Charlotte Gerken of PRA Outlines Risk Management Work in Insurance
While speaking at the 24th Annual Financial CEO conference in London, Charlotte Gerken of PRA outlined the ongoing and upcoming policy work on insurance risk management. This includes a consultation paper on the prudent person principle and a supervisory statement on liquidity risk management. She also explained that PRA is thinking about capital treatment and reporting aspects in terms of addressing the cyber risk and is planning to issue a supervisory statement in the area of outsourcing and third-party risk management.
Ms. Gerken outlined the recent guidance issued and the work being in the area of liquidity management, highlighting that much of the response to complex or unmodelable risks is not quantitative but qualitative, which is the domain of the prudent person principle. In the context of Solvency II the prudent person principle sets high level, qualitative standards. Therefore, in response to increasing supervisory concerns, PRA published a consultation paper which sets out proposals for a supervisory statement that clarifies how PRA expects firms to implement the prudent person principle. PRA also published a supervisory statement on liquidity risk management for insurers and updated the existing supervisory statement on illiquid unrated assets to take into account increasing levels of investment in income-producing real estate. All three pieces of guidance concern fundamental risk management principles and how PRA expects firms to put them into practice.
She then discussed technology as the new source of risk and opportunity, highlighting the growing demand for cyber insurance. Solvency II does not mention cyber risk at all, so there is a space for firms—and regulators—to fill. However, the basic framework for dealing with these kinds of business risks is already well-established. PRA is looking at incorporating this relatively new risk into its existing approach. This means thinking about capital treatment and reporting and working with industry to facilitate a move to more explicit coverage, standardization of contracts, and remove barriers to data sharing.
According to Ms. Gerken, the bigger unknowns for PRA are arising from the changes in business models; for instance, the increasing risk of cloud outsourcing. Insurers are increasingly using third-party data storage and processing, development infrastructure, and software delivery. PRA has surveyed insurers in this area and is analyzing the results. PRA is also planning to issue a new supervisory statement on outsourcing in the near future. The supervisory statement is intended to provide a one-stop source of reference on outsourcing and third-party risk management, bringing together the previously issued guidance. PRA is also finalizing policy proposals to require firms to improve their operational resilience, including making it clear how PRA expects them to identify important business services on which they rely.
Some technology developments are creating less tractable risks, for example, machine learning. Hedging models are being built using neural networks rather than financial mathematics. These models are black boxes, producing results that are fundamentally unexplainable. Traditional models to which risk management principles are applied are built on known logic and it is possible to determine the key variables affecting results and sensitivity of the results to changes in those variables. Machine learning poses challenges for a traditional risk management framework based on identifying and analyzing key risks and dependencies. This gives rise to questions regarding how can a firm’s Board satisfy itself of the model’s prudence and appropriateness. Regulators are also struggling to understand what a governance and disclosure framework looks like for a model that cannot be explained.
Related Link: Speech
Keywords: Europe, UK, Insurance, Liquidity Risk, Solvency II, Cyber Risk, Cloud Outsourcing, Fintech, Regtech, PRA
Featured Experts

Paul McCarney
Insurance product strategist; insurance domain expert; extensive experience developing risk assessment frameworks for insurers

Brian Robinson
Actuary; risk management specialist; corporate and capital modelling expert
Previous Article
PRA Published CP6/17 on Regulatory ReportingRelated Articles
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
German Regulators Issue Multiple Reporting Updates for Banks
Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.