title slide one - kpmg · 2020. 4. 17. · isle of man new york uk fca european commission delaware...
TRANSCRIPT
1© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Summer School
18 July 2017
2© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Agenda– A Bluffer’s Guide to the Blockchain – Micky Swindale– Recent & future changes to AML – James Shimmin– UK Tax update – Greg Jones– GDPR – Personal data privacy at any cost? – Allan Christian– Brexit – Jon Tricker– Insurance – David Brown– Cyber Security Risks/Challenges – Daniel Kniveton– Gibraltar Tax update – Darren Anton
3© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG Summer School—July 2017
A Bluffer’s Guide to the Blockchain
4© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The first Blockchain
5© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Blockchain Structure
6© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Blockchain Applications
7© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Blockchain Value Proposition
Transparency, security and speed
8© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Developments & Regulation
9© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Globally
WEF – By 2027, 10% of global assets held on blockchain
AR - $16bn of cost savings from blockchain
Flurry of activity from mid-2016:
WEF
Goldman Sachs
US
Chinese
UK
IOM
10© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Regulation
Isle of Man
New York
UK FCA
European Commission
Delaware
Gibraltar
11© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Your ‘Bluffer’s’ line….
‘An outcomes-focused, principles-based approach to regulation which will
support innovation and nurture start-ups’
12© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Boom or Bubble?
‘Blockchain will change finance forever, and for the better. Investing in it now may feel like prospecting for gold in a
freezing mountain stream…but you may just strike it rich.”’
Spectator Money, 27 May 2017
13© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Boom or Bubble? (continued)
It is rapidly becoming the underlying approach of the global system infrastructure
It is enabling future competitive advantage
It is fundamentally disrupting the value chain
It will be ubiquitous within the next 5 years
It is supported by regulators and watchdogs
KPMG on ‘Real use cases for blockchain and Distributed Ledger Technologies in the Asset Management sector’July 2017
14© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Final Tip
Don’t say Blockchain…
Say Distributed Ledger Technologies
15© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Micky SwindaleHead of Advisory+447624 [email protected]
July 2017
The Good, The Bad & The Ugly?
17© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The Ugly, The Bad & The Good
Regulatory Decisions Hopes for the future
New Regulations and MoneyVal
18© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Fines/Regulatory Decisions
19© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Top Eleven Global Banking Fines
$1.9 Billion - HSBC, AML Lapses
$1.5 Billion - UBS, Libor Rigging
$920 Million - JP Morgan, Trading Scandal
$780 Million - UBS, Aiding Tax Fraud
$667 Million - Standard Chartered, Breaching Sanctions
$619 Million - ING, Breaching Sanctions
$612 Million - RBS, Libor Manipulation
$550 Million - Goldman, Misleading Investors
$536 Million - Credit Suisse, Breaching Sanctions
$500 Million - ABN AMRO, Breaching Sanctions
$451 Million - Barclays, Libor Manipulation
20© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Regulatory Decisions in GamingDuring the period from 17 June 2014 to 15 March 2017 the UKGC produced sanctions against 46 Operator / Personal licence holders for failure under various Licence Conditions and Codes of Practice (“LCCP”) these sanctions ranged in severity.
Warning with financial penalty – x 1 (£300k)Warned, conditions attached and financial penalty – x 1 (£10k)
Warning – x 14
Warning with conditions attached – x 4
Warning with attached conditions – x 1
Financial penalty – x 1 (£5k)
Licence terminated – x 1
Licence revoked – x 3
Operator Licences - 26
Revoked - x 34Warning - x 3Warning with conditions attached - x 3
Personal Licences - 40
Compared to Banking the Gaming sector is very much in its infancy with regards to regulatory sanctions.
However, this is not a time for complacency as regulators start to get tougher with non-compliance.
21© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
NewRegulations andMoneyVal
22© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Issues observed (Examples)
• Lack of training / awareness
• Limited understanding on who the MLRO is
• Limited understanding on what a PEP`s are
• Limited understanding of the basic principles in preventing money laundering
• Lack of registers
•PEP`s/SAR`s/Sanctions/Gifts/Breaches/Enquiries/Technological Developments
• Poor policies and procedures
• Limited information and not up to date
• Non qualified MLRO`s / DMLRO`s
• Limited resource and experience
• Lack of support from Board
• Limited information and guidance provided or discussed via board meetings
• No ongoing risk assessments / No internal audit function
• Limited Sanctions screening
• Reward over Risk
• Failures in acquiring Enhanced Due Diligence (“EDD”)
23© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
What is Current
• 4th Money Laundering Directive• Key features• Impacts• Beneficial Ownership Act• Key features• Impacts
24© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
MONEYVAL – Council of Europe (47 member states 28 of which in EU)
What is Next
• 14th October 2015 – Committee of Ministers of the Council of Europe adopted a resolution allowing Gibraltar to be evaluated by MONEYVAL , and be subject to its procedures
• A detailed assessment report on Gibraltar’s compliance with anti-money laundering and terrorist financing international standards was published by IMF in May 2007
• IMF identified then the considerable progress in enhancing its effectiveness of existing preventative measures – but identified that its principal AML risk was its involvement in the layering and integration of proceeds of crime.
• It set out the steps needed to continue the momentum in moving the legal and regulatory regime forward and the need to enhance its Financial Services Commission and Financial Intelligence Unit.
• With the MONEYVAL visit fast approaching – what progress has been made? And based on the experience of others how is Gibraltar likely to measure up?
MONEYVAL 5th Round of Assessments
25© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
What is Next (continued)
It is interesting to note from the MONEYVAL visits to date under the (new) 5th round of assessments that here are consistent areas of concern being noted. In particular with regards to the following which have affected a number of jurisdictions globally via the various FATF Style Regional Bodies (“FSRB”):
• Recommendation 13 / Special Recommendation IV – Suspicious transactions reporting.
