EIOPA made an important contribution to supervision and stability in the insurance sector, but significant challenges remain

Executive summary

I

The insurance industry accounts for a significant part of the EU financial sector. It manages assets valued at around two-thirds of EU annual GDP. Failure on the part of insurance companies could potentially disrupt the operations of the financial sector and negatively affect the real economy and consumers’ well-being.

II

The European Insurance and Occupational Pensions Authority (EIOPA) was established in 2011, following the reform of EU financial sector supervision after the financial crisis of 2007-2008. EIOPA acts as an independent advisory body to the European Commission, the Parliament and the Council.

III

EIOPA’s core responsibilities are to support the stability of the financial system, the transparency of markets and financial products, and to protect insurance policy holders. It also monitors potential risks and vulnerabilities in the sector. Its responsibilities come under four broad categories: regulation, supervision and supervisory convergence, financial stability and consumer protection.

IV

We examined whether EIOPA makes an effective contribution to supervision and financial stability in the insurance sector. In particular, we analysed EIOPA’s actions in the field of supervision and supervisory convergence (co-operation with National Competent Authorities (NCAs), their work on internal models and cross-border business), the 2016 insurance stress test as well as the adequacy of EIOPA’s resources and governance.

V

The audit primarily covered EIOPA’s supervisory activities between 2015 and 2017 as well as the 2016 stress test. The audit evidence came from visits to EIOPA and a documentary review on the spot, as well as meetings with the relevant Commission departments, the European Systemic Risk Board, NCAs, academic experts and stakeholders. The audit also took account of the results of two surveys.

VI

Our overall conclusion is that EIOPA has made good use of a wide range of tools to support supervisory convergence and financial stability. However, there are still significant challenges to be addressed by EIOPA itself, by national supervisors and by legislators, for example in the context of the European Supervisory Authorities’ (ESAs) and Solvency II reviews.

VII

EIOPA’s actions to ensure consistent supervision by NCAs were based on sound analysis and, for the most part, had a comprehensive scope. EIOPA identified through its work important weaknesses in the way the NCAs work and regularly monitors the developments. However, EIOPA has no systematic arrangement for following up its recommendations.

VIII

We found that the current legal framework for supervising cross-border business in the EU feature systemic weaknesses and create a situation where supervision depends on the legal form of a business rather than its nature. This results in the wrong incentives for both supervisors and insurers, which take advantage of a lower level of supervision in certain Member States. EIOPA made an effort to deal with the resulting problems, but was not in a position to overcome the systemic weaknesses and achieve supervisory convergence.

IX

Insurance companies use internal models so as better to adjust risk assessment to their business and ease their capital requirements. There are significant differences in how strictly NCAs supervise internal models. EIOPA attempted to improve supervisory convergence in this area. This was not fully effective due, among other reasons, to limitations in access to information placed by NCAs.

X

In 2016, EIOPA carried out a stress test to assess how the insurance sector would react to adverse market developments, in particular to a prolonged period of very low interest rates and an asset price shock. A number of companies proved vulnerable to such circumstances, as their solvency would have worsened significantly. The scope of the stress test was appropriate and the scenarios identified the main risks for the sector. However, we found shortcomings in their calibration. In particular, EIOPA was unable to justify the strength of one of the scenarios in a sufficiently detailed manner.

XI

Following accurate validation of the data, EIOPA mostly presented the results of the stress test in an appropriate manner. Because of its legal mandate, there was no company-level publication. Recommendations issued after the stress test were sometimes too general, although EIOPA made efforts to follow up the extent to which NCAs implemented them.

XII

In all its activities, EIOPA relies largely on co-operation with NCAs, but it does not always receive their full support. NCAs have a decisive say in EIOPA’s main governing body, which means that they are in a position to decide the scope of EIOPA’s action to review their own effectiveness. EIOPA has not yet accomplished a shift from regulation to supervision. With only 20 staff members working on oversight issues and a further seven on related topics, EIOPA is faced with a real challenge in terms of carrying out the broad range of complex tasks for which it is responsible.

XIII

We recommend that for improving the efficiency and effectiveness of EIOPA’s actions, EIOPA should:

1. better focus and follow up its supervisory tools in a systematic way;
2. co-operate with the Commission and the co-legislators to address systemic weaknesses in the supervision of cross-border business;
3. co-operate with the Commission and the co-legislators to address limitations on access to information about internal models and provide NCAs with more support on how to supervise them;
4. further improve the soundness of stress test scenarios;
5. issue more specific and relevant recommendations to the NCAs after the stress test;
6. promote the publication of stress test results at company level;
7. ensure that the stress test methodology is more transparent; and
8. strengthen human resources assigned to supervision.

Introduction

The insurance market in the European economy

01

With assets worth more than two thirds of the EU annual GDP and market penetration that differ across Member States (see Figure 1), insurance accounts for a significant proportion of the financial sector. It contributes to economic growth and financial stability by taking on risks and mobilising savings. Given their important role, the failure of insurance companies can disrupt the provision of financial services and the economy at large, and so negatively affect consumers.

02

One of the key challenges for the insurance market today is low interest rates. Insurers, especially in the life business, which accounts for 65 % of the EU insurance market, face significant problems earning the interest rate guaranteed for products sold in previous years. Therefore, life insurers’ business models are currently undergoing far-reaching changes, one consequence of which is additional risk-taking. Furthermore, digital technologies and greater use of big data have significantly re-shaped the insurance market (Fintech), creating not only opportunities for business but also a number of new challenges and risks for clients.

03

From a regulatory perspective, a key development for insurers was the application of the Solvency II framework in January 2016. Solvency II is the first harmonised EU legal framework concerning the taking-up and pursuit of the business of insurance and reinsurance. It covers also insurance supervision and aims at ensuring a fair level playing field within the Single Market. It defines how much capital companies need to hold in order to cover their risk, as well as risk-management, governance and reporting requirements.

EIOPA as part of the European system of financial supervision

04

The European Insurance and Occupational Pensions Authority (EIOPA) was established in 2011¹ as part of reforms to the way the EU’s financial sector is supervised, in response to the financial crisis of 2007-2008. EIOPA acts as an independent advisory body to the Commission, the Parliament and the Council. It is active in the fields of insurance companies, reinsurance companies, intermediaries and institutions for occupational pension provision.

05

EIOPA is part of a European System of Financial Supervision (ESFS) that comprises three European Supervisory Authorities (ESAs): one for the banking sector (the European Banking Authority – EBA), one for the securities sector (the European Securities and Markets Authority – ESMA), and one for the insurance and occupational pensions sector, as well as the European Systemic Risk Board (ESRB). The rationale for setting up the ESAs was to ensure closer cooperation and exchanges of information between national supervisors (also called National Competent Authorities – NCAs), to facilitate the adoption of EU solutions to cross-border problems, and to advance the consistent application and interpretation of rules.

06

EIOPA’s core responsibilities are to support the stability of the financial system, the transparency of markets and financial products, and the protection of insurance policyholders, pension scheme members and beneficiaries. EIOPA is commissioned to monitor and identify trends, potential risks and vulnerabilities stemming from the micro-prudential level, across borders and across sectors. To this end, EIOPA has responsibilities that come under four broad and interrelated categories: regulation, supervision and supervisory convergence, financial stability, and consumer protection (see Table 1). Following finalisation of the work on the main legislative framework for the insurance sector and the need to ensure its effective implementation, EIOPA intended to shift the strategic focus of its work from regulation to supervision. In this audit, we focus on supervision and supervisory convergence, which is key for consumers, and the stress test, falling under the objective of ensuring financial stability.

Table 1

EIOPA’s responsibilities

Field of responsibility	EIOPA’s role
Regulation	Drafting technical standards which are subsequently endorsed by the Commission, and discussing any changes made. Advising the Commission in areas where it has the power to adopt delegated acts relating to EU work.
Supervision and supervisory convergence	Facilitating and coordinating NCAs in their supervisory activities in order to establish consistent, efficient and effective supervisory practices within the ESFS, and to ensure the common, uniform and consistent application of EU Law.
Financial stability and crisis management	Contributing to the work of the ESRB’s macro-prudential supervision by submitting data and reports. Conducting stress tests for the insurance and pensions sector, and ensuring coordinated crisis prevention and management, as well as maintaining financial stability in times of crisis.
Consumer protection and financial innovation	Protecting consumers from excessive risk-taking when buying/investing in financial products by drafting regulations, monitoring market trends, improving the information available etc. Prohibiting financial products if they pose a risk to financial stability in the EU; analysing and reporting on new financial innovations/products on the market.

