Featured Product

    PRA Publishes Results of Survey on Cyber Insurance Underwriting Risk

    January 30, 2019

    PRA published a letter that presents the key themes that emerged from its survey on cyber insurance underwriting risk. This letter from Anna Sweeney, Director of Insurance Supervision, is addressed to the Chief Executives of specialist general insurance firms.

    In July 2017, PRA had published the supervisory statement SS4/17 on cyber insurance underwriting risk. SS4/17 set out the PRA expectations for insurers on the prudent management of cyber underwriting risk in the areas of actively managing non-affirmative cyber risk; setting clearly defined cyber strategies and risk appetites that are agreed by the board; building and continuously developing insurer cyber expertise. In May 2018, and after discussing with industry associations and Lloyd’s, PRA conducted a follow-up survey involving firms of varying size. This letter provides feedback on the key themes that emerged from firms’ responses and describes areas inn which the PRA thinks that firms can do more to ensure the prudent management of cyber risk exposures.

    The survey results suggest that although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite, and strategy. Having reviewed the responses of firms, PRA also believes that the expectations set out in SS4/17 are relevant and valid. SS4/17 set out the PRA expectations that firms should:

    • Robustly assess and effectively manage their insurance products with specific consideration to non-affirmative cyber risk exposure
    • Monitor their aggregate cyber underwriting exposure and conduct underwriting risk stress tests that explicitly consider the potential for loss aggregation (in case of firms writing affirmative cyber products)
    • Consider cyber underwriting risk stress tests with consideration given to loss aggregation at extreme return periods (up to 1 in 200 years)

    In the letter, PRA states that the responsibility is on firms to progress their work and fully align with the expectations set out in SS4/17. In relation to the expectation that firms reduce the unintended exposure to non-affirmative cyber risk, insurers should develop an action plan by the first half of 2019, with clear milestones and dates by which action will be taken. Supervisors may ask to review this plan and subsequent progress toward it. Over the rest of the year, PRA plans to undertake the following steps:

    • Provide further, targeted feedback to surveyed firms by arranging meetings with individual surveyed firms by the end of the first quarter of 2019
    • Coordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents
    • Carry out sample deep-dive reviews to other firms (not necessarily those in the initial sample) in second half of 2019 to assess how these firms are meeting the expectations set out in SS4/17

     

    Related Links

    Keywords: Europe, UK, Insurance, Cyber Risk, Underwriting Risk, SS4/17, PRA

    Related Articles
    News

    APRA Issues Interim Update to Policy Priorities for 2021 and Beyond

    In a letter addressed to the industry, the Australian Prudential Regulation Authority (APRA) set out an updated schedule of policy priorities for the banking, insurance, and superannuation industries.

    September 24, 2021 WebPage Regulatory News
    News

    EC Adopts Solvency II and Resolution Rules Package for Insurers

    The European Commission (EC) adopted a comprehensive review package of Solvency II rules in the European Union.

    September 22, 2021 WebPage Regulatory News
    News

    OCC Issues Booklets on Regulatory Reporting and Earnings

    The Office of the Comptroller of the Currency (OCC) issued Versions 1.0 of the "Earnings" and "Regulatory Reporting" booklets of the Comptroller's Handbook.

    September 22, 2021 WebPage Regulatory News
    News

    ECB Sets Out Results of Economy-Wide Climate Stress Tests

    The European Central Bank (ECB) published results of its economy-wide climate stress test, which aimed to assess the resilience of non-financial corporates and euro area banks to climate risks.

    September 22, 2021 WebPage Regulatory News
    News

    EBA Examines Implications of Increasing Use of Digital Platforms in EU

    The European Banking Authority (EBA) published a report on the use of digital platforms in the banking and payments sector in European Union.

    September 21, 2021 WebPage Regulatory News
    News

    HKMA Issues Updates on Policy Measures Intended to Ease COVID Impact

    The Hong Kong Monetary Authority (HKMA) published updates on the policy measures that were announced in context of the ongoing pandemic.

    September 21, 2021 WebPage Regulatory News
    News

    ISDA Responds to BCBS Proposal on Treatment of Cryptoasset Exposures

    The International Swaps and Derivatives Association (ISDA), along with several other associations, submitted a joint response to the Basel Committee on Banking Supervision (BCBS) consultation on preliminary proposals for the prudential treatment of cryptoasset exposures.

    September 21, 2021 WebPage Regulatory News
    News

    BIS Quarterly Review Discusses Developments in Fintech and ESG Space

    BIS published the September issue of the Quarterly Review, which contains special features that analyze the rapid rise in equity funding for financial technology firms, the effectiveness of policy measures in response to pandemic, and the evolution of international banking.

    September 20, 2021 WebPage Regulatory News
    News

    BCBS to Consult on Supervisory Practices for Climate Risks by Year-End

    The Basel Committee for Banking Supervision (BCBS) met in September 2021 and reviewed climate-related financial risks, discussed impact of digitalization, and welcomed efforts by the International Financial Reporting Standards (IFRS) Foundation to develop a common set of sustainability reporting standards

    September 20, 2021 WebPage Regulatory News
    News

    OCC Identifies Operational Risk Deficiencies in MUFG Union Bank

    The Office of the Comptroller of the Currency (OCC) issued a Cease and Desist Order against MUFG Union Bank for deficiencies in technology and operational risk governance.

    September 20, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7494