REGULATION AND COMPLIANCE

Similar documents
Guidance Note System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

Solvency & Financial Condition Report. Surestone Insurance dac March

FIL Life Insurance (Ireland) DAC. Solvency and Financial Condition Report as at 30 June 2016

Guidance on the Actuarial Function MARCH 2018

Managed Pension Funds Limited

Solvency and financial condition report 2017

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

AFM NED Conference Solvency II Business as Usual. Steve Dixon of SDA llp

Solvency and Financial Condition Report 20I6

SOLVENCY & FINANCIAL CONDITION REPORT. SureStone Insurance dac

CEA proposed amendments, April 2008

Solvency II Update. Latest developments and industry challenges (Session 10) Réjean Besner

Managed Pension Funds Limited

Guidance on the Actuarial Function April 2016

Solvency II Detailed guidance notes for dry run process. March 2010

CAPTIVE BEST PRACTICE GUIDELINES

Legal and General Assurance (Pensions Management) Limited. Solvency and Financial Condition Report 31 DECEMBER 2018


Solvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies

PREMIER UNDERWRITING HOLDINGS (GIBRALTAR) LIMITED PREMIER INSURANCE COMPANY LIMITED

BERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011

Guidance on the Approval and Supervision of Special Purpose Vehicles under Solvency II

Insurance Supervisory Approach January February 2018

Supervisory Statement SS35/15 Strengthening individual accountability in insurance. July 2018 (Updating February 2018)

GreyCastle Life Reinsurance (SAC) Ltd. Financial Condition Report

WHITE PAPER. Solvency II Compliance and beyond: Title The essential steps for insurance firms

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

UIA (Insurance) Ltd. Solvency and Financial Condition Report

Advent Insurance dac. Solvency and Financial Condition Report ( SFCR ) for the financial year ended 31 December P a g e 1

Society of Actuaries in Ireland Solvency II for Beginners. Mike Frazer. 19 May 2011

Western Captive Insurance Company DAC. Solvency and Financial Condition Report. For Financial Year Ending 31 st December 2016 (the reporting period )

Solvency & Financial Condition Report Centrewrite Limited

An Introduction to Solvency II

Legal and General Assurance (Pensions Management) Limited. Solvency and Financial Condition Report 31 DECEMBER 2017

Cover Note Authorisation and supervision of branches of thirdcountry insurance undertakings by the Central Bank of Ireland

Solvency II Insights for North American Insurers. CAS Centennial Meeting Damon Paisley Bill VonSeggern November 10, 2014

Solvency and financial condition report Standard Life Assurance Limited

Solvency and Financial Condition Report for Reporting Period Telenor Forsikring AS

RISK COMMITTEE TERMS OF REFERENCE. The Board has resolved to establish a Committee of the Board to be known as the Risk Committee.

Solvency II. Insurance and Pensions Unit, European Commission

Single Group Solvency and Financial Condition Report. Nelson Group of Companies. Financial Year 31/12/2017

Société d'assurances Générales Appliquées (SAGA) dac. Solvency and Financial Condition Report ( SFCR ) for the financial year ended 31 December 2016

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

A COMMON SUPERVISORY CULTURE

PREMIER INSURANCE COMPANY LIMITED SOLVENCY AND FINANCIAL CONDITION REPORT

REQUEST TO EIOPA FOR TECHNICAL ADVICE ON THE REVIEW OF THE SOLVENCY II DIRECTIVE (DIRECTIVE 2009/138/EC)

FCA Business Plan 2016

Solvency and Financial Condition Report Aegon Ireland

Solvency II. New Rules in Europe for the Insurance Industry. Lecture at UConn Law, January 28, 2013

Statement of Guidance for Licensees seeking approval to use an Internal Capital Model ( ICM ) to calculate the Prescribed Capital Requirement ( PCR )

PRA Solvency II update James Orr. 29 April 2015

KEYNOTE SPEECH BUILDING A COMMON SUPERVISORY CULTURE. 2 nd IVASS CONFERENCE SOLVENCY II AND SMALL AND MEDIUM-SIZED INSURERS

