Office of the Superintendent of Financial Institutions
Superintendent Jeremy Rudin
Office of the Superintendent of Financial
Institutions Canada (OSFI)
KPMG's 27th Annual Insurance Conference
December 6, 2018
DATE/DATE: December 06, 2018 15:45 ET
LOCATION/ENDROIT: Metro Toronto Convention Centre, North Building, 255 Front St. W., Toronto, ON
SUBJECT/SUJET: OSFI Superintendent Jeremy Rudin speaks to the KPMG 27th Annual Insurance Conference on what's the impact of regulation now and for the future.
Chris Cornell: Our guest certainly needs no introduction to this group. We're honoured to have Jeremy Rudin with us today, the Superintendent of OSFI to join me for a conversation about a variety of regulatory trends and topics, both present and future. Jeremy, maybe I'll have you come up, and I'll give a few career highlights you're walking up. How does that sound?
So Mr. Rudin was appointed Superintendent of Financial Institutions in June 2014 for a seven-year term. Prior to joining OSFI, Mr. Rudin served six years as Assistant Deputy Minister of Financial Sector Policy Branch at the Department of Finance. In this role, he led development of policy measures to support access to credit during the global financial crisis, and as well he contributed to many other financial sector policy issues. He's represented Canada on a number of standing committees on the Financial Stability Board, including the Resolutions Steering Committee and the Standing Committee on Standards Implementation.
So it's certainly an honour to have Jeremy here with us today. We really appreciate you taking the time out of your busy schedule to join us. And if you don't mind having a seat, we'll get started.
Jeremy Rudin: OK.
Chris Cornell: Thank you very much.
Jeremy Rudin: Thank you. (Applause).
Chris Cornell: So Jeremy, we kicked off our session this morning talking a lot about global trends. And Laura Hay, our Global Insurance Lead, talked about certainly the current political environment, all the various trends around the globe, whether it be climate change. What are some of the things that OSFI thinks about from a global perspective that are going to have an impact on Canadian insurers?
Jeremy Rudin: I'd be glad to talk about that. Just let me give the context, really for all of my remarks. Our mandate when it comes to insurance, if I have to squeeze it into a single sentence, is protect the interests of the policy holders, other creditors to the insurers, while recognizing the importance of allowing the insurers to compete effectively and take reasonable risks. And the tools that we have are all prudential tools. So this makes us very interested in sketching out a range of severe yet plausible circumstances that can arise. We want to make sure the insurers are able to navigate through those severe yet plausible scenarios, continue to provide financial services to Canadians, continue to command the confidence of the public. So that's how we look at the global trend environment. So you had a whole presentation on this, and you don't want me to answer just one question. So I'll focus on two particular trends that we think are most extant for the insurance industry in the context of where's the severe but plausible scenario. And these are climate change and technological change.
On the climate change front, we think of there being three ways in which this can affect the insurance industry. The first, and I suppose the most obvious, is just the change in the climate having direct physical risks, so flood, fire, etcetera. And this is the bread and butter of much of the property and casualty industry. There's a sense in which there's nothing new here. But the newness is the change in the climate, the change in the distributions of and the likelihood of these outcomes, and the great challenge of keeping up with this change, which means, as it's happening, that past experience is less representative of what the future will be. So that's a particularly important area.
Second area, yet to emerge but might yet, is liability. So we're used to this in the P&C industry: long-tailed, you know, really late-arriving liability claims: most familiar with this in the area of asbestos, which has been a major issue; starting to see it in tobacco, in some jurisdictions at least; and it's possible but it's by no means certain that this will also arise in the context of climate change as it has in tobacco. So far too soon to know, but there's pot—some potentially big exposures there under certain circumstances. In the severe but plausible, they're there.
