Gap Analysis

Parameters (1)               Do you understand the requirement sufficiently at this stage (2)                         What further work/help is required to reach an understanding (3)                      Do you currently meet this requirement (4)                       Where are you short on this requirement (5)                    Action required to address any shortfall/ gap (6)               When do you envisage you will be able to meet this requirement  (7)                        Who will be responsible for actions on this requirement  (8)                      Estimated time required to address gap (9)                    Level of resource needed to address gap (10)               Current status on requirement  R / A /G
Governance Section                    
General governance requirements (pages 5-6)                    
Existing                    
l Governance standards                     
l Risk management standards (risk governance) - structure for governance that supports risk management by providing clearly defined accountabilities, expectations and reporting requirements for all parties                    
l Operational processes minimum standards:                    
  ¢ key business and operational processes must be properly documented                    
  ¢ directors and staff should understand all the operational and business processes relevant to their role                       
l Risk management standards - effective risk policy, subject to regular review                     
NEW                    
l Regular internal review of the system of governance                    
l Written policies for:                    
  ¢ internal control                    
  ¢ internal audit                    
  ¢ outsourcing                    
l Policies for risk management, internal control, internal audit and outsourcing reviewed at least annually                    
l Processes for the identification and management of emerging risk issues                     
 
Fit & Proper Requirements (page 7)                    
Existing                    
l Underwriting Byelaw, para 42A, (appointments to senior positions) - fit and proper requirements for directors/partners/active underwriters/run-off managers                      
l Lloyd’s process for notification and amendment of appointments to all senior positions, including active underwriters and run-off managers                    
l Governance standards                     
New                    
l N/A (no significant changes to Lloyd’s requirements and processes anticipated at this stage)                    
 
Risk Management (pages 8-9)                    
Existing                    
l Risk management standards - governance structure to support the management of risk                     
l Risk management standards:                    
  ¢ risk policy setting out risk management strategy, covering each risk category                    
  ¢  risk management process - risk identification and assessment, monitoring and reporting                    
l Risk management standards - process to identify all significant risks                     
l Risk management standards (risk governance) - structure of the risk management function                     
l ICA guidance minimum standard: ‘Mapping to the risk register’                     
l Contingency plans – operational processes minimum standards -  appropriate business continuity plans                    
New                    
l Risk management function will need to address the following tasks relating to the internal model:                    
  ¢ design and implementation                    
  ¢ testing and validation                    
  ¢ documentation                    
  ¢ informing the Board about the performance of the model                    
  ¢ analysis of the performance of the model and production of summary reports                    
l Contingency planning (considered in a wider sense than operational business continuity)                    
 
ORSA (pages 10-11)                    
Existing                    
l N/A (this is a new requirement under Solvency II consistent with the principles of the ICAS regime)                    
New                    
l Demonstrate the link between risk and capital management:                    
  ¢ the assessment must be driven by risk appetite                    
  ¢ consideration should be given to all risks that the business faces, including those that fall outside the SCR calculation (this applies whether the standard formula or an internal model is used)                    
  ¢ the ORSA should form an integral part of the business strategy and be taken into account on an ongoing basis in strategic decisions                    
l Set out the methods used to determine overall solvency needs, including:                    
  ¢ assessment at different confidence levels eg as required for SCR, economic capital                    
  ¢ longer term considerations – ie assessment beyond the 12 month time horizon used for regulatory capital                    
l Be updated annually as a minimum:                    
  ¢ agents will also need to revisit the ORSA in line with their own needs/material changes in the business                    
  ¢ frequency of reassessment will be key in demonstrating use                    
  ¢ agents will be required to inform Lloyd’s of the results of any reassessment of the ORSA                    
 
Internal control (page 12)                    
Existing                    
l Internal controls as covered by existing franchise standards (including underwriting, claims, and risk management)                     
l Underwriting byelaw (paragraph 40) - compliance officer appointment                    
New                    
l Compliance function to advise on laws, regulations etc relating to Solvency II                    
l Assess the possible impact of changes in the legal environment on operations and the identification and assessment of compliance risk                    
 
Internal Audit (page 13)                    
Existing                    
l Risk management standards - assurance processes                    
l Risk management standards - ensuring independence between risk management and assurance processes                     
New                    
l Internal audit function, independent from the operational functions of the business                      
l Where outsourced, internal audit must remain subject to effective internal oversight                     
l Internal audit should provide assurance over compliance with all internal strategies, processes and reporting procedures                     
l Internal audit will also need to assess whether the internal control system remains sufficient and appropriate for the business                     
l Internal audit findings:                     
  ¢ should be reported to the Audit Committee and/or Board on a timely basis                    
  ¢ Audit Committee and/or Board will be responsible for ensuring compliance with findings                     
l Internal audit reporting lines                    
 