Forsikringsselskabet Privatsikring A/S. Solvency and Financial Condition Report

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

ERM/ORSA Training Thai General Insurance Association (TGIA)

For the twelve month period ending December 31, 2016

Parent company balance sheet 275 Parent company statement of changes in equity 276 Parent company cash flow statement 277

BAILLIE GIFFORD. Baillie Gifford Life Limited Solvency and Financial Condition Report (SFCR) As at 31 March 2018

SOLVENCY AND FINANCIAL CONDITION REPORT EUROLIFE LTD

SOLVENCY AND FINANCIAL CONDITION REPORT EUROLIFE LTD

Tax in Solvency II. Ayesha Patel. 10 June Tel: June 2014

2017 Solvency and Financial Condition Report. Delta Lloyd Levensverzekering N.V.

BERMUDA MONETARY AUTHORITY THE INSURANCE CODE OF CONDUCT FEBRUARY 2010

Solvency II: Implementation Challenges & Experiences Learned

Re: Possible Solvency and Financial Condition Report components subject to assurance

Actuaries and the Regulatory Environment. Role of the Actuary in the Solvency II framework

Consultation Paper on the draft proposal for Guidelines on reporting and public disclosure

Link between Pillar 1 and Pillar 2

COVER NOTE TO ACCOMPANY THE DRAFT QIS5 TECHNICAL SPECIFICATIONS

The Society of Actuaries in Ireland. Actuarial Standard of Practice INS-1, Actuarial Function Report

MONETARY CONSULT INSURANCE GROUPS

Solvency and Financial Condition Report

Solvency II & Risk assurance

Public Disclosure. For the Financial Year Ended 31 December 2017

FIL Life Insurance Limited. Solvency and Financial Condition Report as at 30 June 2016

EIOPACP 13/010. Guidelines on Submission of Information to National Competent Authorities

Guideline. Own Risk and Solvency Assessment. Category: Sound Business and Financial Practices. No: E-19 Date: November 2015

BMS International Insurance DAC

Solvency II Detailed guidance notes

IT Risk in Credit Unions - Thematic Review Findings

Group Solvency and Financial Condition Report

Life in a Solvency II World

LMA GUIDANCE: SENIOR INSURANCE MANAGERS REGIME (SIMR)

Kongsberg Reinsurance DAC

Solvency and Financial Condition Report 31 December 2016

Supervisory Statement SS3/17 Solvency II: matching adjustment - illiquid unrated assets and equity release mortgages. July 2018 (Updating July 2017)

Solvency Assessment and Management: Pillar 2 - Sub Committee ORSA and Use Test Task Group Discussion Document 35 (v 3) Use Test

2.1 Pursuant to article 18D of the Act, an authorised undertaking shall, except where otherwise provided for, value:

LEGAL & GENERAL GROUP PLC risk management supplement

EIOPA's Supervisory Statement. Solvency II: Solvency and Financial Condition Report

FIL Life Insurance Limited. Solvency and Financial Condition Report as at 30 th June 2017

Covéa Life Limited Solvency and Financial Condition Report. 31 st December Prepared by: Covéa Life Limited Norman Place Reading RG1 8DA.

ORSA reports: gaps and opportunities

SM&CR Roundtable Questions

EC Insurance Company Ltd.

Becare DAC. Solvency and Financial Condition Report ( SFCR ) for the financial year ended 31 December Page 1

Group Solvency and Financial Condition Report

SOLVENCY AND FINANCIAL CONDITION REPORT AS AT 31ST DECEMBER 2017

Friends Life Limited Solvency and Financial Condition Report

Transcription:

REGULATION AND COMPLIANCE Chaired by Ravi Rastogi, Mercer Caroline Gardner, FCA Steve Dixon, SDA LLP Cheryl Martin, EY

Emerging issues in Conduct Regulation AFM Conference 10 th October 2016 Caroline Gardner FCA Head of Department Pensions and Retirement Income 2

Agenda Role of the FCA Pensions changes Health and Protection EU Regulation Corporate Governance

Role of the FCA in insurance regulation The FCA s statutory duties: Ensuring that markets work well Securing an appropriate degree of protection for consumers Protecting and enhancing the integrity of the UK financial system Promoting effective competition in the interests of consumers