And the third area is in the area of investment risks. So everybody's got assets to back their liabilities. There's an overlap here between the physical risk and the investment risk to the extent that changes in the climate can affect directly the value of investments, so think of the value of oceanfront property if, you know, sea levels are going to rise dramatically. That can make a difference. But the bigger exposure, the more extant and, I would say, the more difficult issue, is uncertainty about what policies that governments are going to bring in in order to try to reduce greenhouse gas emissions and how that can affect the value of the investment portfolio. And there's always policy risk in investment, but this is particularly acute now. So we think of those areas specifically of climate change.
Now we'll probably come back to technology, but I'd just mention briefly that that's the other big global trend. And I know you've been preoccupied with this, as we all are. And in insurance, I'll just enumerate a few but not all of the ways in which this can arise. So new sources of data – telematics; new risks to insure – cyber risk; and the changes in distribution – that can have a big impact on the industry. But I'm betting we'll come to that.
Chris Cornell: I'm sure we will. Is there any other emerging risks that you see from an OSFI perspective that this group should be concerned about?
Jeremy Rudin: Well, one thing that we're definitely trying to build up our experience with so that we're better positioned to regulate and supervise is an area – a somewhat ill-named area that we call non-financial risk. So – and if anybody's got a better name for that, tell me because we could really use one.
Why does a prudential regulator care about non-financial risk? We're talking about the types of risks that aren't immediately financial, but they can lead to prudential issues, so: operational risk more classically; conduct risks; technology risk more broadly; cyber security risks, for example. So we're certainly trying to build up our expertise and our approach in that regard, and we're focusing not just on supervising risk management and risk prevention, but resilience. So how, if an operational event occurs – and of course we want to minimize those – how robust is the organization to be able to get back up on its feet?
Cyber resilience-recovery is extremely important, and an area we need to pay more attention to. And it's a more complicated area, both for us and for the industry, because when it comes to financial risk, so you've got capital in reserves. That's a pretty generic buffer against financial losses. They're not specific. You know, it's – got capital in reserves, they're good whether it's a underwriting problem in personal lines or it's losses on catastrophes or its market risk. You can measure it, you can aggregate it, and you can raise or lower it – of course our business mainly raise – to compensate. But in the non-financial space, it's hard to measure what the resilience is. It probably isn't all that generic. And so I think that's an important area that we're paying more attention to, and we expect the industry to pay more attention to it as well.
Chris Cornell: The theme of our conference is the future now, and you mentioned a couple of items. Certainly there's been a lot of discussion about digital technology today, a lot of discussion of data and analytics, I think Colm Holmes used a term: data ocean. And so from a regulator and prudential perspective, that data that's available, and the privacy issues that surround that, what's your view on how the industry is doing in terms of protecting that data? And certainly there's been lots of discussion in the papers around Statistics Canada recently coming out and saying that they're going to review their policies around data. So maybe just a comment on what you think from an industry perspective how insurers are doing.
Jeremy Rudin: In terms of the legislative or regulatory regime for data protection, that's not going to be OSFI who sets that for the insurance industry. It's going to be the PIPEDA Act. But of course market conduct in Canada a provincial jurisdiction as well. We pay attention, and an increasing amount of attention, to conduct and compliance because we recognize that it can be a prudential issue. And so we have emphasized this increasingly with the firms that we regulate, both in banking and insurance. We've got a whole guideline that's called Regulatory Compliance Management. And our emphasis there is that we expect our firms to be aware of and have a robust framework in place for making sure they comply the many and varied regulations and legislation they're subject to, whether it's in Canada or abroad. And so, from that perspective, we'll be keeping a close on eye on it, but it will be other regulators who, at the end of the day, will say – or the courts potentially – you're offside that privacy statute or you're not.
Chris Cornell: OK. Great. The ladies just talked a lot about innovation in their presentation, and certainly that's not something that's immune from the regulators. And so maybe talk a little bit about how regulators are trying to keep up with innovation, and as well, innovating themselves to stay ahead of maybe what's coming from the industry.
Jeremy Rudin: We have to look, as I said, at what's going on in the industry from a prudential point of view. Lots going on in terms of client interaction, that sort of thing. Because that's not directly in our area of responsibility, things we're focused on would be the following: data and techniques that are used for underwriting and pricing. So sound underwriting, pricing adequacy. We're not in the business of regulating pricing, but we don't want people to price unknowingly in a way that was going to drive them out of business.