Source: ECA.

ESA reform process

07

As the nature of challenges in the financial markets is evolving, the Commission proposed a package of reforms in September 2017 to strengthen the ESFS. The overall aim was to improve the mandates, governance and funding of the three ESAs, as well as the functioning of the ESRB. A number of the Commission’s proposals would be directly applicable to EIOPA, such as creating an independent Executive Board (to be in charge of case-by-case decisions and certain supervisory matters), strengthening EIOPA’s role in validating internal models, and enhancing its available tools to foster supervisory convergence.

08

The Commission’s proposals for changes in EIOPA’s legal framework will now follow the standard legislative process, including discussion in the Council and the Parliament. The expectation is that the amended legal acts will be adopted in 2019. Our audit may usefully contribute to this debate.

Audit scope and approach

09

The audit examined whether EIOPA effectively contributed to supervision and financial stability in the European insurance sector. The focus of the audit reflected the recent shift in EIOPA’s priorities from regulation to supervision. We addressed in particular the following areas:

1. EIOPA’s actions in the field of supervision and supervisory convergence; our review included a sample of instruments used by EIOPA (Parts I, II and III);
2. the stress test for the insurance sector carried out in 2016 (Part IV); and
3. horizontal aspects crucial for the effectiveness of all EIOPA’s actions (the use of legal instruments to ensure compliance with EU law, the adequacy of human resources, and the appropriateness of the governance structure; Part V).

10

EIOPA’s activities in supervision and supervisory convergence cover in practice three broad areas: (i) fostering supervision by national authorities, (ii) ensuring adequate supervision of cross-border entities, and (iii) internal models. For the sake of clarity, we discussed these topics in three subsequent parts of the report (I, II and III), but they contribute jointly to our assessment of EIOPA’s work in the field of supervision and supervisory convergence. In the field of financial stability, we focused on the stress test for the insurance sector, given its importance for identifying future risks in the market.

11

The report did not cover the work of the NCAs (which work closely with EIOPA in all its activities). The ESRB, which was involved in designing one of the stress test scenarios, was not an auditee, as responsibility for and ownership of both scenarios remains with EIOPA. As the audit focused on the insurance market, it did not include EIOPA’s activities in the occupational pensions sector.

12

The audit covered EIOPA’s supervisory activities that took place primarily in 2015-2017, and the stress test of 2016 (including the lessons learned from the previous stress test in 2014). For each audited activity, we selected the cases/files for review in such a way as to ensure that the sample is representative of EIOPA’s work and features a diverse range of typical problems.

13

The main audit work involved visits to EIOPA and reviews of documents on the spot. We also collected evidence at information-gathering meetings and video conferences with the relevant Commission departments, the ESRB, NCAs, academic experts and stakeholders (consumer and business associations). The results of two surveys further informed the audit:

1. the first was sent to all NCAs in the EU’s Member States and concerned overall co-operation with EIOPA (supervision and stress testing). 24 out of 28 NCAs responded;
2. the second was sent to a sample of insurance companies and concerned the stress test. 35 out of 66 companies responded.

Observations

Part I - EIOPA’s actions to ensure consistent supervision by NCAs are sound, but lack a systematic approach to follow-up

14

Under its objectives to contribute to better and more consistent supervision across EU Member States, EIOPA engages in a number of activities to facilitate and co-ordinate the work of national supervisors (NCAs). By doing so, EIOPA envisages a European supervisory culture, meaning a common understanding of the way supervisors think, behave and work within their community. This means a level playing field for insurance companies across Europe and a similar level of trust for consumers that their insurance companies comply with regulatory requirements.

15

As far as the co-ordination of NCA work is concerned, our audit looked at three main instruments serving the purpose of supervisory convergence: structured dialogue with NCAs (with spot/country visits as a key component), the supervisory handbook and peer reviews (see Figure 2). The handbook and peer reviews were co-ordinated by EIOPA, though the work was carried out in very close co-operation with NCAs. The reviewers delegated by NCAs provide most of the content and peer assessments. In addition to the audited ones, EIOPA applied a number of other instruments², both as directly set out in the founding Regulation and on its own initiative.

EIOPA identified significant weaknesses in supervision quality

16

By means of structured dialogue with the NCAs, EIOPA has identified a number of weaknesses in critical aspects of insurance supervision (see Figure 3). The peer reviews also revealed important areas where NCAs should improve their supervisory practices (see Annex I). EIOPA’s assessments show that NCAs’ approaches to supervision often diverged in terms of how intrusive, risk-based and forward-looking they are. This means that a given practice by an insurance company (e.g. in the field of risk management) could be accepted in one Member State but challenged in another. As part of the structured dialogue process, NCAs responded to the findings of EIOPA’s reports. However, EIOPA did not systematically analyse the responses and did not provide a comprehensive written feedback to NCAs.

EIOPA’s recommendations reflect the weaknesses identified, but lack follow-up

17

In view of the weaknesses identified, EIOPA recommended actions for specific NCAs. In the case of structured dialogue, EIOPA made more than 30 recommendations for each NCA in our sample without any form of prioritisation. Peer reviews resulted in a significantly smaller number of recommendations. Although the recommendations were clear, they were sometimes general and not suited to the NCAs’ specific situations.

18

EIOPA has made no provision for systematically following up the implementation of recommended actions either for structured dialogue or for peer review. As a result, EIOPA has no overview of whether NCAs have taken its recommendations on board. However, it has made an effort to follow up some specific issues on an ad hoc basis (e.g. during subsequent visits to NCA or through informal contacts; there was also one specific follow-up peer review) and could demonstrate some specific improvements in NCA practices and governance (see Box 1).

The underlying work was mostly thorough and comprehensive, but the processes were time-consuming

19

Despite the complexity of the area covered, the structure and clarity of EIOPA’s work in the field of supervision and supervisory convergence was generally good and was based on sound analysis and methodology. EIOPA staff prepared their visits to individual countries by collecting a broad range of documents and information, including a questionnaire to be filled in by NCAs. This enabled the scope of the visits to be customised in the light of the specific problems encountered by individual NCAs. Peer reviews were based on detailed methodology specifying all steps to be followed by the reviewer. However, the guidance that participants were given sometimes lacked a structured approach and project-related specifics.

20

The specific topics covered by EIOPA’s supervisory work were broad and relevant. The scope of the tools ensured a comprehensive approach, but sometimes meant that the most important issues were not sufficiently prioritised. The scope of the handbook was decided by the Steering Committee and covered all major relevant areas, although some NCAs identified a few gaps (see Figure 4). These related to important aspects of supervision, as actual convergence requires not only common principles, but also a coherent approach at technical level.

21

EIOPA missed an opportunity to achieve more synergy by collecting best practices and targeting its advice in the area of conduct supervision by means of structured dialogue with NCAs and peer reviews, because they focused exclusively on prudential supervision³. We note, however, that EIOPA has dedicated tools in place in the field of conduct supervision.

22

EIOPA has developed supervisory tools regularly, and launched most of them by 2014. However, EIOPA finalised the supervisory handbook only in April 2018, i.e. four years after the start of the project (excluding the preparatory phase) and over two years after the implementation of Solvency II, which it is supposed to support. The time needed to complete peer reviews ranged from 14.5 months to two years, which is long, but reflects complexity of the topics. However, the NCAs found the duration problematic, as it required them to make long-term commitments for staff participating in the reviews.

Part II: Systemic weaknesses in the current supervisory system for cross-border business remain, but EIOPA made an effort to protect policyholders

23

The supervision of cross-border insurance groups in the EU is structured through colleges of supervisors. The colleges are supposed to ensure adequate supervision through exchanges of information and cooperative supervision by all NCAs concerned. The college is led by the home supervisor, which supervises the headquarters of the insurance group. The other NCAs are known as host supervisors. There are currently 88 colleges established within the EU.

24

EIOPA is a member of all colleges. Its role is to ensure that EU law is consistently applied and that colleges function consistently. Furthermore, EIOPA is also supposed to facilitate a common supervisory culture and prevent regulatory arbitrage⁴. The De Larosière Report⁵ identified these objectives as crucial for the Single Market.

