SYSC 16.1 Application

1 SYSC 16.1 applies to an insurer unless it is:

1. (1)

   a non-directive friendly society; or

2. (2)

   an incoming EEA firm; or

3. (3)

   an incoming Treaty firm.

SYSC 16.1 applies to:

1. (1)

   an EEA-deposit insurer; and

2. (2)

   a Swiss general insurer;

only in respect of the activities of the firm carried on from a branch in the United Kingdom.

This section does not apply to an incoming ECA provider acting as such.2

Firms should also see GENPRU 1.2 (GENPRU 1.2.64G to GENPRU 1.2.78G) and INSPRU 3.1.

1. (1)

   The purpose of this section is to amplify SYSC 14 insofar as it relates to market risk.

2. (2)

   Market risk includes equity, interest rate, foreign exchange (FX), commodity risk and interest rate risk on long-term insurance contracts. The price of financial instruments may also be influenced by other risks such as spread risk, basis risk, correlation, specific risk and volatility risk.

3. (3)

   This section does not deal with the risk management of market risk in a group context. A firm that is a member of a group should also read SYSC 12 (Group risk systems and controls) which outlines the FSA's requirements for the risk management of market risk within a group.

4. (4)

   Appropriate systems and controls for the management of market risk will vary with the scale, nature and complexity of the firm's activities. Therefore the material in this section is guidance. A firm should assess the appropriateness of any particular item of guidance in the light of the scale, nature and complexity of its activities as well as its obligations as set out in Principle 3 to organise and control its affairs responsibly and effectively.

High level requirements for prudential systems and controls, including those for market risk, are set out in SYSC 14. In particular:

1. (1)

   SYSC 14.1.19R (2) requires a firm to document its policy for market risk, including its risk appetite and how it identifies, measures, monitors and controls that risk;

2. (2)

   SYSC 14.1.19R (4) requires a firm to document its asset and liability recognition policy. Documentation should describe the systems and controls that it intends to use to comply with the policy;

3. (3)

   SYSC 14.1.19 R requires a firm to establish and maintain risk management systems to identify, measure, monitor and control market risk (in accordance with its market risk policy), and to take reasonable steps to establish systems adequate for that purpose; and

4. (4)

   In line with SYSC 14.1.11 G, the ultimate responsibility for the management of market risk should rest with a firm'sgoverning body. Where delegation of authority occurs the governing body and relevant senior managers should approve and adequately review systems and controls to check that delegated duties are being performed correctly.

SYSC 14 requires a firm to establish, maintain and document a business plan and risk policies. They should provide a clear indication of the amount and nature of market risk that the firm wishes to incur. In particular, they should cover for market risk:

1. (1)

   how, with particular reference to its activities, the firm defines and measures market risk;

2. (2)

   the firm's business aims in incurring market risk including:

   1. (a)

      identifying the types and sources of market risk to which the firm wishes to be exposed (and the limits on that exposure) and those to which the firm wishes not to be exposed (and how that is to be achieved, for example how exposure is to be avoided or mitigated); and

   2. (b)

      specifying the level of diversification required by the firm and the firm's tolerance for risk concentrations (and the limits on those exposures and concentrations).

The market risk policy of a firm should be endorsed by the firm'sgoverning body and implemented by its senior management, who should take adequate steps to disseminate the policy and train the relevant staff such that they can effectively implement the policy.

The market risk policy of a firm should enforce the risk management and control principles and include detailed information on:

1. (1)

   the financial instruments, commodities, assets and liabilities (and mismatches between assets and liabilities) that a firm is exposed to and the limits on those exposures;

2. (2)

   the firm's investment strategy as applicable between each insurance fund;

3. (3)

   activities that are intended to hedge or mitigate market risk including mismatches caused by for example differences in the assets and liabilities and maturity mismatches; and

4. (4)

   the methods and assumptions used for measuring linear, non-linear and geared market risk including the rationale for selection, ongoing validation and testing. Methods might include stress testing and scenario analysis, asset/liability analysis, correlation analysis, Value-at-Risk (VaR) and options such as delta, gamma, vega, rho and theta. Exposure to non-linear or geared market risk is typically through the use of derivatives.

A firm should have in place appropriate risk reporting systems that enable it to identify the types and amount of market risk to which it is, and potentially could be, exposed. The information that systems should capture may include but is not limited to:

1. (1)

   position information which may include a description of individual financial instruments and their cash flows; and

2. (2)

   market data which may consist of raw time series of market rates, index levels and prices and derived time series of benchmark yield curves, spreads, implied volatilities, historical volatilities and correlations.

Having identified the market risk that the firm is exposed to on at least a daily basis, a firm should be able to measure and manage that market risk on a consistent basis. This may be achieved by:

1. (1)

   regularly stress testing all or parts of the firm's portfolio to estimate potential economic losses in a range of market conditions including abnormal markets. Corporate level stress test results should be discussed regularly by risk monitors, senior management and risk takers, and should guide the firm'smarket risk appetite (for example, stress tests may lead to discussions on how best to unwind or hedge a position), and influence the internal capital allocation process;

2. (2)

   measuring the firm's exposure to particular categories of market risk (for example, equity, interest rate, foreign exchange and commodities) as well as across its entire portfolio of market risks;

3. (3)

   analysing the impact that new transactions or businesses may have on its market risk position on an on-going basis; and

4. (4)

   regularly backtesting realised results against internal model generated market risk measures in order to evaluate and assess its accuracy. For example, a firm should keep a database of daily risk measures such as VaR and options such as delta, gamma, vega, rho and theta, and use these to back test predicted profit and loss against actual profit and loss for all trading desks and business units, and monitor the number of exceptions from agreed confidence bands.

