When we talk about actuarial compliance, we usually limit this to our strict actuarial work field.
In a broader sense as 'risk managers', we (actuaries) have a more general responsibility for the sustainability of the company we work for.
Compliance is not just about security, checks, controls, protection, preventing fraud, ethical behavior. Moreover compliance is the basis of adequate risk management and delivering high standard service and products to your companies clients.
Pisa Compliant
No matter how brilliant and professional our calculations, if the data - on which these calculations are based on - are 'limited', 'of insufficient quality' or 'too uncertain', we as actuaries will finally fail.
Therefore , building actuarial sandcastles is great art, however completely useless. Matthew 7:26 tells us : it's a foolish man who builds his actuarial house on the sand....
And so, let's take a look if we have indeed become 'Pisa Compliant' by checking if our actuarial compliance is build on sand or on solid ground. In other words: let's check if actuarial compliance itself is compliant...nd.
Actuarial Data Governance
To open discussion, let's start with some challenging Data Governance questions:
And some more questions you have to deal with as an actuary:
This interesting topic will be considered in my next blog.... ;-)
To lift a little corner of the veil, just a short practical tip to conclude this blog:
This type of question is a typical case of:
Answer.
In a broader sense as 'risk managers', we (actuaries) have a more general responsibility for the sustainability of the company we work for.
Compliance is not just about security, checks, controls, protection, preventing fraud, ethical behavior. Moreover compliance is the basis of adequate risk management and delivering high standard service and products to your companies clients.
Pisa Compliant
No matter how brilliant and professional our calculations, if the data - on which these calculations are based on - are 'limited', 'of insufficient quality' or 'too uncertain', we as actuaries will finally fail.
Therefore , building actuarial sandcastles is great art, however completely useless. Matthew 7:26 tells us : it's a foolish man who builds his actuarial house on the sand....
And so, let's take a look if we have indeed become 'Pisa Compliant' by checking if our actuarial compliance is build on sand or on solid ground. In other words: let's check if actuarial compliance itself is compliant...nd.
Actuarial Data Governance
To open discussion, let's start with some challenging Data Governance questions:
- Data quality compliance
How is 'data quality compliance' integrated in your actuarial daily work? Have you addressed this issue? And if so, do you just rely on statements and reports of others (auditors, etc), can you agree upon the data quality standards (if there are any). In other words: are the data, processes and reports you base you calculations on, 100% reliable and guaranteed? If not, what's the actual confidence level of your data en do you report about this confidence level to the board?
- Data quality Conformation
Have you checked your calculation data set on bases of samples or second opinions?
And if so, do you approve with the methods used, the confidence level and the outcome of the data audit?
Or do you just 'trust' on the blue eyes of the accountant or auditor and formally state you're "paper compliant"?
Did you check if client information, e.g. pension benefit statement, are not only in line with the administrative data, but also in line with insurance policy conditions or pension scheme rules?
- Up to date, In good time
To what quantitative level is the administrative data 'up to date' and is it transparent?
Do you receive administrative backlog and delays reporting and tracking and if so, how do you translate these findings in your calculations?
- Outsourcing
From a risk management perspective, have you formulated quantitative and qualitative demands (standards) in outsourced contracts, like 'asset management', 'underwriting' and 'administration' contracts?
Do you agree on these contracts, do 'outsourcing partners' report on these standards and do you check these reports regularly on a detail level (samples)?
And some more questions you have to deal with as an actuary:
- Distribution Compliance
Is the intermediary and are the employers and customers your company deals with, compliant? What's the confidence level of this compliance and in case of partially noncompliance, what could be the financial consequences? (Claims)
- Communication Compliance
Is communication with employees, customers, regulators, supervisors and shareholders compliant? Has your board (and you!) defined what compliance actually means in quantitative terms?
Is 'communication compliance' based on information (delivery and check) or on communication?
In this case, have you've also checked if (e.g.) customers understood what you tried to tell them?
Not by asking if your message was understood, but by quantitative methods (tests, polls, surveys, etc) that undisputed 'prove' the customer really understood the message.
Effective Communication Practice
Never ask if someone has understood what you've said or explained. Never take for granted someone tells you he or she 'got the picture'.
Instead act as follows: At the end of every (board) presentation, ask that final and unique question of which the answer assures you, your audience has really understood what your tried to bring across.
Checking Compliance
Now we get to the quantitative 'hard part' of compliance:How to check compliance?
This interesting topic will be considered in my next blog.... ;-)
To lift a little corner of the veil, just a short practical tip to conclude this blog:
Compliance Sample Test
From a large portfolio you've taken a sample of 30 dossiers to check on data quality. All of them are found compliant. What's the upper limit of the noncompliance rate in case of a 95% confidence level?
From a large portfolio you've taken a sample of 30 dossiers to check on data quality. All of them are found compliant. What's the upper limit of the noncompliance rate in case of a 95% confidence level?
This type of question is a typical case of:
“If nothing goes wrong, is everything alright?”
Answer.
The upper limit can be roughly estimated by a simple rule of thumb, called 'Rule of three'....
In this case one can be roughly 95% sure the noncompliance rate is less than 10% (= 3/30). Interesting, but slightly disappointing, as we want to chase noncompliance rates in the order of 1%.
Working backwards on the rule of three, a 1% noncompliance rate would urge for samples of 300 or more. Despite the fact that research for 46 international organizations showed that on average, noncompliance cost is 2.65 times the cost of compliance, this size of samples is often (perceived as) too cost inefficient and not practicable.
Read my next blog to find out how to solve this issue....
Related Links:
- Actuarial Compliance Guidelines
- What Is The Right Sample Size For A Survey?
- Epidemiology
- Probability of adverse events that have not yet occurred
- The True Cost of Compliance (2011)
- 'Rule of three'
- Compliance testing: Sampling Plans (accounting standards) or Worddoc
'Rule of three for compliance tests'
If no noncompliant events occurred in a compliance test sample of n cases, one may conclude with 95% confidence that the rate of noncompliance will be less than 3/n.In this case one can be roughly 95% sure the noncompliance rate is less than 10% (= 3/30). Interesting, but slightly disappointing, as we want to chase noncompliance rates in the order of 1%.
Working backwards on the rule of three, a 1% noncompliance rate would urge for samples of 300 or more. Despite the fact that research for 46 international organizations showed that on average, noncompliance cost is 2.65 times the cost of compliance, this size of samples is often (perceived as) too cost inefficient and not practicable.
Read my next blog to find out how to solve this issue....
Related Links:
- Actuarial Compliance Guidelines
- What Is The Right Sample Size For A Survey?
- Epidemiology
- Probability of adverse events that have not yet occurred
- The True Cost of Compliance (2011)
- 'Rule of three'
- Compliance testing: Sampling Plans (accounting standards) or Worddoc