© Lloyd’s A warm Welcome to The Control framework broker conference 17 th September 2013

© Lloyd’s Luke Savage Lloyd’s director of finance & operations

© Lloyd’s Control framework broker conference 9:00 Arrival and breakfast 9:15Welcome and background to control framework 9:25 International regulation and the Control Framework 9:45Tax and the Control Framework 10:00 Delivery roadmap and project tools 10:20 BREAK 10:35Data quality and coverholder audits 10:45Hiscox – Lloyd’s Control Framework: A managing agents’ view 11:00Integro – Brokers’ view into the Control Framework 11:15 Q & A 11:35 CLOSE 11:45Find out more – Crystal, Risk Locator Tool, the Exchange Luke Savage Andrew Gurney Helen Halliwell Jaana Rouvari Peter Montanaro Mandy Horne Dan Lott All Ali Dove

© Lloyd’s 2012 International regulation and the control framework Andrew Gurney, Senior Manager, International Licences 2013

© Lloyd’s 2012 The global regulatory environment More regulations G20/FSB response on banks New supervision frameworks Disproportionate regulation Significant global initiatives Systemic risk and “SIIs” Global supervision of “IAIGs”/Comframe Sanctions Reformed regulatory structure

© Lloyd’s 2012 Our Local Rules Ensure level playing Field and Use of Local Rules Much Stronger Consumer Protection Rule out Intermediary Conflict of Interest Modern Solvency Regulation Calibrated to local exposures Key regulatory concerns

© Lloyd’s 2012 Threats to Lloyd’s competitive market access 53 Regulatory Issues Across licensed territories

© Lloyd’s 2012 lloyd’s market access challenges Existing licences New licences Existing licences

© Lloyd’s 2012 Lloyd’s Prudential challenges Issues “Level playing field” Issues IFRS / Local GAAP Issues Assurance Issues “Performance data” Issues Country specific solvency / ORSA More data More reporting More local assets

© Lloyd’s 2012 Where does the Control Framework fit into this? ► Regulators seeking ever more information ► Lloyd’s data increasingly subject to audit or other assurance work ► Best defence is good underlying data, and systems and controls around data that inspire confidence and a trust relationship with regulators

© Lloyd’s Tax and the control Framework Helen Halliwell, Senior Manager, Lloyd’s Taxation 2013

© Lloyd’s 2012 Changing Environment ► Fiscal crises ► Tax authorities getting smarter and sharper ► Starbucks, Amazon, eBay, Google, …. ► Greater international cooperation ► Greater exchange of information All these equal more active and more aggressive approaches by tax authorities

© Lloyd’s 2012 What are we seeing in practice? ► Increasing number of audits – e.g. French income tax, Canadian provincial premium tax, German premium tax and more ► Recurring audit programme ► Ad hoc queries from tax authorities on particular transactions ► Insureds taking greater interest in ensuring taxes are being handled correctly

© Lloyd’s 2012 Where does the Control Framework fit into this? ► Lloyd’s adopts a low risk approach to tax ► We make every reasonable effort to be compliant and be seen to be compliant ► We are subject to tax audits from time to time ► Best defence is good underlying data, systems that inspire confidence and a relationship of trust with the tax authorities

© Lloyd’s 2012 What is the impact of bad data? ► Unexpected tax to pay ► Drop in profitability ► Undermines tax authorities’ confidence in Lloyd’s data and systems ► Increased risk of further audits, more time spent dealing with queries ► Increased risk of penalties ► Increased international cooperation means an issue can spread to other territories

© Lloyd’s Delivery road map and project tools Jaana Rouvari, Project Manager, Market Operations 2013

© Lloyd’s What is it? 17  Identifies for the first time explicit minimum information requirements covering tax and regulatory reporting.  A structured, documented process that allows managing agents to demonstrate they have adequate controls in place.  Nothing new!

© Lloyd’s WHO does it affect? 18 Phase I – Completed 39 managing agents successfully signed off on time! Phase II – Commenced in July 2013  Coverholder business.  Key stakeholders- managing agents, London brokers and coverholders worldwide.  Presentations at Market Forums to focus on ensuring quality of information.  Our own page on Lloyds.com.  Monthly Breakfast Group for managing agents and brokers. Control Framework is the managing agents’ responsibility Phase I Service Companies- Completed Phase II Coverholders- December 2014 Phase III Open Market- TBC

© Lloyd’s Coverholder risk rating Complexity of business written Nature of operations Single vs. Multiple Territories? Regional Complexity? Lines of Business? Premium written? Historic Issues? Use of Lloyd’s Tools? Lloyd’s reporting standards? Coverholders resources?

