Ian Laughlin, Executive Member - Financial Services Council Life Insurance Conference, Sydney
Thanks for the opportunity to talk with you today. Henry Ford said:
"History is more or less bunk. It's tradition. We don't want tradition. We want to live in the present, and the only history that is worth a tinker's damn is the history that we make today."
George Santayana, a Spanish American philosopher, said:
"Those who cannot remember the past are condemned to repeat it"
Now the question that begs to be asked here is this: Which of Henry and George would have made the better prudential regulator?
We can only guess. George shows some promise, but Henry might be a worry. The two of them together look better, but they lack the forward-looking perspective that is critical.
A regulator needs to remember what has gone wrong in the past, understand the implications and be prepared to help the industry avoid or manage similar problems in future.
At the same time, we must not fight yesterday’s wars. We have to recognize the fast-changing industry and the dynamic world we work in. The present must be managed, and the future prepared for.
And we are particularly interested in what might lurk in the tail of the distribution of potential outcomes. This means thinking well beyond past industry experience repeating itself.
These sorts of thoughts have been running through my mind as I reflect on my first nine months as an APRA Member and how I might approach the job in future.
And there is plenty going on to exercise my mind!
We have the LAGIC capital review, the Basel III developments in banking which will have some flow-on effects to the insurance world, a number of developments in insurance regulation internationally, the ongoing development of risk management practices, and the bedding-down of APRA’s remuneration requirements to name a few.
So it’s timely for me to be talking with you.
Here’s what I will talk about:
Life Company Boards and Management
Let’s now turn to the board of directors.
I appreciate that most of you here today are not directors of life companies. But if you work for a life company, it will have a board, and the directors are dependent on you and your colleagues for support in various ways.
So let’s first talk about some of the requirements of, and pressures on life company boards, and then we will discuss how management can be of help to individual directors and boards in performing their duties.
Governance standards for all large companies have risen considerably over the years, and it is fair to say that expectations of directors are now much higher than they once were.
I don’t want to discuss general governance standards here. They are well-addressed elsewhere – by the Australian Institute of Company Directors in particular. Rather I want to focus on the particular requirements for directors and boards of life companies (and other regulated entities).
First, the Life Act sets out duties for each director - in particular to take reasonable care and due diligence to ensure that in the "investment, administration and management of the assets" the life company gives priority to the interests of owners and prospective owners of policies.
This is a challenging requirement, which can seriously test a board at times, particularly when the life company is part of a wider financial services group.
Separately, APRA places obligations on life company boards through its prudential standards. We do this because the board has a critical role in protecting the interests of policyholders.
Our prudential standards are quite explicit in many areas – indeed, a quick count from our life insurance standards will yield about 50 specific requirements for boards!
However, APRA’s prudential standards also empower boards because they give a frame of reference for good practice. In many ways the interests of the board and APRA are strongly aligned and our standards help with the outcomes the board would otherwise be seeking.
But even with the best of intentions it can be very difficult for boards to fully meet our requirements.
Which leads us to the role of management in supporting the board.
(When I refer to "board" here, for ease of reference I include relevant committees – in particular the audit, risk and remuneration committees.)
Boards rely heavily on management in many ways, apart from the obvious one of running the business.
But assistance by management can be, and often is on the basis of what might be called operational support. All information needed by the board is provided by way of regular management reporting, through special reports as needed (e.g. the financial condition report), by advice of changes in regulation as they occur, with efficient secretarial support, and so on.
Now it is easy to think that if this is done well, then management has met its responsibilities in supporting the board.
But management has an obligation to recognise the difficult role the board has and to make it as easy as possible for the board to meet its responsibilities. Management also should recognise the value of strong governance and of the advice and counsel a well-performing board can give, and this too should encourage management to provide as much support as possible.
So my challenge to management is to think beyond operational support, and to think of leadership in helping the board do its job.
Now you might ask how management can provide leadership to the board, given the board’s role in overseeing management.
Some of the answer is provided by the following quote, which is usually attributed to Alexandre Auguste Ledru-Rollin, a politician involved in the French Revolution. He said:
"There go the people. I must follow them, for I am their leader."
I love that quote!
My point is that management can have a great influence on the board’s priorities and on the way it performs its role, and ultimately on how well they meet their regulatory obligations.
So that’s all very well and good, but what can you do in a practical sense?
Here are some thoughts covering four areas. In each case I will provide a practical suggestion to illustrate, but these are not meant to be definitive, or to be an exhaustive list. They are meant to challenge your thinking.
Not surprisingly boards tend to respond to what is given to them. This is understandable when you consider the significant volume of reports and data they are given, and the complexity of issues in a life company. It is difficult enough to address what is provided in a large pack of board papers, let alone think about and address issues not considered in those papers.
