Simplifying Solvency II compliance, the InsurTech way

Solvency II is at the intersection where InsurTech meets RegTech

After the financial crash of 2008, the cost burden of compliance increased massively. No great surprise there given the widespread failure of financial institutions in so many ways. The reaction of lawmakers after a decade of de-regulation was to regulate. One example of this was Solvency II, the European Union directive for the insurance market.

The introduction of extra checks and balances inevitably lead to substantial costs across financial services. Solvency II was no exception and was estimated to have cost European insurers £3bn. This European Union directive came into force in 2016 to harmonise and codify insurance regulation across the EU. Specifically, the purpose of Solvency II is to regulate the capital levels in an insurer to avoid insolvency, collapse or government bail-outs as witnessed in the banking sector.

And this increased burden of compliance has created a real challenge for insurers who need to drive out costs whilst also meeting these new stringent controls. This is where RegTech and InsurTech converge in the digital strategy for insurers. Because, quite simply, maintaining full compliance can no longer be done with human effort alone.

Advanced technology is the way to achieve regulatory compliance

Today, an insurer’s risk management structure relies on 3 lines of defence. Lines 1 and 2 are checking functions and the 3rd is audit. All 3 lines of defence rely on teams of people performing checks against pre-defined compliance and governance rules (usually contained in a spreadsheet). The cost of compliance rises by an order of magnitude every time the issue is passed from one line to the next one. Which means that the more effort can be contained in the 1^st line of defence, the lower the overall cost of compliance for the insurer.

This is where InsurTech and Regtech solutions add value today, by enabling insurers with the means to (largely) automate line 1 activity. Which, in turn, reduces the need for the 2nd line. The combined effect is a much smaller requirement for the 3rd line of defence.

This shift to straight through the processing means that insurers can achieve greater scale, greater consistency and, therefore, a higher level of compliance when it comes to Solvency II.

Automating Rules and Principles

Prudential or principles-based regulations like Solvency II define the rules for managing balance sheets. These regulations are better suited to a principle rather than a rules-based approach to allow insurers to reflect the nature, scale and complexity of their business.

Solvency II is about more than just capital, solvency and reserving. It covers corporate governance, public disclosure, supervisory reporting and risk management. And it’s a comprehensive principles-based programme of regulatory requirements for insurers where the application of sound business judgement is tested.

But of course, sound business judgement might look like a low-risk investment choice to one person and placing everything on black to another. Unlike rules-based conduct regulation, such as KYC or AML, Prudential is not based on binary tests.

What about principles-based compliance?

When it comes to Prudential, the challenges for insurers is complex and complicated. Principals based regulation is a test of corporate judgment. It requires more than the digitization of a process. Up until now, this has been the realm of the auditors and consultants like KPMG to provide human effort and a spreadsheet approach to managing the complexity.

The issue with this approach is that whilst the insurer might satisfy the regulator, it is near impossible to turn this effort into business value.

This point was first made to me by Waleed Sarwar when we met back in 2015 at the inaugural InsurTech cohort at Startupbootcamp. Waleed is the founder and CEO of financial services RegTech platform provider, CoVI Analytics. (CoVI stands for Context Visualised.)

CoVI make compliance simple

The vision for CoVI is to make compliance such as Solvency II simple. They do this with 2 key products built on the CoVI platform.  The first is CMILE, which Waleed describes as Google meets Pinterest for compliance. The purpose of CMILE is to make it easier for an insurer to find, review and manage regulations that apply to them.

Waleed explained CMILE to me like this. “The way that financial institutions digest the regulations into their operations is first to collect the rules that apply to them in a spreadsheet. These rules are then converted into instructions for the business through internal policies and procedures (e.g. remuneration policy) that the firm operates by.”

CoVI’s second product is called CORE. This enables firms to operationalize their instructions or response to the regulatory requirements into compliance activities. These usually take the form of a risk that the business needs to manage.

Waleed explained CORE to me. “Firms call this (CORE) their risk management framework. CORE simplifies the language of risk and compliance for the business. This creates better engagement with the Risk & Compliance function from the business. Improved business engagement helps eliminate replicated compliance processes and improves operational efficiency.”

InsurTech and RegTech have become business as usual

The rub with the past way of working when it comes to regulation and compliance is that it’s horribly inefficient, difficult to stay on top off and seems to be never-ending.

Maintaining Solvency II compliance is never a one-off exercise. When the regulations and/or management strategies change, this triggers a chain reaction that brings with it an avalanche of work and effort, planning and coordination  Updating the spreadsheets, rewriting processes, retraining of staff all add further burden to the business, burying it under a thick layer of bureaucracy.

And once these operating policies are in place, the challenge for the exec is to get the business units to follow them. It is this operationalisation of compliance policies that cause firms the most grief as each different business unit applies its own interpretation for its own specific business function.

Of course, the real issue for the exec is having the visibility of exactly what is happening down in the business units. This is where CoVI’s CORE comes into its own.

Using advanced technology to replace human effort

When I asked Waleed about the tech inside CoVI he explained, “We found that machine learning is not suitable for reading and understanding raw legal text. It is effectively its own language, which is why we built CMILE based on neural language processing. This enables CMILE to look for “usage”. 

“We combine NLP with machine learning to determine an appropriate interpretation of the regulations, specific to the unique requirements of our customer. This is essentially how the consultants and auditors work. They apply their firm’s interpretation of Prudential regulations from one customer to another. 

“With CMILE we are democratising the application of these interpretations.”

Having your cake and eating it

Readers of this article are probably thinking that this all sounds great, but this is just incremental cost to the business. Typically, they’d be right because driving up customer experience or implementing new data analytics tools tends to also drive up the cost.

But this is where the whole Fintech movement has delivered across financial services. Because the innovative application of technology has proven successful in driving out the cost.

CoVI Analytics, like most of the InsurTech platform, approaches all have the same aim in common, which is to drive costs down, not up. Just think about it this way; less consultants, fewer bad sales calls, increased compliance, greater visibility across the business.

And remember, the FCA’s Senior Insurance Managers Regime and the ‘fit and proper’ requirements within Solvency II means that the insurance executive cannot hide behind organizational complexity for compliance failures. They can also go to jail if they don’t follow the rules. But nobody wants to use the stick, it’s the carrot that drives compliance. And making insurance better is the collective goal.

The author, Rick Huckstep, is an InsurTech thought leader, advisor and speaker. He is the Chairman of The Digital Insurer.