Pension freedoms Major changes for firms and for consumers Availability of guidance/advice adequacy of signposting to Pension Wise Impact on lifestyling Exit charge caps for those exercising pension freedoms Underlying challenge for the individual consumer remains to accumulate sufficient resources during their working life to fund their lifestyle in retirement

Longstanding customers Initial findings of our thematic review were published in March 2016 Finalised Guidance is being drafted and our intention is to publish this year. In July we held a CEO roundtable on capping or removing exit charges We continue to work with the eleven firms in the survey Our expectation is that the rest of the industry will also engage with the guidance.

Secondary Annuity Market Enables consumers with pre-existing annuities to benefit from pension freedoms Some remaining issues: Comparing an income stream with a lump sum Consumer understanding e.g. longevity risk Role of annuity providers and intermediaries

Health and Protection Importance of income protection & critical illness cover Relationship between protection and mortgage business particularly critical illness cover The role of automated advice With an ageing population comes the need for long term care - which could increase the need for health insurance protection products

The EU agenda FCA is working with Govt to provide technical support as required Existing financial regulation remains in place Any changes are for the Govt and Parliament Firms must continue to abide by their relevant obligations and to implement plans for legislation that is still to come into effect

PRIIPs regulation Affects all firms selling insurance-based investment products A PRIIPs KID needed for all PRIIPs products available to retail consumers From the end of the year (unless that changes ) Legal liability for KID shortcomings lies with the PRIIPs manufacturer. FCA will monitor the market

Insurance Distribution Directive Our intention is to consult on some of the requirements early in 2017. Further consultation is likely later in the year once EIOPA has considered its technical advice on IBIPs & the pre-sale PID We encourage industry to review the Directive and to participate in the consultations

Governance and the SM&CR Governance is a key theme for regulation SIMR and the Senior Managers & Certification Regime Affects all SII insurers and large NDFs Proportionate regime for small NDFs We expect to consult in 2017 on extending SIMR into the full SM&CR

And finally. The value of the mutual sector Diversity and challenge in financial services

REGULATION AND COMPLIANCE Chaired by Ravi Rastogi, Mercer Caroline Gardner, FCA Steve Dixon, SDA LLP Cheryl Martin, EY

Solvency II Public Disclosure and Reporting to Supervisors Steve Dixon of SDA llp at the AFM 2016 Conference

What will I talk about? What? Who? When? What is in the reports and the detail required? Public / private? Suggested people to do the reports? How do you bring it together? Timetable? Audit? So far? Experience to date?

What is reported? A Business and Performance B System of Governance C Risk Profile D Valuation for Solvency Purposes E Capital Management

What are the reports? Solvency and Financial Condition Report Public document in pdf form on your website Some of the quantitative templates added in pdf form. Regular Supervisory Report (or Report to Supervisors) Private report that goes alongside the quantitative templates to PRA.

Options on and? Two Documents Only answering required questions? Easier to have as extensions to? One document

Business and Performance 1 - Basics Item Name and legal form of undertaking Name and contact details of supervisory authority and contact details of supervisor if applicable Name and details of external auditor of firm Description of qualifying holdings in firm If in group, details of position in group within legal structure Material lines of business and material geographical areas where it carries out business Any significant event over the reporting period that had a material impact on the firm Main trends contributed to development and position over its business planning period including competitive position/ legal and regulatory issues Description of business objectives of firm including strategies and time frames /

Business and Performance 2. Underwriting performance Item Qualitative and Quantitative information on underwriting performance at aggregate and material lines of business level and material geographical areas level including comparison last year Underwriting income and expenses split as above with comparative and reasons for any change An analysis of overall underwriting performance Comparison of performance against projections and significant factors for divergence from projection Projections of underwriting performance plus significant factors that could affect over business planning time period Information on any risk mitigation techniques entered into during reporting period /