• Recommendation 3 – Confiscation and provisional measures. • Recommendation III – Freezing and confiscating terrorist assets. (This has not
been addressed)
EAG The Eurasian GroupAPG Asia/Pacific Group on Combating Money Laundering
CFATF Caribbean Financial Action Task Force
MONEYVAL
Committee of Experts on the Evaluation of Anti-Money Laundering Measures and Financing of Terrorism of the Council of Europe
ESAAMLG Eastern and Southern Africa Anti-Money Laundering GroupGAFILAT Financial Action Task Force of Latin America
GIABAIntergovernmental Action Group against Money-Laundering in West Africa
MENAFATF Middle East and North Africa Financial Action Task ForceGABAC The Task Force on Money-Laundering in Central Africa
Based on what we have seen in other jurisdictions – it is likely that MONEYVAL will identify areas where progress still needs to be made and therefore likely to place Gibraltar on “ENHANCED FOLLOW UP”
Only be acting now can the number of areas requiring additional work be reduced
It is important to understand what is meant by ‘enhanced follow up’ and its impact for Gibraltar
26© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
What is “Enhanced Follow-Up”?
In deciding whether to place a country / territory in enhanced follow-up, the Plenary consider the following factors:
a) After the discussion of the Mutual Evaluation Report: a country/territory will be placed immediately into enhanced follow-up if any one of the following applies:
i. it has 8 or more Non-Compliant (“NC”) or Partially Compliant (“PC”) ratings for technical compliance, or
ii. it is rated NC/PC on any one or more of R.3,5,10,11 and 20, or iii. it has a low or moderate level of effectiveness for 7 or more of the 11 effectiveness outcomes,
or
iv. it has a low level of effectiveness for 4 or more of the 11 effectiveness outcomes.
b) After the discussion of a follow-up report: the plenary could decide to place the country/territory into enhanced follow-up at any stage in the regular follow-up process, if a significant number of priority actions have not been adequately addressed on a timely basis.
MONEYVAL – Enhanced Follow-Up
R.3 = Money Laundering and ConfiscationR.5 = Terrorist Financing and Financing of proliferationR.10,11 & 20 = Preventative Measures
27© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Under the 5th round of evaluations each jurisdiction will be assessed against 11 specific Areas, these are called “Immediate Outcomes” for the following:
1) Risk, Policy and Co-ordination 2) International Co-operation 3) Supervision 4) Preventative Measures 5) Legal Persons and Arrangements 6) Financial Intelligence 7) Money Laundering Investigation and Prosecution8) Confiscation 9) Financial Terrorism Investigation and Prosecution10) Financial Terrorism Preventative Measures and Financial Sanctions11) Proliferation Financing Financial Controls
MONEYVAL – Immediate Outcomes
Effectiveness Ratings (NewTest)
High
Substantial
Moderate (major improvementsrequired)
Low (fundamental improvementsrequired)
Of the 30 Countries evaluated in 5th round, only 4 not in “Enhanced Follow Up”
CUBA
ITALY
ARMENIA
SPAIN
28© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Effectiveness Ratings – Immediate OutcomesImmediate Outcome IO.1 IO.2 IO.3 IO.4 IO.5 IO.6 IO.7 IO.8 IO.9 IO.10 IO.11Isle of Man Sub Sub Mod Mod Mod Low Low Low Mod Mod ModItaly Sub Sub Mod Mod Sub Sub Sub Sub Sub Mod SubArmenia Mod Sub Mod Sub Sub Mod Low Low Sub Sub SubSpain Sub Sub Sub Mod Sub High Sub Sub Sub Mod ModCuba Mod Mod Sub Mod Sub Mod Mod Sub Sub Sub ModHungary Low Sub Mod Mod Low Sub Low Low Mod Mod ModJamaica Mod Mod Mod Low Low Mod Low Sub Low Low LowSerbia Mod Mod Mod Mod Mod Mod Low Mod Mod Low LowSingapore Sub Sub Mod Mod Mod Sub Mod Mod Low Mod SubSwitzerland Sub Mod Mod Mod Mod Sub Sub Sub Sub Sub SubUnited States Sub Sub Mod Mod Low Sub Sub High High High HighZimbabwe Low Low Low Low Low Low Low Low Mod Mod LowAustralia Sub High Mod Mod Mod Sub Mod Mod Sub Mod SubCanada Sub Sub Sub Mod Low Mod Mod Mod Sub Sub ModMalaysia Sub Mod Sub Mod Mod Sub Mod Mod Mod Sub ModBelgium Sub Sub Mod Mod Mod Sub Mod Mod Sub Mod ModHonduras Mod Sub Mod Mod Low Mod Mod High Sub Mod LowAustria Mod Sub Mod Mod Mod Low Low Mod Sub Mod SubBangladesh Mod Sub Mod Low Low Mod Low Low Sub Mod SubNorway Mod Sub Mod Mod Mod Mod Mod Mod Sub Mod ModSamoa Mod Sub Low Mod Mod Low Low Mod Mod Mod LowCosta Rica Mod Sub Mod Mod Low Mod Mod Mod Mod Low LowSri Lanka Mod Low Low Low Low Low Low Low Sub Low LowGuatemala Mod Sub Mod Mod Mod Sub Sub Sub Mod Mod ModFiji Mod Mod Mod Mod Low Mod Mod Low Low Low LowBhutan Low Mod Low Low Low Low Low Low Mod Low LowUganda Low Low Low Low Low Low Low Low Low Low LowTunisia Mod Mod Low Low Low Mod Mod Mod Low Low LowTrinidad & Tobago Mod Mod Mod Mod Mod Mod Low Low Low Low LowVanuatu Low Low Low Low Low Low Low Low Low Low LowEthiopia Low Mod Low Low Mod Low Low Low Low Low Low
29© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Hopes for the future
30© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
What is the Gibraltar doing right
There is a still work to be done and it sis important to champion the good points as well as negative, such as (for those that are regulated):
• Increasingly a good understanding especially within the gaming industry that regulations are important to encourage clients to use their products.
