Individual accountability for risk management is an important part of the Senior Insurance Manager’s Regime
The UK’s Senior Insurance Manager’s Regime (SIMR) has put greater responsibility than ever on senior staff to ensure effective governance and risk management. The framework started on 7 March, but the key challenges will remain ongoing – to implement process changes to support those in approved positions and to embed the spirit of the changes.
SIMR develops principles that underlay Solvency II, most notably in relation to individual accountability for risk management; the regime underlines further the need for an appropriate risk culture and conduct through the insurer. Non-compliance could spell fines or even regulatory action for authorised managers but, practically, what should executives do?
The most helpful approach is to consider six key firm-wide processes in turn.
Senior managers need to assess the way in which the governance framework supports their responsibilities. For example: how decisions relating to your area are made and whether you receive all the relevant information to discharge your responsibilities.
2. Risk management
Effective risk management is at the heart of both Solvency II and SIMR. One should consider how the risk management framework is applied to your responsibilities and how clearly risk accountabilities are defined in one’s role profile. It is also key to assess how one engages with the second line of defence, to ensure oversight and challenge provided by risk supports you in discharging your SIMR accountabilities.
3. Control functions
The four Solvency II control functions – risk, compliance, actuarial and internal audit – are central to the overall effectiveness of insurance governance systems and effective risk management. Senior managers must be proactive in understanding how these control functions support their SIMR accountabilities: whether assurance is sufficient and appropriate to support your conclusion that risk is appropriately managed, and whether you require additional engagement from the control functions, maybe in a specific area of your responsibilities.
4. Team structure
Every senior manager must assess their team’s capacity and capability to support their regulatory responsibilities. Clear communication and formal delineation in risk ownership and accountability is a must – and appropriate oversight by the senior insurance manager where responsibilities are delegated internally or to an outsourced service provider. For example, formal self-declaration from team members on compliance with the conduct standards will provide additional evidence on compliance by key functions.
5. Management information and reporting
Senior insurance managers must not only be compliant with the standards of the regime but also evidence this compliance. This involves timely and reliable reporting and MI covering their responsibilities. One should ask if you receive the necessary information from the business and whether there is clear evidence of decisions and actions taken as a result of information presented to you.
The need for a good risk culture is clearly articulated in the conduct standards. In practice, managers must not only demonstrate the right attitude themselves, but also define, assess and measure the risk culture across their area of responsibility. One should think how risk culture of each key function can be assessed.
To sum up, implementing SIMR successfully requires a wider assessment of how governance and risk management frameworks, and the insurers’ culture, support and evidence compliance with the regulatory requirements. While the regime may be about personal responsibility, it clearly requires a collective effort across the insurer.