Actuarial function (page 14-15)                    
Existing                    
l Lloyd’s Valuation of Liabilities Rules (governing the production of Statements of Actuarial Opinion and technical provisions)                    
l GN20 Actuarial reporting under the Lloyd’s Valuation of Liabilities rules                    
New                    
l Each syndicate will need to ensure they have an actuarial function                     
l Contribute to implementation of risk management system                    
l Have relevant experience and expertise                     
l Express an opinion on the overall underwriting policy                    
l Express an opinion on the adequacy of reinsurance arrangements                    
 
Outsourcing (page 16)                    
Existing                    
l Operational processes minimum standards - outsourced activities should be properly monitored and controlled                    
New                    
l Where functions are outsourced, agents will remain fully responsible for discharging all of their duties under the draft Directive                    
 
Technical Section                    
Supervisory Reporting & Public Disclosure (pages 17-18)                    
Existing                     
l Requirement to submit information to Lloyd’s for annual regulatory return to the FSA                      
l Provide syndicate annual reports to Lloyd’s and the FSA                     
l Report financial and solvency position to Lloyd’s on a quarterly basis                       
New                     
l Final requirements will not be clarified until Level 2 but it is envisaged that a new set of regulatory reporting forms will be developed                    
 
Valuation of Liabilities (page 19-20)                    
Existing                    
l Lloyd’s Valuation of Liabilities Rules                     
l GN20 Actuarial reporting under the Lloyd’s Valuation of Liabilities rules                     
New                    
l Calculate technical provisions as specified under QIS4:                    
  ¢ definition of best estimate                    
  ¢ cashflows                    
  ¢ risk margin                    
  ¢ premium provisions                    
 
Own Funds (page 21)                    
Existing                    
l Syndicate assets comply with GENPRU                     
New                    
l N/A – (Lloyd’s do not anticipate applying any additional requirements for assets held at syndicate level over and above the draft Directive requirements)                    
 
Use and approval of internal models                    
Use Test (pages 23-24)                    
Existing                    
l Risk Management standards, capital allocation:                    
  ¢ the capital assessment should be driven by the key business risks                    
  ¢ sound and appropriate capital assessment methodology                    
  ¢ organisation understands key drivers of its capital requirements                    
l Lloyd’s ICA Guidance and Minimum Standards:                    
  ¢ the need to demonstrate clearly the link between the risk framework and the ICA calculation                    
  ¢ consistency with the syndicate business plan (SBF)                    
  ¢ embedding the ICA                    
  ¢  the need to reflect the agents’ position against the franchise standards in the ICA                    
  ¢  the importance of the involvement of senior management and the Board in deriving and challenging the capital assessment                    
  ¢ the requirement for an amended ICA where the risk profile of the syndicate has changed materially or a new SBF is submitted during the year                    
New                    
l Demonstrate use of the model in the business                     
l Process for review of the internal model                     
l Board and senior management understanding and constructive challenge                     
l Consider the impact on the SCR where the model is re-run to reflect changes in the business                    
l Changes to the risk management framework, including the modelling process:                    
  ¢ formal approval by Board/senior management                    
  ¢ appropriate adjustments to be made when the risk profile changes                    
l Clear link and consistency between the capital element of the internal model and other elements                     
 
Statistical quality standards (pages 25-26)                    
Existing                    
l Extent of reliance on syndicate data                      
l Reference should be made to market data but needs to be adjusted to reflect syndicate characteristics                     
l Data should not be excessively smoothed as this is likely to understate volatilities                     
New                    
l Expect the person responsible for any analysis supported by data to “sign off” that data meets criterion allowing for proportionality                    
 
Calibration Standards (pages 27-28)                    
Existing                    
l Model should be calibrated using a VaR measure with a 99.5% confidence level, over a one year period                     
l Non modelled risks should be calibrated to the 99.5% confidence level and a suitable aggregation method should be used                    
l The model must be able to calculate a separate ICA for each syndicate covering all years of account of the syndicate combined                     
l The model should allow output into constituent risk groups and be capable of showing the result by risk group both pre and post diversification                       
l The drivers of risk in each risk group should be identified and described                     
l The model should allow sensitivity testing of the main parameters as requested                      
l Prescribed sensitivity tests are required as part of ICA pro-forma                     
New                    
l Model should be flexible enough to allow for outputs other than the 1:200 level result                     
l Output must address Solvency II risk categorisations for comparison with standard formula SCR                     
 
Profit & loss attribution (page 29)                    
Existing                     
l Provide analysis of model output against actual loss experience                     
l Review validity of past data over time as trends emerge and experience changes                    
New                    
l Explicit back testing of the model is required                       
l Comparison of model output to emerging experience on a timely basis (expected to be at a class of business level)                     
l Analysis of emerging experience versus model expectations may need to be regularly reported to Lloyd’s                       
 
