KPMG updates
DORA: What's next?
As part of the Digital Operational Resilience Act (“DORA”) third party risk management requirements, Financial Entities (“Fes”) subject to DORA are required to maintain and update a register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers. o assist FEs in meeting these requirements, KPMG’s Risk Consulting Partner and DORA Co-Lead, Jackie Hennessy, along with the Risk Consulting team, have developed resources outlining practical steps for preparing, reviewing, and submitting the Register of Information ahead of the upcoming deadline.
Implementing a modern Governance, Risk and Compliance system
With increasing regulations and stringent requirements, having an effective Governance, Risk, and Compliance (“GRC”) system is essential for businesses. Many organisations still rely on outdated tools that are inefficient and labour-intensive, often requiring manual processing and lacking integration across key domains like risk, compliance, legal, and cyber. KPMG’s Risk Consulting team (led by Michael Daughton - Partner, Head of Risk & Regulatory) has identified five key considerations for successfully implementing an agile, cloud-based GRC system.
Intelligent insurance transformation
The insurance industry is undergoing a significant transformation driven by advancements in artificial intelligence (“AI”). KPMG's latest thought leadership piece (led by Brian Morrissey and Jean Rea – Partner, Actuarial), "Intelligent Insurance: A Blueprint for Creating Value Through AI-Driven Transformation," explores how AI is reshaping the insurance landscape, offering new opportunities for innovation, efficiency, and customer engagement.
Risk culture: Navigating alignment and integration
In this article, the KPMG Risk Consulting team (ked by Gillian Kelly, Partner, Consulting) examine the topic of risk culture, with a focus on the steps firms can take to strengthen their position in response to the latest regulatory requirements.
Inside Insurance Video - CFO
In this edition of Inside Insurance, we’re going to have a special focus on the role of CFO. Brian Morrissey, KPMG chats to Mark Burke Chief Financial Officer and Executive Director (Aviva), and Brian Holland, Head of Group Finance (Hannover). Watch the video here.
Central Bank Updates
Central Bank: Supervisory Approach 2025
The Central Bank of Ireland (“Central Bank”) has published its updated Supervisory Approach for 2025. The Central Bank’s approach for the year emphasises an outcomes-focused and risk-based strategy.
The Central Bank highlights the need for engagement, analysis, and oversight alongside financial regulation to achieve four key safeguarding outcomes: consumer and investor protection, financial system integrity, firm stability, and overall financial stability. Central Bank note supervision will be forward-looking and judgment-led, placing responsibility on firms' management teams for risk management.
Supervision will be conducted at a sectoral level, with heightened oversight for significant firms, supervision covers Banking & Payments, Insurance, and Capital Markets & Funds.
Central Bank: Regulatory and Supervisory Priorities 2025
The Central Bank has published its Regulatory and Supervisory Outlook for 2025, outlining key financial sector trends, risks, and priorities. The report highlights the Central Bank’s new integrated supervisory approach and commitment to regulatory simplification.
Governor Gabriel Makhlouf identified geopolitical, environmental, operational, and digitalisation risks as key focus areas. He emphasised collaboration with stakeholders to simplify regulation while ensuring consumer protection and economic stability. The Central Bank aims to adapt to global shifts through a holistic regulatory strategy.
European Insurance and Occupational Pensions Authority Updates
EIOPA: Solvency II: Supervision of Stochastic Valuation
The European Insurance and Occupational Pensions Authority (“EIOPA”) published a peer review report on the on the supervision of stochastic valuation under the Solvency II Directive, focusing on life insurance products with options and guarantees.
The report highlights the increasing use of stochastic valuation due to risk-based regimes and advanced reserving software, despite its complexity. Conducted with 21 national competent authorities (“NCAs”) across the EU, the review assessed supervision of identifying and valuing options and guarantees.
