Home Knowledge EIOPA Issues Opinion on Supervisory Convergence in Light of Brexit

EIOPA Issues Opinion on Supervisory Convergence in Light of Brexit


Following the UK’s vote to leave the EU, (re)insurers have been engaging in contingency planning with the aim of ensuring continuity of service post-Brexit. With this in mind, EIOPA on 11 July 2017 published its opinion on supervisory convergence in light of the UK’s withdrawal from the EU (the “Opinion”). 

The Opinion provides guidance to the national supervisory authorities (NSAs) regarding the authorisation of new Solvency II undertakings. The Opinion follows on from a similar opinion issued by ESMA on 31 May 2017 and in many ways follows the same themes, although in some greater detail. These documents have been issued in light of complaints of “dangerous competition” in the approach of certain NSAs. In particular, the Opinion emphasises the requirement that a (re)insurer seeking authorisation in a Member State must have sufficient local substance and it encourages cooperation between NSAs in the context of supervision.

The Opinion sets out principles in the areas of:

  • Authorisation and approvals
  • Governance and risk management
  • Outsourcing of critical and important activities
  • On-going supervision including monitoring

Speaking on the Opinion, Gabriel Bernardino, Chairman of EIOPA, stated that the principles set out: “… will support the NSAs to secure sound and convergent practices linked with the authorisation and supervision of activities of insurers…seeking relocation of activities (following Brexit)…Empty shells or letter boxes are not acceptable.”

Content, Objective and Scope

The Opinion assumes that, following Brexit, the UK will become a “third country” (non-EU/EEA) for the purposes of the Solvency II framework. As such, it is mindful of a possible “hard Brexit” and that, upon withdrawal from the single market, UK (re)insurance undertakings will lose their right to conduct business across the remaining 27 EU Member States on a freedom of establishment or freedom to provide services basis. EIOPA recognises that this may (and, in fact, already has) resulted in UK undertakings seeking to relocate business in the other Member States.

EIOPA calls for a common effort at EU level to ensure a consistent supervisory approach to the relocation of undertakings and encourages communication between the UK and EU NSAs in this context.

The objective of the Opinion is to promote convergence and consistency of authorisation processes across Member States. EIOPA states that while the principle of proportionality allows NSAs a certain judgmental evaluation in the application of the requirements of the Solvency II Directive, it is important to emphasise that proportionality is not a means for lowering standards or for disregarding prudential requirements.


Authorisations and approvals

EIOPA calls on Member States to ensure that they have a comprehensive authorisation process in place and have sufficient resources to deal with the volume and complexity of new authorisations as well as the on-going supervision of the new undertakings.

With respect to an application for authorisation, NSAs should satisfy themselves that the undertaking has provided sufficiently detailed information to allow them to assess compliance with the requirements under the relevant legislation. These requirements should be met from “day one” of the authorisation.

NSAs should apply a prospective and risk-based assessment of the authorisation which involves having regard to the business model of the undertaking, assessing uncertainties associated with the strategy and how these will be managed.

Although a concept which has been mooted recently in some jurisdictions, EIOPA rules out the possibility of allowing automatic recognition of an authorisation granted by another NSA. This is on the basis that the conditions of authorisation would not be identical to those on which the initial authorisation (e.g. by the UK) was granted.

Any previous approval, for example, for the recognition of own funds or the use of an internal model, should be subject to a new approval by the relevant NSA before use, although previous approvals can be “taken into account” where relevant. Changes to the risk profile, the risk management system or use of an internal model should be assessed.

EIOPA recognises that authorisation and approval processes take time and encourages NSAs to exchange information on previous approvals/rejections of authorisations. 

There does therefore seem to be some permitted level of recognition of “streamlining” in the regulatory approach, although within confined parameters. 

Governance and risk management

The Opinion states that NSAs should scrutinise whether the applicant undertaking’s governance arrangements ensure effective decision-taking and risk management in the Member State of authorisation and allow for proper supervision. 

Undertakings should not display the characteristics of what EIOPA describes as an “empty shell.” In this respect, EU undertakings must demonstrate an appropriate level of corporate substance, proportionate to the nature, scale and complexity of the planned business. This entails appropriate local physical presence of the administrative, management or supervisory board members (i.e. board of directors) and key function holders as well as a level of local staff proportionate to the nature and amount of business being run from the entity. Again, this seems contrary to the heavy outsourcing reliances which certain NSAs have recently flagged as being potentially acceptable. 

NSAs should require evidence relating to expected activity via freedom to provide services or freedom of establishment in other Member States and on the senior management’s proper knowledge of local market specificities, products and risks.