A firm should take reasonable steps to establish systems and control procedures such that the firm complies with the requirements of GENPRU 1.3 (Valuation).

The systems and controls referred to in SYSC 16.1.11 G should include the following:

1. (1)

   the department responsible for the validation of the value of assets and liabilities should be independent of the business trading area, and should be adequately resourced by suitably qualified staff. The department should report to a suitably qualified individual, independent from the business trading area, who has sufficient authority to enforce the systems and controls policies and any alterations to valuation treatments where necessary;

2. (2)

   all valuations should be checked and validated at appropriate intervals. Where a firm has chosen not to validate all valuations on a daily basis this should be agreed by senior management;

3. (3)

   a firm should establish a review procedure to check that the valuation procedures are followed and are producing valuations in compliance with the requirements in this section. The review should be undertaken by suitably qualified staff independent of the business trading area, on a regular and ad hoc basis. In particular, this review procedure should include:

   1. (a)

      the quality and appropriateness of the price sources used;

   2. (b)

      valuation reserves held; and

   3. (c)

      the valuation methodology employed for each product and consistent adherence to that methodology;

4. (4)

   where a valuation is disputed and the dispute cannot be resolved in a timely manner it should be reported to senior management. It should continue to be reported to senior management until agreement is reached;

5. (5)

   where a firm is marking positions to market it should take reasonable steps to establish a price source that is reliable and appropriate to enable compliance with the provisions in this section on an ongoing basis;

6. (6)

   a firm should document its policies and procedures relating to the entire valuation process. In particular, the following should be documented:

   1. (a)

      the valuation methodologies employed for all product categories;

   2. (b)

      details of the price sources used for each product;

   3. (c)

      the procedures to be followed where a valuation is disputed;

   4. (d)

      the valuation adjustment and reserving policies;

   5. (e)

      the level at which a difference between a valuation assigned to an asset or liability and the valuation used for validation purposes will be reported on an exceptions basis and investigated;

   6. (f)

      where a firm is using its own internal estimate to produce a valuation, it should document in detail the process followed in order to produce the valuation; and

   7. (g)

      the review procedures established by a firm in relation to the requirements of this section should be adequately documented and include the rationale for the policy;

7. (7)

   a firm should maintain records which demonstrate:

   1. (a)

      senior management's approval of the policies and procedures established; and

   2. (b)

      management sign-off of the reviews undertaken in accordance with SYSC 16.1.11 G.

Risk monitoring is the operational process by which a firm monitors compliance with defined policies and procedures of the market risk policy. The firm's risk monitoring system should be independent of the employees who are responsible for exposing the firm to market risk.

The market risk policy of a firm may require the production of market risk reports at various levels within the firm. These reports should provide sufficiently accurate market risk data to relevant functions within the firm, and should be timely enough to allow any appropriate remedial action to be proposed and taken, for example:

1. (1)

   at a firm wide level, a market risk report may include information:

   1. (a)

      summarising and commenting on the total market risk that a firm is exposed to and market risk concentrations by business unit, asset class and country;

   2. (b)

      on VaR reports against risk limits by business unit, asset class and country;

   3. (c)

      commenting on significant risk concentrations and market developments; and

   4. (d)

      on market risk in particular legal entities and geographical regions;

2. (2)

   at the business unit level, a market risk report may include information summarising market risk by currency, trading desk, maturity or duration band, or by instrument type;

3. (3)

   at the trading desk level, a market risk report may include detailed information summarising market risk by individual trader, instrument, position, currency, or maturity or duration band; and

4. (4)

   all risk data should be readily reconcilable back to the prime books of entry with a fully documented audit trail.

Risk monitoring may also include information on:

1. (1)

   the procedures for taking appropriate action in response to the information within the market risk reports;

2. (2)

   ensuring that there are controls and procedures for identifying and reporting trades and positions booked at off-market rates;

3. (3)

   the process for new product approvals;

4. (4)

   the process for dealing with situations (authorised and unauthorised) where particular market risk exposures exceed predetermined risk limits and criteria; and

5. (5)

   the periodic review of the risk monitoring process in order to check its suitability for both current market conditions and the firm's overall risk appetite.

Risk monitoring should be subject to periodic independent review by suitably qualified staff.

Risk control is the independent monitoring, assessment and supervision of business units within the defined policies and procedures of the market risk policy. This may be achieved by:

1. (1)

   setting an appropriate market risk limit structure to control the firm's exposure to market risk; for example, by setting out a detailed market risk limit structure at the corporate level, the business unit level and the trading desk level which addresses all the key market risk factors and is commensurate with the volume and complexity of activity that the firm undertakes;

2. (2)

   setting limits on risks such as price or rate risk, as well as those factors arising from options such as delta, gamma, vega, rho and theta;

3. (3)

   setting limits on net and gross positions, market risk concentrations, the maximum allowable loss (also called "stop-loss"), VaR, potential risks arising from stress testing and scenario analysis, gap analysis, correlation, liquidity and volatility; and

4. (4)

   considering whether it is appropriate to set intermediate (early warning) thresholds that alert management when limits are being approached, triggering review and action where appropriate.

High level requirements for record keeping are set out in SYSC 14.

In relation to market risk, a firm should retain appropriate prudential records of:

1. (1)

   off and on market trades in financial instruments;

2. (2)

   the nature and amounts of off and on balance sheet exposures, including the aggregation of exposures;

3. (3)

   trades in financial instruments and other assets and liabilities; and

4. (4)

   methods and assumptions used in stress testing and scenario analysis and in VaR models.

A firm should keep a data history to enable it to perform back testing of methods and assumptions used for stress testing and scenario analysis and for VaR models.