ICAAP and the Appointed Actuary

Last year, I was part of a panel discussion about ICAAP and the Appointed Actuary. It got such a good discussion that I’ve been asked to reprise it at this year’s Actuaries Summit. But a few things have happened since then, notably:

  • Companies have moved into the new world of ICAAP,
  • ICAAP Summary Statements have been approved,
  • Companies have submitted their first set of of LAGIC numbers to APRA.
  • APRA’s new Draft Standards for Conglomerates have been released, with changes to proposed for the role of the CRO in organisations.

This blog post broadly covers the material I will present at the Actuaries Summit on 20 May 2013. In this presentation, I will be using the transition into ICAAP as a way of exploring the current role of the Appointed Actuary, as required by the prudential framework, and what that implies for the role of the Appointed Actuary more generally. I will also be looking at the implications for the role of actuaries, as a profession, within insurance companies.

What were the hot issues last year?

Last year, Kent Griffin posed a few questions to the audience about the role of the Appointed Actuary as it was changing with the new ICAAP framework.

Should the profession:

  • Be content with the framework [of risk management and actuarial roles] as it is evolving and focus on our traditional competencies, and/or
  • Position the profession as one of a number of professions capable of delivering ICAAP and broader risk management and capital advice, and/or
  • Work further with regulators to look to integrate the role of the CRO and Appointed Actuary, similarly integrating the FCR and ICAAP, as an alternative option.

General views from the audience were that the Appointed Actuary’s influence has been declining, and moving more into a compliance role. There was not much support for integration of the Appointed Actuary role with the CRO role.

The role of the Appointed Actuary in APRA’s prudential standards

Both the Life Insurance Act (1995) and Insurance Act (1973) require a company to appoint an Actuary (the Appointed Actuary). The Life Insurance Act includes some specific requirements:

  • to provide advice to the Board before any distributions of profits or capital are made
  • provide advice to the company before any apportionments of income or outgoings between mixed business are made (largely expenses).

Most of the requirements for an Appointed Actuary, however, are set out in APRA’s Prudential Standards LPS 320 and GPS 320. For both Life and General Insurers, the main requirement is for an annual investigation into the Financial Condition of the Company (for General Insurers, the Insurance Liability Valuation Report is separate, but for Life insurers, it is effectively part of the FCR) . The results of this annual investigation are required to be reported to the Board within three months of year end. The specifics of what must be investigated are somewhat different for Life and General insurers, but the broad sweep includes:

  • a valuation of liabilities,
  • assessment of the profitability of existing and new business,
  • assessment of the capital position
  • Assessment of the suitability and adequacy of the risk management framework
  • Assessment of the insurer’s ICAAP

The Financial Condition Report is a much broader view of the financials of a company than provided in the accounts. As APRA has developed concerns about different aspects of insurance company management, they have added specific requirements. For example, a life insurer FCR now requires an assessment of the insurer’s systems and processes to pay surrender values as required by LPS 360.

For life insurers only, Appointed Actuary’s also provide advice on pricing – they do not approve pricing, but are required to advise companies on the consequences of pricing and reinsurance decisions so that the company makes an informed decision about the appropriate price to charge from an understanding of profitability and risk.

The role of the CRO in APRA’s proposed prudential standards

Insurers have been required to have a risk management function and a Chief Risk Officer for some time, and APRA has recently strengthened that requirement, and added it for ADIs.