Business and Performance 3. Investments all comparative Item Information on income and expenses from investments and components of the income and expenses if necessary to understand it Any gains and losses in value Information on investments in securitisation Reasons for material changes in income and expenses from last year to this An analysis of overall investment performance during period and by class Projections of investment performance and significant factors that could affect this over business planning time period Key assumptions firm makes on investment decisions on movement in interest rates, exchange rates, other market parameters over business time planning period Securitisation information including risk management procedures /

Business and performance 4 Other. Item Other income and expenses incurred plus comparison with previous reporting period Other income and expenses expected over business time planning period Any other material information on business and performance in a separate section / &

Systems of Governance 1. Basic information Item Structure of Board and Committees including descriptions of main roles and responsibilities and segregation in responsibilities within bodies and key functions Any material change taken place in governance in period Remuneration policy and practices : principles including split fixed/variable, individual and collective performance criteria, supplementary pension / early retirement schemes for Board members Material transactions with shareholders or people who exercise influence Information allows supervisor to understand governance arrangements and assess its appropriateness to strategy and operations Information on delegation of authority, reporting lines and allocation of functions Remuneration entitlements of Board over the reporting period and comparative with last period and reasons for any material change /

Systems of Governance 2. Fit and proper Item Description of firm s requirements on skills, knowledge, expertise key functions and people who run the organisation Description of process for assessing fitness and propriety of persons A list of persons in undertaking who carry out key functions Policies and processes established to ensure persons above are fit and proper /

Systems of Governance 3 Risk Management Systems Item Description of system including strategies, processes and reporting and how able to identify, measure, monitor, manage and report on continuous basis How implemented and integrated into organisational and decision making structure Risk management strategies, objectives, processes and reporting for each risk Information on significant risks exposed to over life time of insurances and how captured in solvency needs Information on significant risks identified not captured in SCR How firm fulfils prudent person principle in investment How verifies credit assessments from rating bodies and how ratings used Results of assessment of extrapolation of risk free rate, matching adjustment and volatility adjustment /

Systems of Governance 4 ORSA Item Description of process undertaken to conduct ORSA as part of risk management including how integrated within organisational structure and decision making How often ORSA is reviewed and approved by the Board Explain how determined own solvency needs given risk profile, capital management activities and its risk management system interact Description of how ORSA done, internally documented and reviewed How it is integrated into management and decision making /

System of Governance 5 Internal Control Systems Item Description of internal control system Description of how compliance function operates Information on key procedures of control system Information activities during the reporting period Information on compliance policy, process for review, frequency of review and any significant changes during reporting period /

Systems of Governance 6 Internal Audit Item Description of how internal audit function is implemented How internal audit maintains its independence and objectivity Description of internal audits performed during period with summary of material findings and any actions undertaken Internal audit policy, process for undertaking reviews of policy, frequency of reviews and any significant changes to policy Audit plan including future internal audits and rationale If carry out other key functions how you have assessed no conflict of interest and in line with proportionality /

System of Governance 7. Actuarial function Item How the actuarial function is implemented Overview of activities undertaken by actuarial function during the period and how contributes to the risk management system /

System of Governance 8. Outsourcing Item Description of the outsourcing policy, any critical outsourcing and where located the service providers including jurisdiction Rationale for critical or important function outsourcing and evidence of safeguards and oversight is in place Information on service providers of critical and important functions and activities and how ensure that complies with Article 274 of delegated Act fitness, data protection and so on List of persons responsible for outsourced key functions in service provider /

System of Governance 9. Other.. Item Assessment of adequacy of system of governance relative to nature, scale and complexity of risks inherent Any other material information? Any other material information? /

Risk Profile 1. Headings for information Heading Underwriting risk Market risk Credit risk Liquidity risk Operational risk Other material risks Any other information / & & & & & & &

Risk Profile 2. Risk exposure including off balance sheet Item Measures used to assess these risks including material changes The material risks that firm is exposed to including material changes How assets have been invested in accordance with prudent person principle so that risks can be managed Overview of material risks anticipated over business planning time period given business strategy and how these will be managed If sells or pledges collateral, the amount Where provides collateral, nature of collateral and assets and liabilities Material terms and conditions of collateral agreements Complete list of assets and how they have been invested Repo or securities lending arrangements including liquidity swaps Variable annuities terms on guarantee riders and hedging of guarantees /

