Liquidity risk management framework


Conditions Governing Business Chapters 2 and 3, supplemented by Articles 258 and 259 of the Delegated Act, and Non-Solvency II Firms – Governance Chapters 2, 3 and 7 require an insurer to establish an effective system of governance and prudential risk management systems. An insurer is required to have a risk appetite or tolerance for risk, a process to identify, measure, and monitor risk and appropriate systems to convey information to management or the board.


An insurer’s system of governance and risk management system is required, under Conditions Governing Business 2.3 and Non-Solvency II Firms – Governance 2.2 and 3.3, to be proportionate to the nature, scale and complexity of its operations.


The PRA considers the following elements to be fundamental components of an insurer’s liquidity risk management framework:

  • a clearly defined liquidity risk appetite that is owned and approved by the board;
  • a liquidity risk management strategy and documented liquidity risk policy(ies) and processes consistent with its stated liquidity risk appetite;
  • clear allocation and appropriate segregation of responsibilities, in line with paragraph 1.31 of EIOPA Guideline 5, for liquidity risk across the business areas and business units of the insurer and, in the case of groups, across the entities of the group;
  • proper IT systems and reporting procedures to report management information that is timely and adequate to measure, assess and monitor all material sources of liquidity risk;
  • in the case of groups, clear reporting lines within the group and effective systems for ensuring that information flows in the group;
  • forward-looking scenario analysis and liquidity stress testing programmes, which are based on severe but plausible assumptions (elaborated on further in Chapter 4); and
  • quantitative metrics and tools for measuring liquidity risk drivers and serving as early warning indicators (elaborated on further in chapters 6 and 7).


As laid out in Group Supervision 17.1, liquidity risks must be managed on a group-wide basis, as well as at an individual entity level, where relevant. Under Group Supervision 17.1(2), the liquidity risk management system must be applied consistently across all companies within the relevant group.


An insurer, although solvent on a balance-sheet basis may nevertheless find itself short of cash or funding options to meet its liabilities as they fall due, and therefore insolvent on a cash-flow basis. Although capital may be available to mitigate liquidity risk over longer time horizons, for example through the sale of assets at a loss, this is not always the case as liquidity risk may materialise very rapidly. In addition, events that have a significant impact on liquidity may not have significant implications for capital, and so, demonstrating resilience to the latter, could encourage a false sense of security. Hence, reliance on an existing capital management framework is not generally sufficient or appropriate for managing liquidity risk.


It is important that an insurer critically examines its liquidity needs and sources, in both benign circumstances and under stress. As set out in Article 260(1)(d)(ii) of the Delegated Act and Insurance Company – Overall Resources and Valuation 2.3 an insurer must maintain sufficient liquid assets, both as to amount and quality, to enable it to meet its liabilities as they fall due. In designing its liquidity risk management framework, the PRA expects an insurer to consider its liquidity risk exposure in normal market conditions and also in severe but plausible stressed situations resulting from general market-wide turbulence, idiosyncratic difficulties, and combinations of both.


For a life insurer, liquidity considerations are relevant both in the portfolio as a whole and in individual funds, including not only the shareholders’ funds, non-profits funds and with-profits funds, but also unit-linked funds.


The effectiveness of an insurer’s liquidity risk management framework is expected to be regularly reviewed and evaluated by individuals unconnected with day-to-day liquidity risk management to ensure that the insurer is operating in accordance with its liquidity risk appetite and other liquidity risk management policies and procedures. Consistent with Conditions Governing Business 2.4(5) and Non-Solvency II Firms – Governance 3.4(5), an insurer is expected to adapt its liquidity risk management framework in view of any significant change to ensure that emerging risks are taken into account.


Under Article 258(1)(h) of the Delegated Act and Non-Solvency II Firms – Governance 7.1, an insurer must establish systems for the management of risk. Article 259(1)(d) of the Delegated Act and Non-Solvency II Firms – Governance 2.5 and 3.2 require the establishment of reporting processes and procedures to ensure that the necessary information is available to decision-makers. With these obligations in mind, the PRA expects an insurer to have an effective system of monitoring and reporting liquidity risk which provides clear, concise, timely and accurate liquidity risk reports to relevant functions within the insurer. Liquidity risks are often fast moving, a characteristic which is expected be reflected in an insurer’s reporting system. Design of metrics and reporting is set out in more detail in Chapter 6.

Liquidity risk appetite and risk limits


Article 259(1)(c) of the Delegated Act requires UK Solvency II firms, the Society and managing agents to implement and maintain a risk management system that includes approved risk tolerance limits that implement an insurer’s risk strategy and facilitate control mechanisms. Consistent with this obligation, the PRA expects a UK Solvency II firm, the Society and managing agents to establish and maintain a clearly defined liquidity risk appetite statement and for senior management to identify material sources of liquidity risk for which prudent risk limits should be set. For nonDirective firms, Non-Solvency II Firms – Governance 7.3(2) requires an insurer to document its policies in relation to liquidity risk, including its appetite or tolerance for this risk.