Set-up of the college system creates wrong incentives for insurers and supervisors

25

Although insurance services in the past were mainly provided by subsidiaries established in the relevant country, many insurers have started to provide more cross-border services via branches or in a direct capacity (based on the Freedom of Establishment or respectively Freedom of Services envisaged under the Single Market). In 2016, 750 insurers provided business worth 59 billion euros to other European Economic Area (EEA) Member States without a local subsidiary (see Figure 5). While cross-border business allows insurers to reduce their administrative and regulatory burden, the current system creates the wrong incentives for insurers and supervisors.

26

Under the current college system, supervision is determined by the legal structure of the group rather than the nature of the business. Thus, a college needs to be established for a very small insurance company with a subsidiary in another Member State, although such resource-intensive supervision via a college would not be necessary. By contrast, for large international insurance groups, which provide cross-border services without subsidiaries, there are no colleges, even if it would be essential for ensuring adequate supervision and financial stability (see Figure 6).

27

This leads to a situation where NCAs supervise business in other Member States without having to bear the consequences of poor supervision, because it has no impact on the home market. They also often lack sufficient knowledge of national specifications and laws. Furthermore, the Member State in which the service is provided needs to rely fully on the supervision of the home supervisor of the insurer without exerting influence over the supervision process. This system has not been designed to supervise a Europe-wide market in a way that is effective and based on EU citizens’ interests. Several NCAs confirmed that the current supervision of cross-border business and cooperation is unsatisfactory (see Box 2).

28

We found that a number of problems were attributable to systematically wrong incentives. For instance, several NCAs prioritised their supervision based on factors such as the “impact on national financial stability”. Consequently, insurance companies with a large share of cross-border business were a low priority for supervision. This means that insurance companies had every incentive to use regulatory arbitrage by moving to Member States that have adopted such an approach, and then concentrate on cross-border services (see Box 3).

29

Furthermore, we found that the way business is done also has direct implications for consumer protection in the event that an insurer fails. Europe’s Insurance Guarantee Scheme system is currently fragmented, leading to a situation where consumers are not informed about their level of protection when they buy cross-border insurance services (see Box 4). Consumers are not necessarily aware that they are buying an insurance product from a subsidiary, branch or company without a physical presence in their own Member State.

EIOPA responds by developing ad hoc tools to protect consumers but supervisory convergence remains a challenge

30

In view of the risks and challenges posed by the current system of supervision for cross-border insurance business, EIOPA has made efforts to protect consumers by establishing cooperation platforms. EIOPA set up the platforms, in the absence of colleges, under its mandate to promote effective exchanges of information between NCAs and ensure effective and consistent supervision. Since 2016, EIOPA has established 13 cooperation platforms, both on its own initiative and in response to requests from NCAs. They operate in a similar way to colleges.

31

We found that EIOPA’s platforms provided a helpful ad hoc solution to tackling problems arising from cross-border services. In several cases, EIOPA helped to facilitate between NCAs and successfully pushed for solutions. For instance, EIOPA asked the home supervisor to answer a set of questions about insurers that displayed typical risk indicators (see Figure 7). This ensured that the insurer’s situation is subject to an assessment.

32

The platforms then created peer-pressure for the home supervisor, meaning that it felt obliged to take adequate supervisory action in view of the information that is available. This measure ensured that consumers were protected. However, in the absence of a robust legal mandate in the area of cross-border services, EIOPA had to rely on NCAs’ actual willingness to cooperate.

EIOPA played a helpful role in several colleges of cross-border groups, despite limited co-operation by NCAs

33

EIOPA is responsible for ensuring that colleges functioning consistently. We found that EIOPA prioritised its attendance at and contribution to colleges on the basis of comprehensive and well-established criteria. Prioritisation considered various factors, including the size and risk of the insurance group, the size and experience of participating NCAs, and the outcome of the joint risk assessment. Since the introduction of Solvency II in 2016, EIOPA has attended 100 college meetings. However, it has never attended 23 other colleges (see Figure 8). Scarce resources (see paragraph 86) also explain this result.

34

Furthermore, EIOPA’s level of engagement in the colleges it attended varied significantly. For example, it added significant value to some colleges by providing detailed input for discussion and feedback reports. In view of its priorities, EIOPA did not provide comparable added value to some other colleges because it restricted itself to administrative and horizontal support.

35

To support colleges and enhance supervisory convergence, EIOPA requested from NCAs the insurers’ Own Risk and Solvency Assessment (ORSA) reports. The ORSA report is an elementary instrument of insurance supervision and defines insurers’ risk appetite, analyses the available risk capital, and decides it will be allocated. It is therefore a key forward-looking tool that should be used for pro-active supervision. We found that although EIOPA made an effort to obtain ORSA reports, it did not always receive them. Some ORSA reports were provided only after a lengthy, bureaucratic process, entailing legal justification and high-level intervention. The limited and burdensome provision of ORSAs restricted EIOPA’s instruments for supporting supervisory convergence and was detrimental to efficient use of its resources.

36

In the course of its college work, EIOPA identified many issues within colleges and insurance groups, such as the following:

1. Some NCAs did not share important documents such as the ORSA report with other members of the same college. EIOPA supported these members in obtaining helpful documents but was not always successful. The absence of important information for college members showed a lack of trust between some NCAs and hampers effective group supervision.
2. Significant valuation mistakes and major deficiencies in risk management by insurance groups were found, and it was recommended that the NCAs should tackle them. Although EIOPA did make an effort to support colleges and facilitate adequate supervision, it did not comprehensively follow up issues that had been identified.

Part III - Lack of convergence in internal model supervision, despite first steps made by EIOPA

37

Based on the Solvency II framework, aiming to protect consumers and ensure financial stability, insurers in Europe are required to calculate their individual risks. For these risks, insurers need to hold sufficient risk-absorbing capital (see Figure 9) to ensure that they can provide compensation for claims. Insurers can either calculate their capital requirements with a given standard formula or use a so-called internal model. While the standard formula is the default option, insurers need to seek authorisation for any internal model they would like to use. NCAs must only authorise internal models, which fulfil several legally defined requirements and are therefore suitable for calculating risks in an adequate way. While overestimation of risks can lead to premiums, which are not competitive, underestimation can compromise the protection of policyholders and financial stability.

38

Internal models are very complex and give insurers significant discretion in calculating their risks. This includes expert judgements and reliance on internal historical data. Consequently, internal models supervision requires extensive resources and expertise within NCAs. Due to their impact on the protection of policyholders and financial stability, and the challenges they pose to supervisors, internal models are a crucial area, where EIOPA must facilitate supervisory convergence across Member States. Inconsistent supervision, leading to regulatory arbitrage and therefore distortion of fair competition, can have severe adverse consequences.

Convergence in the area of internal models remains very limited

39

One of EIOPA’s key tasks is to ensure that insurers and supervisors apply the rules consistently across the EU including internal models. To achieve it, EIOPA attended college meetings when internal models were discussed, visited NCAs to assess the supervision of internal models and acted as facilitator between NCAs. Despite EIOPA’s efforts, we found several problems, proving a persistently low level of supervisory convergence in this area.

40

Authorising and supervising internal models is extremely resource-intensive⁶. To achieve similar supervision within the EU, it is important that NCAs have sufficient resources to fulfil such a challenging task. However, NCAs stated that they have very different levels of staff for supervising internal models and EIOPA confirmed this during its visits. EIOPA found that several NCAs had insufficient resources and expertise to supervise internal models adequately, which highlights the importance of EIOPA’s work in this area.

41

EIOPA found that supervisory culture and the application of common rules still varies greatly within the EU. NCAs applied very different levels of strictness when authorising internal models. For instance, several NCAs did not clearly communicate unacceptable modelling practices to insurance companies. In other cases, NCAs applied very strict authorisation requirements. We found that some supervisors tried to protect local insurers through lower capital requirements, while others request stronger supervision and higher capital requirements.

42

In another case, the supervision of an internal model should have been transferred from one NCA (country A) to another (country B) in order to cover the whole group. However, the supervisor in country B required the insurance company to improve its internal model significantly before it could be authorised for use in their market. However, the internal model had already been authorised by the supervisor and applied in country A. The case illustrated different standards and approaches for approving internal models. EIOPA tried to facilitate between the two supervisors but no agreement could be reached. In the end, the internal model remained operational in country A only.

EIOPA made an effort to enhance convergence through consistency projects

43

To follow up on some of the recurring risks and inconsistencies in supervisory approaches, EIOPA organised consistency projects with a view to tackling five key areas (see Table 2). As all of these areas could lead to inadequate estimation of insurers’ risks, we believe that EIOPA defined the scope of the consistency projects appropriately.