Risk Profile 3 Loans, concentration and mitigation / Volume and nature of loan portfolio Description of material risk concentrations Overview of future material risk concentrations anticipated over business plan and how they will be managed Description of techniques for mitigating risks and processes for monitoring effectiveness of these techniques Description of risk mitigation considering over the business time planning period including rationale and effect of such techniques If hold collateral, value of collateral and information on material terms

Risk Profile 4. Liquidity risk and risk sensitivity Item With regard to liquidity risk, amount of expected profit in future premiums assumed Amount of expected profit in future premiums, result of qualitative assessment and methods and main assumptions used to calculate Risk sensitivity, methods used, assumptions made and outcome of stress testing and sensitivity analysis for material risks All other stress testing and sensitivity analysis, methods and assumptions and outcome /

Risk Profile 5. Other Item Quantitative information on dependencies of risk modules and of the BSCR Other material information / &

Valuation for solvency purposes 1. General Split between assets, technical provisions and other liabilities All require Item Value plus description of bases, methods and main assumptions used for each material line of business, asset and other liability Quantitative and qualitative explanation of any material differences in methods, bases and assumptions against that used in report and accounts If alternative methods are used, justify and describe method used, explain level of uncertainty and comparison against experience (equity release eg) If not following IFRS, need to explain why costs would be disproportionate /

Valuation for Solvency Purposes 2. Extra for technical provisions Item Best estimate and risk margin given separately Description of level of uncertainty Matching adjustment statement of use, description and policies covered and assigned assets plus impact of removing matching adjustment on technical provisions and on SCR / MCR, basic own funds and amount of own funds to cover SCR / MCR Volatility adjustment statement of use, and impact of removing as above Transitional risk free statement of use and impact of removing as above Transitional deduction statement of use, impact of removing as above Recoverables from reinsurance and SPVs Material changes in assumptions and methods from last time Assumptions on future management actions described Assumptions on policy behaviour /

Valuation for Solvency Purposes 3. Other Item Items on risk management on underwriting and reserving, claims management, asset liability management, investment risk management, liquidity management (including EPIFP), reinsurance management, concentration risk management and operational risk management Article 260. Any other material information /

Capital Management 1. Own funds Item Objectives, policies and processes for managing own funds, time horizon for business planning and any material changes over time period For each tier: amount, quality of own funds at end of reporting period and last including analysis of significant changes over period Eligible amount to cover SCR by tier Eligible amount of basic own funds to cover MCR by tier Quantitative and qualitative explanation of differences with Report and Accounts and excess of assets over liabilities for solvency purposes Transitional capital for basic own funds and ancillary own funds (Art 308b Dir) Description of any deduction / restriction from own funds Material terms and conditions of main items of own funds Expected movement in own funds over business planning period, redeem raise more Plans on replacing own funds subject to transitionals /

Capital Management 2. SCR and MCR Item SCR and MCR amounts at end of reporting period is it subject to approval PRA Amount of SCR split by risk modules if uses standard formula / risk categories internal model Whether standard formula using simplifications Whether using undertaking specific parameters (GI) Whether there is a capital add on Impact of USP and impact of capital add on and justification by supervisor Inputs used to calculate MCR Any material change in SCR / MCR over period and reasons for change Expected developments in SCR / MCR over business time planning period Estimate of standard formula SCR if internal model but required to give standard /

Capital Management 3. Duration based equity Item Indication using duration based equity after authorisation Amount of duration based equity capital /

Capital Management 4. Internal models Item Description of purposes of the internal model Scope of internal model by business units and risk categories If partial, how was it integrated into standard formula and any alternative methods How was the probability distribution forecast for the internal model Risk measure and time period used and why different from 0.5% over 1 year Description of nature and appropriateness of internal model Results of review of causes / sources profit and loss and how categorisation of risk chosen explains these sources / Whether and how much risk profile deviates from assumptions in internal model Future management actions assumed in Internal Model