• The technology being used and developed is impressive and the exchange of this between industries means that the benefits are being shared.
• Whether it is banking, financial services or gaming there is a greater understanding that there are costs to dealing with implementing regulations wherever you are based in the world.
• Cross pollination of expertise between banking sector and gaming industry and vice versa.
• Industry are willing to seek third party advice and support - and realise just how much added value they can contribute .
31© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Summary
32© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
In SummaryReputational Risk Prison Time / Fines
• There will continue to be more and more regulatory pressure placed on the jurisdiction and all sectors will be impacted
• The impact of the impending Moneyval visit should not be underestimated – there will be material changes to the regulations and guidance as a result – but these should be embraced.
• All sectors must ensure that they have the risk- reward balance correct
• Failure to follow regulations will ultimately end in sanctions and continue to place the sectors in the media and political headlights.
What regulatory ‘waves’ will arrive on Gibraltar’s shore in next few years and what changes will it bring?
Only time will tell
Gibraltar’s history indicates that it will adopt and adapt to the changes in order to make itself stronger.
33© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Questions
34© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
UK Tax Update
Gregory JonesDirector of Taxation
18 July 2017
35© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Finance Bill 2017 (…. and again)• Original version contained well-trailed proposals specifically covering:
– Non-Doms (15 year deeming rule with transitional reliefs and future trust protection), and
– UK residential property (to come within scope of IHT regardless of ownership).
• Proposals due to take effect 6 April 2017.
• Due to calling of General Election all proposals removed from what became Finance Act 2017.
• On 13 July HMRC published draft legislation to be contained in Finance (No 2) Bill 2017.
• Above proposals re-introduced with minor modifications.
• Effective date still 6 April 2017.
36© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Finance (No 2) Bill 2017• Retrospective legislation – or just retroactive?
• All following now (retrospectively?) within scope of IHT:
– death of non-dom BO of offshore company (holding UK residential property) since 5 April 2017;
– death of non-dom life tenant of pre-March 2006 IIP trust (holding UK residential property via offshore company) since 5 April 2017;
– gift into trust by non-dom of shares in offshore company (holding UK residential property) since 5 April 2017.
• But confirms CGT position for non-doms becoming deemed dom on 6 April 2017 who have made disposals in interim in reliance on re-basing relief.
37© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
UK Trusts Register• Part 5 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the
Payer) Regulations 2017 introduces new reporting requirements for trusts which are:
– UK resident, or
– Non-UK resident but liable to pay UK tax on income/ assets.
• Trustees need to file information on the HMRC online Trust Register on or before 31 January 2018 (or by 31 January after tax year in which trust created, if later) and keep up to date.
• Trustees must declare they are acting as trustee when entering transaction with “relevant persons” (trust providers, estate agents, financial institutions, tax/ accounting professionals) and provide beneficial ownership information on request.
• Trustees must also provide BO information to any law enforcement authority.
• Not accessible by general public.
38© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
UK Trusts Register(information to be filed by trustees – I)
• Beneficial ownership – for each of (i) trustees, (ii) settlor, (iii) beneficiaries, (iv) any individual who has control over the trust:
– full name and date of birth,
– NINO and UTR (or usual address),
– if non-UK address, passport or ID card number and country of issue/ expiry date,
– description of role in relation to trust.
• Where beneficiaries defined by class, do not need to record information for everyone in class.
• “Control” = ability (even if another’s consent needed) to direct, veto or consent to disposals/ applications of trust property, distributions, variations, adding/ remaining beneficiaries, appointing trustees etc.
39© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
UK Trusts Register(information to be filed by trustees – II)
• Information about the trust:
– full name and date of creation of trust,
– statement of accounts (describing trust assets and identify value of each category of assets),
– place of tax residence and administration,
– full name of any remunerated legal, financial or tax adviser.
40© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Rangers: the final chapter• Rangers FC (& other group companies) paid sums into an offshore trust for benefit of
employees (inc players),
• Club recommended that trustee resettle on sub-trusts for named employees and that income/capital of trust be applied in accordance with employee's wishes,
• Trust arrangement explained to new players:
– Availability of loans (none ever refused),
– Player would be trust protector (with extensive powers),
– Loan interest rolled up / could be paid from estate on death,
• Foreign players who left to return overseas could unscramble trust arrangements,
• Payments into the trust held to be taxable earnings,
• Supreme Court decision handed down on 5 July 2017.
41© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Questions?
July 2017
GDPR
Allan Christian –KPMG Gibraltar
43© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
General Data Protection Regulation
Already in force! Effective from 25th May 2018
EU Regulation – overrides existing national law in member states
“A more 21st century approach to the processing of personal data” which “puts an onus on businesses to change their entire ethos to data protection” UK ICO Chief
“Make no mistake, this one’s a game changer for everyone” UK ICO Chief
Extra-territorialGDPR enforces the fundamental rights of EU residents, so if you handle any of their personal data, you are in!
44© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
GDPR Fundamentals
Not all data – specifically covers personal data
EU Regulation, but applicable to those handling EU residents’ data, hence our interest as a jurisdiction
(Brexit notwithstanding).
