Category: Advisory

COSO due for renewal

COSO due for renewal


The widely adopted COSO (Committee of Sponsoring Organizations of the Treadway Commission) risk framework, frequently utilized in the implementation and auditing of standards such as ISAE 3402 or ISO 27001, is due for a comprehensive update.

ICIF – the new model

Due to strong market changes, the COSO II ERM framework was outdated. A framework was needed that was responsive to, and took into account, current market conditions while being flexible enough to be applicable to a wide range of organisations: Internal Control – Integrated Framework (ICIF). The framework is also expected to enable organisations to meet rapidly changing market demands without incurring more risk.

The biggest changes are the minimisation of the COSO cube (the number of components has been reduced). In addition, the model has moved to a ‘principle-based structre’ where 17 principles form the foundation for the model. Also, given recent developments, the new model has placed more emphasis on the IT component.

From late 2011 to March 2012, the committee solicited feedback from the market on the framework. This feedback is currently being critically assessed by the committee and will largely be incorporated into the final version of the framework.

Men walking to the office with a laptop bag, he is a SOC 2 consultant

Solvency II, too bureaucratic?

Solvency II, too bureaucratic?

Paul Tucker, Deputy Governor of the Bank of England, recently described the Solvency II directive in an interview as overly complicated and expensive. Tucker indicated that the Solvency II directive might contribute to financial instability rather than provide greater security.

According to Tucker, the main issues are the high costs associated with implementing the new directive and its complexity.

“At the Bank of England, we are astonished by the resources required for us and the market as a whole to get up to speed with Solvency II by early 2014,” said Tucker. “We are also concerned that implementing a risk-sensitive regime makes the directive too complicated, similar to Basel II for banks.”

“We must prevent regulatory bodies from ‘drowning’ in the data provided by insurers and being unable to handle this data flow. This could result in regulators overlooking significant risks,” he added.

This concern resonates with many in the insurance market, who have been warning about these issues for some time.

The new directive is considered the most significant change in this area in Europe. Potential plans to extend the directive to pension funds could cost British businesses around £600 billion, according to research by JPMorgan Asset Management. JPMorgan stated that it would be nearly impossible for some pension funds to maintain the required amount of capital.

Mr Tucker’s speech coincides with rumours that Britain’s largest insurer may relocate its headquarters to Hong Kong due to the proposed measures.

Tucker stated that insurers, like banks, “must be able to fail calmly, in a controlled, orderly manner.” If the international community removes the safety net, bondholders will be exposed to risks from such failures.

“Insurers are significant investors in securities and other financial instruments. In the near future, you will no longer be protected by an implicit state guarantee for those investments,” Tucker concluded.

Control Reports

Control Reports


Due to current developments in outsourcing and the associated risk management, SASconsult has developed an implementation model that enables a cost-efficient ISAE 3402 implementation. This model (the SAS | Modeller) is delivered in a web tool that includes the process flows. The result is that the processes and controls required under ISAE 3402 are visible to everyone (via, for example, the intranet). We have already successfully implemented the SAS | Modeller at various property managers, IT organisations, and other financial institutions. For more information about the SAS | Modeller and its possibilities for your organisation, please refer to SAS | Modeller.

Solvency II delay until 2014 – what does it mean for insurers?

Solvency II delay until 2014 - What does it mean for insurers?

EIOPA’s final postponement regarding the implementation of Solvency II in Europe (the start date is now set for January 1, 2014) ends an uncertain time for insurers. The reason for the postponement, announced in late 2011, has since been explained through Q&As and consultation papers. However, a number of questions remain unanswered, such as:

  •  When will the outstanding issues (that emerged from the consultation papers, for example) be resolved?
  • To what extent can insurers implement Solvency II in 2013?
  • What are the minimum obligations regarding Solvency II (reporting, parallel run etc) for insurers during 2013?

These, and other questions, remain largely unanswered in the Q&As and consultation papers issued by EIOPA in the recent period. Insurers should look for answers themselves.

What can an insurer do?

Meetings of the European Parliament show that significant differences need to be resolved in the coming period. So there is a chance that, in the short term, there will be no real clarity from Brussels. The question then is whether the DNB can provide more clarity. To a certain extent: yes. It has done this in the past with the so-called Parallel Run. Here a number of points were (intentionally) left open by the EU. At the time, for the sake of clarity for insurers, these points were filled in by the DNB. It remains to be seen whether the DNB can do the same in this case. Take the obligations regarding Solvency II during 2013. Can the DNB draw a clear line here that the EU cannot? Time will tell.
 
Currently, the best way for insurers to prepare for the implementation of the Solvency II directive is to keep up the parallel run, follow developments closely (e.g., the Omnibus II) and stay in frequent dialogue with the DNB.