Discussion on the regulation of internal risk modelling in the insurance industry has progressed over the last months and is now at full speed. Industry associations, including the CRO Forum, the CFO Forum, and the Comite Europeen des Assurances (CEA); actuarial associations, including Group Consultative Actuariel European; supervisory authorities, including the International Association of Insurance Supervisors (IAIS), and the Committee of European Insurance and Occupational Pensions Supervisors (CEIOPS); ministries of finance, including the European Insurance and Occupational Pensions Committee (EIOPC); the EU Commission and other stakeholders have contributed to it.
CEIOPS has provided advice to the European Commission on quantitative aspects of Solvency II (Pillar I) in Consultation paper 20 (CP20), published November 2006. Sections six and seven contribute a framework for the supervision of internal risk capital models, building on the previous advice given to the EU Commission's Call for advice 11 (CFA11 in Consultation paper 7). While the answer to CFA11 provided the goals, the major principles and the framework for the regulatory approval of internal models, CP20 addresses the major challenges in the supervision of internal models that are specific to the insurance industry. Many stakeholders, including the International Actuarial Association (IAA), the IAIS, the CRO Forum, the CEA, and the German Actuarial Association (DAV) have published or are about to publish on internal risk models in the insurance industry.
We see Solvency II as a once-in-a-lifetime chance to create a principles-based supervisory framework that meets the challenges of rapidly developing financial markets and creates an unprecedented level of transparency and harmonisation in the European insurance industry. It is a chance to avoid all the teething problems of banking regulation and tailor the regulatory framework to the insurance industry.
While the goals and principles of the regulatory approval of internal models in Solvency II are similar to the goals and principles of the regulatory approval of internal models for the market risk in the trading books of banks, there are significant differences in the risk management practices of the two sectors. Insurers tend to have more integrated, holistic risk models compared to banks. These holistic risk models, to receive regulatory recognition under Solvency II, pose a series of challenges that are specific to the insurance sector.
The purpose of this article is two-fold:
- To take a look at the invention of the regulatory framework based on internal value-at-risk (VaR) models by the Basel Committee of Banking Supervision in 1995, and which aspects of this regulation are still valid;
- To discuss a series of specific challenges of the supervision of internal models in the context of Solvency II, which require new solutions, tailored to the insurance industry.
The article also gives a short overview of the conceptual framework for the regulation of internal models in Solvency II, as published by CEIOPS (in Consultation papers 7 and 20) and outlines how to achieve harmonisation of the supervision of internal models across the EU, without restricting the freedom of insurance undertakings to build internal models that are most useful for their risk management.
The guiding principle of internal models
In April 1995, the Basel Committee of Banking Supervision published a proposal to base regulatory capital requirements for market risks in the trading book of banks on their internal VaR models instead of a 'standard formula'. This represented a paradigm shift in the way banking supervision was to be performed. In the proposal, the Basel Committee said: "The guiding principle of such an approach is the preservation of banks' incentives to measure market risks as accurately as possible and to continue to upgrade their internal models as financial markets and technology evolve."
The risk of financial innovations - for example, exotic derivatives or correlation products is not captured and is unlikely to be ever captured by rules-based 'standard formula' methods. The regulatory recognition of internal models in a principles-based regulatory framework has proved an instrument that allows the supervisor to keep up with the rapid development of financial markets and to make transparent and properly assess the risk in complex financial structures.
The only change to the above guiding principle, suggested by eight years of experience in the supervision of internal models, would be to, "Measure market risks as accurately as necessary to be useful for risk management." Measuring risk in itself has no value if it is not part of an integrated risk management process, including appropriate risk management action.
Given the fact that both development and supervision of internal models are relatively costly, what are the benefits?
- Reiterating the key point of the guiding principle, internal models allow more adequate measurement of risks, especially for non-linear products (derivatives and non-proportional re-insurance) than any standard formula possibly can.
- Supervisors and senior management look at the same risk management tools and speak the same language. Double efforts for the quantification of economic and regulatory capital are avoided. IT infrastructure and data used for the internal model is also used for internal controlling purposes as well as for the discussion with rating agencies, re-insurers and shareholders.
- Hence, continual improvement of the model is in the own interest of the company.
- Supervisors get access to risk exposure data that is much more timely, risk-adequate and detailed than what is usually available in accounting records to external auditors and rating agencies. Compared to weather forecasting, standard accounting records correspond to looking up at the sky and deriving predictions from the form of clouds and the direction of wind. The detailed exposure data that internal models are based on correspond to the weather data provided by the radar and satellite network, which allows much more timely and accurate predictions for specific areas.
