Internal Model Approval Process (IMAP) Contents of Application (CoA) Template. August 2011 Version 1.0

Transcription

1 Internal Model Approval Process (IMAP) Contents of Application (CoA) Template August 2011 Version 1.0

2 C O N T A C T D E T A I L S Physical Address: Riverwalk Office Park, Block B 41 Matroosberg Road (Corner Garsfontein and Matroosberg Roads) Ashlea Gardens, Extension 6 Menlo Park Pretoria South Africa 0081 Postal Address: P.O. Box Menlo Park 0102 Switchboard: Facsimile: info@fsb.co.za (for general queries) SAMimap@fsb.co.za (for SAM IMAP related queries) Website:

3 Table of Contents Introduction... 5 General Guidance... 8 A. Cover letter B. Written declaration from the Board of the insurer C. Application approval from the Board of the insurer D. Analysis of risk profile E. Scope of application for full and partial internal models and model coverage E.1 Model coverage legal entities, business units and risk categories covered E.2 Justification of your partial internal model E.3 Plan for future model improvement F. Risk management process and risk profile F.1 Risk strategy, risk appetite and risk mitigation F.2 Risk policies F.3 Coverage of risk areas F.4 Risk management reporting procedures F.5 Risk management function internal model development F.6 Emerging risks F.7 Business plans G. Model governance, systems and controls including a copy of organisational charts.. 16 G.1 Quality of resources G.2 Controls around model development G.3 Security of information G.4 Board governance - group and local entity level of responsibility G.5 Board governance - group and local entity level of understanding G.6 Board governance - group and local entity level of effectiveness G.7 Board governance - management actions G.8 Ongoing model compliance G.9 Organisational structure - functions and reporting lines G.10 Organisational structure - outsourced functions G.11 Organisational chart and functions contributing to the model development G.12 Internal model change and governance policy G.13 Use test decision making process H. Additional group considerations H.1 Organisational structure - world-wide group structure H.2 Intra-group support H.3 Capital fungibility H.4 Dependencies, diversification and aggregation structure Group SCR I. Data Management and Documentation Standards I.1 Technology and software tools I.2 Data policy and management processes I.3 Model documentation policy FSB CoA template 3

4 I.4 Model alignment to your business I.5 Detailed outline of the theory, assumptions, and mathematical and empirical basis I.6 Model limitations I.7 Documenting major changes to the model J. External models and data J.1 External models and data - disclosure and suitability for use J.2 External models and data - verification of appropriateness J.3 External models and data - validation K. Valuation and Basic Own Funds K.1 SAM balance sheet K.2 SAM balance sheet - technical provisions: other elements K.3 Recognition of assets in the internal model K.4 Recognition of liabilities in the internal model K.5 Asset valuation in the internal model K.6 Liability valuation in the internal model L. Model Methodology and Assumptions L.1 Model variables/drivers L.2 Assumptions and methods L.3 Analysis of simulation outputs L.4 Variable output L.5 Risk mitigation L.6 Future management actions L.7 Policyholder expectations L.8 Financial guarantees and contractual options L.9 Risk ranking L.10 Expert judgment L.11 Dependencies, diversification and aggregation structure L.12 Calibration standards - use of a different risk measure and/or inability to derive the SCR directly from the probability distribution forecast generated by the internal model M. Model validation and independent review/validation report M.1 Profit and loss attribution M.2 Validation policy M.3 Sensitivity testing M.4 Stress/scenario testing M.5 Stress/scenario testing to validate SCR M.6 Independent review/validation - most recent exercise M.7 Independent review/validation - independence M.8 Independent review/validation - internal audit N. Capital requirement N.1 SCR result as calculated by the internal model N.2 Technical provisions and own funds N.3 SCR result using the standard formula Annexure 1. Independent review of application pack FSB CoA template 4

