EIOPA’s 2020


EIOPA’s annual work programme tends not to deliver many surprises, given EIOPA’s three year planning cycle. However, despite the appearance of consistency there are some significant changes in EIOPA’s 2020 programme that insurers need to be aware of.

The most significant changes are:-

  • planned activities to support the development of a sound cyber insurance market
  • a reduced level of data requests and;
  • a decision not to conduct an insurance stress test in 2020.

Additionally, there is a continuing strong emphasis on the sustainable finance and conduct regulatory agendas.

The work programme also reflects EIOPA’s focus on the supervisory convergence part of its mandate. This includes a new strategic objective on cross-border cooperation, which reflects responsibilities that EIOPA will adopt from 1 January under the revisions to the EIOPA Regulation.

Below, we analyse further the changes to EIOPA’s work programme and other important aspects of EIOPA’s planned activities, and their immediate implications for European insurers.1 The appendix to this blog provides detailed analysis of the work programme relating to these topics.

Key changes and implications for firms

  • While in the past EIOPA has focused on cyber resilience, this will expand in 2020 to include work to develop a sound cyber insurance market as an enabler of the digital economy. Although some national regulators, particularly the PRA in the UK, have already put cyber insurance high on their regulatory agendas, EIOPA’s move demonstrates a commitment to the topic at a European level. Firms across Europe should therefore be prepared for greater regulatory scrutiny in relation to cyber insurance in 2020 and beyond. This may particularly be the case in jurisdictions where national regulators have yet to show significant interest in the topic.
  • EIOPA appears to be planning a lower level of data submissions, and will not run an insurance stress test in 2020. This should lead to a notable decrease in the level of ad hoc regulatory reporting required of European insurers in 2020.2 EIOPA has indicated, however, that it intends to run a climate risk sensitivity analysis for the insurance sector in 2020, as well as what may be an expanded insurance stress test in 2021. It also remains to be seen whether various other aspects of EIOPA’s work will involve further data requests from insurers beyond those specified in the work programme. EIOPA priorities such as the finalisation of its technical advice for the Solvency II review in 2020, and future work on the sustainable finance agenda, could, in practice, require ad hoc collection of data in 2020.
  • EIOPA’s continuing work on the sustainable finance agenda in 2020 is a further important aspect of the programme. EIOPA’s work is likely to be of long-term importance for capital and investment strategies in the insurance sector, despite being unlikely to result in any immediate material actions for firms in 2020. While not mentioned in the work programme, a specific issue of importance is whether “green” incentivising factors (or “brown” penalising factors) are introduced into the insurance capital framework, and the analysis and evidence that would be required to support such factors. The European Commission has been quite vocal on the need to consider the role of such factors for financial services. EIOPA, on the other hand, has stated that any changes to capital requirements “must be based on a proven risk differential compared to the status quo” 3, i.e. it should be evidence based. Political direction from the Commission is likely to be needed before explicit incentivising or penalising factors would be introduced into the insurance capital framework, but firms should monitor discussions in this particular area closely as any decisions will have direct implications for firms’ capital and investment strategies.
  • EIOPA’s 2020 work programme is, also, notably more focused on conduct of business issues compared to those of the EBA and ESMA. While prudential issues are still likely to comprise the majority of EIOPA’s work in 2020, EIOPA continues to cite consumer protection and supervisory convergence in conduct of business supervision as major areas of focus. These are topics on which EIOPA has, in practice, sought to become more active in recent years.


Next year insurers are likely to see EIOPA more focused on conduct issues and on the supervision of emerging risks such as cyber and sustainability, with less emphasis, subject to its work on the Solvency II review and sustainability, on data collection and policy analysis. This is likely, in due course, to translate into more intensive supervision of these issues in many jurisdictions, as EIOPA issues further supervisory guidance and opinions in these areas.

Appendix: Background and detailed analysis

EIOPA published its 2020 work programme on 30 September 2019. The programme outlines EIOPA’s priorities and related planned activities for the 2020 calendar year. This appendix assesses the work programme’s priorities, looks at how they differ from previous years, and analyses what practical implications these may have for insurers.

The 2020 work programme is, overall, largely similar to that of previous years, likely because of EIOPA’s three-year planning cycle (we are currently in the 2020-2022 planning phase). The work programme’s strategic and operational objectives have remained almost identical for the past couple of years, focusing on driving forward conduct and prudential regulation, enabling supervisory convergence for both the insurance and pensions markets, strengthening financial stability and delivering EIOPA’s mandate effectively.

There are, however, some important developments and changes in this year’s work programme, some of which reflect new responsibilities that EIOPA will assume from 1 January 2020 under the amended EU regulation (for example, the establishment of cross-border cooperation platforms). We consider the following areas key to firms as they anticipate the future regulatory focus, and set their regulatory strategies for the coming year:

