‘Securing the Future’ was chosen as the theme of the EIOPA 8th annual conference held on the 20th October 2018. The conference itself provided invaluable insight as to what the future holders for insurers and pension funds and what regulatory bodies are likely to focus on in the coming months. Throughout, the message was that supervisors’ tasks and responsibilities were not limited to correcting past mistake but also prevent new risks from materialising, thereby underlining the importance of foresight and due consideration to threats and vulnerabilities relating to emerging risks.
In particular, the Solvency II review, which should be completed by 2020, should be augur well for the domestic insurance market since it promises to emphasise the concept of proportionality, especially insofar as disclosure obligations are concerned. The review is also intended to address the concerns around illiquid liabilities – and whether the assets covering them are adequate – as well as ensuring that supervisors are granted clear and robust intervention powers to prevent systemic risks from materialising.
The developments in digitisation are equally being prioritised. Not only is EIOPA close to finalising its thematic review on big data but it is also intent on identifying regulatory barriers to innovation and analyse the fragmentation of the insurance value chain. Against this backdrop, cyber risk emerges as a major concern; in fact, this year’s insurance stress tests included a questionnaire on cyber risk and considerations of this nature are expected to be extended to the pensions sector in the next round. The IAIS has, in a recent discussion paper, considered cyber risk as a potential systemic risk for the first time ever. Insurers and pension funds are very much encouraged to define their risk appetite for the underwriting of cyber risk insurance and dedicating a pool of qualified resources for this task. Policies which are regularly reviewed and updated, together with comprehensive management information systems, are equally important contributors to the management of cyber risk exposure. Supervisors are encouraged to communicate their expectations on cyber risk, including the systems and security features that insurers should have in place; an EU response as part of the FinTech action plan is not unlikely. Insurers are further encouraged to develop cyber-attack scenarios internally and consider these as part of their ORSA. Penetration testing, ideally involving the engagement of ethical hackers, is nowadays considered best practice. All in all, cyber risk is a multi-faceted monster which requires a multi-faceted response and data sharing amongst market participants is fundamental – including on near-misses. Insurers should this focus on bringing together a number of streams of action which are well-coordinated and which are complementary to each other, not least by having a solid view of stress test outcomes as well as qualitative and quantitative risk appetite limits. Especially for local players, cyber risk takes a totally different dimension when considering its interaction with blockchain technology – both in terms of internally managing their own cyber risk exposure for those insurers considering the adoption of the technology for increasing the efficiency of their day-to-day activities such as claims management and client on-boarding processes, but also for those insurers which shall be underwriting the risks of service providers licensed or registered under the newly-introduced Virtual Financial Assets Act.
The key topic of sustainable finance and the role of the insurance and pensions sectors in this respect was discussed at length during the conference – and rightly so. Insurers and pension funds were encouraged to include environmental, social and governance (“ESG”) risks in their risk management frameworks as a conscious decision rather than a regulatory requirement. The implications of climate change and resource depletion effectively dictate the investment decisions of these sectors and the advice they give to their clients and it is therefore expected that insurers and pension funds take into account the impact of their investments on sustainability and vice versa. Crucially, insurers and pension funds must identify, assess and price the risks arising from ESG factors correctly in order to manage and mitigate sustainability risks, whilst fostering a deep understanding of ESG risks so as to change and adapt their business model and subsequently creating products to address these emerging risks.
In light of these significant developments, one cannot discount the possibility that, at some point in the near future, regulators and policy-makers will start to re-think post-crisis regulation and the ‘spaghetti approach’ that was adopted to address the risks in a fire-fighting fashion. By way of example, one questions whether the current focus on liquidity resonates with the drive to achieve sustainable finance and therefore whether the present balance sheet composition is actually viable in the longer-term. A reduced focus on short-termism by regulatory bodies could be on the cards such that insurers will be directed at re-allocating their capital by increasing their investment in equity (as opposed to government bonds) and invest more in real assets, thereby having a more prominent role in the real economy.