This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page

references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.

Governance Section
General governance requirements

(pages 5-6)

Existing
l

Governance standards

Risk management standards (risk governance) - structure for governance that supports risk management by providing clearly defined
accountabilities, expectations and reporting requirements for all parties

Operational processes minimum standards:

key business and operational processes must be properly documented

directors and staff should understand all the operational and business processes relevant to their role

Risk management standards - effective risk policy, subject to regular review

NEW
l

Regular internal review of the system of governance

Written policies for:

internal control

internal audit

outsourcing

Policies for risk management, internal control, internal audit and outsourcing reviewed at least annually

Processes for the identification and management of emerging risk issues

Fit & Proper Requirements

(page 7)

Existing
l

l
l

Underwriting Byelaw, para 42A, (appointments to senior positions) - fit and proper requirements for directors/partners/active underwriters/run-off
managers
Lloyds process for notification and amendment of appointments to all senior positions, including active underwriters and run-off managers
Governance standards

New
l

N/A (no significant changes to Lloyds requirements and processes anticipated at this stage)

Risk Management

(pages 8-9)

Existing
l

Risk management standards - governance structure to support the management of risk

Risk management standards:

risk policy setting out risk management strategy, covering each risk category

risk management process - risk identification and assessment, monitoring and reporting

Risk management standards - process to identify all significant risks

Risk management standards (risk governance) - structure of the risk management function

ICA guidance minimum standard: Mapping to the risk register

Contingency plans operational processes minimum standards - appropriate business continuity plans

New
l

Risk management function will need to address the following tasks relating to the internal model:

design and implementation

testing and validation

documentation

informing the Board about the performance of the model

analysis of the performance of the model and production of summary reports

Contingency planning (considered in a wider sense than operational business continuity)

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page
references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.

ORSA

(pages 10-11)

Existing
l

N/A (this is a new requirement under Solvency II consistent with the principles of the ICAS regime)

New
l

Demonstrate the link between risk and capital management:

the assessment must be driven by risk appetite

consideration should be given to all risks that the business faces, including those that fall outside the SCR calculation (this applies whether
the standard formula or an internal model is used)

the ORSA should form an integral part of the business strategy and be taken into account on an ongoing basis in strategic decisions

Set out the methods used to determine overall solvency needs, including:

assessment at different confidence levels eg as required for SCR, economic capital

longer term considerations ie assessment beyond the 12 month time horizon used for regulatory capital

Be updated annually as a minimum:

agents will also need to revisit the ORSA in line with their own needs/material changes in the business

frequency of reassessment will be key in demonstrating use

agents will be required to inform Lloyds of the results of any reassessment of the ORSA

Internal control

(page 12)

Existing
l

Internal controls as covered by existing franchise standards (including underwriting, claims, and risk management)

Underwriting byelaw (paragraph 40) - compliance officer appointment

New
l

Compliance function to advise on laws, regulations etc relating to Solvency II

Assess the possible impact of changes in the legal environment on operations and the identification and assessment of compliance risk

Internal Audit

(page 13)

Existing
l

Risk management standards - assurance processes

Risk management standards - ensuring independence between risk management and assurance processes

New
l

Internal audit function, independent from the operational functions of the business

Where outsourced, internal audit must remain subject to effective internal oversight

Internal audit should provide assurance over compliance with all internal strategies, processes and reporting procedures

Internal audit will also need to assess whether the internal control system remains sufficient and appropriate for the business

Internal audit findings:

should be reported to the Audit Committee and/or Board on a timely basis

Audit Committee and/or Board will be responsible for ensuring compliance with findings

Internal audit reporting lines

Actuarial function

(page 14-15)

Existing
l

Lloyds Valuation of Liabilities Rules (governing the production of Statements of Actuarial Opinion and technical provisions)

GN20 Actuarial reporting under the Lloyds Valuation of Liabilities rules

New
l

Each syndicate will need to ensure they have an actuarial function

Contribute to implementation of risk management system

Have relevant experience and expertise

Express an opinion on the overall underwriting policy

Express an opinion on the adequacy of reinsurance arrangements

Outsourcing

(page 16)

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page
references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.
Existing
l

Operational processes minimum standards - outsourced activities should be properly monitored and controlled

New
l

Where functions are outsourced, agents will remain fully responsible for discharging all of their duties under the draft Directive

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page
references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.