Changes data governance expectations at strategic, tactical and operational levels for public,
private and charitable entities
45© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG Research – subjects cautious at outset
Source – KPMG Crossing the Line survey
46© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Data Protection Law
- Gibraltar’s position
47© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Current State of PlaySince then…
YouTube
Skype
Snapchat
Tinder
Grindr
Ashley Madison
The Cloud
Google Maps
EU Data Protection Directive 1995
Directives require transcription into national law
Data Protection Act 2004
48© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar Regulatory Authority
Independent Supervisory Body
Covers multiple functions (below)
Over 800 registered data controllers
Opt-out register also maintained
GRA’s “Getting Started with GDPR” available here
49© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The Regulators
50© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Key supervisory bodies in context of Gibraltar
Gibraltar Regulatory Authority
• Direct supervisor• Advise and assist
Information Commissioner’s
Office
• UK body• Been a useful big
brother to date, and at vanguard of EU approaches
European Data Protection Supervisor
• EU “supervisor of supervisors”
• Role will evolve by 2018 in context of EDPB (below)
51© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
UK ICO – GDPR approach
Move away from “box ticking exercise” to “framework that can be used to build a culture of privacy that pervades an entire organisation”
“Today many companies think data protection is just about “compliance”
Move from “…mindset of compliance to a mindsetof commitment”
New approach from non-EU leader, which will suit the move towards supervisors “monitoring and enforcing” rather than “advising and assisting”
52© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
European Data Protection Supervisor - approach
“A more human-centric approach is needed which empowers individuals to control how their personal data is collected and shared”
“People will realise that the limitless accumulation of personal data, including the most intimate genetic and biometric data, creates the risk of a tsunami…We cannot assume that the hands which use the data will be as benign as the hands which collected it.”
“…we need to start to internalise the notion of accountability, far more important than box ticking compliance. And we need to apply these principles to international data flows.”
53© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
European Data Protection Board – the new boss?
Reality – a “One-Stop Shop”
• EDPB an independent body of the EU, with its own legal personality.
• EDPB work will be susceptible not only to criticism, but also to contestation before the courts.
• Conciliate and determine disputes between national DPAs
• EDPB will still be responsible for adequacy assessments
Article 29 Working Party
European Data Protection Board
Same People!
“…a new platform for modern, effective, real-time supervision of how personal information is handled in the big data world, and for modern, effective, real-time cooperation between the authorities responsible for that supervision”
54© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Basic Concepts
55© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Revised elements - reference tableArt “Pre-DPR” GDPR
Protection by design and default
25Reactive – “appropriate technical and organizational measures”
Compulsory, and must be demonstrable - “default” being protect, not misuse
Data Protection Impact Assessments
35, 36 Good practice Compulsory, potential need to
consult for high risk processing
Data Protection Officers
37-39
Good practice, compulsoryfor EU institutions
Compulsory for public sector and certain entities (see below) – professional qualities, independent
Notification of Breaches
33, 34 Some firms All entities, 72 hours, potentially
have to inform subject
Access Rights 15 40 Days, can charge 1 month, can’t charge
Transfer limitations across borders
44-50
“Adequate territories”, or model clauses or BCRs
Range of additional mechanisms, all needing local and/or EC approval
Consent 7“Opt out” permitted, and frequently used
“Opt in”. Children policed with additional vigour
Inventory of personal information
30 Not required Required
56© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Sea Change elements - reference table
Topic Art GDPR
Accountability
Obligations on both data controllers and processors to: • Demonstrate compliance with GDPR on request• Demonstrate security adequacy (certifications?)• Follow codes of practice• Employ Data Protection Officers in many cases
Sanctions and Penalties
83, 84
• From country-by-country variance (but all at a modest level) to a maximum of €20m or 4% of global turnover.
Extra-territorial 3,4,27
• Applicable if you provide goods or services to an EU Resident, or process their data
• Will be subject to supervisory intervention from the “most relevant” EU supervisor (mostly UK?)
• MUST have a physical representative in one member state in which you are doing business
Right to Erasure 17• Expands on rights which were previously generic, providing
multiple avenues for subjects to request erasure
57© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Topical concerns - Data Protection Officers
• Required if
• Public Authority
• Personal data processing is a “core activity”
• Regular and systematic monitoring of data subject is a “core activity”
• Can be outsourced
• Article 29 Working Party Guidance released recently providing practical examples of what activities should require the assignment of a DPO
• Isle of Man approach (for comparison)
Necessary for Finance, Gaming, and any licenceholder who performs Due Diligence in an AML/CTF context.
“a person with expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with this Regulation”. GDPR Recital 97
Large Scale Processing
Patient data in hospital
Processing real-time geo-location data of customers
Customer data in the regular course of bank or insurance business
Behavioural advertising data processing by search engine
Phone or ISP companies processing content or traffic data
58© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Topical concerns - Country Representatives
• Post-Brexit, you will need a physical being in an EU state should you process personal data of EU residents (not every state).
• Explicit designation via written mandate.
• Representatives will co-operate with national authorities to help compliance.
• Representatives will be subject to enforcement proceedings in the event of non-compliance.
• Ultimate responsibility of data controllers and processors not avoided.
• Some carve outs for occasional, low risk processing.
“natural or legal person established in the Union who, designated by the controller or processor in writing…represents the controller or processor with regard to their respective obligations under this Regulation; GDPR Art 4(17)
59© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
GDPR basics - DerogationsThere are some GDPR obligations which member states are permitted to tweak, specifically:
Topic Nature of derogation
Online consent from children Permitted to reduce age from 16 (in GDPR) to 13
Data Protection Officers Can be made mandatory if member state prefers
Data relating to employees Permitted to allow for more restriction
National Security Permitted to pass laws to limit rights for security reasons
Freedom of information Permitted to reconcile GDPR with FoI if necessary
60© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Recent fines and GDPR
61© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Supervisory Powers under GDPR
Art. Powers of Data Protection Authorities
58.1(a)Order the provision of evidence of compliance from Controllers, Processors and their Representatives
58.1(b) Perform Data Protection Audit investigations
58.2(a & b) Issuance of warnings and reprimands
58.2 (d)Order achievement of GDPR compliance, including manner and time period
58.2 (j) Ban or suspend processing and transfers to third countries
84 “Other penalties” for infringements not subject to fines
58.2 (i) & 83 FINES…
62© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
ICO Fines in the UK - RSA
RSA Case
• Lost 60,000 Customer Records (inc. bank and card details)
• Fined £150,000
63© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
ICO Fines in the UK – various UK Charities
Link to main landing page
• “…contravened the fundamental rights of millions of individuals…driven by financial gain” - Broke Fair Processing requirements
- Performed Wealth Screening over a period of years
- Data Matching and Tele-Matching (i.e. filling in the blanks)
• Fines between £6,000 - £18,000
64© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
ICO Fines in the UK – Talk Talk Telecoms plc
Talk Talk Case
• Failure to prevent cyber security breaches which allowed exfiltration of 150,000+ personal records and 15,000+ bank details
• Fined £400,000
65© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Crime and Punishment - trends
Entity type Observable trend
Local governmentMore subtlety and discretion used
Healthcare
Charities Fined as exception (ongoing tidy-upnotwithstanding)!
