Regulation can be both a blessing and a curse for insurers and reinsurers. But, as Colin Smith explains, compliance should be part of every firm's basic operating procedure.

In many walks of life, both business and personal, regulation is ever-growing and ever-changing, and nowhere more so than in the global insurance and reinsurance industry where most regulatory regimes are at various stages of development, some in their infancy and others well-established. Even those that are well-established are constantly reviewing their practices and requirements as they learn more about the industry they regulate and as they face changing legislation.

Market participants are frequently looking at the ways and locations in which they operate, introducing new products and considering the regulatory burden of ensuring compliance throughout. Some fall foul of their regulator along the way while others rise to the challenge, taking advantage of the opportunities that always go hand-in-glove with change.

The ramifications of insurance regulation represents different challenges for the main stakeholders - regulators, regulated companies and customers. Most importantly for the latter (who at all stages of regulatory development are likely to be the ones picking up the bill) it is crucial that the challenges facing the other two groups, responsible for framing and implementing better and more appropriate regulation, don't become barriers to compliance.

Parallel worlds

Today's insurance industry is truly global, with more firms operating in the leading marketplaces than ever before. Those global links are strengthened by cross-border and cross-market reinsurance and retrocession which underpin the whole shooting match. This situation naturally leads to a requirement for an improved level of international regulatory alignment that would not be necessary in a detached local market. This adds considerably to the regulator's burden if they are to be successful in delivering an appropriate level of regulation which doesn't stifle or smother the regulated.

At present, meaningful regulation within individual markets worldwide is still developing and occurs in different ways and with differing momentum, even in the leading marketplaces such as London, the US and Bermuda.

Obvious parallels can be drawn between the US and Europe, with both consisting of numerous regimes working at different speeds and perhaps even with differing objectives. One might be excused for believing that regulatory parity is closer in Europe than in the US, after all Europe has the Insurance Mediation Directive (IMD), the EU Reinsurance Directive (RID) and other Europe-wide legislation. So why is it that some European countries have fully implemented the requirements of the IMD while ten others are lagging behind? Exactly one year ago, the European Commission instigated infringement proceedings against Belgium, France, Germany, Greece, Italy, Luxembourg, Malta, the Netherlands, Portugal and Spain for their continued failure to comply with the directive. One year later, Germany has still not implemented the basic legislation. So how can we be sure that those who have implemented the schemes are adequately policing their marketplaces?

The RID is due for implementation by the end of 2007 and past performance by the above regimes begs the question, "How many will achieve compliance by that date?" The UK's Financial Services Authority (FSA) anticipates implementation of aspects of RID as early as December 2006. As this piece of legislation carries certain prudential benefits for reinsurers, in particular relating to asset admissibility where a principles-based approach is introduced, that is to be applauded. But it also represents a challenge for UK firms that are both insurers and reinsurers and will now be required to apply different criteria to their insurance and reinsurance businesses.

In the US this summer, a house financial services subcommittee received endorsement from the American Council of Life Insurers (ACLI) for proposed legislation to modernise reinsurance regulation. The ACLI was quoted as stating in its testimony that US regulators "are labouring under a system that is incapable of responding adequately to the realities of global risk and capital management." Modernisation of regulation is one thing; effective implementation across all states is another matter and will not be easily or quickly achieved. In the US, as in Europe, the challenges facing the regulators are considerable.

If it is difficult to achieve alignment of regulation within continental boundaries, how can it ever be achieved on a worldwide basis encompassing diverse cultures and market conditions? Is that even a desirable objective? Certainly, those firms that operate in global markets must hope so. Their ability to achieve compliance through consistent structural and operational models will be enhanced, as will corporate governance. All of that should in due course lead to global best practices, satisfied customers and solid sustainable profits.

How do you achieve it?

The International Association of Insurance Supervisors (IAIS) is undoubtedly providing a sound basis and support for regulatory regimes to collaborate. Established in 1994, the IAIS represents insurance regulators and supervisors of approximately 180 worldwide jurisdictions, including those in the major and emerging markets. The IAIS issues global insurance principles, standards and guidance papers, provides training and support on issues related to insurance supervision, and organises regular and frequent meetings and seminars for insurance supervisors. Thus, for example, the moves on both sides of the Atlantic to consider and adopt risk-based regulatory approaches is no mere coincidence.

Participating in a debate at the annual Rendez-Vous de Septembre in Monte Carlo, John Tiner, chief executive of the FSA, agreed that in the UK there is a danger of becoming over-regulated. Tiner subsequently stated during an event at Lloyd's that fewer, better regulators is what his regime will be pursuing.

Basic business cost

There are those in the group of regulated companies that fully embrace regulatory requirements and even work with the regulator, those that simply do enough, some that try but fail and inevitably a number of firms that are always looking for the loopholes.

One of the constant challenges across the range is resources and this is particularly so for smaller operations which depend upon the multi-tasking of management and staff to run their businesses effectively. Many firms frequently and regularly bemoan the cost of compliance, but that is a self-constructed barrier. Compliance is a business cost like any other and needs to become part of the pricing model just like any other. And just like other forms of imposed requirements (eg health & safety, VAT), once you are properly tooled up for the job it will simply be a fact of business life which is managed.

There is no doubt that principles-based regulation, such as that in operation in the UK, presents a greater initial challenge to the regulated than, for example, the more formal rules-based requirements which Sarbanes Oxley poses to New York Stock Exchange listed firms in the US. But there is equally little doubt that the former, for compliant firms, will help produce stronger more robust businesses than the latter's tick-box approach.

A good example is the European move towards capital self-assessment (ICA) which the RID will introduce and upon which Solvency II will ultimately follow. Who better to know the amount of capital required by a firm to cover its business risks than the firm itself? ICA does this and it will certainly pose a challenge to those firms required to comply with it. Their regulator will subsequently inform them if their calculation is deemed adequate and there will undoubtedly be some fall-out in the process. But ultimately those firms will be stronger and more resilient for it.

Similarly, it seems ironic that many UK insurance companies have struggled with enterprise risk management. "Isn't risk supposed to be their business?" one may well ask. Yes it is, but not historically to practise the management of business risk upon themselves.

In most regimes it is difficult to argue against core regulatory requirements. Why wouldn't a firm want to maintain sufficient capital, manage its business risks, treat its customers fairly, conduct its business to best practice standards etc. Most companies do these things very successfully - it's just that they may not previously have been capable of demonstrating how they do so.

Customer concern

Customers' reaction to regulation can vary depending upon which category they fit - commercial or retail. The former, particularly the buyers of reinsurance, should well understand both the benefits and the economics of good, appropriate financial regulation. They will be dealing with it themselves in other capacities and also have the opportunity of passing related additional cost on to their own customers through pricing models.

However, retail and smaller business customers often typically buy insurance simply according to cost. They may well understand and desire more comprehensive regulation, particularly for critical cover such as life insurance, but for their car or travel insurance they tend to be much less interested if the result is a deluge of additional paperwork and increased premium. Ironic perhaps when a prime regulatory objective is to protect the consumer.

Colin Smith is an associate director in Navigant Consulting's insurance & claims practice.