5 Introduction South African insurers intending to apply for internal model approval with the Financial Services Board (FSB) are required to participate in the pre-application phase which, if successfully completed, will qualify the insurer to begin the formal application phase by submitting their application pack. For specific details regarding the internal model approval process (IMAP), insurers should refer to the FSB s IMAP Guide which can be found on both the SAM and the FSB websites. The application pack needs to provide sufficient information to the FSB for it to be able to assess whether the internal model meets the required regulatory standards. This Contents of Application (CoA) template specifies the format for supplying this information and provides additional guidance to insurers to assist them with the compilation of a complete set of evidence. Where necessary, the FSB reserves the right to request supplementary information to allow a more effective assessment of the application. During the pre-application process, the insurer will work towards making a formal submission for internal model approval. The FSB will provide the insurer with its Self-Assessment Template (SAT) which will be used (by the insurer and the FSB) to monitor the insurer s state of readiness for each CoA question. The SAT will also be used to determine the independent and FSB review plans. These reviews need to be completed before the FSB will give permission to the insurer to submit its application. Insurers are also required to have their application pack independently reviewed prior to submission, using appropriately skilled and independent internal or external resources. These review requirements are described separately in the FSB IMAP - independent review guidelines document which is being released at the same time as this CoA template and can be found on both the SAM and FSB websites. The starting point for the development of this template was the Contents of Application template produced by the Financial Services Authority (FSA), the supervisory authority for the UK, as well as the EIOPA level II guidance (former Consultation Papers), especially 33, 37, 56 and 65. Lessons learnt from the FSA and other European regulators have been used to adapt the FSA CoA version to be appropriate for the South African industry. The template is broken down into 14 chapters/sections (A N) and 1 annexure. Each chapter is further subdivided into questions (67 in all). The chapter headings and questions are different to the FSA version in order to reduce the extent of duplication. For those wishing to compare the two versions, a table mapping the FSB questions to the FSA questions has been included at the end of this introduction. The template requests insurers to provide information and evidence sufficient to demonstrate compliance with the internal model regulatory requirements. Insurers need to ensure that they understand these requirements as they are not repeated here. Until SAM is further progressed, Solvency II legislation can be used as a proxy (and has been referenced throughout this first version). The following section provides general guidance for insurers as they prepare the application pack. Specific guidance (including examples of the types of evidence that can be used) is provided at the end of a few of the questions. FSB CoA template 5

6 Table 1: Mapping to FSA categories and number of Self-Assessment question SAT* FSB Contents of Application Questions FSA Equivalent No. A. Cover letter B. Written declaration from the Board C. Application approval from the Board 1 D. Analysis of risk profile D (adj) E. Scope of the application 2 E1 Model coverage E.1 (adj) 3 E.2 Justification of your partial internal model E.2 (adj), H.13 4 E.3 Plan for future model improvements M.1 (adj) F. Risk management process and risk profile 5 F.1 Risk strategy, risk appetite and risk mitigation F.1 6 F.2 Risk policies F.2 7 F.3 Coverage of risk areas F.3 8 F.4 Risk management reporting procedures F.4 9 F.5 Risk management function internal model development F.5 10 F.6 Emerging risks F.6 11 F.7 Business plans F.7 G. Model governance, systems and controls 12 G.1 Quality of resources J.1 13 G.2 Controls around model development J.2 14 G.3 Security of information J.3 15 G.4 Board governance responsibility J.5, 16 G.5 Board governance understanding J.6 17 G.6 Board governance effectiveness J.7 18 G.7 Board governance management actions J.8 19 G.8 Ongoing model compliance J.4, G1 20 G.9 Organisational structure functions and reporting lines J.9 21 G.10 Organisational structure outsourced functions J G.11 Organisational chart and functions model development J G.12 Internal model change and governance policy L.1 24 G.13 Use test decision making process E.3, G.2 H. Additional group considerations 25 H.1 Organisational structure world-wide group structure J H.2 Intra-group support J H.3 Capital fungibility H.9 28 H.4 Dependencies, diversification and aggregation structure H.12, part of G.1 Group SCR I. Data Management and Documentation Standards 29 I.1 Technology and software tools G I.2 Data policy and management processes G.9, G I.3 Model documentation policy G I.4 Model alignment to your business G I.5 Theory, assumptions and mathematical and empirical basis G I.6 Model limitations G I.7 Documenting major changes to the model G.20 FSB CoA template 6

7 J. External models and data 36 J.1 External models and data disclosure and suitability for use I.1 37 J.2 External models and data verification of appropriateness I.2 38 J.3 External models and data validation I.3 (adj) K. Valuation and Basic Own Funds 39 K.1 SAM balance sheet H.1, part H.7 40 K.2 SAM balance sheet Technical provisions: other elements H.2 41 K.3 Recognition of assets in the internal model H.3 42 K.4 Recognition of liabilities in the internal model H.4 43 K.5 Asset valuation in the internal model H.5 44 K.6 Liability valuation in the internal model H.6 L. Model Methodology and Assumptions 45 L.1 Model variables/drivers Part of H.7 46 L.2 Assumptions and methods H.8 47 L.3 Analysis of simulation outputs H L.4 Variable output H L.5 Risk mitigation G.5 50 L.6 Future management actions G.6 51 L.7 Policyholder expectations G.7 52 L.8 Financial guarantees and contractual options G.8 53 L.9 Risk ranking G L.10 Expert judgment H L.11 Dependencies, diversification and aggregation structure G.4, H L.12 Calibration standards - use of a different risk measure G.11 M. Model validation and independent review/validation report 57 M.1 Profit and loss attribution G M.2 Validation policy G M.3 Sensitivity testing H M.4 Stress/scenario testing H M.5 Stress/scenario testing to validate SCR H M.6 Independent review/validation most recent exercise K.1 63 M.7 Independent of review/validation independence K.2 64 M.8 Independent review/validation internal audit K.3 N. Capital requirement 65 N.1 SCR result as calculated by the internal model N.1 66 N.2 Technical provisions and own funds N.2 67 N.3 SCR result using the standard formula N3,N4 Annexure 1. Independent validation of application pack N/A FSB CoA template 7

