PRA Publishes Results of Survey on Cyber Insurance Underwriting Risk
PRA published a letter that presents the key themes that emerged from its survey on cyber insurance underwriting risk. This letter from Anna Sweeney, Director of Insurance Supervision, is addressed to the Chief Executives of specialist general insurance firms.
In July 2017, PRA had published the supervisory statement SS4/17 on cyber insurance underwriting risk. SS4/17 set out the PRA expectations for insurers on the prudent management of cyber underwriting risk in the areas of actively managing non-affirmative cyber risk; setting clearly defined cyber strategies and risk appetites that are agreed by the board; building and continuously developing insurer cyber expertise. In May 2018, and after discussing with industry associations and Lloyd’s, PRA conducted a follow-up survey involving firms of varying size. This letter provides feedback on the key themes that emerged from firms’ responses and describes areas inn which the PRA thinks that firms can do more to ensure the prudent management of cyber risk exposures.
The survey results suggest that although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite, and strategy. Having reviewed the responses of firms, PRA also believes that the expectations set out in SS4/17 are relevant and valid. SS4/17 set out the PRA expectations that firms should:
- Robustly assess and effectively manage their insurance products with specific consideration to non-affirmative cyber risk exposure
- Monitor their aggregate cyber underwriting exposure and conduct underwriting risk stress tests that explicitly consider the potential for loss aggregation (in case of firms writing affirmative cyber products)
- Consider cyber underwriting risk stress tests with consideration given to loss aggregation at extreme return periods (up to 1 in 200 years)
In the letter, PRA states that the responsibility is on firms to progress their work and fully align with the expectations set out in SS4/17. In relation to the expectation that firms reduce the unintended exposure to non-affirmative cyber risk, insurers should develop an action plan by the first half of 2019, with clear milestones and dates by which action will be taken. Supervisors may ask to review this plan and subsequent progress toward it. Over the rest of the year, PRA plans to undertake the following steps:
- Provide further, targeted feedback to surveyed firms by arranging meetings with individual surveyed firms by the end of the first quarter of 2019
- Coordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents
- Carry out sample deep-dive reviews to other firms (not necessarily those in the initial sample) in second half of 2019 to assess how these firms are meeting the expectations set out in SS4/17
Related Links
Keywords: Europe, UK, Insurance, Cyber Risk, Underwriting Risk, SS4/17, PRA
Related Articles
|
News
FDIC Consults on Approach to Resolution Planning for IDIsFDIC approved an Advance Notice of Proposed Rulemaking (ANPR) and is seeking comment on ways to tailor and improve its rule requiring certain insured depository institutions (IDIs) to submit resolution plans.
April 22, 2019
WebPage
Regulatory News
|
|
News
EP Resolution on Proposal for Sovereign Bond Backed SecuritiesThe European Parliament (EP) published adopted text on the proposal for a regulation of the European Parliament and of the Council on sovereign bond-backed securities (SBBS).
April 16, 2019
WebPage
Regulatory News
|
|
News
HKMA Decides to Maintain Countercyclical Capital Buffer at 2.5%HKMA announced that, in accordance with the Banking (Capital) Rules, the countercyclical capital buffer (CCyB) ratio for Hong Kong remains at 2.5%.
April 16, 2019
WebPage
Regulatory News
|
|
News
EP Approves Agreement on Package of CRD 5, CRR 2, BRRD 2, and SRMR 2The European Parliament (EP) approved the final agreement on a package of reforms proposed by EC to strengthen the resilience and resolvability of European banks.
April 16, 2019
WebPage
Regulatory News
|
|
News
PRA Finalizes Policy on Approach to Managing Climate Change RisksPRA published the policy statement PS11/19, which contains final supervisory statement (SS3/19) on enhancing banks’ and insurers’ approaches to managing the financial risks from climate change (Appendix).
April 15, 2019
WebPage
Regulatory News
|
|
News
PRA Seeks Input and Issues Specifications for Insurance Stress TestsPRA announced that it will conduct an insurance stress test for the largest regulated life and general insurers from July to September 2019.
April 15, 2019
WebPage
Regulatory News
|
|
News
EBA Single Rulebook Q&A: First Update for April 2019EBA published answers to nine questions under the Single Rulebook question and answer (Q&A) updates for this week.
April 12, 2019
WebPage
Regulatory News
|
|
News
FED Updates Form and Supplemental Instructions for FR Y-9C ReportingFED updated the form and supplemental instructions for FR Y-9C reporting. FR Y-9C is used to collect data from domestic bank holding companies, savings and loan holding companies, U.S intermediate holding companies, and securities holding companies with total consolidated assets of USD 3 billion or more.
April 11, 2019
WebPage
Regulatory News
|
|
News
EIOPA Statement on Application of Proportionality in SCR SupervisionEIOPA published a supervisory statement on the application of proportionality principle in the supervision of the Solvency Capital Requirement (SCR) calculated in accordance with the standard formula.
April 11, 2019
WebPage
Regulatory News
|
|
News
ISDA Publishes Statement on FRTB Implementation in Emerging MarketsISDA published a statement that outlines challenges in implementation of the new Basel III market risk standard for banks in emerging markets.
April 11, 2019
WebPage
Regulatory News
|
