Insurance Insights July 2024

This is the Thought Leadership series where KPMG Actuarial explore the world of Model Risk Management. Throughout this series KPMG breaks down what Model Risk Management really is, taking a look from a broad industry perspective, and then through the lens of insurance to understand its growing importance within the industry. In this first publication of a four-part series, KPMG explores Model Risk Management from a broad industry perspective. 

The European Commission recently launched a targeted consultation along with a workshop series to seek input on the use of Artificial Intelligence (AI) in the financial sector. The consultation aims to identify key use cases, benefits, barriers, and risks associated with AI applications in financial services.

The views obtained will support the Commission in their assessment of market developments and risks related to AI and in the implementation of the AI Act, which was published on the 12 July and will enter into force on the 1 August. The KPMG Actuarial team (led by Brian Morrissey, Head of Insurance and Actuarial and Jean Rea, Actuarial Partner) discusses how to respond to the Consultation and the insurance and pensions specific questions. 

With the upcoming Digital Operational Resilience Act (DORA), entities must move from preparation to implementation and take steps towards demonstrating how their practices comply with DORA. Financial entities will need to demonstrate appropriate security and resilience of critical ICT systems and applications to comply with DORA. The level of compliance efforts will vary depending on the size and complexity of your entity.

A risk-based approach, appropriate security and resilience testing are necessary to address potential vulnerabilities and to prove compliance in meeting evidence requirements of the European Supervisory Authorities. By focusing on long-term resilience, entities can establish a resilient foundation, which will aid them in their steps towards DORA compliance.

The KPMG Technology Risk and Cyber teams (led by Jackie Hennessy, Risk Consulting Partner and Dani Michaux, EMA Cyber Leader) share their in-depth views on key actions to help you get ready for DORA.

On July 1, the European Insurance and Occupational Pensions Authority (EIOPA) issued an amended ‘Decision of the Board of Supervisors (BoS) on the Collaboration of the Insurance Supervisory Authorities of the Member States of the European Economic Area (EIOPA-BoS-24/273) whereby a new Annex II is added. The new Annex II deals with the cooperation and exchange of information between insurance supervisory authorities in the event of (re)insurance undertakings’ cross-border conversions, mergers and divisions under the new Mobility Directive (Directive (EU) 2019/2121).  A related EIOPA press release explains that supervisory co-operation involves:

• Active and early engagement between supervisors in the departure and destination countries.
  
• A structured transfer of supervisory information and knowledge about the relocation of undertakings that aims to safeguard the interests of policyholders and beneficiaries throughout and after the transition.
• Supervisory authorities potentially being provided with technical assistance and expertise by EIOPA during the transition, particularly in complex cases or where specific guidance is required.

On 2 July, EIOPA published an ‘Opinion on the Supervision of Captives’, regarding the supervision of captive (re)insurance undertakings with a focus on intra-group transactions, governance and prudent person principle. The opinion outlines the supervisory expectations of competent authorities while considering the specificities of captive (re)insurer’s business models. 

On 3 July, EIOPA published its most recent technical information on the symmetric adjustment of the equity capital charge for Solvency II with reference to the end of June 2024. 

On 3 July, EIOPA published its most recent technical information relating to risk-free interest rate (RFR) term structures with reference to the end of June 2024. 

On July 3, EIOPA published the shifted risk-free interest rate (RFR) term structures. The shifted RFR term structures aim to ensure consistent calculation of the option-adjusted duration. The next update is planned for January 2025.

On July 17, the ESAs published their second batch of policy materials under the Regulation on digital operational resilience for the financial sector (DORA), consisting of the following:

• Final report on draft regulatory technical standards (RTS) and implementing technical standards (ITS) on the content, format, templates and timelines for reporting major information and communication technology (ICT) related incidents and significant cyber threats.
• Final report on draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities under DORA. These RTS relate to the criteria for determining the composition of the joint examination team (JET).
• Final report on draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities.
• Final report on draft RTS specifying elements related to threat-led penetration tests (TLPT).
• Final report on joint guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents.
• Final report on joint guidelines on the oversight co-operation and information exchange between the ESAs and the competent authorities.

