COMITÉ EUROPÉEN DES ASSURANCES

SECRÉTARIAT GÉNÉRAL 3bis, rue de la Chaussée d'Antin F 75009 Paris

Tél. : +33 1 44 83 11 83 Fax : +33 1 47 70 03 75 www.cea.assur.org

DÉLÉGATION À BRUXELLES

Square de Meeûs, 29 B 1000 Bruxelles Tél. : +32 2 547 58 11 Fax : +32 2 547 58 19

www.cea.assur.org

Investments International Association of Insurance Supervisors' Guidance Paper on Investment Risk Management CEA Note of 26 February 2004

General comments CEA welcomes the opportunity to comment on the IAIS’s guidance paper on effective risk management for insurers and reinsurers, highlighting the issues applicable to the management of credit, market and liquidity risk. CEA considers the guidance paper to be sensible, clear and well structured. Although CEA appreciates the fact that principles have been set as a basis for investment management by insurers, excessive details, which could inappropriately interfere in company management’s freedom to conduct business, should be avoided. There should be a right balance between qualitative principles and quantitative requirements. Indeed, a regulation which imposes high qualitative standards should not impose numerous quantitative requirements over and above. Regulation should rather be based on a maximum of qualitative rules and a minimum of quantitative requirements in line with the prudent man principle. In our opinion, the prudent man principle is a key principle and needs to be cast as widely as possible internationally as well as enshrined in EU policy. Furthermore, it should not be neglected that, due to limited resources, small insurers might not be able to cope with the ample requirements as set out in the draft paper. The introduction of a certain procedural flexibility might already smooth out this detriment and facilitate the requirements’ accomplishment for all insurers. In this context, we recommend that the paragraphs 23, 28 and 35 should take into account the specific situation of smaller organisations. As the supervisory reporting requirements, mentioned under heading 8, might be quite extensive, we recommend limiting the information a supervisor may request, to the most valuable information. Under current settings a supervisor may, depending on jurisdiction, request a range of eight different policy documents, four detailed sample reports as well as ad hoc requests covering a range of eleven different items in total. Furthermore, CEA would appreciate seeing the effects of portfolio diversification and therefore risk diversification being addressed. Please find below CEA’s detailed comments on certain paragraphs of the report.

2. Investment management by issues

Paragraph 7 CEA fully supports the preliminary principle: “the characteristics of the liabilities are the driving force in developing an investment policy for an insurer” as being the underlying principle when introducing the discussion on investment management policies of insurers.

Paragraph 9 This paragraph starts with the statement that “consideration should be given to operational risks within investment activities”. CEA concurs that operational risk is a significant risk to be considered within investment activities, although we do not consider the examples listed in the paragraph as appropriate reference to operational risk. Quoting those examples, we rather suggest referring to “a diverse range or broad field of risks faced”. For the insurance industry, the operational risk can be described as the risk of direct or indirect loss resulting from inadequate or failed internal processes, people or systems. It would include, for example, risk arising from failures in corporate governance, IT systems, outsourcing arrangements and business continuity planning. Paragraph 16 Outsourcing of investment functions to external specialised companies is a viable solution for some insurance companies. In this case, very detailed reporting requirements, as requested in the last part of the paper (heading 8: paragraphs 127-134), should be calibrated according to the organisational structure of the company or group. In order to avoid unnecessary duplication, very specific risk-control procedures or reporting requirements should remain with those who are in charge of day-to-day investment operations - in this case - the external entity. Nevertheless, we agree that the insurance organisation should remain fully responsible for compliance with the overall investment strategy as well as corresponding disclosure required by the supervisory authorities.

Additional comments on section 2 Apart from the case of externalisation, it is important to recognise that investment risk management can widely differ among insurers due to the organisational structure of an insurance company. If an insurance company is part of a group (either a “pure insurance group” or a “financial conglomerate”), financial departments including investment management departments are often concentrated at the level of the holding or segregated in a separate entity of the group. Consequently, the IAIS should include a group’s organisational structure in its considerations and adapt and lessen reporting and risk-control requirements accordingly at the company level.

