Lloyd s Minimum Standards

Transcription

1 Lloyd s Minimum Standards MS4 Risk Management Self-Assessment & 2017 Overview 16/11/ Overview and Risk Management (MS4) Self-Assessment 16/11/2016

2 Contents Introduction The Self-Assessment process Specific MS4 examples 2017 and the Annual Board Attestation Cyber Essentials Model Change Market Oversight Wrap Up and upcoming dates 2

3 Self-Assessment Return 3

4 Purpose of Self-Assessment The objectives are to: Establish whether agents are by their own assessment meeting the standards, and to identify standards which they believe are not being met Ensure agents can provide a high level description of how they meet the standards and requirements Agree action plans to address any identified gaps or failings Reinforce that agents are required to carry out regular assessments of their compliance with the standards and the role of the Senior Nominated Person (SNP) Assist with annual sign off of Board Attestation Provide a baseline against which Lloyd s can test when carrying out further assurance activities It is not a review activity. Lloyd s will examine the responses but this will not include a test of the responses/evidence provided. 4

5 RM RM REQUIREMENT NUMBER Completion of Self-Assessment Lloyd's standards Self-Assessment template STANDARD GROUP STANDARD REQUIREMENT REGULATORY/LLOYD'S Description of how the Requirement is Controls Evidence Self-Assessment Rating Action(s) Planned Action(s) Deadline Managing Agents Key: met Internal Notes [A = Article] [P = Paragraph] Check To move to a specific Standard either filter the field above or scroll down. To move to a specific Requirement either filter the field above or scroll down. Brief description of the current procedures/systems in List of controls currently in place place for this Requirement. to ensure the processes/systems described operate effectively. The evidence available to demonstrate compliance. This can include policies/procedures and GREEN (Currently Meets Minimum Description of the actions being The month/year when the Action(s) Standard), taken to complete any gap in Planned will have all been completed RED (Does not meet Minimum Standards) compliance for this Requirement. and the Requirement will be met. operational evidence such as examples/files, Where RED is selected Action(s) Planned It should not be completed if Self screen prints, system reports, and Actions Deadline must be completed. Assessment is GREEN. audit/peer/review reports, and meeting It must be completed if Self minutes. Assessment is RED. Evidence should not be submitted unless specifically requested. Where the evidence is a policy or procedure - the year it was last reviewed/updated must be provided. This field is for managing agents use to aid collation of information. This is not part of the return to Lloyd's and will not be examined by Lloyd's. Any information intended for Lloyd's must be shown in columns F to K MS4 - Risk Management RM Effective risk management system The risk management system shall comprise strategies, Level 1: Managing agents shall have in place an effective processes and reporting procedures necessary to identify, A44 P1 risk management system. measure, monitor, manage and report on a continuous basis the A44 P2 risks, at an individual and at an aggregated level, to which they A121 P4 are or could be exposed, and their interdependencies. A112 P5 Level 2: A222TSIM12 P2(b) A222TSIM12 P2(c) MS4 - Risk Management RM Effective risk management system The risk management system shall be well integrated into the Level 1: Managing agents shall have in place an effective organisational structure and in the decision making processes of A44 P1 risk management system. the managing agent. A44 P2 A121 P4 A112 P5 Level 2: A222TSIM12 P2(b) Describe how the Requirement is met Controls Evidence Self-assessment score Action(s) planned Action(s) deadline(s) 5

6 Example Risk Management Requirement Describe how the requirement is met List the controls List the evidence Rating Specific actions planned and deadline Managing agents shall ensure that details of all significant risks and controls are documented, e.g. in a risk register. All material risks and controls are captured within a risk register. The risk register includes category, risk description, causes controls, owners and assessment. See and for assessment details. Quarterly assessment Annual review Board and Committee reporting Metrics Loss events Emerging risk Risk register Board and Committee reporting packs and associated minutes Risk management policy/process Emerging risk log Loss event data Green What we do not wish to see: Managing agents shall ensure that details of all significant risks and controls are documented, e.g. in a risk register. A risk register has been developed. Quarterly and annual risk register review Risk register Green 6

