Featured Product

    PRA Publishes Results of Survey on Cyber Insurance Underwriting Risk

    January 30, 2019

    PRA published a letter that presents the key themes that emerged from its survey on cyber insurance underwriting risk. This letter from Anna Sweeney, Director of Insurance Supervision, is addressed to the Chief Executives of specialist general insurance firms.

    In July 2017, PRA had published the supervisory statement SS4/17 on cyber insurance underwriting risk. SS4/17 set out the PRA expectations for insurers on the prudent management of cyber underwriting risk in the areas of actively managing non-affirmative cyber risk; setting clearly defined cyber strategies and risk appetites that are agreed by the board; building and continuously developing insurer cyber expertise. In May 2018, and after discussing with industry associations and Lloyd’s, PRA conducted a follow-up survey involving firms of varying size. This letter provides feedback on the key themes that emerged from firms’ responses and describes areas inn which the PRA thinks that firms can do more to ensure the prudent management of cyber risk exposures.

    The survey results suggest that although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite, and strategy. Having reviewed the responses of firms, PRA also believes that the expectations set out in SS4/17 are relevant and valid. SS4/17 set out the PRA expectations that firms should:

    • Robustly assess and effectively manage their insurance products with specific consideration to non-affirmative cyber risk exposure
    • Monitor their aggregate cyber underwriting exposure and conduct underwriting risk stress tests that explicitly consider the potential for loss aggregation (in case of firms writing affirmative cyber products)
    • Consider cyber underwriting risk stress tests with consideration given to loss aggregation at extreme return periods (up to 1 in 200 years)

    In the letter, PRA states that the responsibility is on firms to progress their work and fully align with the expectations set out in SS4/17. In relation to the expectation that firms reduce the unintended exposure to non-affirmative cyber risk, insurers should develop an action plan by the first half of 2019, with clear milestones and dates by which action will be taken. Supervisors may ask to review this plan and subsequent progress toward it. Over the rest of the year, PRA plans to undertake the following steps:

    • Provide further, targeted feedback to surveyed firms by arranging meetings with individual surveyed firms by the end of the first quarter of 2019
    • Coordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents
    • Carry out sample deep-dive reviews to other firms (not necessarily those in the initial sample) in second half of 2019 to assess how these firms are meeting the expectations set out in SS4/17

     

    Related Links

    Keywords: Europe, UK, Insurance, Cyber Risk, Underwriting Risk, SS4/17, PRA

    Related Articles
    News

    FASB Proposes Taxonomy Changes Related to Topics 848 and 470

    FASB proposed taxonomy improvements for the proposed Accounting Standards Update on topic 848 on facilitation of effects of reference rate reform on financial reporting.

    September 16, 2019 WebPage Regulatory News
    News

    BoE Statement on Recalculating Transitional Measures Under Solvency II

    BoE notified that it will be willing to accept applications from firms to recalculate transitional measure on technical provisions (TMTP) as at September 30, 2019.

    September 16, 2019 WebPage Regulatory News
    News

    PRA Publishes Waiver by Consent of Continuity of Access Rules

    PRA published a new waiver by consent to waive the Continuity of Access requirements contained in the Depositor Protection Part of the PRA Rulebook (DPP).

    September 13, 2019 WebPage Regulatory News
    News

    EBA Single Rulebook Q&A: Second Update for September 2019

    EBA updated the Single Rulebook question and answer (Q&A) tool with answers to three questions.

    September 13, 2019 WebPage Regulatory News
    News

    BoE Paper on Market-Implied Systemic Risk and Shadow Capital Adequacy

    BoE published a working paper that presents a forward-looking approach to measure systemic solvency risk.

    September 13, 2019 WebPage Regulatory News
    News

    HKMA Consults on Policy Module on Pillar 2 Supervisory Review Process

    HKMA is consulting on the revised Supervisory Policy Manual module CA-G-5 that sets out the HKMA approach to conducting the supervisory review process under Pillar 2.

    September 13, 2019 WebPage Regulatory News
    News

    PRA Revises Branch Return and Updates Guidance for Regulatory Reports

    PRA published the policy statement PS17/19, which contains the final policy related to changes in the format and content of the Branch Return Form and reporting guidance.

    September 12, 2019 WebPage Regulatory News
    News

    ESA Report Highlights Risks of No-Deal Brexit in EU Financial System

    ESAs published a Joint Committee report on risks and vulnerabilities in the EU financial system.

    September 12, 2019 WebPage Regulatory News
    News

    ECB Modifies New Targeted Longer-Term Refinancing Operations

    The Governing Council of ECB decided to modify some of the key parameters of the third series of targeted longer-term refinancing operations (TLTRO III) to preserve favorable bank lending conditions (Decision (EU) 2019/1558).

    September 12, 2019 WebPage Regulatory News
    News

    ECB Publishes Version 1.5 of AnaCredit Validation Checks

    ECB published Version 1.5 of the AnaCredit validation checks.

    September 12, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3819