So management has a particular responsibility to help the board think ahead, and this includes meeting regulatory requirements.
One way of doing this is to have a systematic approach to consideration of regulatory obligations. This might be done by:
- Providing a summary of regulatory requirements and make it available each meeting;
- Cross referencing each requirement in the summary with dates, processes and regular reports; and
- Regularly providing an assessment of progress, with identification of areas of weakness etc
A similar approach might be taken with various board-approved policies - in particular the risk management policy - and with the board’s charter to ensure the board systematically addresses its responsibilities.
It can also be very helpful, where possible, for management to couch recommendations and resolutions so that they consciously address elements of the board charter, policies etc.
Sort the wheat from the chaff
Our industry is complex, and it is easy to produce long and detailed documents to deal with the various issues before the board. However, the main points or essence of an issue usually can be captured in much fewer words.
One way of turning this to good effect is to limit the length of the main body of all board papers to, say, 10 pages, and put all supporting information in appendices. This ensures the writer addresses the main points succinctly and helps the reader come to grips with them fairly quickly, but at the same time provides full details for easy reference when required. The reader will also know that when confronted with a very long paper, they will not have to study the whole document before they are sure they have covered all main points.
Look for ways to complement documents to explain issues. These might be used, for example, in capital management considerations so that the board can get a feel for the moving parts. A tool which is of real use will likely become a frame of reference for the board over time.
For example, you could use sensitivity tables and diagrams to help understand the financial dynamics of the company. Stress testing (more on which in a minute) is another tool which can be a very powerful.
Boards meet relatively infrequently. Most directors do not work in the industry, and will have a range of other interests. It is therefore difficult to recall, for example, the contents of the latest FCR, or the details of a policy that the board may have approved two years ago, or some of the details of the strategic plan, or all of the board’s regulatory obligations.
And yet this information can be of great benefit as a reference when reading a board paper.
Consider providing an online compendium of reference material, including a summary of regulatory obligations, and keep it up to date.
These ideas will help, but what is most important is management’s attitude. If management is intent on helping the board beyond operational support, then it will find ways and means of doing this.
This in turn will help APRA, and we get a virtuous circle that looks something like this:
I mentioned the use of tools to help the board, and that stress testing is one such tool.
Stress testing is done in various ways, but in essence it involves a plausible but very adverse scenario and an assessment of the impact of that scenario.
On occasions in the past, APRA has requested insurers to conduct stress tests on their business, based on parameters specified by APRA.
These tests are powerful tools. They help APRA and management to understand the capacity of the organization to cope with the specified scenario, and they also provide insights into vulnerabilities of each company. From this, lessons can be learnt that might lead to changes in strategy or operations.
More generally, stress tests can be of great help to management and boards in assessing the out-workings of actuarial models and prudential capital requirements, without the need for a detailed understanding of how those models or requirements work. So they are a great help in coping with what many directors see as the actuarial black box.
There is also a very useful concept called reverse stress testing. This is a little different, in that it seeks to determine a scenario that for example, would cause the company to breach its regulatory capital requirements. This can give fresh insights into vulnerabilities, in a way that will be well-understood by the board.
We want to encourage management and boards to consider stress tests as one of the more important weapons in their armoury, and to use them accordingly.
In a minute, I will give an example of how stress testing could be helpful to boards and management in meeting their LAGIC requirements.
Before I talk about LAGIC, it is worth reviewing some international developments in financial regulation to give context.
Recent and current activities include the following:
- Basel 3 in banking, which will see revised capital requirements (amount and quality) and liquidity requirements.
- Solvency II for insurance in Europe, long in the making, which is a fundamental overhaul of capital requirements.
- UK changes in insurance regulation a few years ago.
- International Association of Insurance Supervisors (IAIS) guidance for insurance supervisors (like APRA).
There are a few points to note here:
- They all use the three pillar concept, which we have adopted for LAGIC.
- They are all moving to greater risk-sensitivity (as for LAGIC).
- They all have 1 in 200 (or similar) level of sufficiency aims.
- There is increasing alignment of capital requirements across sectors i.e. banking, life and general insurance (one of the aims of LAGIC).
- There is increasing alignment of requirements from regulator to regulator internationally.
- There is also increasing adoption of the Tier1 and Tier 2 concepts of quality of capital (as for LAGIC).
- In most cases, the concept of formally defined capital buffers is being introduced – sometimes called "hard" and "soft" floors.
So (perhaps unsurprisingly in the aftermath of the GFC), we are seeing much greater co-operation and alignment of thinking internationally and across sectors, and APRA is part of this.
As its name implies, the members of the International Association of Insurance Supervisors are regulators like APRA.
APRA is an active member of the IAIS, and is engaged in a number of its activities.
