Section 1: Our Vision and Credentials
Section 2: Capital Modelling
Section 3: Model Risk Management
Section 4: Lloyd’s Minimum Standards
Section 5: Policy Management and Compliance
Section 6: Regulatory Reporting Workflow
The Corporation of Lloyd’s places exacting requirements on Managing Agents to ensure it retains its reputation as the market of choice for specialist insurance and provides the security necessary for policyholder confidence. Whilst the trading benefits are valuable, the compliance bar is set high and this presents some specific challenges to Managing Agents.
Here at Decision Focus we have a detailed understanding of these challenges; our Head of GRC Product Strategy has over 12 years CRO experience in the Lloyd’s and Company Markets. We thought hard about how we can help with the real pressure points, and then engineered some novel and powerful capabilities into the Decision Focus toolset. You generally will not find them in other GRC products; certainly not all in one place, interoperating seamlessly, as we provide.
Of course, Decision Focus excels at the more generic features needed to support your risk and compliance frameworks. You will find these in competing products, but we have the edge on intuitive use and no-code configurability, as well as automated, committee-ready risk and compliance reporting. However, here we focus on our specialised capabilities which tackle Lloyd’s operating and compliance challenges head on. They address:
Both the PRA and Lloyd’s require that your capital model quantifies the real risks that management is concerned with, not some other, ‘special’ risks devised purely for the modelling exercise. You need to demonstrate the relationship between your risk register, where management’s real risks live, and the model.
In Decision Focus you set your model scope directly from the risk register. Each risk is assessed for model inclusion using user-adjustable criteria, such as materiality or capital relevance, and marked for inclusion where appropriate.
The rationale for excluding risks from the model is also captured. This is the first step in model documentation. Decision Focus helps you develop this further by explicitly linking each modelled risk in the register to the model components, model inputs, methodologies, assumptions, expert judgements and limitations relevant to its quantification. These are also captured in the tool. Model documentation becomes an ordered data structure within
Decision Focus, rather than just prose on paper. The advantage over prose is that data can be queried and used,
notably for model validation which is discussed later.
The model can only quantify those risks where sufficient historical data is available. For other risks, notably operational risks, another approach is needed. Decision Focus uses a scenario-based technique for quantifying these risks outside the model and feeds them into the model as a model input. For each such risk several scenarios can be defined and their impact quantified. Each scenario represents a point on that risk’s frequency/severity curve, so for example might represent the impact of the risk at the 1 in 5, 10, 20, 50, 100 and 200 year return periods.
Bespoke curves are provided for each entity exposed to the risk. The full description of each scenario with its quantification rationale and its result are captured and resulting curves are automatically plotted for use in reporting. The feed to the model can be automated via our open API or undertaken via excel export/import. Our interface with
capital models can be two-way, so quantification data produced by the model can be loaded into the risk register and included in committee and Board reports produced from Decision Focus.
Of all Solvency II requirements, this has proven be one of the most challenging and burdensome. Given its pivotal role, the model rightly requires very careful use, maintenance, and validation. Guarding against failures here has given birth to the modern discipline of model risk management. Decision Focus brings help and assurance in several ways.
Understanding and reducing model limitations
It is critical that model users understand its limitations to ensure model outputs are interpreted safely. After all, strategic decisions can be informed by what the model is saying. Decision Focus provides a formal limitations log, used to capture all deficiencies and their source e.g. observation through use, validation testing, or regulator inspection. It also captures the impact of the limitation e.g. uncertainty regarding on the one-year capital requirement, the to-ultimate capital requirement or technical provision sufficiency. Importantly, Decision Focus supports action initiation and progress tracking to remediate limitations where feasible. Finally, sharing limitations with users and formal limitation reporting as part of model validation are supported.
The model must be stable to be reliable in use. However, changes in the business model and strategic plans will necessitate change, as will addressing model deficiencies. Decision Focus manages the entire workflow for model change: recording proposed changes, capturing rationale, impact analysis, internal approval, external approval (for
material changes), reporting to Change Boards and the regulator.
Model Risk Appetite
As the discipline of Model Risk Management evolves organisations are starting to include it in their wider risk management framework, and to apply the same rigour as they would elsewhere. This includes risk appetite. Given a capital model will always be imperfect, what level of fidelity do you need to aim for to ensure it is fit for use? This can
be defined as an appetite, or more properly a tolerance for an acceptable level of Model Risk, perhaps relating to data input quality or back testing failure rates. Decision Focus has a comprehensive capability for defining appetite and tolerance, measuring status against it, and tracking that status over time. Full reporting into your model governance
framework is supported.