The guidelines have been adopted by the Boards of Supervisors of the three ESAs and the final draft technical standards have been submitted to the European Commission (EC) for adoption. The expected date of application of the technical standards and guidelines is 17 January 2025.

On July 17, the ESAs announced they will establish an EU systemic cyber incident co-ordination (EU-SCICF)  in the context of DORA. The framework will enable a holistic financial sector response to a cyber threat that may pose a risk to financial stability by strengthening co-ordination amongst financial bodies and relevant bodies within the EU and internationally. A factsheet was published with further details on the structure, how it will work and how it will be set up. 

On 21 June, the Commission Delegated Decision (EU) 2024/1763 on the renewal of the determination that the solvency regime applicable to US-based (re)insurance undertakings is provisionally equivalent to that laid down in the Solvency II Directive (2009/138/EC) was published in the Official Journal of the European Union.

The Solvency II Directive provides that provisional equivalence granted under Article 227 of the Solvency II Directive is subject to renewals for further periods of ten years where certain specified criteria continue to be met. The provisional equivalence granted to the US (among other non-EU jurisdictions) under Commission Delegated Decision ((EU) 2015/2290) expires on 1 January 2026.

The Delegated Decision will renew the US provisional equivalence for ten years from 1 January 2026 to 31 December 2035. Provisional equivalence under Article 227 would be relevant to the calculation of group SCR.

On 12 July, the Official Journal of the European Union (OJEU) published the regulation of the European Parliament (EP) and of the Council of the European Union (CoEU) on harmonised rules on artificial intelligence (AI Act) and will enter force 20 days later. The AI Act will enter force on 1 August 2024. Most provisions will start to apply on 2 August 2026 but some rules will apply earlier:

• Prohibited AI systems will be banned from 2 February 2025.
• Penalties and the rules on general-purpose AI models will apply from 2 August 2025

On 1 July, the International Association of Insurance Supervisors (‘IAIS’) published its newsletter for June 2024. The newsletter included areas of focus for the IAIS and updates on the work that is currently carried out by the association. 

On 15 July, the International Association of Insurance Supervisors (IAIS) published its fourth consultation on climate risk in the insurance sector. This is the last of a series of four consultations on proposed changes to guidance relating to various insurance core principles (ICPs). The IAIS seeks views on proposed changes to ICP guidance and supporting material to reflect climate risk: 

• Draft application paper on public disclosure and supervisory reporting of climate risk. This draft paper provides supervisors with advice on how ICP 9 (Supervisory Review and Reporting) and ICP 20 (Public Disclosure) may be applied in the context of climate-related risk. It is important for supervisors to consider the issues of climate-related financial disclosure and supervisory reporting holistically to ensure that adequate information is shared with policyholders, market participants and supervisors. 
• Draft supporting material on macroprudential and group supervisory issues and climate risk. This document provides further advice, illustrations, recommendations, and examples of good practice to supervisors on how ICP 24 (Macroprudential Supervision) may be implemented in the context of climate-related risk drivers. It builds on the existing application paper on macroprudential supervision. 

The IAIS plans to hold a public background session on the draft documents on 27 August 2024 and comments on the drafts can be submitted until 30 September 2024.

On 5 July, the European Union (Corporate Sustainability Reporting) Regulations 2024 were signed into law by the Minister for Enterprise, Trade and Employment Minister Peter Burke and will come into effect on 6 July. The Regulations will require large and listed companies to report sustainability information in accordance with the European Sustainability Reporting Standards within the directors' report. The reporting is to also include an auditor’s opinion with limited assurance and reported digitally. Minister Burke noted the benefit the regulations will have on companies and all relevant stakeholders: 

“These Regulations provide a helpful structure to companies for preparing sustainability reporting in a clear and consistent way, that gives the relevant information to investors, consumers, and other stakeholders, whilst minimising unnecessary burdens on companies.”

For more on any of the items above, or any Insurance-related queries, contact Brian Morrissey, Head of Insurance. We'd be delighted to hear from you.