Table 2

Key inconsistencies identified and follow-up

Different approaches between NCAs were identified regarding…	Followed up by EIOPA through…
modelling of the volatility adjustment*	Consistency project
treatment of sovereign risk	Consistency project
aggregation of risks	Not yet followed up
expert judgements	Not yet followed up
model changes	NCA visits

Source: ECA.

44

Through its consistency projects, EIOPA confirmed that the NCAs had fundamentally different supervisory approaches in approving some methods used in the internal models by insurance companies. The different methods had a material impact on the overall risk calculated by the insurer, but EIOPA was not able to quantify it. In general, EIOPA has no data on the impact of internal models when compared with the standard formula, although this would be essential for adequate supervision.

45

EIOPA reported in detail on the issues identified. Although it used further tools (e.g. opinions) to ensure consistency, EIOPA did not always achieve it. For instance, EIOPA still allows different methods to model volatility adjustment. However, it required NCAs to ensure that neither method results in lower capital requirements.

46

EIOPA also carried out a special consistency project on the modelling of market risk. This is one of the many risks assessed by internal models. EIOPA asked insurers to use their internal models to calculate the risks for a realistic virtual portfolio as defined by EIOPA. The outcome allowed different internal models to be compared directly for the first time. The project revealed some fundamental weaknesses in the internal models operated within the EU. For instance, questionable interest rate expectations were used to reduce the expected risks. In addition, EIOPA considered the extreme variation of estimated risks through different internal models for the same assets as unacceptable.

47

We found that EIOPA’s projects provided NCAs with essential insights into supervised internal models and helped to improve convergence. However, they revealed that internal models in the insurance sector bear significant risks and that the knowledge about the impact of internal models is insufficient.

EIOPA does not have sufficient access to data on internal models to perform oversight

48

As of June 2018, in the EEA, there were 212 internal models authorised by 17 different NCAs (see Figure 10). Given its shortage of resources, EIOPA decided to prioritise by focusing its direct assessments on the five largest insurance groups with an internal model. These groups accounted jointly for 47 % of all assets covered by internal models in the EEA. In 2015, EIOPA started to request full information about these models from the respective NCAs.

49

Given the NCAs’ reluctance to provide information, EIOPA took a pro-active approach through extensive exchanges of communication for over three years. In particular, EIOPA provided written legal justification as to why it requires the information in order to fulfil its tasks. Our survey shows that one of the underlying reasons for the NCAs’ refusal to provide information was diverging interpretations of EIOPA’s mandate in the field of internal models. As the survey explicitly stated, at least two NCAs believe that EIOPA currently goes beyond its mandate. By contrast, several NCAs would like EIOPA to perform significantly more work on internal models and believe that it does not sufficiently fulfil its mandate in this crucial area.

50

Despite a pro-active approach, EIOPA has not received sufficient information about any of the five largest internal models that it prioritised for its work. Consequently, EIOPA did not have a full understanding of the models and was unable to carry out the intended assessments. The lack of access to information significantly impeded EIOPA in performing its tasks. On the other hand, in 2016 one NCA provided EIOPA with all information on the internal model for a large insurance group. Although this would have been an opportunity to assess a first internal model, EIOPA decided not to provide support to the NCA, explaining that the specific case was not among its priorities. Thus, EIOPA has still not assessed any internal model in detail.

Part IV - EIOPA did reliable work to conduct the 2016 insurance stress test, but we found shortcomings in its design and recommendations

51

According to its founding regulation, EIOPA is responsible for conducting regular Union-wide stress tests in order to assess the resilience of financial institutions to adverse market developments. EIOPA insurance stress tests aim at financial stability and the protection of policyholders, and are organised biennially (interchangeably with the pension funds stress test). The EIOPA stress test is not a “pass or fail” exercise for individual participants, their results do not prompt specific regulatory action. We focused on the 2016 stress test, which assessed the vulnerability of insurance companies that were active in life and other long-term business. In line with its initial timetable, EIOPA launched the exercise in May 2016 and published the results on an aggregated basis, including recommendations for NCAs, in December 2016.

The scope of the stress test and the identified risks were appropriate, however, the scenarios used had shortcomings in calibration and justification

52

In the 2016 stress test, the sample comprised 236 individual companies from 30 countries⁷, offering both traditional life and composite (life and non-life) business. The NCAs sampled the companies, based on the criteria provided by EIOPA in the technical specifications. The sample was representative of each national market and covered at least 75 % of the relevant business, in line with the assumptions of the stress test. The 2016 stress test was conducted at legal entity (individual company) level, and so did not include potential diversification and re-insurance benefits stemming from group level.

53

For the 2016 stress test, EIOPA identified persistently low risk-free rates and volatility in equity markets as a main concern for the viability of the insurance sector. This was in line with regular risk assessments by EIOPA, the ESRB and insurance companies, as our survey confirmed (see Figure 11). Focusing on the risks considered in the stress test meant that other, insurance-specific factors (e.g. longevity, pandemics or natural catastrophes) were omitted, but this was justifiable given the first year of Solvency II implementation, which posed a challenge for insurance companies.

54

Considering the focus on market risk, the choice of the long-term insurance business was appropriate. The low-yield environment hits life insurance business particularly hard, as it typically has long-term obligations towards policyholders and struggles to earn the interest rates guaranteed in the past. The choice to use a market shock was relevant, given insurers’ significant role as institutional investors, and hence their impact on the stability of the financial market as a whole.

55

The 2016 stress test included two scenarios, “Low Yield” and “Double Hit”, which accurately reflected the risks identified by EIOPA as key for the insurance sector (see Annex II for main parameters and assumptions). To create the Low Yield scenario, EIOPA used its own capabilities and made specific discretional assumptions, while the Double Hit scenario was set up in cooperation with the ESRB, which derived the shocks from the financial shock simulator tool, capturing historical dependencies in the data.

Low Yield scenario

56

The starting point for this scenario was a low risk-free yield curve for different maturities (up to 20 years for the euro), which EIOPA derived by identifying the lowest rates actually observed in the market over a period of two years. We estimate the probability of such an event to be at least 3 %, or much higher than the usual threshold of 1 %⁸. Therefore, the probability is too high to consider this element alone as severe enough. The second element of the scenario was an additional stress applied to the yield curve (a downward shift of 15 basis points - bp). In addition, to calculate the value of the liabilities of insurers in the very long term, EIOPA used the so-called Ultimate Forward Rate (UFR), set at 2 % to reflect the assumption of persistently low yields. The two latter elements (a 15 bp downward shift and the UFR) decrease the probability of the scenario but it is not possible to estimate to what extent. However, the strength of these two elements alone was limited, as they were fairly close to the market situation at the time⁹.

57

While most of the NCAs participating in the survey considered the scenarios well-calibrated, some of them shared the aforementioned concerns about the severity of the Low Yield scenario (see Figure 12). EIOPA did not attempt, even for the purposes of internal analysis, to quantify the probability of the initial (liquid) part of the curve. It also did not provide any other sufficiently detailed justification for the soundness of the overall scenario.

58

The stress level for currencies other than the euro was derived using an assumed multiplier of the euro curve. However, EIOPA did not use this method fully appropriately, because it did not consider the dependence between interest rates for various currencies during the reference period.

The Double Hit scenario

59

The Double Hit scenario assumed falling interest rates and a market shock, reflected as a rapid increase in yields on sovereign and corporate bonds and a drop in prices on equity and other asset classes. The ESRB estimated the probability of the two main triggering events at 0.50 % for swap rate shocks and 0.75 % for a government bond yield shock. The scenario was strong enough, as it combined a severe stress on the asset side of the balance sheet with an element of swap shock added to stress the liability side.

60

The plausibility of the Double Hit scenario depended heavily on the set of historical data used in the financial shock simulator. It contained dependence between different relevant economic variables and was based on 11 years of historical data (2005-2015). However, the selected period, even if it covered two recent crises, was too short to warrant stress level that was strong enough for all countries across Europe (see Box 5).

61

For instance, the stress level was lower for Bulgaria’s 10-year bond yield (an increase of 111 bp compared to the baseline) than for Belgium’s (116 bp) or Croatia’s (155 bp). Furthermore, we noted that the stresses were relatively low for Slovakia and the UK (with, respectively, 95 bp and 94 bp for their 10-year bond yield, compared to an average stress of 121 bp). If the historical sample were longer (e.g. 20 years), the results would be more robust and possibly return cases with higher stress for some countries.

