The UK Financial Services Authority’s (FSA) recent publication, 'Solvency II: internal model approval process data review findings,' reports that firms are moving Solvency II data management capabilities into 'business as usual'. However, the report also highlights some fundamental problems with the approach that these organisations are taking. For example, the report comments that "most firms underestimated the time required to embed a group-wide data governance framework into business as usual." It found that some firms had "inadequately designed or ineffective controls over data quality" and reported that "many firms were implementing complex IT systems without a clear definition of user requirements, design, testing and appropriate controls for effective operation in business as usual."
To transition Solvency II data management into business as usual, well-defined processes, controls, governance and communication need to be put in place, encouraging the business to take responsibility.
Define processes in terms that business owners understand
Data quality and remediation processes are often unnecessarily complex. This results in people focusing on data flows between a multitude of systems with insufficient focus on the real business uses of data. To meet this challenge, Solvency II programmes should take four steps:
close the gap between the controls applied by the data provider and the needs of the data consumer. For example, if an actuary is using reinsurance exposure data in a reserving model then they need to understand the quality controls applied by Reinsurance – such as error tolerance – to determine whether they need to request additional validation or adjust model parameters
ensure the Solvency II Directive is correctly interpreted by the business. Many data policies are created without a correct understanding of the Directive, leading to incorrect processes being put in place
define and agree the scope of the data directory (a log that details what information is in use and shows where it comes from) so there is a clear understanding of why the detail is going to be stored and how it is going to be used
continue to update the directory after it has been created. This applies to all Solvency II data management. Rather than creating a separate process, you should aim to make this part of the existing process to make it easier for people to adapt.
Improve your process to manage, monitor, and audit data quality as you gain experience
In our experience, the best data governance frameworks are pragmatic, business-driven and independent of IT systems. You can achieve this with your framework by adopting three 'lines of defence':
emphasise the responsibilities of data providers and consumers through a regular self-assessment process, reviewing data flow materiality, quality controls and the status of remediation actions. This allows you to map out and identify areas where any data issues will have the highest impact. If this is not addressed, the wrong decisions could be taken – potentially leading to non-compliance of Solvency II
monitor and improve the quality of the data quality process itself: use simple business intelligence tools to provide insight on the status of data quality, trends, hot spots and business compliance
ensure that the framework is subject to internal audits. You should also provide specialist support to auditors to help them as they expand their capabilities into data management.
PA Consulting Group has worked with a number of multinational insurance organisations to help them comply with the requirements of Solvency II. In the UK, we have supported the FSA by ensuring that its programme to implement the Directive – which is the largest programme it has ever undertaken – is designed and delivered effectively.
To find out more about complying with Solvency II, contact us now.