Professional Documents
Culture Documents
XYZ
Table of content
The scope of the validation process does not only apply to the system used to calculate the
group’s solvency capital requirements, but encompasses aspects of related actuarial
systems, as well as the review of inputs, model results and use, IT systems, and governance
arrangements.
The following expected business outcomes drive the requirements for systems, processes
and controls outlined in this validation policy:
• The mandatory requirements for model validation (and reporting thereof) under
Solvency II,
One single • The process to ensure the on-going appropriateness of the model (including
validation policy is requirements for reporting to the executive management and board); and
required. The
policy should
apply to all BUs
• The process whereby weaknesses and potential improvements are reported and can
that will use the be fed back into model design.
internal model.
The document sets out the group rules required for model validation and do not apply to local
business units.
• As a minimum, model validation should meet the requirements for validation set out in
RMF can be the Solvency II Directive, Level 2 implementing measures, Level 3 binding technical
supported by other standards and must consider non-binding Level 3 guidance.
functions, but not
replaced • Independent validation of the model should be led by the risk management function
and reviews should be performed by the risk management function replaced in
particular areas by other functions reviews,
Regular validation
cycle
• Validation should involve a regular cycle of model reviews, with periodic reporting to
executive management and the group board,
Proportionality
assessed from
• All validation work should be planned and performed to a level that is proportionate
the group from the group perspective. In adopting this approach XYZ is focusing validation
perspective only. efforts only on the most significant assumptions and processes, and ensuring that the
structure of the review corresponds to the perceived level of risk. Remaining areas do
Application of the
proportionality not require validation to be performed.
principle in such a
way that validation The completion of a satisfactory Model Validation Report produced under this policy is a
in some areas requirement for Solvency II internal model supervisory approval.
would never take Validation report
place. required
1 Purpose and scope
1.1 Introduction and objectives
This validation policy (the ‘policy’) sets out the business requirements for validation of the
internal model and supporting risk systems (the ‘model’) for XYZ Group.
The policy has been written to be used by the management teams responsible for model
development and the model validation process only.
XYZ requires that there is an appropriate model validation process in place, in order to ensure
that the internal model and supporting risk systems are fit for purpose. Ensuring fitness for
purpose includes:
• Specify the requirements and minimum standard for the validation process and
reporting for the XYZ group;
• Designate roles and responsibilities in respect of all the aspects of the model
validation;
• Set out the process to ensure the on-going appropriateness of the model;
• Set out the process whereby weaknesses and potential improvements are reported
and can be fed back into the model design;
• Set out the scope and limitations of the validation policy itself, and the process to
ensure the on-going appropriateness of the policy; and
Proportionality
assessed from the • To comply with the requirements of Articles 101, 112, 113 and Articles 120 to 126 of
group perspective the Solvency II Directive.
only.
Processes and controls should be designed and operated to satisfy the mandatory
requirements set out in this policy based on the nature, scale and complexity of the group
business and the nature of risks and challenges the group faces.
This policy applies to the group. It is the responsibility of the risk management function to
Risk management define the detailed scope and objectives of the validation at the outset of each review, in
function
responsibility
accordance with this policy, the Solvency II Directive, Level 2 Implementing Measures and
Level 3 binding technical standards, and must consider non-binding Level 3 guidance. The
scope includes methods and assumptions underlying the valuation of stressed balance
Independence sheets (e.g. assets, technical provisions and own funds).
from model 1.3 Validation principles
development as
well as model The principles guiding the policy are as follows:
operation and use
should be kept.
RMF should • Independence – the validation processes and reporting should be independent from
check tests and the development of the internal model and supporting risk systems, however in case
analysis of the validation of the local elements, independence is ensured by the revision of
performed and
tests and analysis conducted by local models developers performed by the group risk
make own ones.
management function.
The group board is responsible for approving this model validation policy, and making sure it
is adhered to, regularly reviewed and updated as necessary. On a day to day basis the
responsibility for ensuring this policy is adhered to and remains fit for purpose has been
delegated to the group risk management function.
On a day-to-day basis the board responsibilities are delegated to the group's risk
management function which is responsible for demonstrating at the outset of each validation
cycle that the respective entities and the group are compliant with the applicable regulatory
standards and Implementing Measures pertaining to the scope of the validation review
The risk management function oversees each cycle of the model validation. The purpose is to
oversee the appropriateness and timeliness of the review and escalation, and to ensure
RMF responsibility
executive management involvement in the review.
If the risk management function or other functions lacks the resources for effective
independent review, they may use external support in the validation process (subject to the
requirements set out in this policy).
Regular review of The specific timing of the validation activity should be agreed.
the validation
policy with board
approval It is the responsibility of the risk management function to ensure that this policy is reviewed at
least annually and more frequently if there is a significant change in regulatory environment,
to ensure that it remains fit for purpose and captures all relevant legislative requirements.
The conclusions of this review (and if applicable the proposed revisions) must be presented to
the XYZ group board.