62

While the Double Hit scenario defined specific stress levels for some asset classes held by insurance companies outside the EU, it left the stocks held in these countries unstressed. Stressing stocks held outside the EU is highly relevant for the plausibility of the stress test, given that a downward movement of the stock market in the EU is not isolated from other stock markets worldwide (in times of crisis, the dependence between stock markets goes up to 90% correlation). Therefore, it is necessary to include the shocks on stocks outside the EU as well, instead of confining the risk only to the EU.

Justification and communication

63

Considering that important elements of the stress test were discretional, EIOPA did not make sufficient efforts to justify them in a transparent manner. In the technical specifications, EIOPA did not clearly explain how it derived the scenarios, or how it arrived at the assumptions underlying them. This was supported by some NCAs and industry representatives (see Box 6). To some of the latter, it was also unclear whether the scenarios represented a shock that is similar to or more severe than the one required under the Solvency II regime. This led to some incorrect interpretations of the nature of the stress test. EIOPA did not make it entirely clear, for example by explaining why and how they differ from the Solvency II regime.

EIOPA accurately validated and aggregated the data

64

The data validation process for the stress test run in three rounds: one at national level, conducted by NCAs, and two at central level, carried out by the validation team, composed of EIOPA and NCA staff. EIOPA developed an Excel validation tool to analyse and aggregate data. This proved useful in the process of data validation as it helped to harmonise the NCAs’ different approaches. Overall, EIOPA carefully analysed the data that insurance companies had provided and clearly pointed out any inconsistencies, although the ultimate decision-makers on data reliability were NCAs.

65

Our checks on data aggregation showed that EIOPA accurately computed the overall results of the stress test. However, the aggregation included companies whose product portfolios – and, hence, their risk profiles – were highly diverse (see an example in Figure 13). This was an inherent feature of the sample, but EIOPA did not attempt before aggregation to classify companies according to their products, a step which would add value to the interpretation of results¹⁰. In this respect, EIOPA carried out only ex-post analysis with the aim of identifying the drivers behind the different stress sensitivities.

EIOPA presented relevant results which showed the vulnerability of the sector

66

The results of the stress test confirmed that the life insurance sector was vulnerable to the low interest environment and a sudden market shock, which could have an impact on financial stability as whole. Under the Low Yield scenario, the excess of assets over liabilities in the balance sheets of participating companies would shrink by 100 billion euros (-18 %). Under the Double Hit scenario, the overall hit on the companies would amount to 160 billion euros (-29 %). This meant that 44 % of insurers would lose more than a third of their excess in assets over liabilities, and 2 % would lose everything. The impact of both scenarios would be significantly greater if the so-called long-term guarantee (LTG) and transitional measures¹¹ were excluded (under the Double Hit scenario, 31 % of companies would not maintain any excess of assets over liabilities).

67

Overall, the stress test report was comprehensive and supported by relevant figures and graphs. As regards indicators, the report presented the results expressed as an excess of Assets over Liabilities. For analytical purposes, however, it would be more relevant to use the capital requirements as they are defined in Solvency II. This would demonstrate the actual impact on solvency positions, and establish whether capital requirements were still met after the stress test. We note, however, that re-calculating these ratios was not intended by EIOPA as it would be technically very challenging and complex, and would require insurance companies to provide significantly more detailed information than was requested of them in 2016.

68

The results of the 2016 stress test were published only on aggregated basis to form an opinion on the resilience of the life insurance sector. Unlike the EBA, EIOPA does not have a specific legal mandate to publish the results for individual companies. To do so, EIOPA needs to obtain written consent from participants, which it did in the 2018 stress test. This was a step in the right direction, considering the aim of the stress test – i.e. to restore confidence. In this sense, transparency – as regards both the methodology applied in the stress test and its results – is crucial. Disclosure about individual companies could help to raise awareness of risks and so enhance market discipline.

Some of the recommendations were too general and did not propose specific action

69

Following the stress test, EIOPA made three broad recommendations to the NCAs, which contained a number of measures they could take. However, many of these suggestions were very general in nature and did not lead to specific action aimed at ensuring financial stability. For instance, the suggestion to “align internal risk management processes to the external risk faced” merely expresses any company’s overall goal of sound risk management. Running an exercise as complex as a stress test was not necessary to arrive at such general recommendations, as our survey confirmed. Lastly, some suggestions (e.g. “reviewing guarantee clauses” or “stopping dividend payments”) went beyond the remit of some NCAs. This is because NCAs’ supervisory powers are not fully harmonised across Member States, meaning that the extent to which recommendations can be applied may differ.

70

Soon after the stress test results were published, EIOPA approved a plan for systematically following up the recommendations. As one recommendation was that NCAs should analyse the stress test’s potential impact at group level, EIOPA launched a dedicated survey so that the relevant NCAs could report on their analysis and the action they had taken. Analysis of the extent to which other recommendations were followed up was based on the information EIOPA had collected during country visits, college meetings and meetings with group supervisors. In January 2018, EIOPA drafted a report showing that the NCAs had taken a range of follow-up measures to address its recommendations. The report also identified good practices, and analysed the results of the NCAs’ survey regarding the impact of the stress test at group level¹².

EIOPA organised the stress test in a structured way, with some problems in timing and documentation

71

The timing of the 2016 insurance stress test coincided with the implementation of the Solvency II Directive, which entered into force on 1 January 2016. Until the end of May 2016, all insurance companies in the EU had to provide a substantive reporting package for the first time. Immediately thereafter, the stress test started (see Annex III). This chronological sequence of Solvency II reporting and the stress test was difficult for insurers to handle in terms of workload. The NCAs validated the data over a period of six weeks, between mid-July and the end of August. In our survey, the NCAs expressed the view that the time given was appropriate, albeit challenging due to their workload and limited resources over the summer period. Notably, not all NCAs were able to devote sufficient time and resources to thorough data validation.

72

Throughout the stress test process, EIOPA communicated with the NCAs and insurance companies through a number of channels, which we consider good practice (see Box 7). Despite having several dialogue tools, EIOPA was not sufficiently clear in explaining to participants why it required certain information. EIOPA was ultimately able to justify the need to receive these data for validation purposes. However, the fact that participants lacked an explanation created an image of excessive and unduly detailed data requirements. EIOPA did not consult participants on the design of the scenarios.

73

EIOPA provided participating companies with a dedicated template for the stress test, which they had to fill in within seven weeks and send to the NCAs. The templates were generally user-friendly, and replicated as far as possible the categories of financial data used for Solvency II reporting. This ensured consistency, and provided participants with clarity about the data they needed to submit.

74

The complexity of the tables reflected the purpose and scope of the stress test, but this meant, however, that some participants faced difficulties in performing the calculations by the deadline (see Box 8). Numerous updates of stress test-related material during the process created an additional burden. EIOPA updated the technical specification three times and the templates four times, and published the last version only two weeks before the submission deadline. However, for each of the four template alterations, EIOPA provided a useful automatic “updater tool”, which quickly filled in the content participants had already provided in the previous template version.

75

EIOPA introduced a number of improvements in the 2016 stress test, based on lessons learned from the previous test in 2014. For example, it shared a validation tool with the NCAs and reduced the number of updates to the stress test template (see Annex IV). EIOPA had no overall planning in place for the “lessons learned” process. The conclusions primarily followed the discussions in two meetings with stakeholders, but EIOPA did not conduct a survey for industry representatives and NCAs as it had done after the stress test in 2014.

Part V - EIOPA’s governance and limited resources create a challenge in achieving the objectives

76

In this part of the report, we analysed those procedural and organisational aspects of EIOPA’s work that horizontally affect the efficiency of its actions. In particular, we focused on the risks related to the reliance on NCAs’ work and the current governance framework, the use of legal instruments to ensure compliance with guidelines and regulations, and the adequacy of EIOPA’s resources.