So that's been a longstanding area that we have focused on, but what's changing is the data that's available and the techniques that are available. So you can use quite a lot of different data; you can use artificial intelligence and machine learning techniques. These give rise to new types of model risk that are going to be important from a prudential point of view. How is the industry going to manage that model risk, and how are we going to supervise it? That's an important area for us that we need to keep up on.
Another is distribution, as we were discussing. You're going to be a successful insurer, I don't have to tell you you've got to succeed at distribution as well. You might not be doing the distribution yourself, but nonetheless, you've got to be able to connect to the customer in some way. In other countries, more so than Canada, distribution has been changed – dare we say disrupted – so what is the plan of the industry and the individual companies to navigate through that? That can certainly become a prudential issue.
And the last one, we talked about this, and you've heard more about it earlier today. There's a lot of partnerships, a lot of third-party relationships. This is a longstanding trend in the financial sector in Canada, spurred very much by technology: insurers, banks as well, disassembling themselves. So you know, various functions that are done outside of the organization, and this creates new risks – operational risks, cyber risks. It can certainly be risk reducing. So you move your IT into the Cloud. It's certainly possible that their cyber security is better than what you could provide in house. It's not inherently risky, but it creates a new type of risk where you've got all these relationships to manage, and we're concerned that, as more and more is outsourced, or done through partnerships, the firm itself, the thing we regulate, begins to erode its ability to actually oversee those third parties. So third-party risk management, that's going to be a growing area for us.
Now, very briefly, can we use new sources of data and technology? Absolutely we can. I gave a whole speech about this. It's sitting on our website. I gave it in June. It's 20 minutes. I have 18 minutes and 23 seconds, so I'm going to give the whole speech. No, I'm not. But the elevator version of the speech is data science is going to be very important for regulators and supervisors. It's going to be so important we can't afford to leave it to the data scientists. And if all we do is try to pick up techniques that are used in the private sector and apply them in a not-very-thoughtful way to what we do, we're not going to move the yardsticks very much.
Chris Cornell: We did a publication this summer called Voices 2030, so looking at financial institutions in the year 2030 and what they're going to look like. One of the things we talked to was regulators from around the globe, and specifically some in Asia talked about regulating more activities than necessarily industries. And so appreciate your views just on that, Jeremy, in terms of whether it's collaboration from the regulators across the globe in connection with these types of activities, and maybe what you see moving forward.
Jeremy Rudin: So we're the prudential regulator.
Chris Cornell: Yeah.
Jeremy Rudin: And the nature of prudential regulation is it's focused on entities. And it needs to be focused on entities because we're there to protect the interests of the policy holder and the other creditors, and their interest is in the survival of the entity itself. If you take just a simple-activities-as-separate-activities approach, you're going to miss that the whole is great – or sometimes less – than the sum of its parts.
So you think of a policy holder. They've got a personal policy from a P&C company. It's a diversified P&C company. They've got personal lines, they've got commercial lines. Even if the personal lines are well managed, well reserved, well capitalized, that policy holder's exposed to what's going on on the commercial side. It doesn't matter how well. If we just focus on the personal lines are well run, the policy holder nonetheless is not necessarily protected. So there's got to be somebody focusing on the entity because the policy holder wants his or her coverage to continue, and if he or she's got an outstanding claim if and when the insurer fails, they're very much exposed.
That said, we've long taken an activity-oriented approach. Many people in this room have experienced what we call a significant activity review. That's where we pick a particular part of the business and go through it very carefully. Our capital requirements are sort of built up from an activity basis. And internationally, the IAIS is interested in looking at systemic importance less from the point of view of systemically important and more systemically important activities. And so there's a tendency in this regard, but it's not, in my view, ever going to go exclusively to an activity-based approach because that would miss the point on the prudential side.
