Register to listen to the IBM/Insurance Risk webinar, Emerging issues in Solvency II: Cloud solutions and model risk governance, discussing the results of this survey.
Solvency II poses an unprecedented technological challenge to insurers. In order to comply with the calculation, analytical and reporting requirements spread across all three pillars of the regime in a timely fashion, firms need access to greater computing power and data storage capabilities than in the past.
One solution can be found through cloud computing. The cloud offers insurers access to vast computing resources without the need to invest in expensive new hardware, and allows them to scale processing power up or down as their needs fluctuate, thereby aligning costs with usage. As such, migrating to the cloud could provide firms with a flexible and cost-effective way to pass the Solvency II test.
This may be an especially attractive option for late adopters of the new regulatory requirements. Solvency II will come into force on January 1, 2016, but a high proportion of the firms surveyed are yet to – or are only just starting to – work towards compliance. More than 40% are in the earliest stages of, or are yet to start, complying with Pillar III reporting requirements, and almost 20% are yet to begin on Pillar I quantitative capital calculations (figure 1). Considering the directive goes live in less than 18 months, these insurers will have to act fast to acquire and embed the appropriate technological resources.
Interestingly, it is not only smaller insurers that are starting late. Seven of the 19 firms surveyed with gross written premiums of greater than $10 billion are yet to start work on Pillar III, while six are yet to begin on Pillar I. This may reflect the fact that the industry is still waiting on various guidelines and technical standards for implementation to be finalised at the European level. However, the last package of standards is scheduled to be published in June 2015. Insurers cannot wait until then to start their implementation if they expect to have a solution in time for January 2016.
Of those firms that have left the starting line, a high number are turning to the cloud for help. More than half of those surveyed say they have implemented, or are at least considering, cloud-based solutions for their Solvency II needs. Those firms that have already implemented are fairly evenly distributed by size and global footprint, suggesting this is a model suited to more than just one type of company (figure 2). However, it may be that some of these firms are using the cloud as one tool out of many to address the regulatory burden. For example, a number may use the cloud simply for data storage while relying on traditional systems for their analytics and reporting.
Those insurers not considering cloud solutions overwhelmingly cited security and data protection concerns as the main barriers to entry (figure 3). Uploading Solvency II data and analytics to the cloud – even a private cloud for the insurer’s sole use – implies handing control of security to the supplier, something many firms are reluctant to do. Regulators are also keeping a close watch on insurers’ outsourcing programmes. Pillar II governance requirements state that any outsourcing must not materially impair the quality of a company’s system of governance, unduly increase its operational risks, or prevent the supervisor from monitoring compliance.
One respondent summed up the problem neatly: “The data used for Solvency II is one of the most important assets of an insurance company. In a cloud that is not operated by the insurer itself, how safe can it be?”
However, it may be that this perception is out of alignment with the reality of modern cloud services. Suppliers have invested heavily in their infrastructure to provide secure connections and data centres. In addition, cloud providers can allay insurers’ fears somewhat by assuming partial liability for data protection in service level agreements with clients. One respondent explained the debate has moved on from straightforward questions on security: “Cloud was considered a security issue until recently. Now, the issue is purely a cost-benefit analysis,” they said.
When asked to name the biggest challenge to implementing cloud solutions for Solvency II, 12% of insurers cited difficulties overcoming internal politics. One respondent explained that migrating to the cloud “requires substantial collaboration, which can be difficult to achieve,” while another said “significant stakeholders need to be convinced and managed to get them to favour this approach” (figure 4). Solvency II compliance requires the input of a number of functions within a firm to get right, including financial, IT, risk and actuarial. Developing an internal policy governing who has access to what information and how data modifications should be communicated across stakeholders can prove a fractious exercise, and takes time to fine-tune. Ongoing work on Pillar II across firms should make this task run a little smoother in future.
One advantage of a cloud-based solution is in its potential as a cost-saver. Twenty-eight per cent of firms picked this as either the most, or one of the most, important benefits of cloud deployment (figure 5). The ability to employ processing resources on a charge-by-use basis means insurers pay more during peaks in the reporting cycle and less during troughs. Interestingly, while more than 45% of firms said a flexible service arrangement of this kind would be most suitable for their Solvency II purposes, 37% preferred a fixed fee (figure 6). This may be an example of firms underestimating the flexibility afforded by cloud solutions. However, it is also possible that these insurers value budget certainty over maximising cost savings.
Solvency II is fast approaching, and late adopters need to think carefully about which solutions can best shoulder the regulatory burden. Bursting into the cloud may prove the most attractive option.