October 2007

Financial Services Industry

Adapting to the changing environment.

Deloitte Central Europe Financial Services Industry Newsletter
Size matters: CEs biggest banks Triggering the tax advantage The shifting security paradigm

Contacts
Albania, Kosovo Santiago Pardo Tel.: +40 212075492 E-mail: sapardo@deloitteCE.com Bulgaria Sylvia Peneva Tel.: +359 29808500 E-mail: speneva@deloitteCE.com Croatia, Bosnia-Herzegovina, Bosnia-Herzegovina Republic of Srpska, Slovenia Paul Trinder Tel.: +385 12351906 E-mail: ptrinder@deloitteCE.com Czech Republic Mike Jennings Tel.: +420 246042576 E-mal: mijennings@deloitteCE.com Estonia, Latvia, Lithuania Veiko Hintsov Tel.: +372 6406512 E-mail: vhintsov@deloitteCE.com Hungary Andras Fulop Tel.: +36 14286937 E-mail: afulop@deloitteCE.com Poland Marcin Zdral Tel.: +48 225110619 E-mail: mzdral@deloitteCE.com Romania, Moldova Adrian Covacescu Tel.: +40 212075207 E-mail: acovacescu@deloitteCE.com Serbia, Montenegro, Macedonia Miroslav Toncic Tel.: +381 113612524 E-mail: mtoncic@deloitteCE.com Slovakia Zuzana Letkov Tel.: +421 258249210 E-mail: zletkova@deloitteCE.com

Welcome
The financial services industry in Central Europe is constantly changing. The companies that will survive and even prosper are the ones that can adapt to the changing environment and thrive in the new surroundings. Challenges and opportunities abound: Solvency II, risk management, IFCs and M&A are just afew of the many topics keeping executives awake at night. In this, the 4th issue of Deloitte Central Europes Financial Services Industry Newsletter, we continue our focus on these emerging issues affecting banks, insurance companies, asset management companies and other financial services players in the region. We also give a glimpse at the results of the first Central European Top 500 companies ranking However, as usual, we also have some interesting global perspectives, including the results of the 2007 Global Security Survey. If you would like to know more about how Deloitte can help you be successful in your business, please contact one of our FSI partners shown in the left column. For acopy of any of our publications, please speak to your local FSI partner or browse our local internet sites which can be found at www.deloitte.com

Mike Jennings Financial Services Industry Leader Deloitte Central Europe

Alandscape in evolution
IFCs are here to stay
While advising on the development of International Financial Centres (IFCs) over many years, we encounter one particular persistent question: Is there room for another IFC? Generally, we answer this with acounter question: Do you think Paris should move its financial services activity to London, or perhaps the highly successful centres of the Caymans and the Bahamas should merge? Behind our response is the thought that, just as in every maturing industry around the world, successful strategies that are well-executed will prevail, even under intense competition. In our view, there will always be an opportunity to compete successfully, given an appropriate strategic response. Deloittes latest thought leadership on IFCs, Alandscape in evolution, attempts to explain why.

Developing appropriate strategies

The strategic vision must be brave, tempered with reality
The essential questions for acountry seeking to build or enhance its financial jurisdiction are: How should we develop these dimensions of competition? And in which order? Clearly, this depends upon the medium-tolong-term vision and the startingpoint (or assets) of the jurisdiction. Undoubtedly, such avision must be brave and ambitious, yet tempered with agreat deal of reality about how such aproject can be realised over the extended timescales. Experience from many other business lifecycles tells us that IFJs must aspire to be either regionally dominant or niche in maturity, not stuck in the middle.

Over the past few years there has been asea change in the intensity of competition and speed of development in IFCs. We may see another 40 or more centres emerging in the next decade. However one chooses to define an IFC (see IFC or IFJ?), there is clearly avery significant growth. In addition, well-established centres are constantly reinventing themselves through improved capabilities and focus.

Implementing the strategy

The key skill is change and programme management
The focus of this article is the development of strategy. However, strategies cannot be divorced from their implementation. IFJs are very large, complex and practical undertakings which are far harder to realise than develop on paper.