The Opinion indicates that transfers of risk by the new carrier will be scrutinised carefully by NSAs. The levels of reinsurance carried out by an undertaking should not undermine the responsibility or capacity of the entity to manage its risks. Reinsurance should be part of a coherent, well considered strategy which is aligned with the undertaking’s risk appetite. A minimum retention of risks by the authorised undertaking should be required by the NSA. EIOPA indicates that a minimum retention of 10% of the business written could be envisaged. This seems to run contrary to some recently flagged potential new authorisations in certain Member States where it would appear that suggested lower retention levels might be acceptable.

Outsourcing of critical and important activities

While EIOPA recognises that outsourcing has many efficiencies, it highlights that outsourcing can also pose a number of challenges, especially when the outsourcing is critical to the functioning of the undertaking and particularly where the service provider is located outside the EU (e.g. the UK post-Brexit). While it may be acceptable for undertakings with simple risk-profiles or a small scale of business to outsource a significant part of their key functions, EIOPA indicates it would not be acceptable for undertakings with complex risk-profiles or a large scale of business to do so. Proportionality considerations regarding the outsourcing of critical or important functions should at least consider the average number of employees, the complexity of the business model, the total amount of the balance sheet and net annual turnover.

Extensive outsourcing of functions and activities, that leads to the depletion of corporate substance and repercussions on the adequacy of management and on the effectiveness of supervision by the relevant NSA, will not be permitted.

As a general principle, as laid out in Solvency II, outsourcing of “critical or important functions or activities” (or key functions) is permitted provided that the administrative, management or supervisory board (i.e. the board of directors) remains fully responsible for the outsourced activity, and there are not adverse effects. An individual within the undertaking should be made responsible for outsourced key functions on an ongoing basis and conflicts of interest should be prevented between the undertaking and the service provider. The Opinion gives some detail on key activities or functions that should be retained in the undertaking. 

In line with Solvency II, outsourcing of activities which are critical or important in an undertaking should require particular attention by the NSA when being notified of the intended outsourcing. Such activities include: design and pricing of insurance products, investment of assets or portfolio management, claims handling, compliance function, internal audit, accounting, risk management or actuarial support, provision of data storage or the provision of on-going systems maintenance or support.

On-going supervision 

NSAs should have in place the appropriate monitoring tools to assess existing and arising risks. They should have access to the relevant information, including information on outsourced activities.

The Opinion states that NSAs should ensure that the conditions set at the moment of authorisation are met on a continuous basis. Again, this indicates that new Brexit applicants cannot expect particular treatment outside the existing regulatory norms. There should be no legal impediments to enforcement or, for example, to on-site inspections. 

Proportionate to the risks of the business model, the supervisor should exercise specific supervisory review in the first years following authorisation. EIOPA also stresses the need for cooperation between NSAs in relation to cross-border operations. In addition, it suggests that, where needed to ensure proper on-going supervision, NSAs may consider whether the establishment of an EU holding company would promote and facilitate the coordination of group supervision at European level.

Monitoring by EIOPA

Grievances have already been expressed by certain Member States regarding “regulatory arbitrage” in the context of Brexit planning and the approaches being taken by certain NSAs. Importantly, EIOPA plans to monitor developments. It says it will apply a risk-based approach using information collected from Member States. It will make use of its powers and oversight tools to support what it describes as “supervisory convergence” through bilateral engagements with the supervisory authorities and by providing opinions and initiating investigations when the need arises.

William Fry

William Fry is one of the largest law firms in Ireland with a substantial corporate, commercial and financial services practice, including a market-leading Insurance team. The Firm has specialist expertise in the legal and regulatory aspects of the registration and supervision of (re)insurance companies and intermediaries (both life and non-life). Our lawyers have been working with clients over the past year to assist them with Brexit related contingency planning. 

In the insurance area, we are assisting a number of our clients on their Central Bank of Ireland applications for authorisation. Thus we have a deep understanding of the Central Bank of Ireland’s philosophy and approach to the authorisation process. We have also produced a number of other briefings that we can make available to you on request, in particular:

  • Establishing an Insurer in Ireland – Substance and Outsourcing Requirements – one of the key considerations for an entity establishing in Ireland is to understand what substance would be required to ensure that the mind and management of the entity is based in Ireland. This briefing provides guidance in relation to that issue as well as in relation to acceptable outsourcing arrangements from a Central Bank of Ireland perspective.
  • Brexit Restructuring – EEA Insurance Business – this briefing provides an overview of the different legal tools available to UK insurers who need to restructure their business so that they have in place an EEA based insurance platform post-Brexit.
  • Establishing an EU Data Headquarters – with data now a critical business driver for insurers, UK insurers that are considering an EEA platform need to consider and plan around data privacy compliance. Ahead of the introduction of the EU General Data Protection Regulation (GDPR) in 2018, insurers undertaking cross border processing activities within the EU will need to identify the lead Supervisory Authority with primary responsibility for dealing with those activities. 

Further Information

Please contact any member of our Insurance team for further information.