Fit for purpose and right first time

COMMENT

The Central Bank of Ireland and the wider Irish insurance industry are actively finalising preparations for the first cycle of Solvency II annual reporting. Dr Allan Kearns, head of insurance analytics at the Central Bank of Ireland, reflects on the quality of the quarterly reporting to date, arguing that firms should not be using their supervisory authority as a reviewer, and should be looking to present a fully correct view of their business.

Insurers across Europe began submission of the new Solvency II regulatory templates in May 2016. There was obvious satisfaction on achieving this significant milestone with almost all submissions by firms in Ireland received by the statutory deadlines. Our vision at the Central Bank is to embed Solvency II reporting as fully and as quickly as possible in our supervisory decision making, as well as to share certain aggregate information with the insurance industry.

The achievement of this vision is entirely dependent on the quality of the information reported to us. In that context, May 2016 marked the beginning of a significant investment in quality assurance on the new Solvency II data.

How will the Central Bank assess data quality?

Our approach to the quality assurance process starts with the understanding that the accuracy of the reporting has been attested to at a senior level within each firm. The process itself encompasses three layers: taxonomy validation, data quality and plausibility checks, and supervisory review.

Taxonomy validations

Data files are accepted as valid only when they meet the various taxonomy validations. These validations are a check on the internal consistency of the data across the various templates. Importantly, it is possible for a file to meet the taxonomy validations but still contain a host of other data quality issues.

Automated checks of data quality and plausibility

Our analytics team has put in place automated checks, which in part expand on the suite of taxonomy validations, but also links Solvency II data to other data sources to cross-check submissions. Importantly, this layer offers a flexible and efficient approach to assessing quality of data that is reported, but is constrained by an inability to identify every check that might be required at this early stage in the Solvency II reporting process.

Supervisory review

Our front-line supervisors review Solvency II submissions in order to sense check the overall returns. Essentially, the question asked of supervisors is whether they recognise the business model and financial position of a regulated entity as described by the Solvency II data. We expect collaboration with EIOPA over time to provide a fourth layer, for instance, with the benefit of cross-country comparisons.

A varied quality in submissions to date

Quality assurance professionals benchmark against two basic principles: fit for purpose and right first time. In both these respects, there have been strengths and weaknesses in the first sets of submissions; we have seen instances across the entire quality spectrum, from the near perfect to other cases where significant revision has been requested. Examples of poor quality reporting have been found across all of the different categories of data. While it had been expected that the more granular asset templates would prove to be more challenging, we have seen issues across the returns including reporting on solvency coverage and own funds, balance sheet, premiums, and claims and expenses. There are a number of examples that we have shared with the industry by way of illustration. These include:

  • significant sums of notes and coins reported being held, which on investigation has proven to be a misclassification of deposits;
  • a number of firms reporting incorrectly their use of approved features of Solvency II for which they had not received regulatory approval, which on investigation can be attributed to mis-reporting, and
  • a mismatch between granular information on assets which do not match the aggregate figures on the balance sheet – which has been attributed to incorrect or incomplete reporting.

Identifying the root causes

Firms should not be using their supervisory authority as a reviewer, and should be looking to present a fully correct view of their business in their submissions. After all, firms are attesting to this level of accuracy. To understand why some firms are getting it right, and others are not, we ask directors and senior executives to reflect on three questions. 1.What controls are in place to mitigate risks to the quality of reporting? Firms may be using the taxonomy validations as their key control to ensure data quality. To our mind, this is an inappropriate threshold to apply. Meeting the taxonomy validations signals only the internal consistency of the data across the different templates, nothing more. Firms need internal processes with controls in place that prompts the question as to whether they recognise the business model and the reality that is being described to any Regulator by their data. 2. To what extent has the review and governance processes within your firm been either validated or shown to be ineffective? All of the reporting to the Central Bank to date has been signed off at a senior level. However, reviewing the issues on which we are reverting to firms would suggest that this review process has not identified and rectified errors in the submissions. In effect this is a materialisation of governance risk. Whilst those signing off returns may not be the people reviewing them, they should ensure that they have a clear process that they can rely on. 3. To what extent is there certainty of the integrity of the data from origin to final reporting? The integrity of systems and/or manual processes generating the data are a key foundation to achieve quality reporting. We would expect to see active management of such risks. This could be through investment in systems, but otherwise should be through ensuring that there are clear mitigants in place to check for errors in processes manual or automated. Ultimately, these risks should be identified and their management tracked on operational risk registers.

Fit for purpose and right first time

There is a step-change in the complexity and breadth of the annual reporting. This is apparent whether you consider the exponential increase in the number of templates, the multiple reporting of templates per line of business, the increase in the number of specific tables, validations or cross-template identical data points. Therefore, it is imperative that firms learn lessons from the quarterly reporting. Our experience to date has shown that successfully meeting the dual requirements of “fit for purpose” and “right first time” requires firms to manage much better the governance and operational risks around the reporting process. Firms’ supervisory bodies and senior executives should not attest to the accuracy of their reporting, without probing their accuracy and being provided with the requisite assurance within their own firms.


The author is head of insurance analytics at the Central Bank of Ireland. The views expressed are the author’s own.