The first practical issue is winning agreement and commitment to achieving the long-term vision, and an understanding that the time-to-maturity will be well beyond the tenure of most of the key stakeholders and investors. Building the appropriate governance and management models is imperative. Here, small jurisdictions may have an advantage of nimbleness and responsiveness. To find out more about the future for IFCs and IFJs and what this could mean for your business, download the publication www. deloitte.cz in the Financial Services section.

Atruly international basis of competition is slowly emerging

We have observed an increasingly intense international market rivalry emerging. The enablers of this include:

IFC or IFJ?
The definition of afinancial centre is important because it determines how we think about competition. We find the term IFC like offshore somewhat unhelpful in that it connotes asingle clustered, physical locality, with less focus on those prerequisites which form the primary basis of competition; namely the political, legal, regulatory and (to some extent) fiscal dimensions of afinancial jurisdiction. For this, we shall use the term International Financial Jurisdiction (IFJ). This allows us to refer to both alarge geographically dispersed authority or to arestricted range of financial functions as an IFJ. Under this business definition Dubai could compete with Poland, and British Virgin Islands can compete with the whole of the United States, as of course they do. Also, it encourages us to investigate intra-country competition such as between Beijing and Shanghai, or London and Edinburgh. Finally, it allows us to use concepts of Cluster Theory (e.g. around specific financial skills), regional network effects (such as internationalisation of Central Securities Depositaries and Central Clearing Departments) and of the impact of local monopolies etc.

Global consolidation of major financial services institutions; Global standardisation both from improved communication technologies and the adoption of English as the dominant business language; and Greater mobility, both of labour (especially good business, finance and economics graduates) and of capital.

Triggering the tax advantage

Tax tactics for the Global Financial Services Industry
Global financial services institutions continue to be under pressure to outperform their competitors across arange of challenges: from risk management to regulatory compliance; from customer relationship management to talent retention; and from mergers and acquisitions to information technology. However very often, effective tax management is overlooked as away to boost performance in each of these areas.
This new report from Deloittes global FSI tax team looks at several key areas of aglobal financial services institutions business, uncovers how tax can play arole in creating competitive advantage in each area, and suggest ways in which these global financial services institutions can quickly Trigger the Tax Advantage.

Why good tax reporting is critical to maintaining customer trust

Anew focus
No longer in the dark corners of afinancial institution, operational taxes are now under abright spotlight. New tax regimes, stiffer penalties for non-compliance, and increasing risks to the financial and commercial well-being of the company these changes have increased the importance of operational taxes and, hence, the attention being paid them. What needs to be at the top of managements agenda? An integrated focus.

Why international assignments are key to retaining your top performers

Arecent Deloitte Research report on offshoring in the financial services industry revealed that the majority of institutions suffer from offshoring fatigue after three years in operations. Financial institutions must find ways to manage adelicate balancing act creating programs that satisfy young managers desires for variety in their careers, while still making it possible for them to keep work and life in balance. This balance is particularly difficult when it comes to any firm that has overseas operations in which the presence of U.S. workers is necessary.

How companies can use tax credits to secure significant savings on IT and R&D investments
Planning makes perfect
The differences among R&D tax regimes can work in acompanys favor with planning. For acompany to receive maximum global R&D tax incentives, planners must start with aconsideration of how such benefits can affect, and be affected by, the companys foreign tax credit positions, its international tax liabilities, and its transfer pricing arrangements.

How improvements in tax reporting, technology and risk management can contribute to optimised performance
For companies where tax is an integral part of the organisation, awell thought-out tax strategy and risk management framework creates value at all levels of the business. It also ensures that tax payments and filings happen according to awell-defined process. For some organisations, however, tax can be something that just happens where returns are filed, payments are made and planning is undertaken, all of which is divorced from the rest of the business.

Why financial institutions need to integrate tax reporting into their IFRS approach
By now companies have realized that there are fewer ways to reduce the reported tax rate, other than by permanently reducing the cash taxes payable. Deferral doesnt work; strategies such as retaining profits offshore or deferring capital gains may save cash tax but also require deferred tax planning to reduce the rate.

