EIOPA (European Insurance and Occupational Pensions Authority) has issued a mandate for Insurance companies to report their Solvency 2 status using XBRL and as of January this year the mandate is in place. This is a good example of using XBRL for RegTech, to help regulators find that needle in the haystack where something is wrong that requires more investigation.
After the global economic meltdown of 2008, it was only natural that stricter rules for the protection of consumers were put into place. People sometimes wonder why that takes so long. Writing the rules and turning them into law is relatively easy – that is why the Dodd–Frank Wall Street Reform and Consumer Protection Act was signed into federal law on July 21, 2010, less than 2 years after the the global economic meltdown of 2008. However enacting legislation plus defining the governance structure plus defining the data standards for reporting/compliance takes a bit longer. That is where we have to dive into Pillar 3 of Solvency II and quantitative reporting templates (QRTs).
XBRL helps with Pillar 3 of Solvency II
- Pillar 1 = capital requirements. This is like Basel 3, ensuring Insurance companies have enough capital to pay out claims.
- Pillar 2 = governance. This is about ensuring that they have the controls in place to comply with those capital requirements.
- Pillar 3 = reporting. This is the prove it phase and this is where XBRL comes in.
Regulators, like investors, need to find the needle in the haystack
Both are looking for something odd, something important that is not easy to see. Investors look for that needle in the haystack in order to find assets that are undervalued or overvalued i.e the small number of cases where a usually efficient market gets it wrong and by getting it wrong offers opportunity.
Think of XBRL like a magnet that you wave over the haystack and it finds the needle for you.
The magnet will surface false positives. You are looking for needles, so other small metallic objects don’t count. XBRL is not a tool to replace human judgement. It is designed for human augmentation not human replacement.
Imagine looking for that needle without the magnet. Except that in the case of systemic risk it is not a needle, it is more like an unexploded bomb that is the size of a needle. If you don’t find the needle, who cares? But if you don’t find the unexploded bomb it is a disaster waiting to happen.
That is the world of regulators without XBRL. They cannot find the needle-bomb, so they have to wait until it explodes and then they levy big fines on the haystack owner – everybody loses.
The data haystack is very big
Insurance companies have very large amounts of data. That data is stored in their transactional systems. Most of that data, in its granular form, is only to be used internally. However, all of this data needs to be kept organised and it needs to be made available to reporting front-ends. That is where the Pillar 2 Governance processes are critical. If you have audited the processes that create the data, you can have confidence in the data. It is like trusting that you cannot change historical transactions in an accounting system (and in the rare situations where you do, it is tracked and reported in an audit trail as an exception).
The audit trail process is complex. Minor changes are difficult to keep track of. Some changes happen because someone finds an error and then that change creates other changes to linked records. The systems to support Solvency 2 Pillar 3 typically have 4 key features:
- audit trail
- access control down to a granular data level
- commenting (when data is changed, somebody comments why)
- version control and compare
All this is complex and costs money to implement, but the mandate deadline was January 2016, so the systems are all already in place and paid for. It is now a question of looking at the second order impacts aka where is the puck headed to next.
Straight Through Processing
The EIOPA XBRL Mandate defines quantitative reporting templates (QRTs) and these need to be mapped to the data items in the transactional systems. The aim is Straight Through Processing (STP) from transactional system to regulatory report. This solves two big problems:
- Efficiency for the Insurance company. Once the systems are in place, it is an automated process. It is not a process that demands lots of high priced compliance officers with legal and accounting skills.
- Regulator trust in the data. If Regulators can trust that the data has not been tampered with in the journey from transactional system to reporting, they can focus on the data itself.
For example, think of the chart of accounts. Internally you need details of each account. Abstracts are then used for Regulators. This is a mapping process. It requires expert consultants and must be done right, but it it is a one time job.
Internal Managers and Investors should benefit as well
Straight Through Processing (STP) from transactional system to reporting is not just for regulators. With a bit of thought, the same mapping process can be used to create reports for:
- Internal Managers (aka decision support systems or management information systems).
- Investors (aka 10Q and 10k type reporting).
That becomes an efficiency game changer.
The sort of process change that is required to to get to that efficiency game changer normally would get continuously delayed (the ROI is long term and hard to quantify. However it is quite different when an an external regulator demands it. Then there is no debate – it has to be be done and it has to be done by a fixed date. That is what EIOPA did and that is why the use of XBRL in Insurance for Solvency 2 is a more important subject than the rather dry nerdy terminology would have you think.