Charlotte Gerken of PRA Outlines Risk Management Work in Insurance
While speaking at the 24th Annual Financial CEO conference in London, Charlotte Gerken of PRA outlined the ongoing and upcoming policy work on insurance risk management. This includes a consultation paper on the prudent person principle and a supervisory statement on liquidity risk management. She also explained that PRA is thinking about capital treatment and reporting aspects in terms of addressing the cyber risk and is planning to issue a supervisory statement in the area of outsourcing and third-party risk management.
Ms. Gerken outlined the recent guidance issued and the work being in the area of liquidity management, highlighting that much of the response to complex or unmodelable risks is not quantitative but qualitative, which is the domain of the prudent person principle. In the context of Solvency II the prudent person principle sets high level, qualitative standards. Therefore, in response to increasing supervisory concerns, PRA published a consultation paper which sets out proposals for a supervisory statement that clarifies how PRA expects firms to implement the prudent person principle. PRA also published a supervisory statement on liquidity risk management for insurers and updated the existing supervisory statement on illiquid unrated assets to take into account increasing levels of investment in income-producing real estate. All three pieces of guidance concern fundamental risk management principles and how PRA expects firms to put them into practice.
She then discussed technology as the new source of risk and opportunity, highlighting the growing demand for cyber insurance. Solvency II does not mention cyber risk at all, so there is a space for firms—and regulators—to fill. However, the basic framework for dealing with these kinds of business risks is already well-established. PRA is looking at incorporating this relatively new risk into its existing approach. This means thinking about capital treatment and reporting and working with industry to facilitate a move to more explicit coverage, standardization of contracts, and remove barriers to data sharing.
According to Ms. Gerken, the bigger unknowns for PRA are arising from the changes in business models; for instance, the increasing risk of cloud outsourcing. Insurers are increasingly using third-party data storage and processing, development infrastructure, and software delivery. PRA has surveyed insurers in this area and is analyzing the results. PRA is also planning to issue a new supervisory statement on outsourcing in the near future. The supervisory statement is intended to provide a one-stop source of reference on outsourcing and third-party risk management, bringing together the previously issued guidance. PRA is also finalizing policy proposals to require firms to improve their operational resilience, including making it clear how PRA expects them to identify important business services on which they rely.
Some technology developments are creating less tractable risks, for example, machine learning. Hedging models are being built using neural networks rather than financial mathematics. These models are black boxes, producing results that are fundamentally unexplainable. Traditional models to which risk management principles are applied are built on known logic and it is possible to determine the key variables affecting results and sensitivity of the results to changes in those variables. Machine learning poses challenges for a traditional risk management framework based on identifying and analyzing key risks and dependencies. This gives rise to questions regarding how can a firm’s Board satisfy itself of the model’s prudence and appropriateness. Regulators are also struggling to understand what a governance and disclosure framework looks like for a model that cannot be explained.
Related Link: Speech
Keywords: Europe, UK, Insurance, Liquidity Risk, Solvency II, Cyber Risk, Cloud Outsourcing, Fintech, Regtech, PRA
Featured Experts
Paul McCarney
Insurance product strategist; insurance domain expert; extensive experience developing risk assessment frameworks for insurers
Brian Robinson
Actuary; risk management specialist; corporate and capital modelling expert
Previous Article
PRA Published CP6/17 on Regulatory ReportingRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.