Chris Cornell: Let's switch gears a little bit maybe to reinsurance. So back in June 2018, OSFI released a discussion paper on reinsurance. I think many in the industry saw this as a key step in OSFI's commitment to maintain an effective regulatory approach to reinsurance. What have you heard on the discussion paper, the feedback from that, and what would be the next steps from an OSFI perspective on that?
Jeremy Rudin: In the paper we lay out three phases that we're going to deal with in reinsurance because there's a fair bit to do. Reinsurance has become increasingly important over time. I think, with climate change, it will become even more important. We hadn't reviewed our reinsurance framework for a good ten years, so it was more than overdue.
The first phase, which is well into the consultation phase, is to fix some anomalies – I was going to say evident anomalies, but they weren't all that evident to us because it took us a little while to find them – in the capital requirements to get more of a level playing field and eliminate some arbitrage opportunities. That's pretty straightforward.
The second phase, which is attracting quite a bit of attention, as well it should, is the phase where we look at reinsurance risk management. Well, reinsurance, it's a very valuable thing for insurers and makes a very important contribution to the market as a whole. After all, the nature of insurance, the economics of it, is all about diversification. That's one of the ingredients, in any event, that makes insurance valuable and profitable. And through reinsurance, you get access to a wider diversification pool so you can offer higher limits, you can insure different perils, you cannot bet your entire company against an earthquake in one city. So it's extremely important.
What happens with reinsurance, as people in this room know better than I, as you reinsure, as a direct writer you're trading off direct insurance risk, which you ought to know pretty well, and for which we have a well-elaborated capital regime, for a counterparty credit risk with your reinsurer. And that counterparty credit risk is an area where we're expecting, as in any counterparty credit risk, a lot of attention to assessing the quality of the counterparty and an attention to concentration. And those are the two areas where we certainly feel that, at least in some firms at some times, more attention needs to be paid. So we'll be looking at changes both to our reinsurance guidelines, sound reinsurance practices, but also to the concentration limits. And that's generating a lot of interest, and as well it should.
Chris Cornell: OK. We've gone 18 minutes and we haven't talked about IFRS 17, so that might be a record for an accounting and consulting firm. But certainly, since our discussion last year with Neville, there's been a lot of change in connection with the standard. So certainly OSFI has gotten its first and semi-annual reporting from all the insurers, and so I'd appreciate your comments on that, and things that you've seen. A lot of our sessions today have talked about implementation issues and things of that nature, so your perspective on where you see the industry right now in connection with the standard, recognizing that we have received this one-year deferral.
Jeremy Rudin: Yes. I thought you were going to say reprieve.
Chris Cornell: Yeah, no. (Laughs).
Jeremy Rudin: Implementing IFRS 17, it's a big project. Everybody tells me that in the industry. I'm here to tell you it's a big project at OSFI as well. And we're very conscious of the fact that the industry is, pretty much to a firm, concerned about the operational risk that's involved in meeting the deadline, even the somewhat reprieved deadline, and so we want to make sure that we're supportive and that we get all the things that we need to do out of the way as quickly as possible so that it's not an additional demand near the end of the project.
So we have looked at our own accounting guidance, and we do have the authority to narrow-range a practice in certain areas. And the restrictions or the narrowing that we're going to impose is quite minimal, and it's already out there. So that's one contribution. The other big area that we need to do is we need to adapt the capital requirements, both in property and casualty and in life to the new accounting basis. And our view is that the accounting basis, in and of itself, shouldn't change required capital; but what is required, because we use a lot of balance sheet information in the capital requirements, some of the things that we use as risk proxies are being redefined or they're going to disappear, so we've got to get that adapted so that we can use the new accounting basis as much as possible.
So we've done drafts of those already, got them out to the industry for comment. We have comments coming in. We really appreciate that. I know people are busy, but the same days as they'll switch over to IFRS 17 they'll still have a capital requirement, so people understand that. And we want to be able to do at least one quantitative round in order to assess how well our first cut at this is working. But this is going to be a challenge for everybody because we're trying to do an assessment of what the new capital regime will do under an accounting basis that does not yet exist so that it'll be ready on the day we flip the switch. So we've been getting, I think, good cooperation from the industry, and we count on getting that going forward.