Financial Services Fined as a rule, eager to enforce and prosecute, new director liability rules for UK telemarketingfirms from April
Marketing companies
Telecoms
“Since April last year my office has issued more than £1.3million worth of fines. We’ve got at least that again in the pipeline.” – UK ICO Chief, Feb 2017
66© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Takeaways
67© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
What to do next?
“[GDPR] is not the final step in the process. Instead, it should be seen as the foundation for further efforts to improve how we enforce control over our online identities” – Head of EDPS, Oct 2016
Briefing and upskilling
Consider tactical options
Documentation
Compliant on time and beyond
Adapt culture
68© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Where we can help
69© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Bretix
KPMG Summer School
Jon Tricker, Managing Director, KPMG Gibraltar
70© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
UK perspective Latest
UK economic performance
UK election
German elections end of September
Adversarial rhetoric
Possible extension to March 2019 deadline
EEA – 12 months’ notice required (due March 2018!)
Scenario planning
Outcome of negotiations very difficult to predict
71© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar perspective “Planning for hard Brexit”
UK negotiation difficulties
Spanish veto
Sovereignty claim
Potential impacts of hard Brexit
Loss of passporting
Changes to free movement of workers (around 10,000 frontier workers out of 25,000)
Impact on the border
72© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar perspective - gaming Border
Around 3,500 jobs in gaming, more than half are frontier workers
Potential changes to free movement of workers
Impact on company’s senior management
Business impact
Predominance of UK-facing business
Licensing regimes already in place in large EU jurisdictions (eg France, Spain, UK, Italy, Ireland)
Reliance on Gibraltar’s EU status
Opportunities
73© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar perspective - insurance Loss of passporting
93% of premiums are UK (distorted by motor insurance)
Scenario planning needed on EU business
Gibraltar as a gateway to the UK market
“Passporting” via Gibraltar Order
Government pushing for recognition of rights (UK/Gib)
Opportunities from impacted EU businesses / PCCs ?
Accessibility of FSC
Border impact
74© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar perspective – other considerations
Funds/investment management
Funds market currently largely UK focussed through private placement
Possible more flexibility as Gibraltar could use 2 effective regimes (EU compliant and non-EU compliant)
Financial services businesses passporting in to the EU
Gibraltar airport
What’s hot in UK Motor?
Gibraltar Insurance Briefing
—
July 18, 2017
76
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG Benchmarks – Why are we doing this?Introduction
With the advent of Solvency II, PRA returns are no longer available.Our benchmarks are available earlier and provide more detail thanthe new QRTs, including…
trends by claim type, including split by small and large TPBI
insurers’ actuarial best estimate and margin separated
an ultimate frequency and severity view
UK insurers outside PRA regulation
Our benchmarks are unique and complementary to the TPWP aswe have…
insurers' actuarial best estimate
both TPPD and OD
the year-end view is available earlier than TPWP report
The comparison to the TPWP is not fully like-for-like due to…
Differences in underlying insurers
Claims number definition, i.e. including or excluding nils*
TPBI threshold definition
* Our results are largely excluding nil claims and therefore shouldbe on a basis that is substantively consistent with the TPWP.
-
5,000
10,000
15,000
0.0%
0.5%
1.0%
1.5%
2008 2009 2010 2011 2012 2013 2014 2015 2016
Severity (£)Freq
uenc
y (%
)
TPWP - Frequency & Severity TPBI Capped
TPWP Severity KPMG Mean SeverityTPWP Frequency KPMG Mean Frequency
60%
70%
80%
90%
100%
110%
2006 2008 2010 2012 2014 2016 2018
ULR
PRA - Gross ULR
PRA Return KPMG Weighted Mean
77
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG Benchmarks – Our ApproachIntroduction
Motor >70%
Based on adjusted* 2015 PRA returns, our benchmarks cover:
and this is expected to grow as final results come in.
* PRA returns plus clients included in survey outside PRA returns
Our approach in compiling these benchmarks:■ Data is gross of reinsurance and commission and is based on 2016 Year End data.■ All data is relative to companies’ actuarial best estimates (ABE).■ Means are simple average unless otherwise stated. Weighted Averages are based
on premium (net of IPT) for Average Earned Premium, ULRs and Burning Cost. Forall other graphs the weighted averages are based on ABE reserves.
Motor specific:■ The majority include a combination of comprehensive and non-comprehensive,
though non-comprehensive proportion is expected to be below 10%.■ Largely based on private motor. Commercial vehicle / fleet are excluded where
identifiable.■ Frequency is on a per claim basis and the total frequency is the sum of frequency for
each claim type and as such will overstate the number of claims made.■ Large TPBI claims include PPOs and Ogden uplift to the extent that these held in
the ABE.■ Large losses are on an excess basis. We have adjusted insurers’ data if we received
from ground up information and have also adjusted the data to align the threshold forlarge TPBI claims to be £100k in 2011 terms.
■ Own Damage claims include windscreens and are net of salvage and subrogation.
78
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
How to read the graphsIntroduction
DisclaimerWe draw attention to the fact that every company has different underwriting practices and claims handling procedures along with a different mix ofbusiness and risk profile. Therefore, these benchmarks are intended to serve only as a guide to the trends in motor and household market based onthe experience of the KPMG personal lines clients and other publicly available information. It is possible that the overall experience of the UK personalmotor and household market may be different, perhaps materially in some areas, from these benchmarks. Anyone relying on these benchmarks woulddo so at their own risk and KPMG hold no obligation to any individual or firm in this respect.