- Armed with the intimate knowledge of risk exposures and risk management processes, supervisors are put in a good position to contribute practical solutions to the implementation of new regulatory frameworks.
- Due to the fact that some risk models require advanced quantitative skills, internal audit departments tend to have limited powers to review internal risk models on a technical basis. By pooling quantitative skills, supervisors are able to review and challenge internal risk models in-depth in a cost-efficient way.
- By the definition of common calibration targets, like 99.5%-VaR over one year horizon, risks from different business areas are made comparable. By the definition of common quality criteria for risk models, the forecast-quality of internal models is made measurable and thus comparable, using actuarial-statistical techniques. This creates a level playing field for both companies and supervisors.
- Operational risks are reduced through standardisation of the risk management processes.
In summary, the supervision of the market risks of banks has proved to be largely a win-win situation for supervisors and banks. The core of the deal between supervisors and companies is, "Lower regulatory capital in exchange for more timely and more detailed information." A similar incentive structure is at work when a company seeks a public rating, buys re-insurance, or gets listed at an exchange. The similarities end when the undertaking gets close to default and it has an incentive to 'gamble for resurrection' by taking additional risks. The task of the supervisor is in this case to lead the company back to safe levels of capitalisation without gambling for resurrection or, if all else fails, initiate the run-off.
According to its answer to the EU Commission's Call for advice on internal models (CFA11), CEIOPS has separated three major components of an internal model submitted for regulatory approval (compare CFA 11.14-16 and CP20, section six):
The methodological basis comprising the gathering of data, the aggregation of data, the statistical modelling assumptions, the estimation of statistical parameters and the prediction of future gains and losses is called the 'actuarial model'. Its appropriateness is assessed in the 'statistical quality test', which needs to include some form of comparing predictions with actual losses. On top of this methodological basis, there are two applications: internal risk management and the estimation of the regulatory capital requirement, the solvency capital requirement (SCR). Internal risk management comprises the whole system of controlling measures. The application of the 'actuarial model' for internal risk management is assessed in the 'use test'. The regulatory capital requirement, the SCR, is either derived directly from the probability distributions provided by the actuarial model or via a re-scaling of the risk measures used for internal risk management. The appropriateness of either way of deriving the regulatory capital requirement from the internal data is assessed in the 'calibration test'.
Any regulation based on internal models faces the problem of how to achieve, "A balance between giving insurers the flexibility to develop models that genuinely reflect the risk profile and fit their risk management processes on the one hand, and setting a minimum level of prescription to ensure comparability of the SCR estimates on the other hand." (CFA 11.70)
While, "There should, in principle, be no limitation on the range of model approaches an undertaking might adopt for its actuarial model, subject to meeting validation and approval constraints," (CfA 11.68), the supervision of internal models must not be 'laissez faire' supervision.
What kind of comparability can and should be achieved? Comparability has more quantitative (Pillar I) and more qualitative (Pillar II) aspects. Comparability of the assessment of the quality of risk management in Pillar II across EU member states will be achieved more by the intensive dialogue between national supervisors in the context of group supervision (CFA 20) and the general peer review between supervisors (CFA 11.67, CFA 17), than by very detailed, prescriptive rules on how to manage risk and capital or how to build actuarial models.
The quantitative aspects of comparability can be further broken down into the question of the proper ranking of risks versus the proper calibration of the SCR. For these quantitative aspects of comparability it is instructive to look at weather forecasting.
Risk measurement in a business line over a specific time period is like predicting the probability of rain at a certain location over a time period. A skilled forecaster distinguishes himself from a less skilled forecaster primarily by his ability to distinguish different 'weather profiles' and to assign the proper ranking (for example, surely sunny, small likelihood of rain, high likelihood of rain, and so on) to these different situations. Such a forecast is called refined in the literature on weather forecasting. If the forecast is expressed quantitatively - for instance, the probability of rain tomorrow is 25% - then the forecast is called well-calibrated, provided a 25% forecast of rain is followed by one-in-four days of rain on average. Note that the forecast, "It will rain in London tomorrow with probability 145/365," is well-calibrated, since 145/365 is the climatologic probability of it raining in London. It is almost useless, however, since it does not help in decisions that depend on the weather.
Analogously, it is primarily the proper ranking of risks that is important for the internal risk management, rather than the proper calibration.1 Since risk-ranking is so closely related to internal risk management, this suggests applying as little prescription as possible to the ranking implied by the actuarial model in the statistical quality test.