UK Updates
PRA: Speeches
FCA: Firms’ use of the National Fraud Database (NFD) and money mule account detection tools
On 23 January 2025, the FCA published the key findings from their review of payment services and account providers’ use of the National Fraud Database (NFD) and a money mule account detection tool to tackle risks associated with money muling activities
PRA: Staff Working Paper No. 1,119
On 10 January 2025, the PRA published by Thiemo Fetzer, Benjamin Guin, Felipe Netto and Farzad Saidi. This paper examines how insurance companies monitor and react to cash-flow shocks in commercial mortgage-backed securities.
PRA: Regulatory Digest
On 3 February 2025, the PRA published their regulatory digest for January 2025.
PRA: PRA Climate Change Adaptation Report 2025
On 10 January 2025, the PRA published its response to the Department for Environment, Food and Rural Affairs’ (DEFRA) invitation to report on climate change adaptation challenges faced by financial services firms.
FCA: Ongoing financial advice services
On 24 February 2025, the Financial Conduct Authority (“FCA”) published their findings from their multi-firm review of whether financial advisers are delivering the ongoing advice services that consumers have paid for.
FCA: Financial promotions quarterly data 2024 Q4
On 7 February 2025, the FCA published the data collected in Q4 2024, on their actions against firms breaching financial promotion rules.
Other European and International Supervisory Authority Updates
ESAs: DORA: Sub-Contracting ICT Services
The European Supervisory Authorities (“ESAs”), that is, the European Banking Authority (“EBA”), EIOPA and European Securities and Markets Authority (“ESMA”) have published an opinion on the European Commission's (“EC”) rejection of its draft regulatory technical standards (“RTS”) under DORA.
The EC found that Article 5 of the draft RTS exceeded the ESAs’ mandate and requested its removal before adoption. The ESAs acknowledge the EC’s amendments as ensuring alignment with DORA and do not propose further changes. They emphasize that financial entities must comply with existing subcontracting provisions and note that other EC drafting amendments were non-substantive, aimed at improving clarity without altering policy.
EIOPA Q&A
EIOPA Q&A Updates
Please see below for EIOPA’s response to recent queries which have been raised by the public for further clarification on the Solvency II requirements. The Solvency II requirements may change or become more prescriptive over time.
21 February: QRT S.06.02
EIOPA clarified in Q&A (#2930) that the validation rule BV1213 has been amended to allow ‘No Custodian’ as per new guidance 2.8.0: "For assets where there is no custodian or when this item is not applicable, “No custodian” shall be reported."
13 February: FICOD (FC.06 & FC.07)
EIOPA clarified in Q&A (#3256) with regards to reporting the sum assured as a risk measure, that there is a general expectation to apply the look-through at the individual policyholder level on a best effort basis. If reporting at this level, beyond the contractual counterparty, is disproportionate, information can be reported at the contractual counterparty level based on the threshold set by the group supervisor. If the group believes this information does not represent the actual risk, it may provide additional information to the group supervisor.
13 February: FICOD (FC.06 & FC.07)
EIOPA clarified in Q&A (#3256) with regards to reporting the sum assured as a risk measure, that there is a general expectation to apply the look-through at the individual policyholder level on a best effort basis. If reporting at this level, beyond the contractual counterparty, is disproportionate, information can be reported at the contractual counterparty level based on the threshold set by the group supervisor. If the group believes this information does not represent the actual risk, it may provide additional information to the group supervisor.
13 February: FICOD (FC.01 - FC.05)
EIOPA provided in Q&A (#3255) a mapping for which detailed template each numerical amount of IGT significance in lines R.02.0 through R.02.5 in the template should be aligned to, unless otherwise specified by the coordinating authority.
13 February: FICOD
EIOPA clarified in Q&A (#3254) the following with regard to declaring balances on debit and credit accounts if they exceed the threshold: “Where contractual provisions allow for the netting of credit and debit balances between two or several entities of the financial conglomerate and that such credit and debit balances are considered on a net basis by the concerned undertaking under the applicable accounting framework, such credit and debit balances shall be considered as a single transaction for the purpose of intra-group transactions.”