The PRA expects the insurer’s liquidity risk appetite statement to identify the duration, types and severity of liquidity stresses it aims to survive. The liquidity risk appetite statement should define the:

  • timescales over which identified risks are expected to crystallise with multiple tenors considered, where appropriate;
  • types and value of assets which the insurer includes in its liquidity buffer i.e. that it deems liquid and available to satisfy overall liquidity needs in the time horizon considered in the specific scenario; and
  • minimum level of the liquidity buffer that the insurer intends to hold relative to liquidity needs in the time horizon considered in the specific scenario.


The PRA reminds an insurer of its expectations as set out in Chapter 2 of SS4/18 and expects similar governance of its liquidity risk appetite. An insurer may, where appropriate, integrate its liquidity risk appetite statement into its existing risk appetite framework. The PRA expects, however, that the liquidity risk appetite statement be explicitly identified within the overall framework.


The structure of risks to which an insurer is exposed emphasises the need for adequate systems and controls to guard against a spectrum of possible risks, from those arising in day-to-day liquidity risk management to those arising in stressed conditions. Reflecting this, the PRA expects senior management to decide what liquidity risk limits need to be set, in accordance with the nature, scale and complexity of the insurer’s activities, to help ensure that the insurer remains within its stated liquidity risk appetite. Examples of possible sources of liquidity risk that may warrant limits are included in Chapter 3 of this SS.


An insurer is expected to regularly review its limits and make appropriate adjustments when its risk tolerances or broader market conditions change. An insurer, other than a small non-Directive insurer,15 should review these at least annually as part of the broader review of its risk management policies as required under Conditions Governing Business 2.4(4) and Non-Solvency II Firms – Governance 3.4(4).


  • 15. As defined in the Glossary of the PRA Rulebook.

Liquidity risk management strategy and policies


Pursuant to Conditions Governing Business 3.1 and Non-Solvency II Firms – Governance 7.2, the PRA expects an insurer to have in a place a well-documented liquidity risk management strategy which sets out its overall approach for managing liquidity risk. It is expected to cover the insurer’s day-to-day and longer term management of liquidity risk.


The PRA expects an insurer’s liquidity risk management strategy to identify all material sources of liquidity risk to which the insurer is exposed (elaborated on in Chapter 3) so that the insurer adheres to the liquidity risk appetite statement(s) set out by the board and any liquidity risk limits set by senior management.


In order to implement its risk management strategy, the insurer is expected to have documented policies and processes that, at a minimum, include:

  • actions to be taken to take into account short term and long term liquidity risk (as required by Article 260(d)(i) of the Delegated Act);
  • a clearly established methodology and key underlying assumptions for making cash flow projections of all material liquidity uses (out-flows) and sources (in-flows), in line with paragraph 1.63(a) of EIOPA Guideline 26;
  • the approach to liquidity stress testing, including clearly documented methodologies and assumptions (set out in more detail in Chapter 4);
  • an assessment of the insurer’s overall liquidity needs over various durations and the target levels of liquidity buffers it expects to hold, based on the insurer’s assessment of its actual and stressed liquidity positions (elaborated on further in chapters 4 and 5);
  • the composition of its liquidity buffer, including the quantities of each asset type which can be included and the monitoring arrangements in place, taking into account any potential costs or financial losses arising from forced sales (discussed further in Chapter 5); and
  • where applicable, an assessment of any regulatory, legal or other restrictions on liquidity transferability that could limit or delay the use of intra-group transactions to meet liquidity needs.


The PRA expects that the insurer will document the responsibilities and obligations of employees and the functions dealing with liquidity risk, including risk escalation and reporting.


To ensure that management and relevant members of the board can effectively oversee the insurer’s risk management framework, the PRA expects the liquidity risk management strategy to make reference to all existing, relevant liquidity risk policies, to ensure all related documentation is accessible from one place.


Pursuant to Group Supervision 17.1, similar standards of liquidity risk management as those that apply at insurance undertakings must be adhered to across the relevant group. To that end, the PRA generally expects the liquidity risk management strategy and policies for the group to be consistent with the group’s structure, size and the specificities of the entities in the group. It expects the liquidity risk management strategy to be implemented consistently across the entities within the group. To the extent that a legal entity’s liquidity management relies on group support, the PRA expects this to be accounted for in the liquidity risk strategy for the group and the arrangements for transfer of liquidity to be documented, practised and operable within the timeframes needed to be effective in a stress. The PRA expects that an insurer that is part of a group will review the extent and conditions of existing intra-group transactions and assess the reliance of companies within the group on such transactions to meet their liquidity needs.


The PRA also expects that an insurer’s liquidity risk profile and approach to liquidity risk management will be referenced in appropriate detail in other reports including its Own Risk and Solvency Assessment (ORSA), business plan, Solvency and Financial Condition Report (SFCR) and Regular Supervisory Report (RSR) as required by relevant PRA rules and other applicable standards.