Regular review of
the validation
1.4.4 Role of internal audit
process Model validation processes and validation reporting should be subject to periodic independent
review by internal and external auditors to ensure that implementation is effective and is
carried out in compliance with this policy and any relevant regulatory standards.
It is the responsibility of the group risk director to ensure that the tasks set out in the validation
process create and maintain independence over time. The independent review of the
validation process by the group’s internal audit must consider whether independence has
been implemented effectively.
1
In practice, the validation process should recognize that if model changes are implemented in
response to an independent review, then the subsequent review by the same reviewer in future
validation cycles may result in decreased independence over time.
In adopting this approach XYZ is focusing validation efforts on the most significant
assumptions and processes, and ensuring that the structure of the review corresponds to the
perceived level of risk.
The nature and materiality of risks will change over time and this must be considered in
developing the validation plan. Reliance may be placed on review work carried out in a
3
previous validation cycle .
Fit for use • Summary descriptions of the validation that has been performed.
mentioned.
• Whether the model is fit for the purpose for which it is used and compliant with
applicable regulatory requirements.
Validation
methods
The model validation process must employ each of the techniques set out above as a
minimum; however, additional techniques may be used, for example benchmarking.
Planning
• Timing of review and terms of reference
• Terms of reference for third party
engagement agreed (e.g. role of Internal
Audit Function, scope and timing of peer
review) (Risk)
• Approach and materiality thresholds
Lack of
documentation,
model governance,
model use. 3.3 Validation process
The minimum required techniques are prescribed in the regulatory requirements. A summary
of the validation tools that are mandated by this policy is given below
3.3.1 Data
Data comes from both internal sources and external sources. It includes policy data and
All data should be market data. For policy data the validation process must test to ensure that the data is
validated consistent with the information on the firm’s policy administration system. Externally provided
market data do not need to be checked as long as are widely used by other market
participants.
If data problems are identified during the validation process then the validation report must
appraise senior management and the board of the problems and the implications; specifically
the implication for reliance on the model outputs. In some cases it may be necessary for the
firm to devote more resources to the problem, and the Validation Report may recommend
Some inputs into the group’s Models may be determined by a separate model, which itself
has inputs, processes and outputs. These must be validated following the principles set out in
this policy. Appropriateness of the methods and assumptions must be considered when
validating the model. If assumptions are appropriately derived from publicly available data
then a sample do not need to be checked for accuracy.
Many of the model assumptions will be calibrated through financial market analysis or
analysis of industry or firm specific experience for insurance risk. Management’s view on
potential future events may also be relevant in setting assumptions. The modelling team must
be able to provide a clearly documented rationale for these assumptions.
Assumptions must be routinely compared to actual experience. If, over a period of several
years the experience is significantly different from that assumed in the model then the
assumptions should be changed to reflect experience. This must be reviewed in the validation
process.
Model outputs derived from the methods and assumptions must produce a capital
requirement which provides an equivalent level of protection to 99.5% value at risk over a
one-year period.
The suitability of an individual expert must be considered during the validation process.
Relevant factors would include whether the individual fulfils the criteria for an expert
Expert judgment in prescribed in the XYZ’s internal standards, and whether the individual is free from potential
the scope of the bias. As a minimum, the validation process must consider these factors and (a) the overall
validation process. reasonableness of the expert’s methods and rationale, (b) the track record of expert
judgement applied and (c) whether the use of expert judgement in the model is consistent
with the scope and documented rationale of the expert reviewer or expert panel.
The results of sensitivity analysis should be considered when assessing the materiality of
expert judgement and to focus the validation process accordingly. Expert judgement models
and assumptions should be benchmarked to the extent this is possible.
Backtesting shall be applied at various levels of the business activity. The extent of
backtesting performed must be proportionate to the data available and materiality of the risks.
The XYZ should identify areas, targets and measures for backtesting.
Where significant concerns arise here, as in other areas of validation, during the validation
process these must be escalated in a timely manner.
Escalation path The model validation report may include a response to issues raised in the report. Material
defined. issues arising in the process of completing the validation work must be escalated to the group
CEO in a timely manner by the team carrying out the validation work. In the first instance
issues identified during the risk management function validation work should be escalated to
the CRO (if applicable) who should discuss and agree remedial action plans.
3.3.9 Limitations
RMF responsibility
for model In some cases it may be appropriate to rely on the validation work of other parties, for
validation
interfered. example as a result of internal resource constraints. Where this is the case, care should be
taken to ensure that third parties have the necessary skills and expertise to conduct the
review and that the reliance on the work of third parties is appropriate. Validation performed
by qualified third parties does not require risk management function to carry out any additional
activities. In such a case validation report is delivered by an external party directly to the
group board.
Limitations specific to each periodic review must be documented as part of the validation
process; for example time constraints or resource constraints in respect of the model
validation work.
The validation processes and procedures must constantly evolve as the risk profile of the solo
entities (and group) changes, as the models develop and as new validation tools become
available. This policy must be reviewed at least annually to ensure it remains fit for purpose
and complies with all relevant requirements.