Technical Section
Supervisory Reporting & Public Disclosure (pages 17-18)
Existing
l

Requirement to submit information to Lloyds for annual regulatory return to the FSA

Provide syndicate annual reports to Lloyds and the FSA

Report financial and solvency position to Lloyds on a quarterly basis

New
l

Final requirements will not be clarified until Level 2 but it is envisaged that a new set of regulatory reporting forms will be developed

Valuation of Liabilities

(page 19-20)

Existing
l

Lloyds Valuation of Liabilities Rules

GN20 Actuarial reporting under the Lloyds Valuation of Liabilities rules

New
l

Calculate technical provisions as specified under QIS4:

definition of best estimate

cashflows

risk margin

premium provisions

Own Funds

(page 21)

Existing
l

Syndicate assets comply with GENPRU

New
l

N/A (Lloyds do not anticipate applying any additional requirements for assets held at syndicate level over and above the draft Directive
requirements)

Use and approval of internal models

Use Test

(pages 23-24)

Existing
l

Risk Management standards, capital allocation:

the capital assessment should be driven by the key business risks

sound and appropriate capital assessment methodology

organisation understands key drivers of its capital requirements

Lloyds ICA Guidance and Minimum Standards:

the need to demonstrate clearly the link between the risk framework and the ICA calculation

consistency with the syndicate business plan (SBF)

embedding the ICA

the need to reflect the agents position against the franchise standards in the ICA

the importance of the involvement of senior management and the Board in deriving and challenging the capital assessment

the requirement for an amended ICA where the risk profile of the syndicate has changed materially or a new SBF is submitted during the year

New
l

Demonstrate use of the model in the business

Process for review of the internal model

Board and senior management understanding and constructive challenge

Consider the impact on the SCR where the model is re-run to reflect changes in the business

Changes to the risk management framework, including the modelling process:

formal approval by Board/senior management

appropriate adjustments to be made when the risk profile changes

Clear link and consistency between the capital element of the internal model and other elements

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page
references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.
Statistical quality standards

(pages 25-26)

Existing
l

Extent of reliance on syndicate data

Reference should be made to market data but needs to be adjusted to reflect syndicate characteristics

Data should not be excessively smoothed as this is likely to understate volatilities

New
l

Expect the person responsible for any analysis supported by data to sign off that data meets criterion allowing for proportionality

Calibration Standards

(pages 27-28)

Existing
l

Model should be calibrated using a VaR measure with a 99.5% confidence level, over a one year period

Non modelled risks should be calibrated to the 99.5% confidence level and a suitable aggregation method should be used

The model must be able to calculate a separate ICA for each syndicate covering all years of account of the syndicate combined

The model should allow output into constituent risk groups and be capable of showing the result by risk group both pre and post diversification

The drivers of risk in each risk group should be identified and described

The model should allow sensitivity testing of the main parameters as requested

Prescribed sensitivity tests are required as part of ICA pro-forma

New
l

Model should be flexible enough to allow for outputs other than the 1:200 level result

Output must address Solvency II risk categorisations for comparison with standard formula SCR

Profit & loss attribution

(page 29)

Existing
l

Provide analysis of model output against actual loss experience

Review validity of past data over time as trends emerge and experience changes

New
l

Explicit back testing of the model is required

Comparison of model output to emerging experience on a timely basis (expected to be at a class of business level)

Analysis of emerging experience versus model expectations may need to be regularly reported to Lloyds

Validation Standards

(pages 30-31)

Existing
l

Stress tests are needed to validate the model output for reasonableness and to help with calibrating assumptions

Stress and scenario tests must be relevant to their business and sufficiently extreme to represent the 1:200 level

Sufficient data over and above a syndicates own data should be considered and additional stress tests performed on uncertain assumptions

All models must be subject to sensitivity analysis

Management and Board understanding of sensitivity testing

Validate ICA against ECR and explain differences

New
l

Output of internal model will have to be compared against standard formula SCR for at least first two years of internal model use

Validation function should be independent of the person parameterising the model to allow objective and robust challenge

Board should have overall responsibility for validation - management information on validation should be presented to the board and challenged
by it

Validation of the model should be carried out at least annually (appropriate frequency should be assessed by materiality)

Goodness of fit of probability distributions should be tested where statistical techniques are used, including both the choice of distribution and the
parameters

Actual vs expected analysis should be part of the validation process (expected to be at a class of business level)

Validation should consider not only emerging claims experience but all new data including:

non-claims experience that could affect the profit and capital position

new external quantitative information

qualitative information, both internal and external

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page
references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.
l

Validation should check that all risks in the risk register are modelled and if not modelled there should be written justification

Assessment of accuracy, completeness and appropriateness of data should form part of the validation process. Data quality and model sensitivity
should drive design of calibration

Documentation should be adequate enough to allow independent verification of the validation process

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

This template should be used in conjunction with Lloyd's "Guidance notes on gap analysis March 2009" and page
references are included below. Additional notes on completion of the relevant columns are included at the foot of
this document.

