Solvency II


Solvency II:

Solvency II is a fundamental review of the capital adequacy regime for the European insurance industry. It aims to establish a revised set of EU-wide capital requirements and risk management standards that will replace the current Solvency requirements.


The European Commission publishes the technical specifications for the fifth quantitative impact study (QIS5), see the FSA’s QIS5 page for further information.

The Insurance Sector Newsletters contain useful information for firms about the FSA’s approach to moving from ICAS to Solvency II.

The FSA publishes Delivering Solvency II – an update that summarises the key policy developments and implementation activities.

The Solvency II Directive is due to be implemented on 1 November 2012. Any changes to the go live date will be formally communicated by the European Commission, when the FSA will consider and communicate the potential impact on planning and preparations for itself and firms.


The Solvency II Directive will apply to all insurance and reinsurance firms with gross premium income exceeding €5 million or gross technical provisions in excess of €25 million (please see Article 4 of the Directive for full details).

In a nutshell:

  • Solvency II will set out new, strengthened EU-wide requirements on capital adequacy and risk management for insurers with the aim of increasing policyholder protection; and
  • the strengthened regime should reduce the possibility of consumer loss or market disruption in insurance.

Central elements:

Central elements of the Solvency II regime include:

  1. Demonstrating adequate Financial Resources (Pillar 1): applies to all firms and considers key quantitative requirements, including own funds, technical provisions and calculating Solvency II capital requirements (the Solvency Capital Requirement -SCR, and Minimum Capital Requirement -MCR), with the SCR calculated either through an approved full or partial internal model, or through the European standard formula approach.
  2. Demonstrating an adequate System of Governance (Pillar 2): including effective risk management system and prospective risk identification through the Own Risk and Solvency Assessment (ORSA).
  3. Supervisory Review Process: the overall process conducted by the supervisory authority in reviewing insurance and reinsurance undertakings, ensuring compliance with the Directive requirements and identifying those with financial and/or organisational weaknesses susceptible to producing higher risks to policyholders.
  4. Public Disclosure and Regulatory Reporting Requirements (Pillar 3).

Adoption procedure:

Solvency II is being created in accordance with the Lamfalussy four-level process:

  • Level 1: framework principles: this involves developing a European legislative instrument that sets out essential framework principles, including implementing powers for detailed measures at Level 2.
  • Level 2: implementing measures: this involves developing more detailed implementing measures (prepared by the Commission following advice from CEIOPS) that are needed to operationalise the Level 1 framework legislation
  • Level 3: guidance: CEIOPS works on joint interpretation recommendations, consistent guidelines and common standards. CEIOPS also conducts peer reviews and compares regulatory practice to ensure consistent implementation and application.
  • Level 4: enforcement: more vigorous enforcement action by the Commission is underpinned by enhanced cooperation between member states, regulators and the private sector.

The Level 1 Directive text was adopted by the European Parliament on 22 April 2009 and was endorsed by the Council of Ministers on 5 May 2009, thus concluding the legislative process for adoption. This was a key step in the creation of Solvency II.  The Directive includes a ‘go live’ implementation date of 1 November 2012 for the new requirements, which will replace our current regime.

Delivering Solvency II:

In June 2010 we published Delivering Solvency II giving a summary of the key policy developments and implementation activities.  The first issue includes: Completing the fifth QIS; Deciding to use an internal model; Reporting, disclosure and market discipline (Pillar 3); System of Governance; Getting involved in FSA forums; and Key contacts.

Delivering Solvency II

Solvency II: What CIOs need to know

Solvency II, the EU directive that updates capital adequacy rules for the European insurance industry, is about to move to centre stage. We look at what IT departments of insurance companies in the UK must do.

Compliance with Solvency II will provide IT managers with many challenges, not least the sheer scale of the exercise. There is also greater complexity, with legal rules shifting from spelling out a series of provisions, to being a principles-based system.

Peter Skinner, the British MEP who nursed the package though the European Parliament, says, “Solvency II shifts the focus of supervisory authorities from merely checking compliance with a tick-the-box approach based on a set of rules to more proactively supervising the risk management of individual companies based on a set of principles.”

The directive, which cleared the Brussels legislative machinery in April last year, requires IT architectures to be ready for the directive’s enactment in national legislation by 31 October 2012. Non-compliance could endanger an insurance company’s right to trade.


Timing for setting up the modelling software to meet of the new rules has to follow a set programme, broken down into stages. For instance, according to risk management consultancy Watson Wyatt, the UK Financial Services Authority (FSA) required that as early as March 2009, firms should have stated whether they plan to apply for internal model approval,

By June to November 2010, the start of the first model dry-run period should have started. By October 2011, the FSA should be in receipt of the first batch of dry-run submissions. Second dry runs should take place in 2011 and 2012, with the FSA review/approval process running from 2012.