Model Validation Testing
This has proven to be effort intensive. The effort used to be a single annual validation exercise in support of the
determination of FAL and coming into line. Managing Agents see the benefit of spreading the load and Lloyd’s
themselves now follow a three-year test cycle. All of this requires tighter scheduling and coverage analysis, and this is where Decision Focus helps you work smarter, and reduce effort, whilst improving quality and certainty.
The model must be used by the business, rather than constructed for purely regulatory purposes, and this must be evidenced. Decision Focus incorporates a model use log where all use occasions are recorded and the objectives and benefits of the use are documented. The log can be drawn upon by Decision Focus’s automated validation reporting.
Planning and Execution
Decision Focus supports a validation test library: a list of all the tests you might make of the model, at some point in time. The test type (e.g. profit & loss attribution, reverse stress test, back-test), methodology and pass/fail criteria are defined for each test. Importantly, the degree of independence required for each test is specified. You may then nominate which tests you will run in each test cycle. These may then be scheduled in time to form a test plan for the cycle.
Decision Focus also helps prioritise which tests to include in a given validation cycle. It accords each test an importance factor based on multiple assessment criteria, which you can adjust. These might be one-year model outcome sensitivity or business model change. Decision Focus also provides test aging analysis and will prompt you to include tests which have not be run for a while. This ensures you will get to all tests within the three-year period
stipulated by Lloyd’s.
Test tasks are allocated to individual testers and validation forums, such as the Reserving Committee. Decision Focus then checks that the required degrees of independence are satisfied. Testers are provided with specific views of the scope and progress of their test work. Test managers are provided with oversight views. All test outcomes are documented directly in Decision Focus. Supporting evidence of test outcomes can be uploaded into the tool. The entire test execution process is supported, and its data held in one place, explicitly linked to the model components under test. This enables model test coverage analysis.
This is the infamous ‘garbage in – garbage out’ requirement, and it is onerous. Decision Focus has a dedicated data quality management capability. The data sets on which each model input relies are identified with the tool along with completeness, appropriateness, and accuracy criteria for each. Each criterion is mapped to the data quality controls
designed and operated to ensure the quality criterion is met. These are held in Decisions Focus’s control register. Control assessments and testing evidence can then be used to determine whether the criteria are met, and in turn provide an objective conclusion whether each dataset is reliable for model use. All of this can be readily evidenced when you are challenged.
Testing will uncover model deficiencies. Decision Focus supports the initiation and tracking of remedial action and retesting. Retests can be scheduled for the current cycle or deferred to the next cycle. Intuitive action status dashboards are provided along with helpful email notifications to testers and managers. Through this approach a strong validation loop is evidenced as documented model improvements are tracked through the system.
Decision Focus supports flexible reporting to the validation forums you operate. Reporting is fully automated; no manual intervention is required. Importantly, Decision Focus automatically generates the Technical Validation Report which must be submitted to Lloyd’s. Managing Agents will recognise the high effort required to do this manually.
Decision Focus removes this burden and ensues reporting integrity.
These are the yardstick by which the Corporation measures all Agents. The fifteen standards collectively stipulate
seven hundred and forty-five requirements, at the last count. These must be satisfied individually for each Syndicate managed by an Agent. That adds up to a lot of assurance effort, especially for multi-syndicate and turnkey Agents managing compliance with these standards via spreadsheets. Decision Focus materially reduces the effort.
All the Standards and all the requirements within them have been registered in the tool. Decision Focus explicitly links each requirement to the relevant controls they operate to ensure the requirement is satisfied. These are housed within the tool’s integrated control register. Decision Focus supports periodic self-assessment of these controls
as well independent assessment by the second line, and formal control testing by the third line. This control validation is then used to provide an objective and evidenced indication of whether the requirements are satisfied, and compliance with the standard achieved. Where deficiencies are found action initiation and tracking features in the tool
ensure the issue is remedied. Responsibility for compliance with standards, and the satisfaction of specific requirements is clearly allocated to individuals. They are provided with views tailored just to their responsibilities and
management are provided with oversight views of status.
A key benefit of this approach, where requirements, controls and assurance data are all held in one place, is that Decision Focus can automatically generate the compliance submissions required by Lloyd’s for each standard. These are generated at the press of a button, in the exact Excel format required by Lloyd’s. Decision Focus also generates the annual Board attestation documentation. Again, with no manual intervention and in the prescribed format. There is a complete audit trail from the compliance status the Board must attest to the underlying evidence. When the Board seeks positive assurance that ‘green is green’, or hard evidence of non-compliance, this is readily provided by a simple ‘drill down’ in the tool. Snap shots of historical attestations and the data from which they derive can be made at will and held for future reference. Some of Lloyd’s Minimum Standards specifically address the operation of capital models, such as MS12 Model Scope Change and Use, MS13 Modelling Design and Implementation and MS14 Validation. Via these standards, Decision Focus’s robust approach to compliance measurement and reporting provides a further contribution to managing the model risk discussed earlier.