IAIS’s aim is to support the development of high standards of insurance supervision around the world. Accordingly it has developed a set of Insurance Core Principles (ICPs), supported by Standards, and Guidance. These are aimed at the supervisors rather than institutions, and are intended to set minimum standards.
There are three main activities currently being undertaken by the IAIS:
- A comprehensive review of the ICPs, Standards and Guidance. This work is well advanced.
- The Financial Stability Board on behalf of the G20, has been working with the Basel Committee on Global Systemically Important Financial Institution (G-SIFIs) for some time, the idea being that such organizations should be subject to more stringent capital and/or supervision. IAIS has started work on an analysis of what might constitute an insurance G-SIFI. This is proving to be quite a difficult issue to grapple with and work will be ongoing.
- The development of what is called "ComFrame". This is a common framework for the supervision of internationally active insurance groups – that is, those that operate in more than one jurisdiction. The intention here is that there is a consistent and co-operative approach to the regulation of insurers that operate internationally. This will influence our approach to regulation of such companies in due course.
The IAIS is increasingly influential and is recognized by the Financial Stability Board (which supports the G20 leaders) as its primary advisor on insurance. In this sense it is the broad equivalent of the Basel Committee in the banking world.
So international developments are significant, and will be increasingly important in insurance regulation. Note though, that the peculiarities of local markets will always be reflected in local regulation. For example, Solvency 2 needs to take account of the markets and politics of Europe. Similarly, while these developments will influence us, APRA’s requirements will be tailored to our markets and reflect our standards.
Sometimes we hear that the life industry coped with the GFC well, and are asked why there is a need for any change at all in capital requirements.
Well George would clearly agree that the lessons of the GFC must be learnt well and applied in our future regulation and supervision.
Henry would be more interested in what we need to worry about right now.
And earlier I said that as prudential regulators, we are particularly interested in what might lurk in the tail of the distribution of potential outcomes, and this means thinking well beyond what is within industry experience.
LAGIC sets out to do all of this.
Last Thursday we released our response paper following the first round of consultation and QIS. So I don’t want to go into detail about LAGIC here, but I do want to cover a couple of higher level points.
First, let’s talk about process. As an outsider to APRA, it has been quite interesting to walk in part way through the LAGIC project. I can tell you that the process is a rigorous one, with plenty of intellectual horsepower, challenge and debate. And all of this is done in light of substantial input from industry. The formal consultation process is quite visible, but there is also considerable less formal interaction with industry. So, for example, there have been meetings with the FSC board and an FSC committee, with the Institute of Actuaries, with individual actuaries, and with boards and senior management of a variety of companies. There has been verbal and written feedback. All of this is valuable input.
So I am pretty comfortable that the industry has had ample opportunity to present its case.
Pillar 2 and ICAAP
It was apparent from the feedback that it was not clear to many how our capital requirements – in particular Pillar 2, ICAAP, and target surplus - would work in practice.
Our response paper addresses this, but I thought I should spend a few minutes on it today.
To remind you, under Pillar 2, APRA may increase the prescribed capital determined under Pillar 1 if we are of the view that this amount does not adequately account for all of an insurer’s risks.
We are also introducing ICAAP – the Individual Capital Adequacy Assessment Process.
APRA already expects insurers to have in place a process to assess their capital needs and manage their capital levels. ICAAP formalises those requirements. In particular, we want insurers to assess their own risk profile and the capital needed to support the risks they undertake, and to carry out appropriate capital projections and stress testing.
Some of the feedback that we received indicated concern that we were being overly conservative and potentially requiring buffers on buffers above the Prudential Capital Requirements (PCR). That is not our intent. Let me explain using this slide.
The PCR (Pillar 1, 2) is a hard floor which must not be breached.
Breaching PCR is like an insurer "putting its foot in boiling water". It needs to get it out pretty quickly to avoid APRA taking serious measures and potentially taking control out of the hands of the board and management.
Above PCR, APRA expects an insurer to set its target position based on its ICAAP.
The insurer is expected to manage its capital according to its ICAAP and target capital policy. At times actual capital may drop below target position. This is quite acceptable as long as the situation is addressed by its ICAAP and managed accordingly.
Note that stress testing is likely to be a very useful tool in developing these plans.
As you can see from the diagram, the supervisory attention paid to an insurer will increase in intensity as the insurer’s actual capital approaches the PCR.
The two main points that I want to make here are that:
- Pillar 2 provides a powerful tool for APRA to reflect a company’s quality of risk management in its capital requirements (PCR on slide). Or to turn it around, subject to the lower bounds of Pillar 1, the company can influence its capital requirements through the quality of its risk management
- The board and management have responsibility for setting target capital and managing the capital position around that target in accordance with their ICAAP. It is critically important that this is done well.
