- Statutory basis: In preparation for Solvency II Pillar 2, EIOPA introduced a set of Guidelines in September 20131. Certain aspects of the preparatory framework do not seem to go beyond providing a clarification of the existing risk management framework. In many respects, however, the Austrian Financial Market Authority (FMA) had itself expressed the need for a statutory basis (in addition to Article 16 (3) EIOPA Regulation) in order to be able to apply the substance of the Guidelines to Austrian insurance undertakings.
- Legislative procedure: On 31 January 2014, a draft bill proposed by the Austrian Ministry of Finance introducing amendments to the Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG) was published and the legislative consultation procedure was initiated. Subject to further amendment under the legislative procedure, the new law is proposed to enter into force on 1 July 2014.
- Main regulatory objectives: The draft bill is intended to ensure that Austrian insurance undertakings are properly prepared when the new Solvency II framework is expected to enter into force on 1 January 2016. Solvency II aims at a risk-oriented supervision of insurance undertakings and will introduce a substantially revised supervisory system.
- Internal Governance: Insurance undertakings shall prepare and implement a Governance system complying with Directive 2009/138/EC (e.g. establishment of a risk management function, a compliance function, and an internal audit and actuarial function; preparation of continuity plans, back-up and disaster recovery concepts, related technical specifications and the like).
- ORSA: The core target of the measures to be taken by insurance undertakings relates to risk and solvency assessment. An insurance undertaking shall assess its overall solvency position, its specific risk profile, and its business strategy and comply with the capital requirements under Solvency II (including, on a forward-looking basis). The first solvency assessment shall be undertaken by 31 December 2014 at the latest. Some additional requirements will also need to be complied with once EIOPA issues the relevant technical standards.
- Information/Reporting: Specific information duties will apply already for the financial year 2014.
- Consolidated level: On a consolidated level, the parent undertaking needs to implement a group-wide Governance system and assess the solvency and risks of the group.
Implications at the example of outsourcing
- More explicit and intense regulation of Pillar 2 areas: Solvency II is expected to impact many areas of an insurance undertaking that are currently less intensely regulated, e.g. outsourcing relationships, which are becoming increasingly important in particular in large groups of insurance undertakings.
- Qualitative risk management: Outsourced activities / areas of an insurance undertaking will have to be perceived as being embedded in the risk management, governance, and control structures of such undertaking.
In particular, this would imply the following:
- producing internal documentation (manual or similar document) considering outsourcing as an integral part of the risk management guidelines for operational risk in accordance with § 17b para 5 VAG / EIOPA-CP 13/08 Guideline 19 in conjunction with Article 16 (3) EIOPA-Regulation and expected national implementation measures;
- producing internal outsourcing guidelines2 (EIOPA-CP 13/08 Guideline 47 in conjunction with Article 16 (3) EIOPA-Regulation, expected national implementation measures);
- contingency/emergency plans with respect to outsourced activities in general and relating to the intended outsourcing structure in particular (EIOPA-CP 13/08 Guideline 10 in conjunction with Article 16 (3) EIOPA-Regulation; EIOPA-CP 13/08 No 1.86. (d) in conjunction with Article 16 (3) EIOPA-Regulation and expected national implementation measures);
- exit strategies (in accordance with EIOPA-CP 13/08 No 1.86 (d) in conjunction with Article 16 (3) EIOPA-Regulation and expected national implementation measures)
- In addition, the outsourcing provider would usually have to provide the outsourcing undertaking with certain documentation relating to privacy and data protection, continuity plans, back-up and disaster recovery concepts, ongoing security management manuals and risk management manuals or similar internal documentation.
- Such internal documentation will allow the outsourcing undertaking to assess its counterparty risk under the outsourcing structure (reliability, reputation, quality of services and procedures).
- Embedding the internal procedures and employees of the outsourcing provider in the outsourcing institution's internal governance and risk management procedures will allow the outsourcing institution to compensate for and minimize the loss of control over functions and tasks that would otherwise be a corollary of outsourcing structures.
1 EIOPA guidelines on preparing for Solvency II, dated 27 September 2013, available here
2 Which will have to be drawn up as an integral part of the governance system, i.e. as part of the qualitative aspects of Pillar II.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.