The effectiveness of EIOPA’s work relies on the NCAs’ contributions, and its governance creates challenges

77

EIOPA co-operated very closely with the NCAs in all the actions covered by our audit. Although this co-operation was generally positive and reflected EIOPA’s mission to support and coordinate the work of national supervisors, the efficiency and effectiveness of EIOPA’s work often relied on the quality of the NCAs’ input and their willingness to co-operate. For example, it took a very long time to obtain agreement from some NCAs just to organise the country visits. Despite visible efforts by EIOPA to obtain the NCAs’ support, some of them questioned the rationale and scope of the visits. As a result, EIOPA ultimately managed to visit all NCAs, but the last visit took place three years after the cycle of visits had started. This delay visibly hampered EIOPA’s effectiveness in ensuring supervisory convergence. The quality and timeliness of NCA inputs also largely determined whether EIOPA’s other products, such as the supervisory handbook and peer reviews, could be produced on time.

78

As far as country visits, work on cross-border activities, and internal models were concerned (see paragraphs 35-36 and 49), we found cases where EIOPA did not receive all the information it had requested from the NCAs. As a result, EIOPA was unable to perform some types of analysis that it had originally intended to carry out. In the course of some country visits, for example, EIOPA was not able to discuss with the national authorities certain companies’ approaches to supervising risk management, and only covered the NCAs’ overall procedures in this respect. Given its nature, reliance on the quality of NCA inputs was also heavy in the stress test process (see Box 9).

79

EIOPA’s current governance structure gives NCAs the power to influence the extent to which their own work will be reviewed and also the conclusions of such reviews. This is because the ultimate decision-making body at EIOPA is the Board of Supervisors, which consists of 28 NCA representatives and the EIOPA chairperson (as well as observers from the ESRB, the EBA, the ESMA and the European Free Trade Association). The Board of Supervisors approves all of EIOPA’s key documents and products, including the oversight strategy (which defines the priorities for spot visits to NCAs), the topics and final reports of peer reviews, the assumptions, scenarios and reports following the stress test. This creates a challenge for independence, considering that some of EIOPA’s instruments (notably country visits and peer reviews) are intended to provide constructive but critical feedback on the NCAs’ work. The stress tests can also indirectly reveal weaknesses in prudential supervision in the Member States, and lead to recommendations for the NCAs.

The procedures for using legal instruments are sound, but sometimes lack transparency and a pro-active approach

80

To ensure that NCAs and insurance companies comply with EIOPA’s guidelines and regulatory requirements, EIOPA can take action under the “comply or explain” (Article 16 of the EIOPA Regulation) and “Breach of Union Law” (Article 17) procedures. However, the actions that EIOPA can take are essentially limited to monitoring and reporting cases of non-compliance rather than sanctioning them.

81

Under the “comply or explain” procedure, NCAs have to confirm that they apply each of the approximately 700 guidelines issued by EIOPA by providing reference to their own legal framework, or justify why they have not done so. In practice, cases of non-compliance with guidelines are rare, since NCAs are involved in developing them, and EIOPA has an effective procedure for registering and reporting such cases. We found the “comply or explain” procedure to be an effective tool for monitoring compliance but it did not fully ensure transparency towards external stakeholders and consumers. The compliance tables uploaded onto EIOPA’s website were not always up to date, and the summary nature of the information they contained, which varied depending on the quality and comprehensiveness of the information NCAs have provided, meant that they were of limited use to the public.

82

EIOPA established the “Breach of Union Law” procedure in 2011, and has since recorded 28 complaints (most of which EIOPA considered inadmissible). EIOPA applied its procedure for investigating breaches of Union law consistently, and its investigations were thorough. When investigating alleged breaches as reported by a complainant, EIOPA only provided a limited number of updates about the procedure, and periods of non-communication can sometimes be lengthy due to the complexity of individual cases. As a result, complainants - including consumer organisations - did not have a comprehensive overview of EIOPA’s actions, and sometimes mistakenly regarded non-communication as evidence of inactivity.

83

The “Breach of Union Law” procedure did not provide for systematic monitoring of potential cases. EIOPA monitored such cases informally, but the cases that came to its attention in this way are dealt with at closed meetings of the Board of Supervisors. They were typically not recorded in the breach of Union law register and investigated accordingly. EIOPA adopted this approach in order to foster trust among NCAs, but it did not give stakeholders full confidence that EIOPA is taking appropriate action at their request. This approach also lacked transparency, as external stakeholders (such as consumer organisations) cannot monitor it.

84

Given the nature of the process, it was not possible for us to verify whether EIOPA launched the procedure in all cases each time it becomes aware of an alleged breach of Union law (unless formally reported and registered). We found one case where EIOPA identified serious shortcomings in an NCA’s decision but did not launch a “Breach of Union Law” procedure, instead opting to act as a mediator between two NCAs (see Box 10).

EIOPA’s resources for carrying out supervisory work were limited and not transferred from regulatory activities

85

Given the scope of responsibilities and the range of actions in the field of supervision, EIOPA worked with very limited resources. In February 2018, the oversight department had 20 staff, representing only 14 % of EIOPA’s human resources (142 members of staff). EIOPA’s oversight department is responsible for visits to NCAs, coordination of peer reviews, support and attendance at college meetings, facilitation between NCAs and oversight of internal models. Some other staff members (equivalent to four FTEs) were dedicated to the development of supervisory convergence initiatives and three staff members were working on data and business intelligence tasks which support oversight work.

86

Resource limitations became even more apparent at team level. For example, the team responsible for internal models effectively had three full-time employees (after accounting for long-term absences and commitments to other tasks), as opposed to the 5.25 listed in the work programme. Considering that the team co-operated with 17 NCAs that supervise 212 complex internal models and was responsible for further horizontal tasks such as consistency projects, the effective allocation of resources posed a significant challenge. Most NCAs in our survey felt that EIOPA’s staffing for internal models oversight could be improved. This was particularly important because NCAs themselves had limited resources for supervising internal models, particularly due to the considerable demands of the job. By providing more support in this field, EIOPA could close an important expertise gap in Europe’s insurance supervision system.

87

Following the implementation of Solvency II, and having finalised its work on the core of the new regulatory framework, EIOPA adopted a strategy of shifting its focus from regulation to supervision. This was also expected by stakeholders, including businesses and consumers, namely that EIOPA should focus on ensuring that the new common regulatory framework for insurers is equally applied across the EU. The allocation of staff, however, did not reflect this shift. Between 2015 and 2017, the policy department decreased by 13 people, but the oversight department increased by only five, it was though supported by a limited number of staff working in other departments (see Figure 14).

88

As the posts in the oversight department required business-specific knowledge and hands-on supervisory experience, EIOPA struggled in several recruitment campaigns to find appropriate candidates. This was due to, among other factors, high demand for finance professionals in the local labour market in Frankfurt, combined with the high costs of living. However, EIOPA did not compromise on its requirements, and employed staff with appropriate experience.

89

For the stress test, the core team consisted of three adequately-qualified EIOPA staff members. The staff allocation was appropriate considering the current division of responsibilities, which largely relies on input from NCAs (see paragraph 78). However, with these resources, EIOPA would be unable to carry out more detailed checks on data accuracy, or to communicate directly with participants of the stress test, even if considered this useful. Furthermore, EIOPA did not have an overview of the resources used by all partners involved (including the NCAs) to organise and conduct the stress test. The overall costs remained therefore unknown.

Conclusions and recommendations

90

Our overall conclusion is that EIOPA made a good contribution to supporting the quality of supervision and stability in the EU insurance sector. In doing so, however, EIOPA faced limitations in terms of the architecture of the supervision system, scarcity of resources and, in some instances, insufficient support and collaboration from NCAs. As a result, much still needs to be done by EIOPA, legislators and NCAs to achieve supervisory convergence, i.e. a level playing field for insurance businesses operating across EU Member States and for their customers.

Coordination of NCAs’ work

91

EIOPA used a wide range of tools, both as envisaged in its founding Regulation and on its own initiative, to ensure that NCAs follow a common approach when supervising insurance companies. We found that EIOPA staff prepared thorough, well-founded analyses in this respect that made it possible to identify significant weaknesses in supervision by NCAs. The weaknesses included risks to the institutional independence of NCAs and insufficiently rigorous supervision, which follows a formalistic rather than a risk-based approach (see paragraphs 14 to 16 and 19).

92

Some of EIOPA’s tools, notably visits to NCAs and peer reviews, were covering supervision issues in a comprehensive way, but that meant they were very broad in scope. Therefore, it took a considerable amount of time to finalise them, and the NCAs needed significant resources to prepare for and participate in such activities. The NCA visits also resulted in a high number (over 30 in some cases) of non-prioritised recommendations (see paragraphs 17 and 20 to 22).

93

We also found that EIOPA has had no arrangements in place to follow up on the recommendations of NCA visits and peer reviews in a systematic way. As a result, it had no overview of progress in supervisory convergence and the challenges that remain. Nevertheless, EIOPA did make an effort to discuss selected problems with NCAs on ad hoc basis, and can also demonstrate gradual improvements in the practices that some of the have followed (see paragraph 18).

Recommendation 1 – Improve the focus and follow-up of supervisory tools

EIOPA’s should better focus and follow up its supervisory tools. In particular:

1. The spot visits should be centred on a few of the most pressing issues, selected on the basis of their impact on supervisory convergence and consumer protection. They should lead to a smaller number of clearly prioritised recommendations with a specific timeframe for implementation.
2. EIOPA should define the scope of the peer reviews so that they focus on a single issue in supervisory convergence and can be finalised, as a rule, within a year.
3. EIOPA should analyse whether the NCAs effectively implemented each recommendation issued as part of a process of structured dialogue and peer reviews. It should register the results of its analysis in order to have an overview of the progress made and challenges faced in achieving supervisory convergence across Member States, and should make its overall findings publicly available.

Target date: 1.1.2020.

Supervision of cross-border companies

94

The current set-up for supervising cross-border business has systemic weaknesses and creates a situation, where the method of supervision depends on the legal form of the business. Insurers, which operate abroad via subsidiaries, are subject to supervision through colleges. However, companies which operate abroad, either through branches or directly, are supervised solely by the home supervisor (see paragraphs 23 to 26).

95

This set-up for cross-border supervision created the wrong incentives for supervisors and insurers. As some companies are not subject to supervision by a college, insurers will take advantage of a lower level of supervision in certain Member States. The system has not been designed to supervise a Europe-wide market in a way that is effective and based on EU citizens’ interests. This means that the objective, as set out in the De Larosière Report, of avoiding competition distortions and regulatory arbitrage as a result of different supervisory practices has not yet been achieved. EIOPA did make an effort to deal with the resulting problems, for example by creating the cooperation platforms, but was not in a position to overcome systemic weaknesses (see paragraphs 27 to 32).

96

EIOPA was able to contribute to the colleges’ work, despite scarce resources and – in some cases – limited co-operation by the NCAs. However, many issues remained in terms of the consistency of cross-border supervision (such as different risk assessment frameworks, staffing shortages in NCAs. (see paragraphs 33 to 36).

Recommendation 2 – Strengthen the supervision of cross-border companies

EIOPA should:

1. co-operate with the Commission and the co-legislators to address systemic weaknesses in the supervision of cross-border business, e.g. by improving legal provisions through the ESAs’ review process. In particular, it should aim to ensure an equal level of supervision for companies running their business in another Member State, regardless of the chosen business model;
2. in parallel to these efforts, continue to protect consumers by acting through cooperation platforms and by monitoring cross-border activities.

Target date: 1.1.2019.

Supervision of internal models

97

Supervising internal models is a highly complex and resource-intensive process, and the level of convergence in this area is still not satisfactory. This means that supervisors have different approaches to assessing how accurately the internal models reflect the actual risks held by insurers. The result may be unfair competitive advantages, and adverse effects for consumers and financial stability. EIOPA made efforts to address these issues through consistency projects, and, in so doing, did achieve some results, although there was no effective convergence of supervisory approaches. EIOPA’s attempts to become involved in reviewing the internal models of selected companies were largely unsuccessful because access to information was limited. In another case, however, EIOPA was asked to support an NCA in its work on internal models, but did not do so, as the request did not reflect its priorities (see paragraphs 37 to 50).

Recommendation 3 – Enhance arrangements for the supervision of internal models

EIOPA should:

1. co-operate with the Commission and the co-legislators to address the limitations in access to information concerning internal models for its own staff and host supervisors. EIOPA should provide supervisors with more information and support on how to assess and/or challenge those models;
2. assist supervisors when authorising and supervising complex internal models, whenever asked to do so and on its own initiative.

Target date: 1.1.2019.

The insurance stress test

98

EIOPA carried out its 2016 insurance stress test to assess how the insurance sector would react to adverse market developments, in particular a prolonged period of very low interest rates and an asset price shock. A number of companies did indeed prove vulnerable to such a situation, as their solvency would significantly worsen. For the most part, the scope of the stress test and the focus on the life and long-term business were appropriate given the test’s objectives (see paragraphs 50 to 54 and 66).

99

The stress test scenarios were effective at addressing the main risks identified for the sector, but we found shortcomings in the way they were calibrated and justified. Although the goal of the stress test is to simulate an extreme event, for one scenario EIOPA was unable to demonstrate that it was severe enough. Some of its parameters, which were based on professional judgement, nevertheless proved to be relatively close to market reality. For the other scenario, we found inconsistencies in the level of applied shocks across Member States. Therefore, there is a risk that the results of the stress test did not provide a full picture of developments in the insurance sector in the event of extremely adverse circumstances. This is of crucial importance from a financial stability perspective and for policyholders, considering that, even given the assumptions that EIOPA adopted, the sector proved to be highly vulnerable (see paragraphs 55 to 63).

Recommendation 4 – Improve the design of the stress test scenarios

EIOPA could improve its stress test scenarios further with a view to making them more robust and sound in terms of severity, plausibility and consistency. This could be achieved by:

1. analysing and assessing the severity and plausibility of developed scenarios, e.g. by quantifying the probability of the relevant triggering events or using other available methods and/or tools, and documenting this analysis to justify the soundness of the scenarios; and
2. relying more on ESRB capabilities for the market scenarios (e.g. by intensifying the use of the shock simulator tool) and/or other expert advice (e.g. by bringing together an external panel of experts to evaluate the scenarios).

Target date: As from the 2020 stress test.

100

We found that, overall, EIOPA accurately validated and presented the stress test results. Given the demonstrated vulnerability of the sector, the stress test led to recommendations being made to NCAs. However, some of the recommendations were too general and did not propose actions that were sufficiently specific. Moreover, some recommendations went beyond the remit of certain NCAs, meaning that they were not in a position to implement them. EIOPA made an effort to follow up on the recommendations and to analyse the progress made (see paragraphs 64 to 65; 67 and 69 to 70).

Recommendation 5 – Issue more relevant recommendations to the NCAs

Following the stress test, where needed, EIOPA should issue recommendations to the NCAs requiring them to take action that is both more specific and relevant for all concerned. EIOPA should assess the feasibility of the recommended action on an ex-ante basis, by considering whether the NCAs have the means to apply it effectively and in a timely manner.

Target date: As from the 2020 stress test.

101

EIOPA published the results of the 2016 stress test only on an aggregated basis as, unlike the EBA, EIOPA does not have a specific legal mandate to publish results for individual companies. In order to do so, EIOPA needs to obtain written consent from participants, which it was not ready to ask for in 2016 but which it did seek for the 2018 stress test. We consider this to be a step in the right direction, as disclosing individual companies’ results could help to increase transparency, raise awareness of risks and so enhance market discipline (see paragraph 68).

Recommendation 6 – Promote publication of individual stress test results

EIOPA should promote the publication of stress test results on an individual basis. To increase participants’ confidence, EIOPA could refer to the improved transparency of the stress test methodology (recommendation 7) and sounder design of the scenarios (recommendation 4). EIOPA should also ensure that the way of presenting the individual results leaves no leeway for interpretation.

Target date: As from the 2020 stress test.

102

Overall, EIOPA organised the stress test smoothly, although the timing was very challenging for participants. It used a range of channels to communicate with NCAs and participating companies. Despite numerous updates during the reporting period, the templates were a practical tool for enabling companies to provide data. However, EIOPA did not sufficiently justify the need to receive certain data, or the design of the scenarios and their underlying assumptions. This was unhelpful in terms of instilling confidence in the NCAs and participants whose contribution was crucial for the reliability of the stress test results. EIOPA learned lessons from the 2014 stress test to improve its organisation in 2016, but the approach was not systematic (see paragraphs 71 to 75).

Recommendation 7 – Increase transparency of the stress test methodology

Stress test methodology should be more transparent and EIOPA should do more to help stakeholders and participants understand it, e.g. by:

1. organising workshops for participants and industry representatives before launching the stress test proper, so as to explain the test and the scenarios more clearly and gather non-binding feedback for a better informed stress test;
2. using the technical documentation so as better to explain to participants in greater detail the way scenarios (underlying assumptions) are calibrated and the scope of the data required for this purpose;
3. conducting meetings with stakeholders after the stress test so as to receive feedback and learn from previous stress tests in a systematic way (i.e. with specific timelines, communication channels and participants).