8 General Guidance The application pack should be divided into sections corresponding with the chapter headings, A-N, and Annexure 1. The total number of pages for the pack is limited to 1000 pages but the majority of insurers are expected to have far fewer than this. The Self-Assessment Template (SAT) is used by insurers to assess their readiness to apply for internal model approval. The SAT consists of an MS Word document and an MS Excel spreadsheet. For each of the 67 CoA questions, the MS Word portion of the SAT provides a high-level overview of the evidence the insurer intends to provide and a list and brief description of this evidence. The MS Excel spreadsheet provides further details regarding each evidence item including the expected number of pages, the expected date the evidence will be ready for review and the current status of the item. The MS Word portion of the SAT is the starting point for the content of the application pack. Each question within the final SAT version should be printed out and included within the relevant chapter. After each SAT summary, the insurer must insert a narrative of the evidence for that question. The narrative is described later in this section. To aid understanding regarding the SAT summary, we have provided a generic example for question G.11. G.11 Internal model change and governance policy Please provide your policy for changing the full or partial internal model and other policies for internal model governance. This shall include the proposed policy for model changes as provided in Article 115 of the Directive and any other internal model governance policy required (e.g. validation policy, data policy, etc) Date last modified: 2011/08/23 Overview of evidence: The evidence supplied addresses the above question as it sets out all our policies regarding internal model change and governance. These include a governance policy, along with policies for internal model change, data, profit and loss attribution and validation. In addition we have provided people evidence in the form of an interview with our CRO. Most of the submissions are provided as supporting evidence, given the nature of the evidence. List of evidence: G28 Internal model governance policy (E): We will provide an executive summary of the complete internal model governance policy. This document will cover all policies that are to be set in place, along with responsible persons. G29 Internal model governance policy: (S) A policy that describes how internal model governance is likely to be enforced. The purpose of this policy is to unify all the individual policies that are to be set in place to ensure adequate internal model governance. These policies include: change policy, data policy, profit and loss attribution policy, model validation policy and the governance framework for the internal model. The policy also provides a framework of responsible persons in the various areas of internal model governance. G45 Interview with A. Surname Chief Risk Officer of XYZ Insurance Company (S): Explanation of the interaction between business strategy, risk management strategy, model governance and ownership. Responsible person(s): Mr A. Surname Chief Risk Officer of XYZ Insurance Company FSB CoA template 8

9 Type of evidence Each question consists of at least one bullet point. Insurers should ensure that they provide evidence for each element requested under each question. The majority of the evidence provided will not be included within the application pack but should be made available as supporting evidence (often referred to as the library of evidence). This library should be stored in an organised and accessible manner (whether held electronically or as a hardcopy). Evidence may also be provided in full within the application pack. Where evidence is classified as supporting evidence, it may be appropriate to include an executive summary within the application pack. Executive summaries should contain sufficient detail to enable the FSB (and the application pack independent reviewer) to understand the main areas covered and the applicability of the evidence. Not all supporting evidence requires an executive summary to be included within the application pack, but it is important to mention it within the narrative. (Equally, if the narrative refers to an item of evidence, that evidence should be listed within the SAT summary and form part of the library). When determining whether to provide the item of evidence in full, in executive summary format or as supporting evidence, insurers should consider the overall length of the application pack. This is considered further below (under format of the narrative ). Throughout this template, the following key is used to refer to the type of evidence: Key F E S Type of evidence In Full Executive summary Supporting evidence Category of Evidence Evidence can largely be categorised within one of four groups: Policy Process People Proof People evidence refers to the key individuals within the insurance company (including Board members) who are able to provide further insight regarding the question being addressed. For example, the modelling expert can be interviewed to explain certain aspects of the model. Additionally, specific Board members may be made available to demonstrate Board understanding. People evidence will always be classed as supporting evidence. Insurers should include people evidence for the majority of questions (including the numerical ones where key individual are able to explain the results and processes followed to obtain those results). FSB CoA template 9

