Working to Rules

October 2011


Neil Kerr

Neil Kerr
Executive Advisor,
Insurance Risk



Replacing the FSA: a wake-up call to the financial services industry

Efficient and effective remediation: creating economies of scale across multiple lines of business

Keeping pace with changes to the FSA consumer complaints handling rules

Solvency II and the Compliance Function: It's not just about risk


Useful Information from our FS Risk and Regulatory Centre of Excellence


Click here to read our new bulletin on the ICB final recommendations

Click here to read "Systemic Risk and Resolution Plans for insurers: the need for a broader debate"

Click here to read "Recovery and Resolution Plans: the road to where?" on the August 2011 FSA proposals

Click here to read "CRD4: something old, something new"

Solvency II and the Compliance Function: It's not just about risk.

Introduction and context

Solvency II  is the biggest single internal project that the FSA has ever undertaken and arguably the biggest single piece of regulatory change to ever hit the insurance industry.
Firms’ preparations for Solvency II implementation have been gathering pace as the 1st January 2013 implementation date approaches. It is worth noting that a recent European Commission paper – Omnibus II – has proposed key amendments, including extending the implementation deadline to 1st January 2014. Whilst this awaits confirmation, firms should continue to aim for the envisaged 2013 ‘go live’ date.

The sheer volume of changes introduced by Solvency II has created significant challenges and operational transformation for insurance firms. While some aspects are well defined and prescriptive, others are less clear and open to interpretation; further guidance on implementation is due to be confirmed in March 2012.  Consequently, there is currently significant debate regarding the impact of Solvency II on the compliance function. We consider some of these potential impacts in greater detail below.

What does the Solvency II Directive say about the compliance function?

Article 46 of the Solvency II Directive states that firms covered under the Solvency II Directive must establish a compliance function as one of four “key functions” set out within the Directive (alongside audit, risk and actuarial). The Directive outlines the key responsibilities of the compliance function as:

  • advising the senior management of the firm on compliance with regulations.
  • assessing the impact of changes in laws.
  • regulating, and identifying and assessing compliance risk.

Many firms would argue that they already possess compliance functions that carry out these tasks. In which case,  what are the detailed impacts of Solvency II for the compliance function?

Strategic impact

A key element of Solvency II is the Own Risk and Solvency Assessment (ORSA). ORSA  requires firms to embed capital and risk management in a holistic process, so that it is used as a tool to inform strategic and risk-based decision making. The ORSA therefore needs to be integrated into the strategic planning of the business, and compliance risk should be a key element.

This means that the compliance function will have an increasingly important role in the business planning process and broader strategic planning as part of the ORSA. It will also have a role to play in evaluating any strategic changes to assess their impact on the regulatory risk profile, and to ensure this does not conflict with the firm’s agreed risk appetite.

More forward looking

Solvency II is driving change within compliance functions in a number of other ways. As part of the ORSA, firms will have to be more forward looking in the way that they manage risk, and compliance risk is no exception. Firms will have to put practical measures in place to ensure that the compliance function is not only advising management of the current regulatory risks but also of future regulatory risks and emerging regulation. This is particularly critical given the continuously evolving and changing regulatory environment. Firms will also have to ensure that the appropriate governance mechanisms devote sufficient time to ‘horizon’ compliance risks, and that that they are adequately captured and reported through management information.

Prudential vs. conduct

The Compliance Function has traditionally needed to balance the sometimes conflicting aspects of conduct regulation and prudential regulation. While Solvency II is largely prudential focussed, it does attempt to bring together elements of conduct with those of prudential regulation. This can be seen in the ORSA, where regulators expect conduct risks to be included.

As we move towards the new regime, firms will have to review their annual compliance monitoring plans to ensure that they remain fit for purpose. This will not be limited to reviewing the actual content and make-up of the annual compliance monitoring plan; they could impact upon the skills required within the function. Firms will also have to consider the impacts that such changes might have on training and development of their compliance professionals, particularly where there is a need for individuals to specialise across both conduct and prudential issues.

Changes to policies

Furthermore, Solvency II contains requirements for documented policies in particular areas. The Internal Control Policy and Outsourcing Policy are both likely to require significant input, ownership and annual review from the compliance function. The compliance function will also possibly have to maintain responsibility for annual review of compliance against such policies.


Solvency II sets out a heightened focus on the controls around outsourcing arrangements, to ensure that there is adequate oversight in place. In many firms, responsibility for overseeing outsource arrangements on a day-to-day basis rests with the compliance function. As such, any changes brought about through Solvency II will have a significant impact.


It is clear that Solvency II will have, and is already having, a significant and enduring impact on compliance functions as firms move towards implementation. The role of the compliance function will undoubtedly evolve under Solvency II, and the skills and experience required  for the people doing this work, will require ongoing review.  To complicate matters further, firms must also juggle the competing challenges of prudential and conduct regulation coming from UK and European regulators at a time of structural change within the UK regulatory framework.  Compliance functions will indeed have their hands full.

Contact Us

Neil Kerr
Executive Advisor, Insurance Risk

Unsubscribe | Privacy | Legal

© 2011 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.

KPMG LLP, 15 Canada Square, London, E14 5GL

Designed and produced by UK Design Services.
Publication Number: RRD-258580