Capital Management 5. Non compliance Item For MCR, amount non-compliance during time period, period and maximum amount each occurrence, explanation of origin and consequences, remedial measures taken and effect of remedial measures If MCR non-compliance not resolved, amount at end of time period Any significant non-compliance with SCR, similar information as for MCR If SCR non-compliance not resolved, amount at end of time period Any reasonably foreseeable risk of non-compliance with MCR or SCR and plans to ensure compliance maintained /

Capital Management 6. Others Item Any other material information IF USPs or a matching adjustment, are there any changes in information given in application for approval that are relevant to supervisory approval / /

Who does the work? Suggestions Business Performance CEO CFO System of Governance Company Secretary CEO CRO CRO CA CEO Risk Profile Valuation CA (tech provns) CFO Capital Management CRO CFO CA

How do you bring it together? Standard style Make someone own whole of document Make others own parts and provide glue on parts Committees and meetings

Timetable, transitional First year 20 th May 2017, then 2 week reduction every year until 14 weeks Suggest take longer to do this year end First year, do not need to state prior years. annually is every 3 years but need to submit a report showing any material changes for intervening years and provide concise explanation of cause and effect Is it easier just to submit every year?

How disclosed? has to be in PDF form on your website Clear sign posts to it from home page is a pdf uploaded to PRA reporting system Need to disclose anything which will affect materially the immediately it is known about.

Audit requirements (23/09/16) only Item Business and Performance System of Governance Risk profile Valuation for Solvency Purposes Capital Management Level of audit Should read and consider Should read and consider Should read and consider Overall reasonable assurance opinion Overall reasonable assurance opinion Note also, Solvency II firms are Public Interest Entities and require a higher degree of audit assurance in their Report and Accounts and are subject to quality assurance on their audits from FRC.

Experience to date?

REGULATION AND COMPLIANCE Chaired by Ravi Rastogi, Mercer Caroline Gardner, FCA Steve Dixon, SDA LLP Cheryl Martin, EY

Living with Cyber Risk Creating Trust in a Digital World Cheryl Martin 10 October 2016

Cyber security threats are constantly evolving Today s information security programs are challenged to effectively deliver value while managing business risk. Cyber security threats are constantly evolving, and target global corporations. Attackers today are patient, persistent, and sophisticated, and attack not only technology, but increasingly, people and processes. The challenges faced today that have altered expectations, strained resources, and caused a paradigm shift in information security processes. Consequently, organizations today need to alter their mindset on how to think about information security threats, risks, and capabilities. Living with Cyber Risk Seminar

GISS 2015 key survey findings 36% say it is unlikely they would be able to detect a sophisticated attack 59% see criminal syndicates as the most likely source of an attack today 57% say that lack of skilled resources is challenging Information Security s contribution and value to the organisation Page 56

2015 Global Information Security Survey (GISS) Highlights 42% of respondents say that knowing all their assets is a key information security challenge 27% say that data protection policies and procedures are informal, or that ad hoc policies are in place Specific insurance responses from the GISS Significant attacks are likely 59% of insurers discovered significant cybersecurity incidents within their organization Quantifying the damage 23% of insurers don t know the financial impact on their organization from cybersecurity incidents 7% of organizations claim to have a robust incident response program that includes third parties and law enforcement and is integrated with their broader threat and vulnerability management function 84% will spend the same or less on information security for IP over the coming year 70% will spend the same or less on security operations (antivirus, patching, encryption, etc.) 62% will spend the same or less on incident response capabilities over the coming year Detection is difficult 75% of insurers did not think it was very likely their organization would be able to detect a sophisticated attack Source of attacks 63% of insurers see criminal syndicates as the most likely source of cybersecurity attacks Constraints Viability of current approach to Cyber 34% have an informal vulnerability identification program and perform automated testing on a regular basis 56% of respondents defined data leakage/data loss prevention as a high priority for their organization over the next 12 months 89% of insurers sighted either lack of executive support or budget constraints as the main obstacle to effectively tackling cybersecurity 16% of Insurers believe that their approach to cybersecurity is fully meeting the needs of their organization Page 57 Living with Cyber Risk Seminar