10 The format for policy, process and proof evidence will be varied and could include (but is not limited to) written documents, spreadsheets and presentations. A presentation is often an effective format to document supporting evidence and is especially useful for providing an overview of internal models or describing risk management processes for example. Format of the narrative The narrative to be included in the application pack for each question is a detailed summary of the evidence available to demonstrate the insurer s internal model compliance in relation to this particular question. By reading the narrative, the reviewer should be able to gain a high-level understanding of how the insurer has met these compliance requirements. To put it another way, the narrative is a high-level answer to the question. The content of the narrative should be based on the SAT high-level overview and summary of evidence which was printed out and included in the application pack. In full and executive summary evidence should be included in its entirety in the narrative. It is therefore appropriate for the narrative to contain a number of section/paragraph headings (one for each evidence topic covered). Supporting evidence, not included as an executive summary, should be referred to within the narrative. Also note that the high-level overview within the SAT should not just be a copy and paste of the relevant CoA question. Insurers are expected to base this overview on the evidence that they are providing to demonstrate compliance. The use of the word narrative should not be interpreted to mean that only words are allowed. Numerical figures should also be included, where appropriate (i.e. assumptions, sensitivity results, model output, SCR calculations etc). The narrative should aim to be concise and be easy to read. Insurers should therefore aim to have an appropriate split between what is provided in the narrative and what is included as supporting evidence. As a general rule, the documentation included within the pack should be between 3 and 11 pages (including the SAT summaries) for each question. The length of each narrative (and indeed the total volume of evidence provided for each question) should take the principle of proportionality into account. Where information is requested separately for each risk category (e.g. L.2.), the number of pages expected would increase accordingly. Duplication of evidence It is often appropriate to use the same piece of evidence for more than one question (especially supporting evidence). Where supporting evidence is duplicated, reference to the supporting evidence within each narrative need only refer to the relevant portion of the supporting evidence for that question rather than the supporting evidence s use throughout the application pack. What evidence should be provided for each question? In order to provide clarity and reduce the likelihood of the application being rejected, we have included a list of the items of evidence insurers could consider providing for a number of questions (including an indication of whether the evidence would be provided in full (F), as an executive summary (E) or as supporting evidence (S)). FSB CoA template 10

11 These generic evidence items should not be seen as a complete list (including which supporting evidence items should have an executive summary included within the narrative). Insurers need to ensure that they have provided sufficient information to demonstrate their compliance with the issue being addressed by the question. Additional or different evidence items may be more appropriate. Over time, we may decide to move to a more prescriptive list of evidence requirements if the current guidance approach fails to produce quality applications. An insurer should aim to provide the right volume of information depending on the materiality of the question for the insurer. This refers to all the evidence whether provided in the narrative or as supporting evidence. While it is obvious that insurers need to avoid providing light weight documentation that fails to adequately communicate how the insurer has addressed the question, it is equally important for insurers to avoid providing too much information. A long-winded document, for example, may give the impression that the insurer doesn t understand the issue being documented. Please be aware that following all of the guidance within this CoA template is no guarantee that we will approve an insurer s internal model. Summary of evidence tips In summary, insurers should: Ensure they have addressed every part of the question Keep the narrative concise and easy to read Include people evidence Provide the majority of evidence in the form of supporting evidence Assemble this supporting evidence in a well organised library Ensure that all evidence is sufficiently detailed in accordance with the principle of proportionality Make use of presentations as supporting evidence Include the independent review report relating to the question as supporting evidence Group considerations Group internal models can have many different structures. For example, one group model may have been developed that is used by all subsidiaries within the group or separate internal models may exist for each subsidiary which are then aggregated. One group application is required but the application pack will need to be completed in a way that best reflects the group s internal model structure to facilitate an effective review process. Where more than one internal model is used and where there isn t significant overlap in the evidence provided to demonstrate compliance with the regulatory requirements, it would usually be appropriate to complete an application pack per internal model except for those chapters where it can be demonstrated that there is substantial overlap. For example, it is expected that there would be a complete chapter L (Model methodology and assumptions) for each internal model whereas other chapters may be covered once only with appropriate FSB CoA template 11

12 cross referencing. Other chapters (such as F. Risk management process and risk profile) may be best covered under one chapter. A. Cover letter The application should include a cover letter requesting approval which is signed by the Board. The letter should include the following information: 1. The date from which the insurer wishes to use the internal model for the purpose of determining regulatory capital; 2. Contact information for key people referenced in the application; and 3. Reference to the submissions made in section E1, E2 and G13 below. B. Written declaration from the Board of the insurer The application should include a declaration confirming that all clarifications and supporting documentation have been provided, that this information is not false or misleading and also that no material facts and/or details relevant to the approval have been concealed. C. Application approval from the Board of the insurer The Board needs to approve the application for an internal model. A copy of this approval (e.g. extracts from relevant minutes) should be included in the submission pack. D. Analysis of risk profile The application should include an analysis of the overall solvency needs for the specific risk profile of the insurer, taking into account the business and risk strategies of the insurer. Details of the framework and the processes undertaken in this analysis should also be included. This should approach the type of analysis that will eventually be required of in terms of an insurer s ORSA.. E. Scope of application for full and partial internal models and model coverage The insurer shall explain what elements, including material quantifiable risks, lines of business and entities will be covered by the internal model. The FSB needs to understand explicitly what it is being asked to approve. Therefore an insurer needs to define in sufficient detail what its internal model comprises, explain whether it is a full or partial model, and how it covers all material risks which it purports to cover. The FSB also needs to understand the future development plans of the model. E.1 Model coverage legal entities, business units and risk categories covered Please explain which legal entities, business units and risk categories (non-life underwriting risk, market risk, credit risk etc.) are included in your model. Please provide clear definitions for each of the business units and risk categories included within your internal model. Also explain why you consider each of the model components to adequately cover the risk as defined. FSB CoA template 12

13 S - Risk Register S - Presentation on the internal model E - Model methodology overview (addressing each risk) S - Model methodology document (addressing each risk) S - Limitations log S - Interview with key individual/s (e.g. CRO, modelling expert) E.2 Justification of your partial internal model Please provide a detailed justification for the limited scope of your partial internal model, justifying why only some business units and/or risk categories have been modelled and detail any plans to increase the scope of your partial model in the future. Explain how your partial internal model results will be fully integrated with the standard formula in order to calculate the SCR. Please provide justifications for your integration technique; in particular please demonstrate how it is feasible and appropriate. Please explain why you consider the SCR produced using a partial internal model better reflects your risk profile than applying the standard formula for all risk categories. Please also explain why you consider the use of the standard formula for the remaining risks (i.e., those not falling within the scope of the partial internal model) to be appropriate. Evidence ideas (would need to be augmented by insurer specific justification evidence): S- Report: Comparison between standard formulae and the full/partial internal model E - Overview: Comparison between standard formulae and full/partial internal model S - Interview with key individual (e.g. CRO) S - Decision paper: Integrating the standard formula with the internal model (including justification for the technique used) E- Overview: Integrating the standard formula E.3 Plan for future model improvement Please provide an overview of planned improvements to your model. In particular, where you have used a partial internal model, the FSB may require the insurer concerned to submit a realistic transition plan to extend the scope of the model (especially in cases identified in E.2 where the risk profile of the standard formula is inappropriate for a non-modelled risk). Please provide a realistic transition plan describing how you intend to extend the coverage of your partial internal model and how constraints to model developments (such as data quality) will be addressed. The transitional plan should consider each business unit and/or risk module as necessary. S - Internal Model development plan E - Internal Model development plan Overview S - Transitional plan (if necessary) S - Interview/meeting with key individual FSB CoA template 13

14 F. Risk management process and risk profile The insurer shall demonstrate in the context of the internal model that it has in place an adequate and effective risk management system, including an agreed risk appetite, a procedure for recording risks and that its related results are adequately documented. Using an adequate process of analysis, the insurer must be able to understand the nature of the risks it has identified, their origins, the possibility or need to control them and the effects that could arise, both in terms of losses and opportunities. The process of analysis includes a qualitative assessment and, for quantifiable risks, the adoption of methods to measure the exposure to risk. F.1 Risk strategy, risk appetite and risk mitigation Please explain and provide evidence of your risk management strategy and how this is consistent with your overall business strategy. This should include details of your risk management objectives, principles, risk appetite and assignment of risk management responsibilities across all of your activities, together with details of how this is consistent with your overall business strategy. Please explain the ownership of the risk management strategy, appetite and mitigation processes and include details of Board involvement. S - Risk management framework S - Presentation: Risk management and mitigation process overview S Most recent risk strategy document S - Meeting with CRO (or equivalent) - Explanation of the interaction between risk management strategy, business strategy, risk management responsibilities and governance. F - Board meeting extracts F.2 Risk policies Please give a high level explanation and provide evidence of written policies that include a definition and categorisation of the material risks you face. This should include risk appetite and limits that have been set by risk type with details of how this policy implements the risk management strategy, facilitates control mechanisms and takes into account the nature, scale and time horizon of the business and the risks associated with it, as listed in Article 44(2). F.3 Coverage of risk areas Please explain and provide evidence of how your risk management system covers the risks to be included in the calculation of the SCR as set out in Article 101(4) as well as the risks which are not or not fully included in the calculation thereof. S - Risk register S - Risk and control self-assessment program S - Interview with CRO (or equivalent) FSB CoA template 14