Decision Focus supports the authorship, approval, and dissemination of Board Policies. Furthermore, it schedules their periodic review, update and re-approval to ensure they remain fit for purpose. All of this is necessary and useful, but the key thing is to guard against policies which amount to no more than ‘shelf ware’.
To avoid this Decision Focus actually measures the business’s compliance with Board policies. Firstly it turns the prose in the policy document into separate mandate statements, each held as an individual data item within its repository. It then explicitly maps from the mandates contained within a Board Policy to specific operational
requirements contained in underlying Business Standards. For example, a Board policy for Financial Crime may mandate that no trade sanctions shall be breached, and this may be mapped to several specific screening requirements, specified in an underlying Sanctions Screening Business Standard. Within Decision Focus a Lloyd’s Minimum Standard is simply a special case of a Business Standard; simply one that has been mandated by Lloyd’s. As with Minimum Standards, each requirement in a Business Standard is then mapped to the controls operated within the business to ensure the requirement is satisfied.
Once this structure is in place, powerful top-down and bottom-up analyses can be made. Bottom-up, if all the controls relating to a requirement in a Business Standard are effective, then the requirement is satisfied. In turn, if all the requirements relating to a mandate in a Board Policy are satisfied, then the business is complying with the mandate. Requirements and mandates can be accorded a weighting factor and simple roll-up arithmetic can provide a ‘percentage compliant’ score at both the Standard and Policy level.
Top-down, if there is a change at Policy level, an impact assessment can be readily made via the mapping. This identifies all requirements in underlying Business Standards, and in turn all the operational controls, which may need to be adjusted or enhanced to accommodate the policy change.
Regulators require numerous submissions from the entities they regulate. Submissions are also required by various legal and statutory stakeholders, reinsurance pools, and trade bureaus such as the MIB. The Lloyd’s Business Timetable alone cites around 250 potential submissions.
Whilst some submissions will be annual, others are required at higher frequencies, such as quarterly. Furthermore, most submissions must be made separately for each entity within a trading group. Internationally active groups also face submission requirements from multiple regulatory jurisdictions around the globe. The burden can readily amount 100s of submission within a year for such groups.
There are two basic expectations; the submission is made on time and its contents are reliable. Submissions often
require complex data transformation and several functions may need to collaborate, making ‘on time and right’ far
Decision Focus have developed a novel solution to ensure you meet the challenge. At its heart is the ability to define reference submissions. These are essentially an instruction set for actual submissions. For example, a reference
submission might say ‘We must make submission X for these three entities (perhaps syndicates) in the group,
quarterly’. You can then define a workflow for the submission preparation tasks required, each allocated to the appropriate function e.g. risk, actuarial and finance and the named individuals within each function who will be responsible. Task durations and sequence are also defined.
From these reference submissions Decision Focus will automatically generate a register of the actual submissions which need to be made over the year. In the example above 12 actual submissions will be added to the register, one per quarter for each of the three entities, with appropriate start dates and due dates. The total set of actual submissions form a business timetable, viewed via an Outlook style calendar. What’s more, the workflow tasks for each submission in the register will also be automatically generated, all with the required start and end dates and
allocated to the person responsible. These are visible as a project Gantt chart.
Now it’s a simple matter of getting those tasks done. Decision Focus excels here with comprehensive progress tracking via live dashboards, automated ‘start soon’, ‘due soon’, ‘ready for approval’, ‘approved’ and submitted notifications to the right individuals.
Nothing stands still, least of all the submission requirements for regulators. With our approach, when the regulator
adds, removes, or retimes submissions you simply need to edit the reference submissions. You can then generate the
business timetable for next year with a single button push. This brings a massive effort reduction and guaranteed consistency.
That deals with being sure you are organised about getting your submissions out on time, but what about the quality of their content? We have re-used the same data quality capabilities we developed for model validation as discussed above. The base datasets on which each submission relies are defined and data quality criteria defined for each. Each criterion is mapped to the data quality controls you operate to ensure the criteria are met, and these are subjected to assessment and testing. Full deficiency analysis, remediation and reporting is provided. Decision Focus provides comprehensive support for both the timeliness and the quality of your regulatory submissions.
What’s next? It’s your move...
Workflow Automation & Risk Management in the World’s Leading Enterprises