The ultimate supervisory reason for not requiring comparability in risk-ranking is systemic risk. If all undertakings use the same ranking of risks, then all undertakings will shun the same types of risk at the same time and exacerbate market disruptions. From this financial stability point of view, diversity in risk rankings - related to diversity in the risk measures used for internal risk management - should be encouraged.
The comparability of the regulatory capital requirements derived from internal models across undertakings, as well as comparability between standard formula and internal models, is achieved by requiring undertakings to calibrate their estimate of the SCR to the Solvency II calibration standard. The SCR is derived either directly from the probability distribution provided by the 'actuarial model' or from the internally used risk measure via re-calibration. Either way is assessed in the 'calibration test'.
In summary, a possible solution to achieving the twin goals of flexibility and comparability is to carefully distinguish the more principles-based requirements on the internal use of the model ('use test' and the risk-ranking aspects of statistical quality) and the more prescriptive requirements on the regulatory use of the model ('calibration test').
Multitude of risk measures used in the insurance industry
After JP Morgan launched RiskMetrics in 1994, almost all internationally active banks used VaR as the risk measure for market risk. VaR quickly became the common denominator used to make previously incomparable risks comparable across the banking industry.
In contrast, a variety of risk measures is used by different insurance undertakings. For internal economic capital purposes, VaR and Tail VaR risk measures are used at varying levels of confidence, depending on the level of capitalisation that the undertaking intends to attain. Often, this level of capitalisation is targeted to achieve a specific rating, and would then typically be significantly higher than under a Solvency II SCR standard. More importantly, variations of the 'pure' VaR or Tail VaR risk measure using a multiplier are used for risk management purposes. For example, a 'VaR with a multiplier' risk measure could quantify the capital that is needed to cover the amount of two times the 100-year event loss (in case the multiplier is two and VaR is calibrated to 99%).
Yet another difference between banks and insurers is that insurers frequently report potential losses for a sequence of scenarios, say the 50-year event, the 100-year event and the 250-year event.
Hence, the 1996, Market Risk Amendment to the Basel Accord, did not have to deal with the problem of the multitude of risk measures used by insurance undertakings, which Solvency II faces. The solution to this problem is to allow individual risk measures, potentially several, in the internal reporting and risk management throughout all hierarchical levels, subject to the general use test requirements. But, require the computation of the regulatory capital requirement calibrated to the Solvency II SCR standard at the legal entity level for solo supervision and at group level for group supervision, subject to calibration test requirements.
Challenges of assessing key parameters in the calibration test
The assessment of the calibration of the risk capital number in insurance is more difficult than in the case of VaR models for market risk:
- There is a gap between the Solvency II risk measure (the 200-year event) and actually observable losses in the insurance industry.2 On the other side, one-day ahead 99%-VaR predictions correspond to a 0.4-year event and can be back-tested directly.
- Solvency II allows holistic risk modelling and thus the modelling of diversification effects between all kinds of risk categories. On the other side, isolated sub-models for market, credit and operational risks are aggregated using a simple sum in banking supervision.
- Insurance - especially life insurance - has notoriously long-term liabilities, which are difficult to value. On the other side, most market risk products are either liquidly traded in markets or marked-to-model. The uncertainty in the valuation of long-term life insurance liabilities appears to be even larger than the uncertainty in the valuation of the most illiquid OTC financial derivatives.
Variables that are difficult to estimate and which have such an influence on the final SCR that small changes in the parameters have a huge impact are called key parameters:
- How to extrapolate from observable losses to the far tail (shape parameters).
- How to aggregate different business lines and risk types (tail dependency parameters).
- How to extrapolate trends into the far future (trend parameters like long-term mortality trends).
A possible solution to this problem is to decouple the 'back-testing' from the risk measure that defines the SCR calibration standard. The assessment of the methodological basis in the 'statistical quality test' needs to be based on actually observed losses. The specific form of back-testing will depend on the loss data available in different areas. A robust relation between the back-testing results and the SCR calibration standard is ensured by some form of supervisory control over key parameters. There are decreasing levels of such supervisory control:
- Prescription of the model; fixed key parameters (like in internal ratings-based approaches to measuring credit risk in Basel II).
- Constrained calibration of models.
- Requirement to use pooled industry data instead of just own data to estimate key parameters.
- Ex-post peer comparison of key parameter estimates.
- Fully liberal regulation.
While prescribing the model and fixing the parameters on a European level would provide the highest level of control, it is not in line with the guiding principle of internal model regulation and foregoes the advantages that come with it. On the other end of the spectrum, a fully liberal regulation would allow firms to tweak their numbers to achieve almost any desired result. Note that variants of the third and fourth point above are used by banking supervisors in the context of the comparatively liberal regulation of the advanced measurement approach (AMA) to operational risk.
