technology risks increase, both in terms of probability and impact. The insurance industry holds particularly sensitive personal data and there is a history of cyber attacks against insurance firms.
The Central Bank continues to build and enhance its approach to IT risks to enable the assessment and challenge of the effectiveness of regulated firms' mitigation of these risks.
A year ago, we published Cross Industry Guidance on IT and Cybersecurity Risks13. This set out in relatively straightforward terms, our minimum expectations of firms, of all types, and in particular of their boards and senior management when it comes to addressing IT and cyber risk. We have required assurance from external auditors of high impact insurance firms, regarding their governance of cyber security risk and issued questionnaires to other insurance firms to gain sectoral insights.
We now have a dedicated IT risk inspection team that will cover all sectors in 2018. While this is still a relatively small team - particularly compared to the resources applied by regulated firms - we are still identifying material issues in too many firms.
The evidence from our increasingly intrusive IT risk supervision indicates that neither the IT investment nor the governance and control arrangements are adequate to satisfactorily mitigate these risks, and to be truly prepared to meet the challenges of technology and business model change associated with InsurTech & Innovation.
I will conclude here.
The insurance industry plays a critical role in the Irish financial services industry and for the economy and its citizens. The intensity and intrusiveness of our approach to supervision of the sector will continue to reflect this importance. We will continue to ensure that we are both operating to and influencing European norms of supervision, which I firmly believe is of significant benefit to the long-term sustainability of the insurance firms operating in Ireland - whether serving the domestic market or operating on a cross-border basis.
While the sector has not suffered the same extent of failures as others, we are not complacent and it is clear that improvements are required in the governance and operations of many insurance firms operating in and from Ireland. By delivering these improvements, insurance firms will be best placed to rise to the considerable challenges and opportunities arising from InsurTech & Innovation.
Thank you for your attention.
2 EIOPA has developed co-operation platform meetings in relation to cross border insurance. Platform meetings between relevant national supervisory authorities are set up when issues of supervisory concerns are detected. The platform meetings facilitate the sharing of information and coordination of actions by the home supervisory authority. Several platforms have been established in 2017.
3 In accordance with Article 16 of Regulation (EU) No 1094/2010 of the European Parliament and of the Council, the European Insurance and Occupational Pensions Authority
5 Insurance firms authorised in one EU member state have a right to provide insurance in other EU member states. Such firms operate on either a right of establishment basis or a freedom to provide services basis. The right of establishment basis involves the setting up of a branch in the host member state and providing insurance from that branch. The freedom to provide services basis involves the provision of insurance services directly from the home member state.
7 European Systemic Risk Board - Advisory Technical Committee - Insurance Expert Group - Recovery and resolution for the EU insurance sector: a macroprudential perspective August 2017
8 The Probability Risk and Impact System (PRISM) is the Central Bank's risk-based framework for the supervision of regulated firms. It supports our challenging firms, judging the risks they pose to the economy and the consumer and mitigating those risks we judge to be unacceptable. See Introduction to PRISM