  1. Cyber insurance: The 2020 work programme includes a new explicit objective to promote a sound cyber insurance market as an enabler of the digital economy. Previous years’ programmes have only mentioned cyber in the context of operational resilience, and have not discussed cyber insurance specifically. This is an important development as it 1) reflects the regulators’ expectation that the insurance market should help to mitigate the risks of cyber threats and; 2) emphasises the regulators’ concerns related to cyber underwriting risks. EIOPA intends to carry out work on the supervision of cyber and the cyber underwriting market, including on European-level solutions to data availability and systemic and extreme cyber risks, and preparatory work on threat-led cyber resilience testing for the insurance sector. Going forward, firms should therefore be prepared for further regulatory scrutiny in the area of cyber – both from a cyber resilience and an underwriting perspective.
  2. Data submissions: While EIOPA will collect its first set of full pensions data in 2020, EIOPA appears to be planning significantly fewer data requests to National Competent Authorities (NCAs). In 2019 there were expected data submissions listed under each individual operational objective, but this is not the case in 2020; the focus in 2020 is instead on analysing and integrating existing, newly collected data. The main reason for this is likely to be that in 2019 EIOPA was gathering large amounts of data on key topics, such as Long Term Guarantee measures, for its input into the Solvency II review, which will be a key deliverable for the organisation in 2020. NCAs and firms should therefore experience a drop in EIOPA reporting requests going into 2020.
  3. Sustainable finance: Sustainable finance is mentioned as a cross-cutting theme alongside digitalisation and cyber. Actions relating to sustainable finance are spread throughout the work programme and other strategic objectives, indicating an integrated approach to sustainable finance regulation. For example, as part of driving forward conduct of business regulation and supervision, EIOPA plans to develop six mandatory draft Regulatory Technical Standards related to public disclosure and reporting through the Joint Committee of the European Supervisory Authorities. It also plans to identify areas of supervisory convergence in the assessment of ESG risks, and ensure ESG factors are reflected in reviews of relevant regulations. While EIOPA’s work programme does not point to any immediate actions for insurers in this area, firms should expect a continuation of wider regulatory initiatives on the topic over the coming year, some of which are likely to have significant long term implications for the regulatory framework.

    For example, firms should pay particular attention to the debate on “green” incentivising factors and “brown” penalising factors for the treatment of regulatory capital, a topic that has been subject to intense discussion for the past year. While the new European Commission has recently said, in the context of bank lending, that a green supporting factor is “something we need to explore”, EIOPA on the other hand has so far argued that changes to insurance capital should only take place based on objective evidence of differences in the risk profiles of assets based on “sustainability characteristics”4. It remains to be seen which direction this initiative will take, but the decision is likely to be primarily a political one determined by the European Commission’s approach to furthering its sustainability objective.
  4. Insurance stress test: Notably, no insurance stress test is planned for 2020. Instead, EIOPA will focus on preparing a stress test to be conducted in 2021, and may run a potential climate risk sensitivity analysis for the insurance sector in 2020. This is a material change given EIOPA conducted insurance stress tests in both 2016 and 2018. While EIOPA has not explicitly said that it will change the frequency of its stress tests, this move may signal EIOPA’s willingness to do so as part of its broader initiative to update its stress testing framework (on which it recently published a Discussion Paper). In any case, insurers should not expect an EIOPA stress testing exercise in 2020.
  1. Conduct and pensions regulation: As with previous years’ work programmes, EIOPA’s overall balance of work is greater on prudential and insurance issues than on conduct and pensions regulation. However, EIOPA still appears to be more focused on conduct in its 2020 work programme compared to those of its banking and capital markets counterparts, having placed conduct supervision high on its regulatory agenda by listing it as its first strategic objective for three consecutive years. In 2020, EIOPA intends to maintain its focus on driving the conduct agenda forward, and has committed to provide input into the reviews of regulations such as IDD, and develop a framework for mystery shopping. On the pensions side, EIOPA’s most important priority for 2020 will be the continued work on PEPP, as well as gathering the first set of full pensions data. This may lead to a more detailed pensions agenda, with more specific actions, in next year’s programme, once this data has been gathered and analysed.


1It is also worth noting EIOPA’s disclaimer in its work programme document, that it may adjust its plans to take into account currently unknown factors such as the priorities of the new Commission, and “the manner in which the UK will withdraw from the EU.”
2Pension schemes, on the other hand, will see EIOPA collect its first full set of pensions data in 2020.


Andrew Bulley

Andrew Bulley - Partner, Centre for Regulatory Strategy

Andrew Bulley joined Deloitte in October 2016 from the Bank of England, where he was, most recently, the Director of Life Insurance Supervision. Between 2014 and 2016 he was a UK voting member of the Board of Supervisors of the European Insurance and Occupational Pensions Authority (“EIOPA”). In a career with the Bank of England and Financial Services Authority stretching over 27 years, Andrew has held senior roles in the supervision of life and general insurers, the London wholesale insurance underwriting and broking markets, retail and investment banks, asset managers, and IFAs.

Email | LinkedIn


Henry Jupe, Director, EMEA Centre for Regulatory Strategy, Risk Advisory

Henry specialises in regulation in the insurance sector. Henry has advised many insurers across the life, non-life and health sectors on the impact and implementation of regulatory change, and has particular expertise in capital, solvency and regulatory reporting. Henry’s experience includes advising on regulatory strategy during times of major business or regulatory change, for example acquisitions and business restructurings. Henry has worked in Europe and the United States, and is a Chartered Accountant.

Email | LinkedIn


Linda Hedqvist - Manager, Risk Advisory

Linda is a Manager within the EMEA Centre for Regulatory Strategy, focusing on regulation of the general insurance industry. She joined Deloitte from the Bank of England’s Prudential Regulation Authority where she worked as a senior supervisor to some of the largest general insurance firms in the UK. Linda holds a Master’s Degree in Economics and International Relations from the Johns Hopkins University’s School of Advanced International Studies (SAIS).

Email | LinkedIn



Quentin  Mosseray – Assistant Manager, Centre for Regulatory Strategy

Quentin is an Assistant Manager in Deloitte’s Centre for Regulatory Strategy, advising on the strategic impact of regulation on firms’ business and operating models. His work focuses on insurance regulation, and cyber and operational resilience. Prior to joining the Centre, Quentin completed an LL.M in Law and Economics, and also holds a degree in International Relations.

Email | LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.