In terms of the updates, you know, they're coming in. I have to say the most illuminating update I got was when I saw the industry, which it's entirely entitled to do, ask for a two-year delay.
Chris Cornell: Yes. Yeah.
Jeremy Rudin: OK? That's a lot more interesting information, as far as I'm concerned.
Chris Cornell: Yeah. Maybe some perspective of where they're at with their transition, right? Yeah, for sure. Any learnings? You know, IFRS 9 came in recently for the banks, which was a massive project for them. They've gone through their first year now of reporting. Any learnings that this group could take away from that massive project that the banks recently went through, from your perspective?
Jeremy Rudin: Well, I think the most important learning from that project is that it is a big project, and that it's absolutely in everyone's interest, including the individual firms, to get out as far ahead of it as possible. Now we've got this one additional year. Well, I think it's very important that firms continue to push ahead. Again, I'm triangulating between the one-year reprieve and the two-year requested. So that means that a lot of firms believe that they're still in a bit of a race. And it's very (important) not to back-end load this, or don't gamble about another reprieve – very important. What happens otherwise is you get this pile-up right at the end, and there's a risk that you don't make it, or the risk you do make it but that it creates this operational fragility in the firm. Because if anything else arises in the year that you're looking to use, the last year or the last six months, there aren't the resources in the firm to be able to tackle it. That's imprudent, so don't do that. That's my message.
Chris Cornell: OK. Well, that's great advice. I think that's what we've been telling our clients as well, so it's great to hear we're on the same page.
Jeremy Rudin: We're aligned with the accounting firms.
Chris Cornell: Yeah. Yeah.
Jeremy Rudin: Look at that.
Chris Cornell: Imagine that, right? Yeah. Let's quickly turn to the role of external directors. Now, a couple of months ago, OSFI published its final corporate governance guideline. I think a lot of people in the audience certainly appreciated the principles-based approach to governance. We're also aware that some focus groups have taken place between directors and certainly OSFI on that. We would appreciate your comments on some of those things that have come out of the focus group or any issues or items that you think would be good to share with our audience today.
Jeremy Rudin: Yeah, I'd be glad to. We made these changes in large part because of feedback from the industry. The industry and directors had told us that our approach to corporate governance was too detailed, it was too prescriptive, it was burdensome, it was getting in the way of effective corporate governance rather than reinforcing it. And so we looked into this, and we made a list of everything we had in our guidance – not just in the corporate governance guideline, which was already pretty principles-based, but there were 30-odd other pieces of guidance that had requirements for boards of directors that indeed were a pretty dense thicket of fairly complicated, pretty prescriptive, and not always coherent stuff. So that was really valuable feedback.
Effective corporate governance is extremely important from the prudential point of view, strategy, risk, audit, oversight of senior management. These are really essential functions that boards do from a prudential point of view, and we need to be part of the solution and enable that rather than be part of the problem. So we took a very ambitious approach: we stripped all of that detailed stuff out of all the other guidance; beefed up to some extent but not very dramatic change, but nonetheless useful changes to the corporate governance guideline; and we said OK, we're going to administer this on a principles-based approach.
And the feedback that we got – and we collected this from the consultation process, but we're definitely getting it in the industry seminars that we're giving; there's one even going on today – was OK, it's all well and good to say you're principles based, but if you supervise the way you used to, you're going to undo all of that good work. And that's important feedback, and that's exactly right. And it's one of the reasons why we're doing these industry seminars.
We've done a lot of preparatory work in the organization to bring all of our supervisors up to date on the new approach. The lead supervisors will be really the point people about supervision of corporate governance and the administration of the corporate governance guideline. And we do need to get everyone on the same page, and we need to equip our supervisors, who before had a bit of a checklist that they could go through, with the skills that they can use and the support they need to take a principles-based approach, which we think is going to be much more effective.