EY cyber insurance solutions Meeting threat landscape and market environment demands Threat landscape Cyber risk is #1 operational risk The global financial impact of cyber crime ~$375-575bn in 2014 Increase in hacktivism, cyber extortion and cyber-espionage Vulnerabilities are often from third parties Increased risk of breaches from third party vulnerabilities VCs invested $1.4bn in 230 cybersecurity companies in 2013 alone 60% Undetected attacks 69% Victims notified by an external entity 205 Days from earliest evidence of compromise to discovery of compromise EY s cyber insurance solutions Cyber threat intelligence managing the threat exposure Data protection and data privacy quality identifying and protecting critical assets Identity and access management managing access through digital channels Cyber transformation aligning the security program with your digital strategy Cyber resilience enhancing the ability of digital platforms to withstand attack Cyber risk and insurance defining how much risk to take Market environment Increased regulation around collection, storage and use of data, Agreed EU Directive on Security and Breach Notification will be a catalyst to the development of cyber insurance market Severe penalties for loss of data and breach notification In the US cyber insurance products are widely available with more than half of Fortune 500 companies purchasing cyber coverage Lloyd s of London has implemented a separate cyber class code in 2015 Lloyd s is currently undertaking an aggregation exercise Sources: The Global State of Information Security Survey 2015,; Center for Strategic and International Studies (CSIS); CERT Australia; Forrester; Information Week, Bloomberg, M-Trends Report 2015, Mandiant Page 58

Why are organisations still so vulnerable? Page 59

How do you stay ahead? Page 60

What does your organisation require to build trust in a digital world? Knowledge of what can disrupt achieving your strategy Identification of your critical assets Cyber business risk scenarios Board risk appetite Assessment of cybersecurity maturity An improvement roadmap Tailored threat profiling and advanced Threat Intelligence A more advanced SOC Page 61

EY s Cyber Thought Leadership Global Information Security Survey Cyber Resilience Cyber Threat Intelligence Cyber Security and the Internet of Things Creating Trust in a Digital World EY s 18th Global Information Security Survey captures the responses of C- suite leaders and Information Security and IT executives representing most of the world s largest and mostrecognized global companies. Cybersecurity is more than a technology issue, and it cannot remain in the IT domain. It also cannot be the responsibility of any one member of the board it affects every level of a business and every part of the C-suite in different, often subtle and not easily recognized, ways. Achieving resilience in the cyber ecosystem Organizations cannot thrive in business on their own. Cyber resilience focuses on measures that an organization can take on its own to increase its security from external and internal threats as well as those it can collaboratively develop with business partners and industry peers. Collaboration across resilient networks can help organizations anticipate and mitigate cyber attacks. This report looks at the benefits of the cyber ecosystem and explains how, within its defined ecosystem, organizations need to continually reassess relationships and risks, adjusting as the business evolves; ensuring sustainable, resilient operations for the future. Cyber Threat Intelligence how to get ahead of cyber crime Getting ahead of cybercrime means knowing what is happening, how it is happening, identifying who is the threat, and determining if and when an attack can happen to you. It requires intelligence gathering, and the analytical ability to use that intelligence to make critical and strategic business decisions This report explains how CTI improves an organization s ability to anticipate breaches before they occur, and its ability to respond quickly, decisively and effectively to confirmed breaches. Cyber and the Internet of Things The internet of Things (IoT) is a future-facing development of the internet wherein objects and systems are embedded with sensors and computing power, with the intention of being able to communicate with each other. The ever-increasing networking capabilities of machines and everyday devices used in the home, office equipment, mobile and wearable technologies, vehicles, entire factories and supply chains, and even urban infrastructure, opens up a huge playing field of opportunities for business improvement and customer satisfaction The security of the thing is only as secure as the network in which it resides: this includes the people, processes and technologies involved in its development and delivery. This report explains how effective cybersecurity can only be achieved through being proactive and anticipating cybercrime. Page 62 Living with Cyber Risk Seminar

Questions & Answers The better the question. The better the answer. The better the world works.

REGULATION AND COMPLIANCE Chaired by Ravi Rastogi, Mercer Caroline Gardner, FCA Steve Dixon, SDA LLP Cheryl Martin, EY

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback