Featured Product

    PRA Publishes Results of Survey on Cyber Insurance Underwriting Risk

    January 30, 2019

    PRA published a letter that presents the key themes that emerged from its survey on cyber insurance underwriting risk. This letter from Anna Sweeney, Director of Insurance Supervision, is addressed to the Chief Executives of specialist general insurance firms.

    In July 2017, PRA had published the supervisory statement SS4/17 on cyber insurance underwriting risk. SS4/17 set out the PRA expectations for insurers on the prudent management of cyber underwriting risk in the areas of actively managing non-affirmative cyber risk; setting clearly defined cyber strategies and risk appetites that are agreed by the board; building and continuously developing insurer cyber expertise. In May 2018, and after discussing with industry associations and Lloyd’s, PRA conducted a follow-up survey involving firms of varying size. This letter provides feedback on the key themes that emerged from firms’ responses and describes areas inn which the PRA thinks that firms can do more to ensure the prudent management of cyber risk exposures.

    The survey results suggest that although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite, and strategy. Having reviewed the responses of firms, PRA also believes that the expectations set out in SS4/17 are relevant and valid. SS4/17 set out the PRA expectations that firms should:

    • Robustly assess and effectively manage their insurance products with specific consideration to non-affirmative cyber risk exposure
    • Monitor their aggregate cyber underwriting exposure and conduct underwriting risk stress tests that explicitly consider the potential for loss aggregation (in case of firms writing affirmative cyber products)
    • Consider cyber underwriting risk stress tests with consideration given to loss aggregation at extreme return periods (up to 1 in 200 years)

    In the letter, PRA states that the responsibility is on firms to progress their work and fully align with the expectations set out in SS4/17. In relation to the expectation that firms reduce the unintended exposure to non-affirmative cyber risk, insurers should develop an action plan by the first half of 2019, with clear milestones and dates by which action will be taken. Supervisors may ask to review this plan and subsequent progress toward it. Over the rest of the year, PRA plans to undertake the following steps:

    • Provide further, targeted feedback to surveyed firms by arranging meetings with individual surveyed firms by the end of the first quarter of 2019
    • Coordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents
    • Carry out sample deep-dive reviews to other firms (not necessarily those in the initial sample) in second half of 2019 to assess how these firms are meeting the expectations set out in SS4/17

     

    Related Links

    Keywords: Europe, UK, Insurance, Cyber Risk, Underwriting Risk, SS4/17, PRA

    Related Articles
    News

    EC Adopts Financial Reporting Changes Arising from Benchmark Reforms

    EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.

    January 14, 2021 WebPage Regulatory News
    News

    BIS Bulletin Examines Key Elements of Policy Response to Cyber Risk

    BIS published a bulletin, or a note, that examines the cyber threat landscape in the context of the pandemic and discusses policies to reduce risks to financial stability.

    January 14, 2021 WebPage Regulatory News
    News

    HMT Updates List of Post-Brexit Equivalence Decisions in UK

    HM Treasury, also known as HMT, has updated the table containing the list of the equivalence decisions that came into effect in UK at the end of the transition period of its withdrawal from EU.

    January 14, 2021 WebPage Regulatory News
    News

    EBA Issues Erratum for Technical Package on Reporting Framework 3.0

    EBA published an erratum for technical package on phase 1 of the reporting framework 3.0.

    January 14, 2021 WebPage Regulatory News
    News

    APRA Publishes FAQ on Measurement of Credit Risk Weighted Assets

    APRA updated a frequently asked question (FAQ), for authorized deposit-taking institutions, on the measurement of credit risk weighted assets.

    January 14, 2021 WebPage Regulatory News
    News

    EBA Publishes Risk Dashboard for Third Quarter of 2020

    EBA published the quarterly risk dashboard, along with the results of the Risk Assessment Questionnaire survey among 60 banks and 15 market analysts.

    January 13, 2021 WebPage Regulatory News
    News

    ECB Analysis Shows Privacy as Biggest Concern in Use of Digital Euro

    ECB concluded the public consultation on the introduction of a digital euro in EU.

    January 13, 2021 WebPage Regulatory News
    News

    ECB Finalizes Guide on Supervisory Approach to Bank Consolidation

    ECB published a guide that sets out the supervisory approach to consolidation in the banking sector.

    January 12, 2021 WebPage Regulatory News
    News

    SRB Chair Outlines Work Priorities for 2021

    The SRB Chair Elke König published an article setting out work priorities for 2021.

    January 11, 2021 WebPage Regulatory News
    News

    FDIC Selects Companies to Compete in Final Phase of Tech Sprint

    FDIC has selected 11 technology companies—including BearingPoint, Fed Reporter, Inc, and S&P Global Market Intelligence, LLC—for inclusion in the third and final phase of the rapid prototyping competition.

    January 11, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 6417