Documentation Standards

(2)
(1)
Do
What further
(3)
(5)
you understand
work/help is
Do you
(4)
Action
the requirement required to reach currently meet Where are you
required to
sufficiently at
an
this
short on this
address any
this stage
understanding
requirement
requirement
shortfall/ gap

(6)
When do you
envisage you
will be able to
meet this
requirement

(7)
Who will be
responsible for
actions on this
requirement

(9)
(8)
Estimated time
required to
address gap

Level of
resource
needed to
address gap

(10)
Current status
on
requirement R
/ A /G

(pages 32-33)

Existing
l

Explain the approach to deriving the ICA and how it links together the business plan, key risks inherent in the business, related risk management
processes and practices and the capital required by the risks

Why the methodology chosen is appropriate to the syndicates business, taking account of its risk profile, risk appetite, track record with respect
to risk experience and exposure and the key principles upon which the ICA is based

The approach adopted towards the quantification of risk and the rationale for this approach

The stress and scenario tests used and why they are appropriate for the business

The sensitivity of key assumptions

The overall ICA figure split by major risk category, before and after diversification

The allocation of capital across risk groups and the rationale and method used to derive the figures for each

All Lloyds minimum ICA standards must be addressed

New
l

Cover the operational details of the internal model as well as the design

Address articles 118-122 and 124

Be detailed and complete enough to allow a skilled and knowledgeable professional to replicate the model

Detail the theory underlying the internal model and be relevant to complexity of model

Highlight any areas where model is deemed not to perform effectively (model weaknesses) and detail how these are addressed

Outline the policy for changing the model

All changes should be documented on an ongoing basis (model to be revisited regularly and updated as necessary in line with risk profile of
business)

External models and data

(page 34)

Existing
l

Set out how Board/senior management are engaged in process particularly where outsourcing/consultants used

Use of external cat models/ESG ICA must allow for possibility of model error or risks not captured in external models

External loss databases, such as ORIC (operational risk consortium) for operational risk, to supplement own data when assessing 1:200 losses

New
l

Any reliance on external supplier to be documented together with role of product(s) and extent to which they are used

Able to demonstrate thorough understanding of use and limitations of any vendor software/products used

Document process undertaken to ensure external data/model chosen is appropriate to risk profile and should include sufficient sensitivity and
scenario testing to validate use

Clear strategy for regular review of any external models/data sources used

Notes
1 Agents should detail whether they currently feel they have a sufficient understanding of the requirement and what it is trying to achieve, bearing in mind that further guidance and detail will be provided going forward as the Level 2 implementing measures are developed. Agents should
also consider the extent to which the understanding of the requirement is shared across the organisation.

2 Details should be provided as to what additional work the agent feels needs to be completed by them in order for the appropriate people at the agency to reach an adequate level of understanding of the requirement. Agents should also include here anything that Lloyds could do or
provide to assist in reaching this understanding.

3 Agents should state whether they currently meet both the new and existing requirements.
4 Where the agent has identified a shortfall in meeting any of the expected requirements, they should provide detail as to where the gap arises.
5 For each identified gap, detail should be provided as to what actions are planned in order for the agent to address this gap and meet the requirement as it is currently envisaged.
6 For those requirements not currently met, agents should state the approximate date by which they expect to become compliant (in particular whether they expect to have addressed any gaps in time for the dry running process).
7 Agents should state the name and job title of those individuals responsible for completing each specific action identified.
8 An indication of the time required to address this gap (e.g. in person months) should be provided.
9 Agents should estimate here the amount and level of resource necessary to become compliant with the requirements where these are not currently met. In particular, agents should highlight areas where they expect that additional resource will be required and what form this additional
resource will take.

10 Agents should select a status of red, amber or green to reflect the size and nature of the gap identified, and the level of risk associated with not complying with the requirement by the time of Solvency II implementation.