On the way to Solvency II in Allianz

On the way to Solvency II in Allianz Sp. A Risk Management - Allianz Sp. A Group Italy Torino 27 Maggio 2010

The three pillars of Solvency II Quantitative Assessment P I L L A R I § Market valuation of assets and liabilities; § Capital calculation for Minimum Capital Requirements and for Solvency Capital Requirements; § Solvency Capital Requirements based on internal or standard model Reporting & Disclosure Qualitative Assessment P I L L A R II § Supervisory Review Process (SRP); § Own Risk & Solvency Assessment (ORSA); § Use Test: Economic Capital - Linked to strategic planning; - Used in EVA performance measurement, incentive compensation; - Linked to MCEV and reserve setting processes; § Calibration, validation, documentation and model change policies. P I L L A R III § Reporting requirements; - Public disclosures – “Market Discipline”; - Regulatory reporting; § Common European reporting framework; - Same requirements across Europe; - No double reporting – Group versus Standalone; - Convergence to other sectors. 2

Solvency II – Pillar 1 Three Pillars Approach PILLAR I: PILLAR III: Quantitative requirements Qualitative requirements Supervisory reporting & & Supervision Public disclosure Focuses on covering quantitative capital requirements including internal models and a standardized approach Focuses on supervisory activities, aiming to identify firms with a higher risk profile, which may be required to hold capital at a higher level and/or to take steps to reduce identified risks Requires disclosure of additional information that supervisors feel they need in order to perform their regulatory functions and information that the market may need 3

Allianz is planning to ask approval of an internal model Risk Aggregation & Reporting Infrastructure Market data: valuation rates, volatilities and correlations as well as scenario generators: real world, risk neutral Monte-Carlo based risk aggregation of risk types On-line reporting and ad hoc scenario analysis allowing local and central use RAI Efficient contribution and as-if analysis, re-grouping of portfolios Transformation of Insurance Liabilities in financial instruments replicating liability characteristics Coordinated Interaction userinterface Risk Types Market Risk Credit Risk P&C actuarial risk Operational Risk Life insurance risk Stochastic cash flow models required; detailed liability cash-flows underlying Capturing all types of financial risk features Covering Investment and Reinsurance Credit Risk Local analysis, leverage on global information basis Frequency / severity / stochastic reserving for modelling reserve / premium risk Local calibration to loss and reserve distributions Ensuring loss data collection Strong qualitative basis in internal control system Capital charge initially based on standard approach RAI Systems Individual Feeder Systems MKMV PRISM tbd ALIM 4

Financial Risk: Quality, Frequency and Granularity is the key Risk Aggregation § From aggregation of individual shocks to full loss distribution Integrated Monte-Carlo simulation based on replicating portfolio technique, including credit risk and volatility risk; § Replicating portfolios to model liabilities in Life Find optimal portfolio of basis instruments which comes “closest” to matching the cash-flows of the target liability based on common financial scenarios; + Market Risk Credit Risk P&C actuarial Risk Life insurance Risk Operational Risk § New risk factors (e. g. Volatility, Credit Spread. . ) Volatility effects market values of derivatives and the value of O&G in Life business. Spread Risk (change in credit spread within rating class) considered as well as Credit Risk (migration and default risk) § Aggregation with non financial risks Fully integration of financial and non financial risks: all risk drivers are simulated together under a pre-defined correlation structure 5

Modelling Portfolio Credit Risk based on Central group wide calibration of the model § is the risk of changes in the market value of the portfolio over a given time horizon, resulting from changes in credit quality of exposures in the portfolio § includes both default risk and migration risk – the risk of loss of economic value for credit exposures because of deterioration in credit quality Main Drivers of Portfolio Credit Risk Instrument Credit Risk Credit quality Correlation & Concentration Exposure Amount Rating, Default Probability Asset Correlation Loss Given Default Credit Quality Migration Sector Concentration Obligor Group Concentration / diversification effects at the portfolio level are calculated by the model. Results are allocated top-down to single counterparties. 6

Data-management systems as a key success driver… Data Management systems stable DB solution, history tracking, lock-in feature. . . Market Risk Credit Risk output Input Risk Aggregation P&C actuarial risk Life insurance risk Operational risk Get rid of Excel to manage inputs and outputs !!! 7

… but the Standard Formula is still the main reference point We plan internally parallel reporting of Internal Model and Standard Formula on a quarterly basis – we have to monitor and understand differences over time 8

Solvency II - Pillar 2 Three Pillars Approach PILLAR I: PILLAR III: Quantitative requirements Qualitative requirements Supervisor reporting & & Supervision Public disclosure Focuses on covering quantitative capital requirements including internal models and a standardized approach Focuses on supervisory activities, aiming to identify firms with a higher risk profile, which may be required to hold capital at a higher level and/or to take steps to reduce identified risks Requires disclosure of additional information that supervisors feel they need in order to perform their regulatory functions and information that the market may need 9

ISVAP Regolamento 20 – main features Management responsibility • The Cd. A has the ultimate responsibility for an adequate Risk Management framework • The Top Management has the obligation of consistent execution of the framework Independent control units Internal Audit • Monitoring of effective execution of internal control framework Risk Management • Identification, valuation and monitoring of risk situation Compliance • Monitoring of conformity with legal / regulatory requirements Regulatory reporting • The internal control framework has to be documented and regularly reported to the regulator ISVAP Reg. 20 is a first but very important step towards Solvency 2, Pillar 2 10