The major innovation here is to design a series of key questions and require all risk models to require comparable answers to these key questions. Special cases of this kind of 'constrained calibration' are:
- Apply models to test portfolios and require the result to be close to a prescribed value.
- Set a multiplier that relates the statistically accessible parts of the distribution to the 200-year event (this effectively fixes the 'shape parameter').
- Construct market-consistent valuation models by constraining model parameters such that the values of traded cash flows match their observed market prices.
- Constructing a suitable system of calibration constraints for the different business areas will be the next big challenge in the European harmonisation of the supervision of internal models.
Minimise the resources needed to validate internal models
The third major difference between banking and insurance supervision is the difference in the roles of Pillar I and Pillar II. For historic reasons, Pillar I has a more bottom-up approach to risk measurement in banking supervision, with the effect that important and quantifiable risks like interest rate risk in the banking book are not treated by Pillar I of Basel II. Because of this, the Pillar II requirements on the internal capital adequacy assessment process have significant quantitative aspects. In practice, this tends to lead to the parallel assessment of 'real internal models' (in Pillar II) and 'regulatory internal models' (in Pillar I).
Since insurance undertakings face insurance risks on top of all the risks banks face (market, credit, operational) and insurance risks (like long-term mortality trends) tend to be more difficult to assess than market and credit risks, the validation of the holistic internal models envisioned by Solvency II is a Herculian task compared to the validation of market risk models for the trading book of banks.
A possible solution to the problem of performing a more difficult validation at minimal cost is to design the combined Pillar I and Pillar II requirements on internal risk management such that there is virtually no difference between the general Pillar II requirements on the internal risk and capital assessment on the one hand, and the internal model use test on the other hand in the case of undertakings that apply for regulatory approval of their internal model.
If this can be achieved, then there is little extra effort for the internal model use test on top of the Pillar II SRP, which will be performed regardless of whether the undertaking applies for regulatory approval of its internal model.
1. An exception is the computation of the cost-of-capital component of the price margin, where the risk measurement needs to be calibrated against economic capital standards in the specific market.
2. The worst-ever NatCat event, Katrina, is now considered to be roughly a 35-year event.
An internal model-based approach to market risk capital requirements
Amendment to the capital accord to incorporate market risks
EU Commission (2002)
Risk models of insurance companies or groups
CRO Forum (2005)
Principles for Regulatory Admissibility of Internal Models, June 10, 2005
Consultation paper 7 - Answers to the second wave of Calls for Advice - Solvency II, October 2005
Consultation paper 20 - Draft Advice to the European Commission in the Framework of the Solvency II Project on Pillar I Issues - Further Advice
SUBMISSION GUIDELINES FOR TECHNICAL ARTICLES
Life & Pensions welcomes the submission of technical articles on topics relevant to our practitioner readership. Core areas include solvency and economic capital modelling, the measurement and management of financial, biometric and operational risks, market-consistent valuation and financing of life and pension balance sheets and cashflows, and investment management. This list is not an exhaustive one.
The most important publication criteria are originality, exclusivity and relevance. In the interests of our readers, we attempt to strike a balance between these. Thus, while we will not publish executive summaries of longer papers (on the grounds of exclusivity), we may accept papers that draw partially but not completely on research submitted elsewhere should our referees recommend it on the grounds of originality and relevance to practitioners.
Given that Life & Pensions technical articles are shorter than those in dedicated academic journals, clarity of exposition is another yardstick for publication. Once received by the editor and his team, submissions are logged, and checked against the criteria above. Articles that fail to meet the criteria are rejected at this stage.Articles are then sent to one or more anonymous referees for peer review. Our referees are drawn from the actuarial, risk management, treasury and investment departments of major life and pensions companies, in addition to academia and regulatory bodies. Depending on the feedback from referees, the technical editor makes a decision to reject or accept the submitted article. His decision is final.
We also welcome the submission of brief communications. These are also peer-reviewed contributions to Life & Pensions but the process is less formal than for full-length technical articles. Typically, brief communications address an extension or implementation issue arising from a full-length article that while satisfying our originality, exclusivity and relevance requirements, does not deserve full-length treatment.
Submissions should be sent to the editor at [email protected] The preferred format is MS Word, although Adobe PDFs are acceptable. The maximum recommended length for articles is 3,500 words, and for brief communications 1,000 words, with some allowance for charts and/or formulas. We expect all articles and communications to contain references to previous literature. We reserve the right to cut accepted articles to satisfy production considerations. Authors should allow four to eight weeks for the refereeing process.
The week on Risk.net, October 6-12, 2017Receive this by email