Products, Markets and Other Interesting Matters
As you would expect, we closely monitor industry developments and identify areas of emerging risk. I now will comment on a few of these.
One area of particular interest is group life insurance. This market is growing and evolving quickly. The average sum insured is increasing, the type of disability cover changing, the size of each policy is growing as super funds merge, and the market is relatively concentrated but highly price-competitive. Changes in underwriting and claims management processes are emerging. The sheer size of some plans poses potential operational and strategic risks for the insurer. As the market matures, and disability income business in particular starts producing significant volumes of claims, it will be a challenge to manage claims to a high standard because of a lack of experienced claims managers in the market. All of this adds to heightened risk for group life insurance.
Direct insurance (funeral bonds advertised on TV etc) is another area of development that we are monitoring. This too is showing high growth rates, in a competitive market. The distribution channel is relatively new, and lapse experience is still developing. Our interest is in prudential matters of course, so risk management and governance will attract our attention. We will want to be sure that the board is satisfied with the strategic, operational and reputational risks and the sustainability of the business.
We are conscious that changes driven by new rules on commission and the stronger super initiative, and possibly by LAGIC, have the potential to drive changes in strategy and business models.
We remain alert to fresh threats to industry capital levels, given the continued uncertainty in the world’s investment markets.
Lastly, there are signs of increased interest in guaranteed benefits of one form or another – mainly annuities and variable annuities. We will monitor developments here closely, and ensure lessons from the GFC and of the past here in Australia are well-heeded.
As you know, APRA makes it clear that the board is primarily responsible for the Risk Management Framework (RMF), and it defines the Risk Management Framework quite broadly.
The Risk Management Framework includes the Risk Management Strategy which must, amongst other things, set out the company’s Risk Appetite.
So the board is responsible for setting the company’s Risk Appetite – in simple terms, a clear statement of the degree of risk the company is willing (and able) to take in pursuit of its goals.
A well considered, clearly articulated Risk Appetite is the very foundation of sound risk management. Without this, risk management throughout the business will be carried out on uncertain foundations, with unclear expectations.
So setting and managing Risk Appetite should be at the top of the Risk Management list for the board.
But setting Risk Appetite is much easier said than done – in fact, it is quite difficult to do well, and this is reflected in the practices we are seeing.
In recent times, we have reviewed the Risk Appetite statements from a number of GI and life insurers, and spoken to CEOs and boards about the engagement of the board in the Risk Appetite process.
In summary, we found a range of issues, including no clear statement of Risk Appetite or no obvious understanding of what it actually is in concept, statements ranging in quality from poor to quite good, and a lack of analysis using stress testing.
There is a wide range of approaches to articulating Risk Appetite - from short high-level statements to a few pages of detailed thoughts. This diversity is not necessarily a bad thing, but we need to better understand the practical implications of it.
Risk Appetite – What Supervisors Should Look for
As a first response, we have been developing a checklist for our supervisors – what they should look for in a company’s approach to Risk Appetite.
This is very much a work in progress and will be refined based on experience in the field.
In due course, we will issue guidance for insurers, but in the meantime, our internal guidance will help you to understand the intended focus of our supervisors.
Four broad areas have been identified for assessment – Governance, Risk Management, Implementation and Communication.
I’m not going to go through the points in detail, but these slides will give you a brief overview of what our supervisors will be looking for:
The first slide covers governance points, and you will see that they are focused on the engagement of the board, the interests of various stakeholders, review process and reporting to the board.
Now let’s look at Risk Management.
This is about ensuring all material types of risk are considered, and there are clear tolerances and controls for each.
This is about ensuring there are strong links and consistency with strategic plans, business plans, and capital management plans.
The last area addresses the need for strong communication throughout the business.
I hope this gives you a brief feel for the process we plan to follow.
In any event, you should expect that APRA will increase its focus on Risk Appetite - and its supervisory skills and expertise in this area will continue to develop.
Before I finish, some words on remuneration.
As you know, APRA imposed new requirements for remuneration as from 1 April last year.
Since then, our frontline teams have been doing compliance checks focused on process – ensuring governance arrangements are in place, a remuneration policy has been prepared etc.
In the second half of last year, we conducted peer reviews. Basically we compared how policies were being implemented across a group of similar institutions, and we then provided feedback.
The next step in the process is for us to meet with the Remuneration Committees (NEDs) of our larger institutions to talk through how they are managing the new requirements in practice, issues they may be struggling with.
So we see this as very much an evolving field, and we are keen to work with the industry to ensure a high quality and robust outcome.
Let me finish now.
I’ve covered quite a lot of ground, but I hope my comments have given you some insights into our current thinking and priorities.
I hope too that the thoughts of Henry, George and Alexandre were stimulating.
Thank you for your time.