Featured Product

    PRA Publishes Results of Survey on Cyber Insurance Underwriting Risk

    January 30, 2019

    PRA published a letter that presents the key themes that emerged from its survey on cyber insurance underwriting risk. This letter from Anna Sweeney, Director of Insurance Supervision, is addressed to the Chief Executives of specialist general insurance firms.

    In July 2017, PRA had published the supervisory statement SS4/17 on cyber insurance underwriting risk. SS4/17 set out the PRA expectations for insurers on the prudent management of cyber underwriting risk in the areas of actively managing non-affirmative cyber risk; setting clearly defined cyber strategies and risk appetites that are agreed by the board; building and continuously developing insurer cyber expertise. In May 2018, and after discussing with industry associations and Lloyd’s, PRA conducted a follow-up survey involving firms of varying size. This letter provides feedback on the key themes that emerged from firms’ responses and describes areas inn which the PRA thinks that firms can do more to ensure the prudent management of cyber risk exposures.

    The survey results suggest that although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite, and strategy. Having reviewed the responses of firms, PRA also believes that the expectations set out in SS4/17 are relevant and valid. SS4/17 set out the PRA expectations that firms should:

    • Robustly assess and effectively manage their insurance products with specific consideration to non-affirmative cyber risk exposure
    • Monitor their aggregate cyber underwriting exposure and conduct underwriting risk stress tests that explicitly consider the potential for loss aggregation (in case of firms writing affirmative cyber products)
    • Consider cyber underwriting risk stress tests with consideration given to loss aggregation at extreme return periods (up to 1 in 200 years)

    In the letter, PRA states that the responsibility is on firms to progress their work and fully align with the expectations set out in SS4/17. In relation to the expectation that firms reduce the unintended exposure to non-affirmative cyber risk, insurers should develop an action plan by the first half of 2019, with clear milestones and dates by which action will be taken. Supervisors may ask to review this plan and subsequent progress toward it. Over the rest of the year, PRA plans to undertake the following steps:

    • Provide further, targeted feedback to surveyed firms by arranging meetings with individual surveyed firms by the end of the first quarter of 2019
    • Coordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents
    • Carry out sample deep-dive reviews to other firms (not necessarily those in the initial sample) in second half of 2019 to assess how these firms are meeting the expectations set out in SS4/17

     

    Related Links

    Keywords: Europe, UK, Insurance, Cyber Risk, Underwriting Risk, SS4/17, PRA

    Related Articles
    News

    HKMA on Fintech Adoption and Innovation by Banks in Hong Kong

    HKMA announced the publication of a report on fintech adoption and innovation in the banking industry in Hong Kong.

    May 20, 2020 WebPage Regulatory News
    News

    BIS on Impact of Increasing Use of Cloud Technology on Cyber Risk

    BIS published a working paper that examines the drivers of cyber risk, especially in context of the cloud services.

    May 20, 2020 WebPage Regulatory News
    News

    ECB Consults on Guide for Managing Climate and Environmental Risks

    ECB launched consultation on a guide specifying how the Banking Supervision expects banks to consider climate-related and environmental risks in their governance and risk management frameworks and when formulating and implementing their business strategy.

    May 20, 2020 WebPage Regulatory News
    News

    ECB Issues Opinion on Revisions to CRR in Response to COVID Crisis

    ECB published an opinion (CON/2020/16) on amendments to the prudential framework in EU in response to the COVID-19 pandemic.

    May 20, 2020 WebPage Regulatory News
    News

    EBA Assesses Interlinkages Between Recovery and Resolution Planning

    EBA published a report that examines the interlinkages between recovery and resolution planning under the Bank Recovery and Resolution Directive (BRRD).

    May 20, 2020 WebPage Regulatory News
    News

    SRB Publishes Final MREL Policy Under the Banking Package

    SRB published the final Minimum Requirements for Own Funds and Eligible Liabilities (MREL) policy under the Banking Package.

    May 20, 2020 WebPage Regulatory News
    News

    US Agencies Amend Interim Final Rule on Transition Period for CECL

    US Agencies (FDIC, FED, and OCC) published a final rule that makes technical changes to the March 31, 2020 interim final rule that provides a five-year transition period for the impact of the current expected credit loss (CECL) methodology on regulatory capital.

    May 19, 2020 WebPage Regulatory News
    News

    ECB Releases Results of March Survey on Credit Terms and Conditions

    ECB published results of the March 2020 survey on credit terms and conditions in euro-denominated securities financing and over-the-counter (OTC) derivatives markets.

    May 19, 2020 WebPage Regulatory News
    News

    FINMA Adjusts Deadlines for COVID-19 Relief Measures for Banks

    FINMA published guidance (06/2020) on extending or discontinuing various exemptions that were granted due to the COVID-19 crisis.

    May 19, 2020 WebPage Regulatory News
    News

    SRB Consults on Standardized Data Set for Bank Valuation in Resolution

    SRB launched a consultation on the minimum data needed for valuation of a bank in resolution.

    May 19, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5203