Where we have compared a client’s statistics against our benchmarks, this should not in any way be interpreted as KPMG’s view on our client’sstatistics. This pack is our interim pack based on provisional data which may be subject to change.
This document is provided to our clients for discussion only. It should not be distributed to third parties.
25th percentile
75th percentile
Maximum of benchmark clients
Mean of benchmark
Minimum of benchmark clients
60%
70%
80%
90%
100%
110%
2007
2008
2009
2010
2011
2012
2013
2014
ULR
ULR Total
Interquartile Range Mean Client X Weighted Average
Weighted average of benchmark
2010
2011
2012
2013
2014
2015
2016
2017
79
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Personal Line ULRsOur benchmarks include Motor total ULRs (aggregates of all perils), and ULRs by peril.
The simple and premium weighted average ULRs are converging for Motor in recent years.
There has been a slight reduction in the Motor total ULR between AY2015-16, although note that these results do not include the effects of the Ogden discount rate change.
50%
70%
90%
110%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Motor ULR - Total
Interquartile Range Mean Weighted Average
5%
15%
25%
35%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR OD
Interquartile Range Mean ABC Weighted Average
80
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Motor claims inflationTotal Level
■ Total Burn Cost has seen c.5% inflation, driven by severity, with no change in frequency.
TPBI
■ Overall a small increase in burn cost, where a c.5% severity inflation is offset by a c.4% reduction in frequency.
Non-BI
■ OD shows continued inflation in the region of 11%, albeit lower than the PY 20% inflation observed.
■ This is likely due to insurers charging market equivalent repair rates. However, we have not seen a similar level of inflation on TPPD.
■ This disconnect between TPPD and OD inflation could potentially lead to under-reserving in TPPD
-30%
-25%
-20%
-15%
-10%
-5%
0%
5%
10%
15%
20%
25%
30%
Infla
tion
from
AY
2015
to A
Y20
16
Inflation (AY2016 compared to AY2015) by claim typeWeighted Market Inflation
Total TPBI TPBI ExcessTPBI Capped ODTPPD
81
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Motor Own Damage burning cost• Our AD benchmarks reveal that the inflation 2015 to 2016 inflation on AD has been present
in Own Damage claims burning cost since 2013.
20
50
80
110
140
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
£
Burning Cost - OD
Interquartile Range Mean Weighted Average
82
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
PPO real discount rate – Pre-OgdenPrior to the Ogden rate change, we benchmarked clients’ PPO real discount rate under UK GAAP. While the nil-real rate is predominant, a significant fraction of the market was already adopting negative real rates at Q4 2016.
21%
19%
51%
9%
0% 10% 20% 30% 40% 50% 60% 70%
(0.75%) - (1.75%)
(0.00%) - (0.75%)
0%
Larger than 0%
Proportion of Benchmark Clients
PPO UK GAAP real discount rate(weighted by reserves)
83
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Ogden uplifts We have benchmarked the proportional uplift on open claims exposed to the Ogden discount rate change, separated into bands of case reserve size.
The detailed shape of these benchmarks will change over time as they are enriched with more data.
There always was uncertainty in case estimation. There is even more uncertainty around the Ogden uplift. And yet more around dependent actuarial reserving processes.
The outcome of the Ogden consultation process could lead to a different mechanism of determining the discount rate, and the product of this, could be a higher, even positive discount rate. However …
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100-400k 400-700k 700-1000k >1000kClaim band
Open Ogden Case Uplift - Gross
Interquartile Range Mean Median
84
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Ogden uplifts: effect on ULR We have used Ogden case reserve uplifts to approximate the IBNR uplift, and hence the total impact on the ULR.
We have only considered claims >£100k, so the effect may be larger than that shown here.
However, as we have shown, the proportional uplift is smaller on smaller claims, so the majority of the effect should be captured in the Large claims.
The Ogden uplift is most material on recent, less developed, years where claims are still to settle.
The increase is approximately 6 percentage points increase in ULR for 2016.
50%
70%
90%
110%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR Total
IQR pre-Ogden PreOgden PostOgden
0%
5%
10%
15%
20%
25%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR TPBI Excess
IQR pre-Ogden PreOgden PostOgden
85
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Ogden rate change – PPO propensity The fall in Ogden rate is associated with a reduced propensity for claims to settle as PPOs.
We have benchmarked the pre- and post-Ogden propensities adopted by our clients, by number and weighted by ABE reserves, below.
8%
37%
37%
15%
0% 20% 40% 60% 80% 100%
0% - 24%
25% - 49%
50% - 74%
75%-100%
Proportion of Benchmark Clients
Propensity reduction
19%
52%
18%
8%
0% 20% 40% 60% 80% 100%
0% - 10%
10% - 20%
20% - 35%
35% - 50%
Proportion of Benchmark Clients
Post propensity
10%
20%
60%
10%
0% 20% 40% 60% 80%
0% - 24%
25% - 49%
50% - 74%
75%-100%
Number of Benchmark Clients
Propensity reduction
20%
50%
20%
10%
0% 20% 40% 60%
0% - 10%
10% - 20%
20% - 35%
35% - 50%
Number of Benchmark Clients
Post propensity
86
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Ogden Rate – How negative it can be?Ogden Rate = -0.75%
• Based on 3-year average index-linked gilt yields with maturities greater than 5 year
• On average, the reference portfolio hasthe following characteristics:
• Maturity = 25 year• Nominal Yield = 2.4%• Implied Inflation = 3.2%
Market Implied Rate = -1.41%
• Based on the Bank of England gilt yield data as at December 2016, the 25-year forward real yield is approx. -1.41%.
• This is the market observable of the 25-year real rate, based on future interest rates and inflation expectation.
Bad Case = -2.0%
• Based on our real world expectation, it is not unreasonable for the 25-year real yield to hit -2% during an adverse scenario.
