Creating a compliant data management framework: the regulatory perspective

(1)

Creating a compliant data

management framework:

the regulatory perspective

Paolo Cadoni

EIOPA Internal Model Committee Chair

Life & Pension Risk Nordics

(2)

Outline

• The importance of a good data management framework • The “Babel” problem

• Solvency II data quality requirements

o Accuracy

o Completeness o Appropriateness

o Data directory – classification and maintenance of the data Directory o Data policy

o Validation o Documentation o External data

(3)

Importance of a good data

management framework

• Data operations are known to be vulnerable to errors

depending on complexity, reliance on manual operations

and/or spreadsheets, when interpretations are required

• Data errors could have a high impact on firms balance sheet

and operations

• It is a myth that data is just moving stuff around…

o nearly always, data is being changed in some way; and o its meaning is changed (or lost)

(4)

The Babel problem

• One of the most difficult issues

facing the financial industry.

• A mass of disparate systems

o Mainframes, SQL databases, flat files, user built spreadsheets

o None of them understand each other.

(5)

Solvency II data quality

requirements

• Data quality requirements do not apply only to internal

models, but also to other areas of the Solvency II

framework. For example:

o Technical provisions

o Undertaking Specific Parameters (USPs) o ORSA

o Etc.

• Emphasis on data governance

o Solvency II will require systematic processes for managing data

(identification, collection, documentation, transmission, processing and retention of data).

(6)

Accuracy, completeness and

appropriateness

• Accuracy - Data is free from material errors.

• Completeness - Data is of sufficient granularity and available for all

relevant model parameters in case of internal models.

• Appropriateness - Data is consistent with the purpose for which it will be

(7)

Data Directory

• A directory of all data used in the calculation of the technical

provisions/internal model is required

• This should cover:

o the source,

o characteristics and

o use of the data in calculations

• Recurrent issues:

o data classification o maintenance

(8)

Data policy

• A written data policy is required for technical provisions,

internal models and USP.

• Data policy should cover:

o Definition and assessment of the quality of data.

o The use and setting of assumptions made in the collection, processing and application of data.

(9)

Validation

• Undertakings need to validate the calculation of technical

provisions, at least once a year and where there are indications that the data, assumptions or methods used in the calculation or the level of the technical provisions are no longer appropriate.

• The validation process applies to all parts of the internal model (including data)

• The validation process needs to cover, in particular, the:

o appropriateness, completeness and accuracy of data used in the calculations

(10)

Documentation

• Amongst others, undertakings need to document/evidence

appropriately:

o data directory o data policy

o any material limitations of the data

o the collection of data and analysis of its quality and other information

o the deficiencies in data used in the internal model and the lack of data for the calculation of the internal model

o the risks arising out of the use of external data in the internal model

(11)

External data

• Data quality requirements for external data are different for

internal models, technical provisions and undertaking

specific parameters.

o internal models - requirements for external data are same as those that apply to internal data.

o USP - additional requirements to be satisfied on top of those required for technical provisions

(12)

In conclusion

…

• Anecdotal evidence shows that often data preparations are left until quite late – very difficult to set up and document the

necessary control, ownership of monitoring of data flows..

• How do you approach data management? Have you considered what part of your business require a large and complex data management process?

• Are you able to categorise data appropriately, and apply adequate controls for each type of data?

(13)

(14)

A few extracts from the

Solvency II Directive

• Member States shall ensure that insurance and reinsurance undertakings have internal model processes and procedures in place to ensure the appropriateness, completeness and

accuracy of the data used in the calculation of their technical

provisions (Art. 82)

• Data used for the internal model shall be accurate, complete and

(15)

External data requirements for

technical provisions

• Data available from an internal source is not more suitable than that available from an external source.

• The origins of the data and the assumptions or methodologies used to process that data are known to the undertaking.

• Indentify any trends in the original data and the variation.

• Assumptions and methodologies appropriately reflect the characteristics of the undertaking’s portfolio of (re)insurance obligations.

(16)

External data requirements for USP

• Process for collecting data is transparent and auditable.

• Assumptions made in the collection, processing and application of data are sufficiently comparable in case of different sources used to calibrate USP.

• Data do not reflect any risk mitigating effects of reinsurance contracts or arrangements with SPV.

• Undertakings who are contributing to external data have a similar risk profile.