An APRA-regulated institution must have a designated risk management function that, at a minimum:

(a) is responsible for assisting the Board, board committees and senior  management to develop and maintain the risk management framework;  

(b) is appropriate to the size, business mix and complexity of the institution; 

(c) is operationally independent; 

(d) has the necessary authority and reporting lines to the Board, board committees and senior management to conduct its risk management activities in an effective and independent manner; 

(e) is resourced with staff who have clearly defined roles and responsibilities and who possess appropriate experience and qualifications to exercise those responsibilities; 

(f) has access to all aspects of the institution that have the potential to generate material risk, including information technology systems and systems development resources; and 

(g) is required to notify the Board of any significant breach of, or material deviation from, the risk management framework

An APRA-regulated institution’s risk management function must be headed by a designated Chief Risk Officer (CRO). The CRO must be involved in, and have the authority to provide effective challenge to, activities and decisions that may materially affect the institution’s risk profile.  The CRO must be independent from business lines, the finance function and other revenue-generating responsibilities. The CRO must not be the Chief Executive Officer (CEO), Chief Financial Officer, Appointed Actuary or Head of Internal Audit.

What is the role of the AA and the CRO in lines of defense?

defenseThe  diagram shows the three lines of defense as they are generally outlined.

The first line consists of the risk management processes and controls which are part of operating the business. This includes risk management and controls around the calculation of the financial results – calculating financial results is generally regarded as part of business operations.

The second line consists of a framework of monitoring and controls, generally designed by a risk function. It might include oversight of the operation of a particular risk management framework (such as the oversight of the quality of a claims function, or the operation of market risk limits).

The third line consists of independent review, assurance and challenge. Most often this is synonymous with internal audit, but there are other forms of independent assurance. For example, sometimes reviews from other parts of a larger company or Group are included here.

From the description above of APRA’s view of an independent risk function and CRO, it seems that in this framework, APRA is looking for an independent team to perform the second line functions in the framework above. But what is APRA looking for the Appointed Actuary to do? If the CRO advises the Board on Risk Management, what does the Appointed Actuary do as a key adviser to the Board? Is there a place for an Appointed Actuary in a risk management framework, given that Authorised Deposit-Taking Institutions (ADIs) don’t have an Appointed Actuary, but APRA is proposing that they have the same requirements for risk management frameworks?

AA defense

 

The diagram above shows a broad view of the work that the Appointed Actuary is required to do from a Statutory perspective (including the Life Appointed Actuary’s pricing advice) and puts each part  of it into the three lines of defense framework.

In my view the Appointed Actuary’s statutory requirements fit into all three lines of defense, which makes it tricky to work out how to place the Appointed Actuary in the framework.

Within individual companies, Appointed Actuaries often fit into different parts of the management structure of risk and finance depending on which line of defense seems the most important.

And of course, there are many areas that Appointed Actuaries cover that aren’t formally part of the statutory requirements.

If you look at where I have put the different parts of the Appointed Actuary’s role, the most important, in my view, is the original responsibility; the calculation of policy liabilities and capital. That leads to the AA’s role as the adviser on the whole financial environment of insurers. It is an important role. The role is also increasingly shared with the Finance function. Within a Bank (without an Appointed Actuary) this role is played by various parts of the Finance function, with ultimate responsibility coming down to the CFO.

As APRA has added responsibilities to the Appointed Actuary (reviewing Risk Management framework and review of ICAAP), they have generally added third line responsibilities to the Appointed Actuary role. The key role, though, which is embodied in the Financial Condition Report, is the overview of the Financial Condition of the company.

How should the AA and the CRO interact?

The CRO role, in APRA’s existing (insurance) and proposed (all regulated entities) standards, has been defined to very closely match the requirements for the second line of defense. The CRO is required to be involved in, and effectively challenge, activities and decisions that may materially affect the institutions’ risk profile. And the CRO is required to be independent from business lines and cannot be the CFO, AA, or Internal Auditor. The CRO and the AA clearly need to work closely together. In my view the roles above are most important in first and third line. While advice on pricing, assumptions and methodology are clearly important, monitoring the capital and financial position, and providing oversight of the risk management framework and key parts of it are crucial to the risk management of the company.

In order for the risk management framework to work effectively, the AA and the CRO will need to work closely together to define the boundaries and responsibilities with absolute clarity.

FCRs and ICAAP Reports

A key part of the interaction between the actuarial function and risk and finance is the development of the FCR and ICAAP report. These two reports have a lot of overlap, despite being to different audiences.

