RiskTech Forum

White Paper: FSA Data Audit

Posted: 28 October 2011


In most insurers the internal model will consume information from a wide range of technology platforms.  The prohibitive cost of formal integration of these platforms means that inevitably a significant proportion of the data feeding
internal models is held in, passes through or is manipulated by, End User Computing (EUC) applications (such as Microsoft Excel and Access) or similar files such as .CSVs. The integrity of these processes is a specific focus for FSA Data Audits.

The FSA has developed a review tool to help assess whether a firm’s data management complies with the standards set out in the Solvency II Directive for the purposes of internal model approval.  This tool will be used as part of the FSA’s Internal Model Approval Process (IMAP). It informs firms on what they might do in order to satisfy the standards set out in the Directive and is also based on what is expected to be required from the delegated acts (formerly referred to as the Level 2 implementing measures).

The scope of the review is all data (internal and external) that could materially impact the Internal Model. After conducting the review the firm is expected to provide summary findings to the FSA and be ready to provide the evidence that formed the basis of the conclusions.

The review schedule has five sections as follows:

1. The approach (i.e. matters of policy) to managing data
2. The level of oversight of the implementation of the data policy
3. The level of understanding of the data used in the internal model
4. Data issues that may undermine the integrity of the internal model
5. Unreliable processes that may undermine the integrity of the model 

The areas of potential risk and expected controls in each of these sections are documented in detail below, alongside the capabilities of the ClusterSeven solution to meet these control requirements – where they are applicable to End User Computing applications.

Please register or log in to download the report.