CEIOPS – International standards for Risk Management - the 5 core elements Risk Management 1 Top Management Responsibility 21. Management concept Risk Strategy Risk Bearing Capacity Limits and Thresholds 32. Control process Identification Assessment Governance and Communication Monitoring Management 43. Organisational framework Organisational structure Organisational procedure Internal Control 54. Internal Audit (and Compliance) CEIOPS Standards takes a lot from the ISVAP Reg. 20 - but goes beyond 11

Management Concept RISK STRATEGY RISK BEARING CAPACITY • Describes the management of risks • Must be consistent and operatively connected with business strategy • Must be correlated with risk type, risk source and risk time horizon Proportionality & Materiality • Describes the relation between overall available potential risk coverage and used capital for the coverage of material risks • Must be connected with the risk strategy Potential Risk Coverage & Risk Capital Requirements should be consider: • risk type; • size of the company. Material risks are all risks, that can affect with negative effects economic, financial and profitability of a company. • The potential risk coverage is the basis to determine an economic assessment. • The risk bearing capital (risk capital budget) is determined by Company’s risk appetite. It defines which amount of the economic capital is reserved to cover/bear risks and it forms an upper limit for taking risks. • Regulators’ requirements on capital resources establish the lower limit of risk bearing capacity LIMIT SYSTEM • Limits must be adequate and manageable for the operational units • Limits are documented ex-ante and it must exist a set for all levels and for risk type. • The respect of limits must be monitored. The breach of set threshold must be reported and appropriately escalated. The Risk Strategy must be assessed and documented by Management. This responsibility cannot be delegated. The risk bearing capacity must be considered for all risk relevant management decision. 12

Control Process IDENTIFICATION • The risk identification starts with the strategic planning process. With the changes in the business strategy the results of the risk identification must be checked and eventually modified. • Risks are to be defined consistently and as much as possible without overlapping, because the risk situation of the whole company has to be considered. ASSESSMENT • The risk assessment establishes the results of risk identification and leads to quantitative/qualitative evaluation. • Risk must be categorized and give them a priority by their own materiality • Risk key figures are to be defined, to know in advance changes in the overall company's risk profile MONITORING • The risk monitoring must be regularly performed and must be aligned to the existing company’s overall risk profile, risk bearing capacity and limits. • The monitoring is regularly performed by the risk controlling function, without results responsibility. MANAGEMENT • The active risk management is performed by the business areas within the defined frameworks • This active management is performed along KPIs (key performance indicators) which exist for all levels, KPIs must be monitored against the defined thresholds. GOVERNANCE AND COMMUNICATION • The management has the assignment to establish a appropriate risk culture in the whole company and to ensure an adequate internal communication on all material risk (risk reporting) 13

Organizational Framework ORGANISATIONAL STRUCTURE • Business and risk strategy must be reflected in the compensation system • Incentive systems cannot be manipulated, must be oriented to the long term success of the overall company; negative compensations are to be avoided. Top Management • Target of the business and risk strategy • Compliance of risk bearing capacity and risk attitude • Continuous monitoring of risk profile Risk Management • Coordination of risk management processes • Monitoring limits’ compliance • Separation of risk taking and risk controlling function • Link of risk management elements Ø Definition of Roles and Responsibilities Ø Delegation of task to the dedicated Risk Management Unit Operative business areas • Accomplishment of risk control process for all operative business areas • Documentations of assignments, responsibilities, delegation rules and competencies Outsourced functions and services • Starting from a risk analysis, the company must determine which activities and processes can be outsourced, and the associated responsibilities must be clearly defined • Monitoring of activities and regular assessment of performances • Consideration of the outsourced functions in the risk management The allocation of tasks between Risk Management and Actuarial Function is not the key issue – the right skills within the company are important 14

Organizational Framework ORGANISATIONAL PROCEDURE Pricing and U/W Investments • Underwriting guidelines for daily management of the business • Tariffs calculations based on an adequate • Investment risk information management must • Usage of relevant ratio comply with all kinds of to manage operational limits, regulations and workflow laws accordingly to relevant principles Reserves • Proof of potential Passive improvement of risk Reinsurance management through: • risk adequate data collection and improved • Determination of an evaluation method acceptable retention § where necessary per business segment migration of market • Considering multiple consistent actuarial possible events and valuation exclusions in • Definition of reinsurance contracts responsibilities for process steps and • In case assessment of quality assurance alternative risk transfer instruments Together with material risks, also business procedure and process responsibilities must be determined and documented 15

Internal Audit Internal audit reports only to the Board Internal audit’s tasks are risk oriented and independent Internal Audit An illimited access to information must be granted to Internal Audit • • Audit employees must focus only to pure audit tasks Each Company needs an internal audit function All material activities (also risk management) must be audited The specified mitigations of determined deficiencies within agreed time plan must be monitored The internal audit can be outsourced. In this case, a regular quality check must be performed by internal audit commissaries Audit reports must be written and immediately provided to the management 16

ORSA Report ORSA Process Governance description for report submission Company Context Legal and management organization, core business, . . Risk Governance Processes, controls, procedures and policies, … Risk Assessment Processes and procedures for identifying and assessing key risks Capital & Solvency Position (Including Plan Period) Regulatory and economic approach Stress test & Contingency Plan Capital evaluation under risk scenarios including contingency proposal Risk Philosophy Business managed via risk based metrics (profitability, product approval, SAA based on risk bearing capacity, . . ) Risk Appetite Risk management process within certain parameters (risk limits setting) Use Test Risk & Capital management activities are fully integrated into management decisions High level ORSA Report is in place as of the end of the 2009 … start doing it, you will learn a lot 17

Thank you for your attention.