FCRICAAPFCRs are to the Board from the AA, while the ICAAP report is to APRA from the Board. The FCR consists of:

  • A point in time view of liabilities, capital and financial condition
  • Assessment of recent experience and profitability
  • Assessment of the adequacy of pricing and current premiums
  • Review of suitability and adequacy of risk management framework, including reinsurance and asset liability management.

ICAAP Reports are from the Board to APRA, and consist of very similar reports on the operation of the company. They are required to include:

  • Projections of capital positions
  • Analysis of the capital experience and overall ICAAP experience over the year
  • Details of stress and scenario testing
  • Changes to risk profiles.

The documents have large overlap, but each includes items which the other is not required to include. Looking at the detail of the requirements, adding a few extra aspects reporting on the linkages between the risk profile and capital of a company would be likely to improve an FCR, and enable the ICAAP report to be built substantially from the FCR.

What can the Appointed Actuary do beyond the compliance role?

Actuaries can add enormous value beyond their statutory role. In insurance companies, you will find actuaries who are CFOs, CROs, product managers, reinsurance managers, as well as managers of claims and underwriting functions. But what role can the Appointed Actuary play beyond his or her compliance responsibilities? For example, can the Appointed Actuary decide on strategy? Or should the Appointed Actuary be limited to advising others on strategic decisions? Should the Appointed Actuary be responsible for asset liability management, for example? What about reinsurance strategy?

In our principles based framework, not everything is prescriptive. There are areas, particularly in smaller companies, where the Appointed Actuary is ideally placed to make some of the decisions. If there are too many key management positions required to advise the company (CFO, CRO, AA, plus possibly an HR and/or IT person), there aren’t many positions available on the management team to make the decisions. The AA though, probably can’t formally be that decision maker in most cases, which may have implications for the AAs position in the management team.

My own view is that in most cases, the person who has been appointed as the Appointed Actuary for the company should largely be advising, rather than deciding. Ideally, the Appointed Actuary, with his or her necessary oversight of the strategy of the company should be one of the key strategic advisers to the company and its management team (as well as the Board). If we feel as a profession we are being pushed into a compliance role, advising on strategy is a way we can move beyond that.

Conclusions

It isn’t entirely the actuarial profession’s fault that the Appointed Actuary, particularly in life insurance, has moved away from strategy into some degree of compliance focus – a number of areas which have been added to the AAs responsibilities of late have moved us further towards the third line of defense. We do have some control over our own destiny, however.  I’d like to think that there is a role for an Appointed Actuary who is a business advisor to the company, and the Board. That is where we as a profession should be trying to take the Appointed Actuary role.

_________________________________________________________________________________

The opinions expressed in this post (as for every post on this blog) are entirely my own, and are not necessarily those of my employer, or any of my previous employers.

 

  1 comment for “ICAAP and the Appointed Actuary

  1. Trang Duncanson
    May 20, 2013 at 12:39 am

    That’s a great summary. The responsibilities of the AA spanning the whole of the 3 lines of defense makes it a pretty tough gig. In particular the AA advises both the board audit committee and the board risk committee – so my question is really why are AAs often one level below the CFO or CRO or business line head, rather than at the same level and reporting to the CEO? I think this is partly because the AA first line of defense activities sits under the responsibilities of the finance or business functions – is this the barrier?

    As a general comment however there seems to be alot of overlap in the role of the CRO and the AA in regards to providing advice on the adequacy and effectiveness of risk management framework, and though the conversation is needed between them to clarify the responsibilities, they still have to do what they must do. When will the AA have time to do anything more than their statutory roles? There is such a strong call for actuarial functions, with all their deep understanding of the financial and risk drivers, to be greater business advisers, so clearly the actuarial teams need to do something different. So I like your conclusion very much but I would emphasize a greater sense of urgency for us – it would be what the little person Haw (‘who moved my cheese’, Dr Spencer Johnston) would do…to go search in the Maze.

Comments are closed.