The countdown to Solvency II has well and truly begun, with only two-and-a-half years left before the European-wide initiative comes into force. Many insurers are apathetic about introducing necessary new technology but the longer they leave it, the costlier it will be

After 79 EU consultation papers, it sometimes can feel as if Solvency II, the strict new regulatory requirements for the insurance industry, will never come to pass. But the countdown has begun.

In just over two years, insurers will have to increase their capital reserves and improve their risk management systems to the extent that it will become virtually impossible for them not to pay out in the event of any major disaster.

Over the past two years, the industry’s focus has been on Pillar 1, which examines the actuarial, quantitative necessities of the regulations. For example, calculating just how much capital an insurer needs to hold on its balance sheet so that it can pay out if a vast number of customers claim at once.

In the spotlight

Pillar 2, which focuses on the more qualitative identification and management of potential risks that can affect that capital figure, is now under the spotlight. Later this year, the EU’s Committee of European Insurance and Occupational Pensions Supervisors (Ceiops) will reveal guidance on the implementation of risk assessments.

This will involve a massive overhaul of insurers’ technology systems, as historic data must be cleaned up to ensure that the modern risks of an insurer’s policies can be properly understood.

There are real worries that the industry will not be ready in time. IBM’s associate partner in insurance strategic business solutions, John Smith, has a few stark statistics:

• 60% of insurers’ time on Solvency II must now be spent looking at the quality and availability of suitable data;

• of about 500 UK?institutions, only one-fifth are on track to have the technology needed by 2012; and

• introducing new IT systems will cost more than £50m for the large, FTSE-100 insurer.

Guidewire Software’s European head of product marketing Katie Doyle adds: “Meeting Solvency II guidelines will be painful for carriers that are still running legacy core systems held together by duct tape and hope.”

Insurers face having ineffective risk management systems that will not get approval from domestic and EU regulators. “Populating a model with data that is not fully understood means that an insurer would largely be building a house on sand,” Doyle warns.

AXA UK?finance director Jean Drouffe is trying to simplify the British division’s systems.

At present, the insurer has two systems with commercial policy data; two for personal customers; and five or six satellite systems, some of which are run in partnerships with brokers.

AXA UK is aiming to have just two main programmes, separately covering commercial and personal policies, plus one simple “Solvency II compliant” system consolidating all the data and, therefore, risks for executives and regulators. “One [consolidated] system gives a single version of the truth. If you maintain two systems there can be confusion for senior management – and two systems cost three times more than one,” he says.

Tracking key details

Solvency II makes this single database vital as it ensures that all the risk is collated together. Several systems might duplicate many policyholders’ details, and such disparate data makes it difficult to track key information, such as if and when a business has swapped to another insurer. The quality of the information is therefore unreliable, making it difficult to assess the risks that the business faces.

Drouffe estimates that streamlined personal and commercial systems will cost AXA £15m apiece, while the aggregation for the Solvency II programme will be £8m-£10m. That’s roughly £40m in order to be ready by 2012.

This type of technology is what KPMG head of insurance Drew Fellowes is advising clients to adopt. He uses the example of product profitability, which might be anticipated in an insurer’s accounts over 10 years. However, this ignores whether the product has met a customer’s need over that time. If it did not, he or she could have switched policies.

“It will be key to extract from the system what has happened to long-term products – quite a complex scenario to track,” he argues.

This is further complicated by legacy systems and the additional pools of data that firms have picked up through the acquisition of rivals.

Vice-president of insurance at technology services group Capgemini, Andy McQuade, agrees: “The large companies have a much bigger task with their huge [technology] estates,” he says. “Can these bigger groups aggregate data in the right way? I don’t think many people would like to answer that question.”

Indeed, several major composites declined to comment for this article.

The biggest companies need to set up data warehouses to store and protect all the information that they will have to extract to satisfy the detail necessary under Solvency II. Many companies with older systems use Excel spreadsheets that are simply not sophisticated enough.

“It all depends on the maturity of the data,” McQuade says. “The smaller, newer insurers with fresh data and no legacy issues could be looking at spending below £10m for their new systems.”

Capgemini says that it has 450 Solvency II “literate” consultants ahead of what it believes will be a boom in technological advisory work. Many have been moved from banking, where they gained experience of Basel II, a similar set of capital requirements imposed on the lending industry.

Lloyd’s has also turned to banking to update its technologies. Finance director Luke Savage has brought in QuIC, which he describes as an “industrial strength” risk modelling platform used by banks. This should help prevent a worst case scenario whereby insurers would have to increase their capital by up to 150% using less sophisticated models. “To say that would make us commercially unattractive is an understatement,” he says.

QuIC is a system designed for high-volume transaction data – vital, given that Lloyd’s has 82 syndicates. “It’s like mapping [the risks] of 82 companies, from syndicates to the capital providers supporting them, and how they interact with each other,” Savage says.

Syndicates were asked last year to assess what gaps they had in their IT ahead of Solvency II, and Lloyd’s is now ploughing through that information for common themes that need to be overcome by 2012. It hopes this means its syndicates should be fully prepared.

Others are not so well prepared. “A number of insurers aren’t addressing Solvency II regulations – they’ve buried their heads in the sand,” Andy Wright, UK manager of Japanese insurance software group eBaoTech, says. “Solvency II is still evolving in a number of aspects, so the carriers are holding back [on introducing new technology]. There’s a bit of apathy.”

Ceiops’ guidance on implementation should clarify a lot of the technology requirements, meaning that some insurers feel it is not worth wasting work – “going up cul-de-sacs”, as one industry figure puts it – on new systems now.

However, Wright insists that this leaves a “tight” deadline for many insurers, particularly as old legacy applications have data that will certainly not match up with the needs of Solvency II.

Again, Wright has found that smaller organisations have been speedier to update their technology, aware that there is no way that they can afford the rush to complete the changes should they wait until next year. For example, eBaoTech is currently tendering to help update two companies’ policy administration systems, both contracts accelerated to meet the requirements of the regulations.

‘We’ll be ready’

Head of strategies and propositions for the insurer division of global IT group SSP, Andy Nightingale says that the industry will be ready, but “possibly not on the basis it would like”.

Updated technology should help companies assess risk and map those dangers to come up with the amount of capital they need on their balance sheets to cover any disaster. If the technology cannot, for example, successfully consolidate all policies on to one system, that capital requirement is unlikely to be approved by the FSA.

The authority will then simply impose its own formula on the business, resulting in stringent capital demands on the balance sheet. “That requires a lot more cash set aside to cover risk,” Nightingale says. “An insurer’s own system [with its own technology] would be more precise in the risk profile, meaning that it would have to provide less capital.”

And you can be sure that cost of the technology needed to assess the risk and calculate the capital figure will be a lot less than the amount of cash the FSA forces an insurer to leave, doing nothing for investors, on the balance sheet. IT