• For example, if Bank of England could lower interest rates by 0.6% or inflation expectation may increase by 0.6%.
Worst Case < -3.0%
• In an extreme scenario where interestrate fall significantly, alongside rising inflation, Ogden rate of -3% could be possible. For example:
• Nominal Yield = 2.4% - 1.2% = 1.2%
• Implied Inflation = 3.2% + 1% = 4.2%
• Real Yield = 4.2% - 1.2% = 3.0%
Current
87
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Management margin
21%
45%
8%
26%
0%
10%
20%
30%
40%
50%
0-5% 5-10% 10-15% 15%+Prop
ortio
n of
Ben
chm
ark
Clie
nts
% of ABE reserves
Management margin benchmarks
88
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Market high level summaryAverage earned premiums are once again rising in 2016 following the decline from 2012 to 2014, addressing some of the deterioration seen in total ULR over the same period.
The OD ULR has risen every year since 2012, while the total ULR fell in 2016.
200
250
300
350
400
450
500
550
600
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
Ave
rage
Ear
ned
Prem
ium
£m
Average Earned Premium
Interquartile Range Mean Weighted Average
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
ULR Breakdown
OD TPPD TPBI Small TPBI Large
89
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
ODWhile there has been a steady decline in the OD frequency since 2010, the greater increases in severity have driven the rising ULR and burning cost since 2012.
5%
15%
25%
35%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR OD
Interquartile Range Mean Weighted Average
-
500
1,000
1,500
2,000
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Severity (£)Freq
uenc
y
Freq-Sev OD
Severity Frequency
20
40
60
80
100
120
140
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
£
Burning Cost OD
Interquartile Range Mean Weighted Average
90
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
TPBI
20%
30%
40%
50%
60%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR TPBI
Interquartile Range Mean Weighted Average
-
5,000
10,000
15,000
20,000
0.00%
0.20%
0.40%
0.60%
0.80%
1.00%
1.20%
1.40%
1.60%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Severity (£)Freq
uenc
y
Freq-Sev TPBI
Severity Frequency
The frequency reduction seen in OD since 2010 is also seen for TPBI. While severity has also increased it has not been sufficient to undermine the reduction in frequency, leading to a steady burning cost since 2013, and even a reduction in ULR from 2014 onwards.
75
125
175
225
275
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
£
Burning Cost TPBI
Interquartile Range Mean Weighted Average
91
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
TPBI - capped
10%
20%
30%
40%
50%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR TPBI Capped
Interquartile Range Mean Weighted Average
-
2,000
4,000
6,000
8,000
10,000
12,000
14,000
0.00%
0.20%
0.40%
0.60%
0.80%
1.00%
1.20%
1.40%
1.60%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Severity (£)Freq
uenc
y
Freq-Sev TPBI Capped
Severity Frequency
50
90
130
170
210
250
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
£
Burning Cost TPBI Capped
Interquartile Range Mean Weighted Average
92
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
TPBI - excess
0%
5%
10%
15%
20%
25%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR TPBI Excess
Interquartile Range Mean Weighted Average
-
200
400
600
800
1,000
0.000%
0.002%
0.004%
0.006%
0.008%
0.010%
0.012%
0.014%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Severity (£k)Freq
uenc
y
Freq-Sev TPBI Excess
Severity Frequency
There has been considerable increase in TPBI excess frequency since 2012, as well as a more mild and less consistent increase in severity. The increase in frequency from 2012 may be related to the introduction of the Gender Neutral Pricing Directive in 2012, bringing more young, high risk, drivers onto the road.
-
20
40
60
80
100
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
£
Burning Cost TPBI Excess
Interquartile Range Mean Weighted Average
93
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
TPPD
10%
15%
20%
25%
30%
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
ULR
Gross ULR TPPD
Interquartile Range Mean Weighted Average
-
1,000
2,000
3,000
4,000
0%
1%
2%
3%
4%
5%
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Severity (£)Freq
uenc
y
Freq-Sev TPPD
Severity Frequency
TPPD shows the same reduction in frequency seen for OD, as well as the increase in severity. Burning cost has risen steadily, but is showing a slowdown in 2016 and even a fall in ULR. Given the rise in OD and the strengthening of TPPD reserves on 2014 and 2015 (see next slide), this may indicate systematic under-reserving of TPPD in 2016.
40
60
80
100
120
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
£
Burning Cost TPPD
Interquartile Range Mean Weighted Average
94
Document Classification: KPMG Confidential
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Reserve releasesOverall, the market has seen reductions in ULR for all years from the 2015 AY ultimates. This is driven by TBPI , with the opposite trend seen for TPPD and OD since 2013 AY.
In particular, there have been market wide reductions in the TPBI ultimates for 2014 AY, and market wide strengthening on the 2015 AY non-BI claims.
-15%
-10%
-5%
0%
5%
10%
15%
2007 2008 2009 2010 2011 2012 2013 2014 2015
ULR
Mov
emen
ts
Gross ULR Movement Total
Mean Weighted Average
-6%
-2%
2%
6%
2007 2008 2009 2010 2011 2012 2013 2014 2015
ULR
Mov
emen
ts
Gross ULR Movement TPBI
Mean Weighted Average
-1%
1%
3%
5%
7%
9%
2007 2008 2009 2010 2011 2012 2013 2014 2015
ULR
Mov
emen
ts
Gross ULR Movement Non-BI
Mean Weighted Average
95© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Cyber RiskDan Kniveton
Manager
Risk Consulting, IT Advisory
96© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Agenda
• Cyber Risks
• WannaCry
• Challenges
• Insider Threat
• Help is at Hand
• Questions to Ask
97© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
• Regular penetration testing
• Password for the website publisher
was insufficiently complex
• Unencrypted data, and insecure
decryption key source
• Financial information kept longer
than necessary
98© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
• What would make an attacker look elsewhere?
• What really makes their life difficult?
• How much will the attacker spend?
• What is the link between risk and £ spent?