Target date: As from the 2020 stress test.

Governance and resources

103

In most of its activities, EIOPA worked very closely with the NCAs. However, in particular where country visits and work on internal models were concerned, in some instances it received insufficient support from national supervisors. As access to information and documents was restricted, EIOPA was unable to perform some of the checks and analyses it had planned. As NCAs also have a decisive say in EIOPA’s main governing body, they are in a position to decide about the scope of EIOPA’s action to review the effectiveness of their work. This posed a challenge in terms of the independence of such action.

104

We found that EIOPA had a well-established procedure in place for following up instances of non-compliance with EU law, despite some weaknesses regarding transparency towards external stakeholders (see paragraphs 76 to 84).

105

Given the complexity of EIOPA’s tasks, particularly in the field of supervision, its resources were very limited. The team responsible for overseeing 212 internal models has had only three full-time employees. Overall, only 20 staff members (14 % of all EIOPA staff) work directly in the oversight department and there is a limited number of staff who deal with supervisory issues in other departments. Thus, the intended strategic shift in EIOPA’s focus from regulation to supervision has not yet taken place (see paragraphs 85-89).

Recommendation 8 – Strengthen human resources assigned to supervisory tasks

1. EIOPA should gradually ensure a significant increase in the number of staff assigned to supervisory tasks and set itself a specific and justified objective in this respect in the annual work plan.
2. Following a detailed needs analysis, EIOPA should also consider requesting additional resources by clearly specifying the tasks for which they are necessary and their impact on the quality and convergence of supervision and financial stability.
3. The additional resources should be used specifically to intensify EIOPA’s work on internal models, cross-border supervision and identifying instances of non-compliance with EU law.

Target date: 1.1.2020.

This Report was adopted by Chamber IV, headed by Mr Neven MATES, Member of the Court of Auditors, in Luxembourg at its meeting of 2 October 2018.

Abbreviations

BoS: Board of Supervisors

BP: Basis point

EBA: European Banking Authority

ECA: European Court of Auditors

EEA: European Economic Area

EIOPA: European Insurance and Occupational Pensions Authority

ESAs: European Supervisory Authorities

ESFS: European System of Financial Supervision

ESRB: European Systemic Risk Board

FTE: Full-time equivalent

IGS: Insurance Guarantee Scheme

IM: Internal model

NCA: National competent authority

ORSA: Own Risk and Solvency Assessment

SCR: Solvency Capital Requirement

UFR: Ultimate Forward Rate

Glossary

College of supervisors: A college of supervisors is a permanent but flexible structure for coordinating and facilitating decision-making about the supervision of an insurance group that is active in more than one Member State.

European System of Financial Supervision: The ESFS is a system of micro- and macro-prudential financial supervision, and is centred around the three European Supervisory Authorities (ESAs) – EBA, EIOPA and ESMA, the European Systemic Risk Board (ESRB) and national supervisory authorities.

European Systemic Risk Board: The ESRB is responsible for macro-prudential oversight of the EU financial system and the prevention and mitigation of systemic risk. The ESRB monitors and assesses systemic risks and, where appropriate, issues warnings and recommendations.

Internal model: An internal model is an advanced approach to calculating risks stemming from an insurer’s business. Insurers can choose to use an internal model to calculate their overall risk situation better than with the standard formula; the calculated risk situation then determines the capital requirement. Any internal model needs to fulfil several requirements and be authorised by the responsible supervisor(s).

National Competent Authority: NCAs are the national authorities in each Member State that are empowered to supervise insurance companies (they are therefore also referred to as national supervisory authorities). An NCA which is responsible for supervising an insurer that has obtained its license in that NCA’s Member State is called the home supervisor. All other NCAs are host supervisors for the insurer in question if it conducts business via a subsidiary in their respective Member States.

Own Risk and Solvency Assessment: An ORSA is an annual internal process undertaken by insurers to assess the adequacy of their risk management and solvency positions under both normal and stress scenarios. An ORSA represents an insurer’s own assessment of its current and future risks.

Solvency II: The EU’s Solvency II Directive came into effect in 2016 and put solvency risk at the heart of a harmonised regulatory framework for insurance companies. The framework places demands on the required economic capital (‘Pillar 1’), governance and risk management (‘Pillar 2’) and reporting standards (‘Pillar 3’) of all insurance companies in Europe. The stated aims of Solvency II are to improve consumer protection, modernise supervision, deepen EU market integration by harmonising supervisory regimes, and increase the international competitiveness of EU insurers.

Solvency Capital Requirement: The SCR is the amount of capital that insurance companies must hold to meet Pillar 1 requirements under the Solvency II regime. This should ensure that insurers meet their obligations towards policyholders and beneficiaries with a very high level of probability (99.5 %) over a 12-month period.

Standard formula: The standard formula is the default approach for calculating an insurer’s risk situation in accordance with Solvency II. The standard formula is divided into risk modules, which are aggregated and determine the capital requirement.

Ultimate Forward Rate: The UFR is the risk-free interest rate towards which the risk-free yield curve converges beyond the so-called Last Liquid Point (e.g. 20 years for the euro). The UFR is used for very long-term liabilities due to a limited number of transactions (not sufficient liquidity) in the market in order to obtain the yield curve.

Audit team

The ECA’s special reports set out the results of its audits of EU policies and programmes or management topics related to specific budgetary areas. The ECA selects and designs these audit tasks to be of maximum impact by considering the risks to performance or compliance, the level of income or spending involved, forthcoming developments and political and public interest.

This report was produced by Audit Chamber IV – headed by ECA Member Neven Mates – which has a focus in the areas of regulation of markets and competitive economy. This audit was led by ECA Member Mr Rimantas Šadžius. He was supported in the preparation of the report by Mindaugas Pakštys, Tomas Mackevičius, Aušra Maziukaitė and Niamh Carey from his private office; Zacharias Kolias, director; and Kamila Lepkowska, head of task. The audit team consisted of Matthias Blaas, Vasileia Kalafati, Marion Kilhoffer, Anna Ludwikowska and Josef Sevcik. Linguistic support was provided by Mark Smith.

Contact

EUROPEAN COURT OF AUDITORS
12, rue Alcide De Gasperi
1615 Luxembourg
LUXEMBOURG

Tel. +352 4398-1
Enquiries: eca.europa.eu/en/Pages/ContactForm.aspx
Website: eca.europa.eu
Twitter: @EUAuditors

More information on the European Union is available on the internet (http://europa.eu).

Luxembourg: Publications Office of the European Union, 2018

PDF	ISBN 978-92-847-1200-7	ISSN 1977-5679	doi:10.2865/934198	QJ-AB-18-027-EN-N
HTML	ISBN 978-92-847-1212-0	ISSN 1977-5679	doi:10.2865/579921	QJ-AB-18-027-EN-Q

© European Union, 2018.

For any use or reproduction of photos or other material that is not under the European Union copyright, permission must be sought directly from the copyright holders.

GETTING IN TOUCH WITH THE EU

In person
All over the European Union there are hundreds of Europe Direct Information Centres. You can find the address of the centre nearest you at: https://europa.eu/european-union/contact_en

On the phone or by e-mail
Europe Direct is a service that answers your questions about the European Union. You can contact this service

• by freephone: 00 800 6 7 8 9 10 11 (certain operators may charge for these calls),
• at the following standard number: +32 22999696 or
• by electronic mail via: https://europa.eu/european-union/contact_en

FINDING INFORMATION ABOUT THE EU

Online
Information about the European Union in all the official languages of the EU is available on the Europa website at: https://europa.eu/european-union/index_en

EU Publications
You can download or order free and priced EU publications from EU Bookshop at: https://publications.europa.eu/en/web/general-publications/publications. Multiple copies of free publications may be obtained by contacting Europe Direct or your local information centre (see https://europa.eu/european-union/contact_en)

EU law and related documents
For access to legal information from the EU, including all EU law since 1951 in all the official language versions, go to EUR-Lex at: http://eur-lex.europa.eu/homepage.html?locale=en

Open data from the EU
The EU Open Data Portal (http://data.europa.eu/euodp/en/data) provides access to datasets from the EU. Data can be downloaded and reused for free, both for commercial and non-commercial purposes.