7 What Managing Agents are required to do Complete the template Check for gaps and inconsistencies Obtain sign-off by Senior Nominated Person and the Director responsible for Risk or Compliance Where these are the same please contact your Account Manager to discuss Submit via SecureStore Provide updates regarding action(s) 7

8 What Lloyd s will do Review the Self Assessment Return Raise queries where the information needs clarification or resubmission (part or full) Discuss action(s) where they do not appear sufficient Track action(s) Assess what review work may be needed to test the Self Assessment information Identify where the returns indicate a general lack of understanding or compliance and what action may be needed and reissue guidance Issue additional guidance to the Market where appropriate Ensure the self-assessment tallies with our understanding of your SII development Overall findings reported to SAG 8

9 Risk Management Minimum Standards 9

10 The Risk Management Minimum Standards Risk Management Minimum Standards Section Name 1 Risk Management System - Effective Risk Management System 2 Risk Governance - Risk Management Strategy - Decision Making - Risk Policies 3 Risk Processes - Risk Identification & Assessment - Risk Monitoring & Reporting 4 Own Risk & Solvency Assessment - ORSA Scope - ORSA Policy - ORSA Process - ORSA Report 10

11 RM 2.2 Decision Making Managing agents shall have a clearly defined procedure on the decision-making process within the framework of the risk management system. Our expectations are that the self-assessment will cover the following key aspects: Responsibilities of the Board and appropriate committee(s) Membership of the appropriate committee(s) Reporting supporting risk governance arrangements Escalation Responses available to the managing agent 11

12 RM 4.2 ORSA Policy Managing agents shall have a written ORSA policy. Our expectations are that the self-assessment will cover the following key aspects: An overview of the core processes and procedures relating to the ORSA Explanation of the links between the profile, appetites and capital Approach to stress, sensitivity and reverse stress testing Data quality Frequency of ORSA Ad-hoc ORSA triggers 12

13 2017 ORSA Report Reviews 13

14 2017 ORSA Report Reviews ORSA reports are now BAU. Review approach has evolved alongside ORSA reports but considering changes. Need to balance our oversight of the managing agents with providing valuable feedback. Considering how we engage more widely within Lloyd s to support overarching view of a managing agent. 14

15

16 2017 and Board attestation MS4 is last of the 18 sets of Minimum Standards to be selfassessed Annual review of Minimum Standards How the standards reviews will be implemented going forward 2017 Board Attestation 16

17 Cyber Essentials Cyber Essentials was agreed by the LMA through their IT subcommittee as an appropriate requirement for IT security. This has been added to MS12 Operating at Lloyd s Minimum Standards. To date three quarters of the Market have confirmed compliance however some agents are finding difficulties so if you haven't started you need to do so imminently. 17

18 Model Change 2016 live model change environment We have had in 174 major changes so far this year Lloyd s is reviewing the process May mean changes required to model change policies Bridging Analysis 18

19 Market Oversight Lloyd s will be issuing both the Market Oversight plan and individual Managing Agent Oversight letters. Letters to be issued by the end of November. The letters will identify specific areas of review work and the expected timeline for each Managing Agent. Additionally the letter will identify the Managing Agent s in scope for each Thematic Review included in the 2017 Market Oversight Plan. Lloyd s will look to ensure this is risk based and appropriate to each Managing Agent. Should have any queries regarding the letter and its contents please speak to your Account Manager. 19

20 Wrap Up Self Assessment Template is already on SecureStore 30 November - Market Oversight letters will be sent to all agents Early December - Model Change Bridging Analysis (where required) 30 December - Agent completed MS4 self-assessments to be posted on SecureStore 2 March resubmission of SCR where required based on year end actuals March 2017 Board attestation due (further guidance to be issued before year end) March 2017 ORSA due 20

21