• How much should I spend on security?
• Is this really worth the money?
• How effective are my security controls?
• What risks am I running?
• Do other parts of the business understand their incident response role?
• Have I got the right balance of controls?
Cyber risk what is it?
99© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Examples of Cyber Crime
• Hacking – Exploiting weaknesses in a computer system or network to gain access and utilise person or sensitive information
• DDoS – An attempt to make a machine or network resource unavailable to its intended users through flooding the target bandwidth
• Malware – Malicious software used to disrupt computer operations and gather data and information
• Identify Theft – Acquiring personal data and information, usually with intent for financial gain
• Phising/SMSishing – Computer or mobile devices are infiltrated by the sending of an email or SMS which when opened releases malware
100© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
WannaCry - Key PointsVirus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Affected Systems: Windows – Vista SP2, Windows 2008 R2, Windows 7, Windows 8.1, Windows 2012 R2, Windows 10, Windows Server 2016
Vector: It uses ETERNALBLUE (SMBv1) MS17-010 to propagate. Windows XP and Windows 2003 do NOT have the MS17-010 patch and are forever vulnerable.
Ransom Amount: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Persistence Techniques: Malware loops through every open RDP session on a system to run the ransomware as that user (using tscon.exe equivalent as SYSTEM). Various reports that variants also install the in-memory DOUBLEPULSAR backdoor.
Example Infections: NHS (UK), Telefonica (Spain), FedEx (US), University of Waterloo (US), Russia interior ministry & Megafon(Russia), Сбера bank (Russia), Shaheen Airlines (India), Neustadt station (Germany), University of Milan (Italy) amongst others….
Spread so far: Over 45,000 attacks in 74 countries
Entry Routes: Phishing and vulnerability in Microsoft protocol
101© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Ultimately;
102© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Key Cyber challenges
Classification and protection of crown jewels – too many
Privacy & the new GDPR regulations
Doing Data Loss Prevention (DLP) properly
The movers part of joiners, movers and leavers
Security Op Centre (SOC) –
reactive to proactive
Managing privileged
accesses
Supply chain –real time
monitoring
Managing the insider threat
Cyber challenges
103© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
“Cyber security is about people, processes and technology, and organisations need to bolster the
weakest link – which invariably is the human element”
Kevin Mitnick
104© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Five most common cyber security mistakes
Mistake 3Relevance
Mistake 5Attitude
Mistake 4Proactive vs
reactive
Mistake 2Investment
Mistake 1Mind-set
“We have to have 100% security” or “We are a small business, no one will target us”
100% security feasible or the goal? Smaller companies likely to be easier targets?
“Our weapons have to better than those of the hackers”
Goals should determine the security policy – risks and crown jewels
“Our cyber security compliance should be all about effective monitoring”
Ability to learn >= ability to monitor, be proactive
“Recruiting the best professionals will best defend us against cyber crime”
Cyber security is an attitude, not a department
“If we invest in the best-of-class technical tools we’ll be safe”
Human element, investment in employees is the key
105© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG Cyber transformation
Key assets Threat and risk assessment
Gap analysis/penetration
testingCyber strategy
1 2 3 4
106© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Questions for the Board of Directors to ask
Do current management processes adequately highlight cyber risk to the board?
Does the organisation’s risk appetite take account of cyber risk?
Do current management processes adequately highlight cyber risk to the board?
Is the corporate value of information assets clearly understood?
Is the corporate impact clearly understood if information assets are stolen, corrupted or destroyed?
Is there an appreciation of the business benefits of proactively managing cyber risk?
107© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Questions?
108© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar tax update
18 July 2017
109© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar Budget 2017: Tax IndividualsABS - increases in allowances, including:
– Personal Allowance increases from £3,215 to £3,300
– Spouse Allowance increases from £3,215 to £3,300
– Deduction for first child increases from £1,105 to £1,135
– Nursery School Allowance increases from £5,025 to £5,160 (per child)
– Low earners allowance increases to £11,150 from £11,050 (applies to GIBs and ABS)
– Medical Insurance allowance increases from £5,020 to £5,155
– Single Parent Family Allowance increases from £5,290 to £5,435
Other points
– The minimum wage increases slightly
– No increase in Social Insurance contribution rates following increase in April 2017.
– Cat 2 Working Group to reconvene to further consider proposals.
110© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar Budget 2017: Tax Import duty – Mechanism for importation into bond
of very high value retail items (£25k+) sent to retailers on consignment –duty paid when sold by retailer
– Plastic bags up to 10p
– Diesel fuel increase
– Other changes:
Goods New Rate (%)
Handbags 3Jewellery 3
Prams 0Sports trackers 3
Sports or dance apparel 0Indoor sports equipment 0
Classic cars 0Gold bullion 1
Jet Skis 20
111© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar Budget 2017: TaxOther – Corporate tax yield up 24% to £135.7m
– No changes to the corporate tax regime
– No increase in utilities and general business rates
– Gaming taxes to be modernised and consolidated
– Modernisation of the ITO initial stages:
– digitising records/files of all taxpayers
– online filing to be introduced for CT
– machine readable tax returns for CT
– bulk filing facility for CT
– Plan is for a totally digitised ITO
– Tax refunds:
– cumulative total owed £29.1m
– cautious and fair approach to eliminate
– increasing yearly tax rebate budget to £10m
– £28m owed to ITO and “Name and shame” list for defaulting employers to apply to SI and be published in any newspaper circulating in Gibraltar
112© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gibraltar Tax: Other Reminders• AEOI Reporting by 31 July 2017 (portal
open)
• UBO Register – Register of UBOs Regulations 2017 (transposed on 26 June 2017)
https://uboregister.egov.gi/
• All companies that are registered in Gibraltar must file a tax return
• Country by country reporting –regulations effective from 5 June 2017 (Part 1B ITA 2010)
113© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Questions?
© 2017 KPMG Advisory Limited, a Gibraltar limited company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Thank you