15 F.4 Risk management reporting procedures Please explain and provide evidence of the reporting processes and feedback loops used to ensure all material risks are effectively identified, measured, monitored and managed within the business. Please also explain your reporting and escalation processes including any risk committee structure and responsibilities this should include an explanation of any Board level involvement in these processes. S - Risk register E - Corporate governance overview / map S Corporate governance manual E - Risk Committee charter (including the committee structure, terms of reference and responsibilities) E - Extracts from meeting minutes and management information packs S - Interview with Non-Executive Director F.5 Risk management function internal model development Please explain and provide evidence to demonstrate the extent to which the risk management function has been and continues to be involved in designing, implementing, testing, analysing performance, validating and documenting the internal model. S - Interview with the Head of the risk management function E - Internal model governance policy S - Internal model governance policy S - Internal model governance framework F.6 Emerging risks Please explain and provide evidence of how your risk management function identifies and assesses emerging risks and describe the processes or procedures followed in such circumstances. F - Terms of reference for Risk Committee S - Interview with the chairman of the Risk Committee F.7 Business plans Please provide your projected business plans (and assumptions used) as well as historical financial performance against which the plans can be compared in a consistent manner to enable an assessment of the reasonableness of the plans. Please explain how the current business plans have allowed for the current risk profile as well as the impact of the future business strategy and the future operating environment on your business. Please provide details of how your strategy and business plans are backtested (e.g. assumptions used in forecasts versus actual results and the impact of any crystallised risks). FSB CoA template 15

16 G. Model governance, systems and controls including a copy of organisational charts The insurer shall demonstrate an appropriate organisation and an adequate system of internal controls, proportionate to the size and operational characteristics of the insurer and the nature and complexity of its risks. Moreover, the insurer shall demonstrate adequate resources, skills and objectivity of the people responsible for the development and review of the internal model. The insurer shall also demonstrate that the Board has overall responsibility for the internal model and ensures its use within its governance and decision making processes. G.1 Quality of resources Please provide evidence that the people (including external consultants used) responsible for the development and review of your internal model have the appropriate skills and professional qualifications, knowledge and experience in the relevant areas of the business necessary for the proper discharge of their responsibilities. This should include written and agreed responsibilities and accountabilities to individuals and/or functions in the organisation. S - CVs / Terms of reference F - RACI (Responsible, Accountable, Consulted, Informed) chart G.2 Controls around model development Please explain and provide evidence of the existence of clear and well defined internal controls relating to the management, development and operation of the internal model (e.g. internal approval of changes, escalations paths, internal communication, documentation and validation of changes). E - Internal model governance policy S - Internal model governance policy S - Internal model governance framework G.3 Security of information Please explain and provide evidence of the processes that are in place to safeguard the security of information in your internal model and back-ups to this information. How often is information pertaining to your internal model backed-up? Please provide details of your business continuity planning and/or disaster recovery for your internal model and any relevant data feeds into the model. G.4 Board governance - group and local entity level of responsibility Please explain and provide evidence that the group and local Board(s) have assumed overall responsibility for model approval, model oversight and model strategy and have aligned the risk, capital and business strategies accordingly. This should include sign-off of roles & responsibilities related to internal model governance and relevant terms of reference documents. FSB CoA template 16

17 Guidance: The types of evidence that can be provided to demonstrate that the Board has assumed overall responsibility for the internal model are varied. The list below is provided to assist insurers with the identification of evidence items. Insurers are not expected to provide the full list and may add others that provide more relevant proof. E Terms of reference / roles and responsibilities for the Risk Committee S - Extracts from Board meeting minutes S Interview(s) with the CEO/Chairman of the Board E - Model use process document S - Model use process document S - Schedule of uses for the internal model S Model development plans F Model output reports S Internal model governance policy G.5 Board governance - group and local entity level of understanding Please explain and provide evidence that the Board has an appropriate understanding of the model and its results, demonstrating how it has reached a level of comfort from the model results and how it uses these results. Please also provide evidence that the Board understands the limitations of the internal model. Please describe the process that is in place for regular independent review of the governance and challenge process for the internal model. S - Board & management training programmes S - Management training materials S - Reports to the Board on internal model results S - Interview with key Board members S - Internal audit review S - Internal model validation report to the Board S - Internal model limitations log S - Internal Model governance policy G.6 Board governance - group and local entity level of effectiveness Please explain and provide evidence of how the Board s effectiveness is assessed, including evidence of the effectiveness of interactions between the Boards of entities at Group level and those of related companies which are required to calculate an SCR. G.7 Board governance - management actions Please explain and provide evidence of the governance process around the development of future management action strategies. Please include an explanation of Board involvement in the development and signoff of the future management actions assumed in your internal model. G.8 Ongoing model compliance Please explain and provide evidence of how you ensure the ongoing compliance with the requirements for internal model approval, including how the Board ensures FSB CoA template 17