Jürgen Weiss, principal research analyst at Gartner, reckons that some companies will start the main IT work in three months, but others will not get going for another nine months.

Weiss says most European insurers are still in “a discovery phase”. IT managers are uncertain about budgeting their future Solvency II programmes. Some have not even requested an IT budget to cover work in 2010 on the regulations.

Almost all IT organisations that are familiar with the regulations have focused exclusively on the first of the three pillars of Solvency II. This primarily addresses the quantitative capital requirements for European insurers and the actuarial models with which these requirements are being calculated.

Gartner believes the efforts to comply with Pillar 2 requirements will be significantly higher than the efforts for the other two Solvency pillar investments because of the heterogeneous IT landscape of many insurers and the efforts to at least semi-automate data collection and normalisation. Weiss says this is worrying.

He says several level-two implementation measures on Solvency II, published in November 2009 by the EU’s advisory body for the insurance industry, the Committee of European Insurance and Occupational Pensions (CEIOPS) explicitly address IT issues. Examples are advice on data quality, data governance and documentation.


Weiss says risk managers and actuaries should now be collaborating with their IT colleagues. Business and IT managers should also be aware that Solvency II requires a holistic approach to risk management, encompassing people, processes and applications.

A contrasting view on timing comes from Steve Bell, financial services advisory partner at Ernst & Young: “With regard to timescales, there are a large number of interim dates, and in my experience for most clients they are not running too late as there is time remaining to gear up programmes.

“IT will need to deliver new or enhanced risk management systems. This will be the key IT new system build. The bigger challenge will be to provide accurate data to a lower level of granularity on more regular intervals than before from source systems many of which in insurance are legacy in nature. This is the area that will be harder for insurance IT teams.”

Management consultancy Deloitte and Touche is helping insurance companies to specify their IT needs to enable them to purchase compliance software. It says an official EU guideline, IP 58, gives a steer on the pre-application process, offering “advice on supervisory reporting and disclosure deals with the requirements for insurance companies to report to both the regulators and the public”.


Companies lining up to supply insurance companies with the software they need include: IBM, SAS, SAP, Oracle, Sungard, Fermat, EMB, Algorithmics, Towers Perrin, plus a fragmented array of specialist application providers.

IBM says the revision of its insurance industry framework – which it describes as a blueprint to address all three pillars of Solvency II – is complete and already being used by more than 150 insurers.

Isabella Hess, senior managing consultant at IBM Global Business Services, says IT departments should be thinking about adopting an enterprise-wide information architecture as, for most large groups, the concepts and strategic direction are “more or less ready”.

Hess says there is little real choice as the regulator and analysts are unlikely to look favourably on any big player adopting a more simplistic, standard model-based risk management framework.

Data quality

One fundamental issue is the quality, availability and traceability of data. For example, the data “granularity” defined by data models is usually hardwired into policy systems and can be difficult and expensive to change. (Granularity is the level of detail of “attributes, “fields, and data types that can be provided).

Similarly, insurers may need to collect more comprehensive information about the quality and risk-sensitivity of their investments portfolios than was required previously, and do so more frequently and faster.

Solvency II software will eventually better reflect an insurance company’s exposure to risk. This will enable a company to plan its business development, liquidity management and risk appetite to get the best payback on its capital reserves. In other words, IT managers will be buying a system that will enable firms to make better use of their capital.

Hess refers warmly to phase two of the International Accounting Standard Board’s forthcoming IFRS 4 on insurance contracts, for which an exposure draft is due in the second quarter of 2010. In planning Solvency II architecture, she advocates the use of other industry standards. These include Acord, the emerging international standard for information exchange, and service-oriented architecture for data exchange.

How much will it cost?

Hess says large insurance firms could be facing bills for around €100m each as a result of Solvency II. However, many have partially completed work on data and processes, leaving only “heavy lift work in intellectual modelling and embedding their enterprise risk models” to be done.

Hess estimates that second-tier insurers will need to invest between €30m and €40m over three years. Smaller companies could expect to pay €1m to – €1.5m each.

According to the CEA, the European insurance and reinsurance federation, the total number of insurance companies operating in the EU is 5,200. This figure could be increased if one takes in associated economic zones, such as the European Economic Community.

More accurate ideas on cost are likely to come from the publication of the next Quantitative Impact Studies (QIS) on Solvency II, expected in August 2010. The fifth in a series of reports, the study aims to assess the likely impact on insurance markets and products, social and economic impacts and the likely impact on insurers’ balance sheets and business behaviour of the potential policy options being considered by the EC.

Insurance companies are reminded that in 2012 it will not be enough just to say that you have purchased a Solvency II compliance software package. A Brussels mandarin close to the directive emphasises that this will not satisfy the regulators. “In the UK, the FSA will never give blind approval to the software itself, but will check on functionality,” he says.

Continue reading