© Comité européen des assurances, 2004 2

3. Investment risk management framework

Paragraph 23 and Paragraph 28 In both paragraphs, risk identification and assessment (Paragraph 23) and risk monitoring (Paragraph 28) are each required to be subject to a regular review by independent person/persons (Paragraph 23) or an independent business unit (Paragraph 28). Firstly, when demanding a certain number of independent persons or a business unit for internal control purposes, the size of the insurance organisation should be taken into consideration. Therefore, control procedures should be adapted to the size of the organisation. We certainly support the principle of segregation of duties, nevertheless it is not clear why paragraph 23 and 28 require two different control levels for identification and assessment and the monitoring of risks. Any double assignation should be avoided. Furthermore, the degree or nature of the required independence of the persons or business units should be clarified.

Paragraph 38 CEA agrees that investment decisions and their execution should be subject to the approval of the authorities described in the insurer’s investment policies. Although governance procedures should apply to investment strategy decision- making (such as choice of markets and sectors), investment transaction decision-making (such as which stock) should be left to the investment or portfolio managers, within the laid-down framework or mandates. While remaining within the authorised investment framework or mandate, a certain decision-making autonomy should be allowed to investment managers. This autonomy would firstly assure the necessary flexibility an investment manager needs to adapt to daily and weekly market evolution and would prevent a certain “loss of responsibility” of investment/portfolio managers. Moreover it would avoid transaction-by-transaction authorisation by the organisations’ approval authorities (e.g. Board). Nevertheless, the necessary control mechanisms and reporting procedures should be kept.

Additional comments on section 3 The effectiveness of a company implementing a proper investment risk management system should entail consequences at the level of the capital required to operate. More in detail, if an insurance company is able to properly measure and control the different types of investment risks it should be granted some sort of capital relief especially where total capital requirements are linked someway to the investment risks the company faces. In this respect, it is important that the “Solvency II” project takes these issues into account.

© Comité européen des assurances, 2004 3

4. Credit risk

Paragraph 55 An insurer being a member of a conglomerate or a group does not necessarily mean a risk aggregation but should also imply a legitimate and sensible risk-diversification. 5. Market risk

Paragraph 81

This paragraph defines market risk being “the risk to an insurer’s financial condition arising from adverse movements in the level or volatility of market prices”. Furthermore, the paragraph states that “market risk involves the exposure to movements of financial variables such as equity prices, interest rates, exchange rates or commodity prices”. CEA agrees with that general definition of market risk. Nevertheless, we would like to point out that when discussing market risk influencing insurance businesses, commodity risk does not play a vital role.

Paragraph 86 Regarding the measurement of market risk exposure across risk types (i.e.; interest rate, equity, foreign exchange and commodities) and across the entire portfolio, insurers are asked to put in place appropriate metrics to measure this risk exposure. Although we concur with this requirement, we would like to stress that it is crucial that to measure the risks of assets and liabilities on the same basis. Only a market consistent valuation of assets and liabilities can provide this common basis.

8. Information the supervisor may request from the issuer

Paragraph 127

With reference to reporting requirements, it should be emphasised that, in order to avoid an excessive administrative burden on insurers, consistency between supervisory and financial information should be achieved as much as possible (e.g. with IAS/IFRS disclosures) Likewise, we recommend further harmonisation on the format and content of the reporting required. More standardised reporting would allow companies being part of a multinational insurance group to compare the reports of their different subsidiaries. Furthermore, more standardised reporting would have a positive impact on the group’s reporting documentation costs. Any binding additional information requirements should be submitted to a preliminary cost/benefit analysis. Disclosure and additional reporting is costly for companies and this aspect should be respected while setting rules.

© Comité européen des assurances, 2004 4

Paragraph 128

According to this, and the following paragraphs, supervisors may request four reports: risk management report, credit risk report, market risk report and liquidity report. Firstly, separate reports bear the risk of disseminating the analysis, losing sight of any synthetic overall appreciation of the risk. Secondly, information should not be redundant. Any additional information requirements should be submitted to close review in order to avoid any kind of double reporting. Furthermore, insurance organisations should be allowed to make use of management reports already elaborated for internal purposes (e.g. for approval by the Board). If necessary, those internal reports should be completed to match the requirements and the degree of detail as requested by supervisors. Likewise, we consider that the quantity of information given to the supervisor, and the level of control in general, should be proportionate to the overall solvency position of the insurer. Indeed, a company which shows financial soundness should not be submitted to unnecessary additional information requirements. Our appreciation of the current proposed guidance leads to conclude that the latter will entail undue and disproportionate reporting for sound insurance companies.

* * *

© Comité européen des assurances, 2004 5