Chris Cornell: That's great. You – you mentioned earlier that we'd probably come back to digital and cyber security, so we will do that. Within this new principles-based approach, and some of the skill sets that directors are going to need as we look towards the future, do you think that insurers and companies are doing enough to address these new risks and some of the qualities that are needed on the board to be ableto manage those risks?
Jeremy Rudin: All boards are different, all companies are different. We've certainly seen over the last ten years, since the financial crisis, whether it's because we put this requirement in the corporate governance guideline or not I couldn't tell you, but there's certainly been a greater diversity of experience and skills on boards, which is important, at the same time as there's a greater emphasis on risk and financial sector experience. So that's come along. Some pace faster, some pace slower. What's important from our perspective, particularly as we move to this more principle-based approach, is to task the board with its responsibility to keep an ongoing view about what the skill sets it needs and to go out and look for them. And you know, that's going to evolve over time, so that's not something that we want to prescribe.
Chris Cornell: Gotcha. OK. I think it's been about four years, Jeremy, since you visited us last, and I was going through some of the remarks and notes. And at that time we were in a low-interest rate environment, and the price of oil was quite low, and certainly the last couple of months we've seen that the interest rates are obviously rising but there's been some serious decline in the price of oil. So from your economic point of view, the Canadian economy, how you think it's going to do, and certainly from an insurer's perspective, what they should keep in mind from that perspective.
Jeremy Rudin: Well, from an OSFI perspective, you know, what's important is not what's likely to happen; what's important is what could happen. We're not in the prediction business; we're in the prevention business. So the severe but plausible scenario is the one that we want people to be paying attention to.
I was recently having a discussion with a financial sector firm – I won't name them, obviously – who said, we're looking ahead to the next recession now, we're paying a lot more attention to that, why didn't you ask us about that. I said because you should always be getting ready for the next recession. The idea that you can predict when recessions are going to happen and what they're going to look like is simply false. If you look at the lag time between economists start saying there's going to be a recession and when we're actually in a recession, the lag time is approximately zero. It takes a while for the data to come out, so people are saying we're going to go into a recession. That's more or less, you know, in the quarter in which growth actually turns negative.
So we don't want to ever presume that people aren't prepared for the severe scenario. But what's important, especially in the insurance industry, is to be thinking about how is a recession going to affect our business. It's not like a large, diversified bank. It's going to be more specific to the geography, perhaps even the lines of business. This is why the ORSA process has been so valuable. Other forms of stress testing, even outside of ORSA, can be really useful. And it's something that needs to be customized by the firm to the firm's own risks.
Chris Cornell: Great. Just one final question for you. So last year we had Neville here for this group, and we asked him what his Christmas wish was, and he said a deferral of IFRS 17. (Laughter). And so obviously Santa's listening to whatever we're talking about at this panel. So maybe as we – as we go into the holiday season, what would be your wish list for the insurance industry (inaudible)?
Jeremy Rudin: Well, look. I know everybody's really busy. Everybody was busy before IFRS 17 and changes to capital requirements, changes to corporate governance. But now, you know, people who are really busy are even more busy. And we've all got our phones, we've all got our tablets, we can all work just about anywhere, we can work just about any time, and I know many of us do work just about everywhere and just about all the time. So I think, you know, my wish for the industry would be that, at least over the holidays, you have time to connect with your family, with your friends, to connect with things that are even more important than providing insurance to Canadians. That's my wish. (Laughter).
Chris Cornell: OK. Great. (Applause). Well, Jeremy, certainly thank you very much for your time today. We really appreciate it. I think it's been some great insights for our guests, and certainly for us as at KPMG as well. And so thank you for joining us. You're always welcome. We'll certainly extend the invitation for next year early. And and on behalf of everyone here today, thank you for your insight.
Jeremy Rudin: Thank you. It's been a pleasure. (Applause).
Chris Cornell: Thank you very much. That was great.