© Lloyd’s How it’s implemented 20 Information Requirements Risks How the risks apply Controls described or defined Evidence gathered Confidence gained Process for continuous improvement to ensure data quality

© Lloyd’s The risk model 21 RISK Requirements are not understood 1 There are many reasons why this risk may crystallise. It could be that the person interpreting the requirements does not have the requisite skills or experience, human error, or the requirements being unclear or ambiguous HOW IT MAY TRANSPIRE Data capture is inadequate 2 This may relate to data not being captured, being captured more than once (duplicate) or that the data captured is erroneous. It may also be that data is not refreshed at the appropriate point (if relevant). Data is processed incorrectly 3 Between capture and reporting data will undergo some form of processing. In some cases this will be about using different elements of data to compute other information, but it also relates to things such as erroneous report definitions. Typically, this risk can also be used to cover security and continuity risks, but given the specific focus in the Operating Principles these have been broken out. Data is corrupted 4 Data may be corrupted accidentally or on purpose. Typically this involved inadvertent or erroneous changes to data when it is being adapted outside of core processing systems. Data is lost and cannot be recovered 5 This is most likely to crystallise where historic information is not contained in core processing systems that are subject to a robust backup regime, but in end user computing facilities such as spread sheets or user maintained databases.

© Lloyd’s Risk in the distribution chain 22 Existing controls Further mitigation?

© Lloyd’s Coverholder audit 23

© Lloyd’s24 Managing agent Delivery road map Q3 2013Q4 2013Q1 2014Q2 2014Q3 2014Q Month Analysis Phase for each MA to size the project Confirmation of project delivery timescale Assess risks Identify controls and gaps Develop remediating controls Implement controls Test controls & procedures in operations Confirm evidence for sign off SIGN OFF!

© Lloyd’s Board Sign-off… 25

© Lloyd’s Lloyd’s project structure 26 Executive Sponsor Luke Savage Project Board Helen Halliwell - Tax Andrew Gurney- International Regulatory Affairs Peter Montanaro- Delegated Authorities Rob Humphreys- Market Operations Ali Dove- Market Operations Programme Manager Ali Dove Project Team Jaana Rouvari- Project Manager John Hibbert- Stakeholder Manager Laura Fletcher- Business Analyst Lucy Evans- PMO

© Lloyd’s 2012 BREA K …Continues at 10:35

© Lloyd’s 2012 Data quality and coverholder Audits 2013 Peter Montanaro, Head of Delegated Authorities

© Lloyd’s 2012 Key Topics ► Coverholder Audits ► Frequently asked questions

© Lloyd’s 2012 Data quality ► How does the Coverholder determine and record the risk location for a risk from a regulatory perspective for entry into their system? ► How does the Coverholder determine and record the risk location for a risk from a tax perspective for entry into their system? ► How does the Coverholder determine the relevant taxes to apply? ► How does the Coverholder determine the tax liability for the insured or insurer? ► What controls are in place to ensure that data does not become lost? ► Does any data transformation take place? ► Does the coverholder conduct sample data entry and reporting quality control checks?

© Lloyd’s 2012 Frequently Asked Questions ► Isn’t this going to upset our coverholders ? ► Why don’t we just mandate the standards ? ► What about restricted coverholders ? ► Any other questions ?

Lloyd’s Control Framework: A Managing Agent’s View Mandy Horne – Head of HSL Broker and Data Governance – Hiscox Group September 2013 presentation for Lloyd’s Control Framework Broker Conference

Introduction Who am I?

Why are we doing this? 34 Lloyd’s Managing Agents are ultimately directly responsible for multiple territory regulatory and tax compliance when using Lloyd’s licences Coverholders, acting on our behalf, have a duty to us and to Lloyd’s to ensure that they are acting compliantly and collecting and reporting correct data Brokers, especially those who play an active part in the enrichment of coverholder data, have a duty to us and to Lloyd’s to effectively manage the coverholder relationship and ensure we receive accurate coverholder data

Location of risk = Tax Regulatory country = Tax authority payment Regulatory reporting Licence reporting = Territory regulator Tax authority Lloyd’s Incorrect data is the root cause of many regulatory and tax issues          What happens when ANY OF US get it wrong?