18 the ongoing appropriateness of the design and operations of the internal model, so that it continues to appropriately reflect the risk profile of the insurer. Please also include the procedures that are in place to inform regulators if your model does not comply with the approval requirements. E - ORSA process overview S - ORSA process policy S - Internal audit model compliance review F - Data quality policy S - Internal model governance policy S - Internal model change policy S - Internal model validation policy S - Internal model development plan S - Interview with CRO (or equivalent) S - Schedule of uses for the internal model F - Procedures for notifying regulators of breach of IMAP requirements G.9 Organisational structure - functions and reporting lines Please explain and provide evidence of your systems of internal control and how these are suitable for your company including evidence that they are regularly reviewed to ensure continued effectiveness. This should also include an explanation of how your company meets the requirements for the risk management function, compliance function, internal audit function and actuarial function. G.10 Organisational structure - outsourced functions Please provide details of your outsourcing policy and any outsourcing arrangements. Your outsourcing policy should include the criteria you have used to select service providers as well as considerations of the impact of outsourcing on your business and the reporting and monitoring arrangements to be implemented once an outsourcing contract has been agreed. Please demonstrate how you are ensuring that the terms of any outsourcing agreement are consistent with your obligations as per Articles 38 and 49 of the Directive. G.11 Organisational chart and functions contributing to the model development Please provide an organisational chart showing the various functions within the company that have contributed towards internal model design, implementation, testing, validation, embedding (i.e. use test) and approval. Please include their role and responsibilities in the model development process. G.12 Internal model change and governance policy Please provide your policy for changing the full or partial internal model and other policies for internal model governance. This shall include the proposed policy for model changes as provided in Article 115 of the Directive and any other internal model governance policy required (e.g. validation policy, data policy, etc). G.13 Use test decision making process Please explain and provide evidence of how your internal model is widely used and plays an important role in your system of governance (Articles 41 to 49 of the FSB CoA template 18

19 Directive), in particular the decision-making processes (including the setting of the business and risk management strategy), the economic and solvency capital assessment and capital allocation process, and the ORSA. The evidence should be sufficient to demonstrate the length of time that the internal model has been used in each of the above areas. Guidance: The demonstration of the use of the internal model within the system of governance and decision making processes is of great importance to the FSB. This question is therefore material for all insurers applying to use an internal model and should be evidenced accordingly. F - Schedule of uses for the internal model E - Capital allocation Overview S - Capital allocation at a level of granularity used in business planning and management E - ORSA process overview S - ORSA report S - Interview with key individual S - Model use process document S - Internal model SCR results, analysis and commentary by risk type F - Decision papers sufficient to demonstrate the length of time that the model has been used F - Minutes of decision making committee meetings H. Additional group considerations H.1 Organisational structure - world-wide group structure Please disclose all of your regulated and unregulated legal entities and branches (including the supervisory body/bodies that oversee the entities concerned). Within this group structure, please indicate the legal entity s sectoral SCRs and the Group SCRs being calculated and the method being used. H.2 Intra-group support Please provide and explain the specific details regarding intra-group support including any intra-group reinsurance, guarantees, loans and other arrangements. H.3 Capital fungibility Please explain, to the extent that it is relevant, how you have explicitly modelled or otherwise appropriately considered the impact of fungibility and transferability of capital within the group in your internal model. E - Internal model methodology document - Capital fungibility S - Internal model Methodology document F - Paper on capital fungibility and transferability constraints S - Interview with modelling expert H.4 Dependencies, diversification and aggregation structure Group SCR Please explain how the results of the individual legal entities have been aggregated to derive the results of the group SCR. FSB CoA template 19