Validation Standards (pages 30-31)                    
Existing                    
l Stress tests are needed to validate the model output for reasonableness and to help with calibrating assumptions                      
l Stress and scenario tests must be relevant to their business and sufficiently extreme to represent the 1:200 level                     
l Sufficient data over and above a syndicate’s own data should be considered and additional stress tests performed on uncertain assumptions                    
l All models must be subject to sensitivity analysis                      
l Management and Board understanding of sensitivity testing                     
l Validate ICA against ECR and explain differences                     
New                    
l Output of internal model will have to be compared against standard formula SCR for at least first two years of internal model use                     
l Validation function should be independent of the person parameterising the model to allow objective and robust challenge                     
l Board should have overall responsibility for validation - management information on validation should be presented to the board and challenged by it                     
l Validation of the model should be carried out at least annually (appropriate frequency should be assessed by materiality)                    
l Goodness of fit of probability distributions should be tested where statistical techniques are used, including both the choice of distribution and the parameters                     
l Actual vs expected analysis should be part of the validation process (expected to be at a class of business level)                    
l Validation should consider not only emerging claims experience but ‘all new data’ including:                    
  ¢ non-claims experience that could affect the profit and capital position                    
  ¢  new external quantitative information                    
  ¢ qualitative information, both internal and external                    
l Validation should check that all risks in the risk register are modelled and if not modelled there should be written justification                     
l Assessment of accuracy, completeness and appropriateness of data should form part of the validation process. Data quality and model sensitivity should drive design of calibration                    
l Documentation should be adequate enough to allow independent verification of the validation process                     
 
Documentation Standards (pages 32-33)                    
Existing                    
l Explain the approach to deriving the ICA and how it links together the business plan, key risks inherent in the business, related risk management processes and practices and the capital required by the risks                     
l Why the methodology chosen is appropriate to the syndicate’s business, taking account of its risk profile, risk appetite, track record with respect to risk experience and exposure and the key principles upon which the ICA is based                     
l The approach adopted towards the quantification of risk and the rationale for this approach                     
l The stress and scenario tests used and why they are appropriate for the business                     
l The sensitivity of key assumptions                     
l The overall ICA figure split by major risk category, before and after diversification                     
l The allocation of capital across risk groups and the rationale and method used to derive the figures for each                     
l All Lloyd’s minimum ICA standards must be addressed                    
New                    
l Cover the operational details of the internal model as well as the design                        
l Address articles 118-122 and 124                    
l Be detailed and complete enough to allow a skilled and knowledgeable professional to replicate the model                    
l Detail the theory underlying the internal model and be relevant to complexity of model                    
l Highlight any areas where model is deemed not to perform effectively (model weaknesses) and detail how these are addressed                    
l Outline the policy for changing the model                    
l All changes should be documented on an ongoing basis (model to be revisited regularly and updated as necessary in line with risk profile of business)                     
 
External models and data (page 34)                    
Existing                    
l Set out how Board/senior management are engaged in process particularly where outsourcing/consultants used                      
l Use of external cat models/ESG – ICA must allow for possibility of model error or risks not captured in external models                     
l External loss databases, such as ORIC (operational risk consortium) for operational risk, to supplement own data when assessing 1:200 losses                      
New                    
l Any reliance on external supplier to be documented together with role of product(s) and extent to which they are used                     
l Able to demonstrate thorough understanding of use and limitations of any vendor software/products used                     
l Document process undertaken to ensure external data/model chosen is appropriate to risk profile and should include sufficient sensitivity and scenario testing to validate use                     
l Clear strategy for regular review of any external models/data sources used                     
                         
Notes                      
1 Agents should detail whether they currently feel they have a sufficient understanding of the requirement and what it is trying to achieve, bearing in mind that further guidance and detail will be provided going forward as the Level 2 implementing measures are developed.  Agents should also consider the extent to which the understanding of the requirement is shared across the organisation.  
2 Details should be provided as to what additional work the agent feels needs to be completed by them in order for the appropriate people at the agency to reach an adequate level of understanding of the requirement. 
3 Agents should state whether they currently meet both the new and existing requirements.
4 Where the agent has identified a shortfall in meeting any of the expected requirements, they should provide detail as to where the gap arises.    
5 For each identified gap, detail should be provided as to what actions are planned in order for the agent to address this gap and meet the requirement as it is currently envisaged.
6 For those requirements not currently met, agents should state the approximate date by which they expect to become compliant (in particular whether they expect to have addressed any gaps in time for the dry running process).
7 Agents should state the name and job title of those individuals responsible for completing each specific action identified.
8 An indication of the time required to address this gap (e.g. in person months) should be provided.  
9 Agents should estimate here the amount and level of resource necessary to become compliant with the requirements where these are not currently met.  In particular, agents should highlight areas where they expect that additional resource will be required and what form this additional resource will take.     
10 Agents should select a status of red, amber or green to reflect the size and nature of the gap identified, and the level of risk associated with not complying with the requirement by the time of Solvency II implementation.   
Back to top