13 February: FICOD
EIOPA clarified in Q&A (#3253) the conditions on whether the contractual net position of on derivatives can be declared if they exceed the threshold: “For derivatives, “transaction level” shall be therefore understood as all transactions under a given master netting arrangement. Several master netting agreements or netting sets could then be considered as forming a SEO and in that case, aggregation shall be done on a gross basis”. EIOPA also illustrated an example scenario.
13 February: FICOD
EIOPA clarified in Q&A (#3252) the following with regard to derivatives under FICOD: “derivative transactions shall be understood as all transactions under a given master netting arrangement. For derivatives, the maximum exposure over the reporting period covered is therefore the maximum absolute value of each netting set over the period.”
31 January: S.12.01 & S.13.01
EIOPA clarified in Q&A (#3128) the following:
- Future Guaranteed Benefits (FGB) in S.12.01 (and S.13.01) should include all future benefits that do not meet the definition of Future Discretionary Benefits (FDB) in article 1(35) of the Delegated Regulation 2015/35. Therefore, benefits from pure Index-linked and unit-linked (UL/IL) should be reported as FGB.
- FDB has the same meaning across all reporting templates, including S.12.01 and S.13.01, and it is the definition in Article 1(35) of the Delegated Regulation 2015/35.
- In S.12.01, “Future guaranteed and discretionary benefits" should include all future benefits.
13 February: FICOD (FC.06)
EIOPA clarified in Q&A (#3251) that the total amount of the exposures to be reported in FC0250 is the total exposure towards a single counterparty.
13 February: FICOD
EIOPA clarified in Q&A (#3250) that FICOD reporting is not limited to transactions that are terminated at the end of the reference period but shall encompass any transaction that was in force even at a single point of time during the reporting period.
13 February: FICOD
EIOPA clarified in Q&A (#3249) that undrawn amount credit facilities shall be reported in template FC.03 while drawn amount are expected to be reported in template FC.01.
13 February: FICOD
EIOPA clarified in Q&A (#3248) the following with regard to declaring indirect transactions under FICOD: “the concept of ‘single economic operation’ (SEO) is distinct from “indirect transaction” concept and such SEO concept is not expected to be used for identifying several transactions that are “connected” to form an ‘indirect transaction’.” EIOPA also provided a summary table for the different cases of intra-group transactions.
13 February: FICOD (FC.01 – FC.03)
EIOPA clarified in Q&A (#3247) that when a repurchase agreement reaches the significance threshold under FICOD, it shall be reported under two operations:
- the “cash leg” shall be considered as a loan and reported as such in table FC.01
- The “securities leg” shall be considered as a forward contract and reported as such in table FC.02
13 February: FICOD (FC.0 & FC.05)
EIOPA clarified in Q&A (#3246) that FC.05 categories that do not match with FC.0 specific items are expected to be reported as ‘fees and other incomes. EIOPA have also illustrated a mapping from FC.05 to FC.0.
13 February: FICOD (FC.01 & FC.05)
EIOPA clarified in Q&A (#3245) that with regard to FC.01 and FC.05, reporting by conglomerates is expected on a year-to-date basis.
13 February: FICOD (FC.06)
EIOPA clarified in Q&A (#3063) that the column ‘Assets whose risks are mainly borne by the policyholders’ should reflect the value of assets in relation to unit-linked or index-linked life insurance contracts.
13 February: Article 179; 180(2); 184(2)(d)
EIOPA clarified in Q&A (#2308) that with regards to a total return swap that has an index-linked bond as its underlying asset, the underlying exposure should be included in the determination of the capital requirement for spread risk on credit derivatives unless the bond is included in the list of exposures set out in Article 180(2) DR.
04 February: Article 138
EIOPA provided in Q&A (#2573) clarification given by the European Commission on the calculation of capital requirements for longevity risk in the context of collective pension schemes for employees.
Further information
For more on any of the items above, or any Insurance-related queries, contact Brian Morrissey, Head of Insurance. We'd be delighted to hear from you.