20 Please also provide a measure of the total diversification present within the calculated SCR for each legal entity as well as for the group SCR (i.e. the difference between the undiversified and the diversified SCRs). Evidence is also required demonstrating that group risk has been appropriately considered within the model. I. Data Management and Documentation Standards Data quality requirements apply to all data used in the internal model. The insurer shall demonstrate that data is accurate, complete and appropriate and shall establish its policy on data quality and data update. Insurers also need to ensure that the documentation of an internal model is thorough, sufficiently detailed and sufficiently complete to satisfy the criterion that an independent knowledgeable third party could form a sound judgement as to the reliability of the internal model and compliance with Articles 120 to 126 and could understand the reasoning and the underlying design and operational details of the internal model, including its limitations. I.1 Technology and software tools Please describe the technology and software tools used to implement your internal model, and state to what extent they are internal or external solutions. I.2 Data policy and management processes Please explain and provide evidence of the data policy and data management processes used within your internal model. Please provide evidence of an effective data quality and data update policy as it refers to your internal model. The policy should cover as a minimum the following areas: definition of data quality and how this is implemented; detailed processes that are in place for reconciling and validating data quality; documentation of methodology followed to validate the use of expert judgement in relation to data in the event that the quality is compromised or poor; detailed processes that are in place for updating data with a focus on the data that is used for the probability distribution forecast; details of standards regarding the frequency of regular data updates, circumstances that trigger unscheduled data updates and which prompt recalculations of the SCR. With regards to data management processes, please also include details of data items; databases, internal and external data interfaces; processes used to obtain and load data; processes to ensure data is complete, accurate and appropriate; details of data flows through your internal model and data security processes undertaken. Guidance: Data management and data quality is foundational to ensuring the appropriateness of an internal model. The evidence requested in this question is therefore more extensive than for some of the other questions. This is therefore expected to be one of the larger questions (in terms of number of pages) to be addressed. Insurers should still be mindful to keep the right balance between the length of the narrative and the amount of supporting evidence (i.e. aim for the majority of evidence to be supporting evidence). FSB CoA template 20

21 S - Presentation: SAM architecture technology and tools (or document if more practical) F - Data flow diagram F - Data dictionary (including source, characteristics and use) F - Data quality policy F - Data update policy S - Data quality plans F - Data quality and data update assessment report S - Data governance framework S - Interview with data governance expert S - Data appropriateness report E - Internal model data validation policy and process (including expert judgement policy) S - Internal model validation process document S - Internal model validation policy E - Internal audit log data validation E - Internal audit report data validation S - Internal audit log S - Internal audit report S - Data security policy and processes I.3 Model documentation policy Please explain and provide evidence of your model documentation policy and governance framework around it. I.4 Model alignment to your business Please explain and provide evidence of how your internal model is structured and aligned to your business model and risk-management framework. For group models, please describe the extent to which the structure, methodologies, assumptions, data, calculations, technology and data management processes at group level are consistent across all the legal entities that are within the scope of the internal model, highlighting and providing an explanation where there are inconsistencies. Guidance: The evidence ideas below include items for group models as requested above. For most insurers, providing all of the evidence below would exceed the required amount to demonstrate compliance. Evidence items: E - Extract of presentation: Internal model scope and structure S - Presentation: Internal model scope and structure F - Schedule of uses for the internal model E - Internal Model methodology document (covering topics such as capital fungibility, insurance risk, counterparty default risk, future management actions, financial guarantees and contractual options, market risk etc) S - Internal model Methodology document S - Interview with modelling expert E - P&L attribution results and analysis S - Model appropriateness report F - Model appropriateness overview report F - Model output reports FSB CoA template 21

22 I.5 Detailed outline of the theory, assumptions, and mathematical and empirical basis Please describe the calculations performed within your internal model. Please provide a description and rationale for selecting a specific method and an elaboration on the techniques used to meet the nature and complexity of the items under consideration. It should be sufficiently detailed and complete such that an independent and knowledgeable third party would be able to understand the model framework, its methodology, the underlying assumptions, and the limits of applicability of the model and in principle reproduce the model outputs if all the parameters and exposure data were available. The documentation should also include details of the algorithms related to the mathematical models, including the rationale supporting the selection of the algorithms and known drawbacks or weaknesses. Guidance: The general guidance to provide most of the evidence as supporting evidence is of particular relevance to this question due to the technical nature of the content. The narrative would be made up mostly of executive summaries. S - Presentation: Introduction to the internal model E - Summary of internal model methodology document E - Internal model Design document S - Internal model Methodology document (including asset valuation, technical provisions and SCR) E - Internal model independent validation report (Overview) S - Independent validation report: External independent reviewers S - Internal model limitations Log S - Interview with modelling expert S - Internal model assumption summary S - Model appropriateness report E - Model appropriateness overview report Circumstances under which the internal model does not work effectively I.6 Model limitations Please indicate and explain the circumstances under which your internal model deviates from your company s existing risk profile. This could include any specific features of your internal model or circumstances or limitations that present potential concerns or would significantly increase the uncertainty of the results beyond what would be reasonably expected. It also includes insufficiencies in IT systems, governance and related controls surrounding your internal model. In each case, please indicate how you have allowed for these limitations when calculating the SCR. Documenting major changes to the model I.7 Documenting major changes to the model Please provide evidence that you have documented all major changes to your internal model and that there is a process in place to ensure all changes will be FSB CoA template 22