And what are the potential impacts for ALL OF US? 36 Country regulatory and tax issues resulting in fines Loss of privileges to write in specific territories Reputation tarnished in the market and within Lloyd’s Loss of Lloyd’s licences for certain territories Impact on the clients or our relationship with the clients Reduced profits and loss of competitive advantage Our ability to write business effectively and profitably could be compromised

Phase 1 – Why did it work so well? 37 Lloyd’s included managing agents in discussion from the start and explained the rationale behind their requirements We were able to discuss approach, issues and solutions with Lloyd’s and our managing agent colleagues at the monthly breakfast forums Lloyd’s used the breakfast forums to bring in relevant speakers and encouraged managing agents to share their experiences We engaged in regular updates and query sessions on a one-to-one basis with Lloyd’s Tools and guidance documents were provided to us by Lloyd’s Information page was set up on Lloyds.com COLLABORATION WAS KEY TO PHASE 1’s SUCCESS

Phase 2 – What does it mean for Hiscox? 38 Now dealing with the assessment of controls outside of our own operations With limited access to detailed information And a need to engage with multiple stakeholders:- –c.300 (Lloyd’s business) coverholders worldwide –c.400 (Lloyd’s business) binding authorities across multiple classes –c.50 (Lloyd’s business) TPAs worldwide –c.60 Lloyd’s placing binder brokers –Through several different internal business units and distribution models –Via service companies or directly with Box underwriters in Lloyd’s –Written by multiple internal class underwriters We need to keep work to a manageable level and avoid upsetting anybody!!

Phase 2 – How will we all do that? 39 Consultancy and consensus approach between MAs, Lloyd’s and Brokers Open communication; sharing and discussion of concerns Attendance at the breakfast forums Maintain awareness of developments Avoid unnecessary disruption and information gathering exercises Project to manage activities Analysis between managing agents’ books to ensure coverholders do not get bombarded with multiple approaches from different sources Pragmatic, workable, proportionate, risk-based solutions Solution is focussed on audit scope and scheduling WE NEED BROKERS TO SUPPORT US COLLABORATION WILL BE KEY TO PHASE 2’s SUCCESS

© Lloyd’s Integro – Dan Lott Brokers’ view into the Control Framework 40

© Lloyd’s Lloyd’s Control Framework The Control Framework is a positive step in the right direction for Brokers and for Coverholders… 41

© Lloyd’s What is our role?  It is the Managing Agent’s responsibility to comply with the Control Framework but, as Lloyd’s Brokers, we have an important role to play:  Communication  Co-ordination  Pace-making 42

© Lloyd’s What do we need to do? 43  Understand the Control Framework - Phase II FAQs; Website  Be prepared:  Are you a Coverholder? Do the right people in your organisation know about the CF?!  As a Lloyd’s Broker, what (if any) processes do you undertake? e.g. validating data / supplementing data / holding data  Expectation management is key! How will you introduce this to your Coverholders?  Audits are likely to be carried out on many Coverholders  Start the dialogue early. Remember – this is nothing new!

© Lloyd’s Who can we talk to? 44  In the first instance, talk with your Managing Agent(s)  Mark Knight at LIIBA  The Project Team at Lloyd’s  It’s good to talk!

© Lloyd’s Q & A 45

© Lloyd’s46 ► ► ► Monthly Market Breakfast Group ► Lloyd’s Project Team ► Crystal & Risk Locator Tool – ► Electronic Distribution – For more information… close

© Lloyd’s UPCOMING Lloyd's TECHNOLOGY EVENTS in THE OLD LIBRARY Technology Thought Leadership Sessions Venue: Lloyd’s Old Library (08:45 – 09:30) ► Tuesday 1 st October – Northdoor – “ Implementation and migration of a new UW system in under six months” ► Friday 8 th November – IBM – “Are you making the most of social media in business?” Technology Day: e-Trading and Distribution ► Tuesday 3 rd December More information: Contact: Paivi Marshall - James Bobbitt -

© Lloyd’s 2012