Why tax considerations deserve aplace in the deal

Tax Akey consideration of any M&A transaction
During this increased period of M&A activity it is worth remembering that Tax issues need to be carefully considered as part of each transaction, whether it is in structuring the deal at the outset or in the post-merger integration phase. The benefit that Tax can bring covers both above the line, as well as below the line items.

Compliance and systems

Create teams to find ways of improving the data collection and calculations by automating, as far as practical, the tax reporting process. Automation can help in many ways, such as tracking and calculating tax on share options, revaluations, derivatives, and profits retained offshore.

How can technology help?

The effectiveness of any technology as arisk management tool relies upon the quality of its inputs. As such, the tax sensitivity contained in, as well as the ability to link with, existing financial systems is critical. While tax sensitisation of accounting numbers should be handled by the tax trained, the financial systems can be designed to organise accounting numbers into categories that Tax can interpret. In this way tax technology can be considered as abolt-on to the financial systems.

Tax forecasting and effective tax rate management

To forecast taxes payable and reported tax charges and to deliver meaningful data in real time requires an investment in systems (or headcount) above and beyond simple business tools and structures. Companies need to focus on their effective tax rate to get aclear understanding of post-tax profits and, hence, earnings per share. You can find more tax issues and solutions in the Financial Services section at www. deloitte.com.

How successful tax management and implementation of tax technology can stop deficiencies from sabotaging your Sarbanes-Oxley compliance
Tax is the number one cause of material weaknesses for US filers and there is alot to learn from the experiences of those that have received an adverse opinion.

Integration is key
Mergers & Acquisitions in European Banking

According to aEuropean Central Bank report (Financial Integration, March 2007), from 2000 to 2004 cross-border banking M&A accounted for only 14% of all banking M&A in the eurozone, but in 2005-2006 this proportion increased to 38%, mainly due to afew large value transactions in 2005. The report also identified 33 banks with significant cross-border activities, which accounted for more than half of the eurozones banking assets, and 16 of these banks were active in at least half of the eurozones countries. Now in 2007, we can see how the increasing number of actual and proposed transactions combined with the more recent emergence of Private Equity firms targeting the financial services sector, is starting to change the European banking landscape. However, experience in other industries suggests the reality of merger benefits is often disappointing. It is therefore even more critical for the management of banks to identify the major issues that need to be addressed so that identified benefits are actually realised in transactions. In this short pamphlet, we summarise our view on the top 10 issues we believe are vital for successful cross-border deals in banking, we recap on our 2005 predictions in light of the current European banking landscape in 2007, and we explore some of the realities around achieving merger synergies.

Our conclusion on this matter is that an integrated approach is needed, bringing together all components of the transaction, so that an operational plan is in place to help ensure success from Day 1. To find out more about M&A in the banking industry, download the report from www. deloitte.com or contact your Deloitte FSI expert.

10 key issues in the banking M&A landscape

Investor attitude Political and cultural barriers Management structure and clear accountability Revenue benefits Cost synergies People Technology integration Tax pitfalls and opportunities Pensions Regulatory, including capital

For many years commentators have been forecasting the arrival of European banking mega mergers in some shape or form. In 2005 Deloitte analysed the US mergers and acquisition (M&A) experience and the European financial services market to identify specific M&A trends; these included the removal of barriers and the imperatives of shareholder value creation. We predicted that by 2010 M&A activity would indeed transform the European banking landscape.

Top of the pile

The banking industry keeps growing
Deloitte Central Europe recently published the first edition of the CE Top 500 a ranking of the 500 largest businesses in the region. The ranking, the result of intensive cooperation between the Deloitte offices across 18 countries, also included a separate analysis for the banking and insurance sectors. Here we have provided a short summary of the results, together with an analysis by Andras Fulop, a Financial Advisory partner in Deloitte Hungary who focuses on the FSI industry.
The Central European banking sector had another very strong year in 2006: the top 50 banks total assets grew nearly by 22% in EUR terms, just slightly below the previous years figure. The increase in net profit was just as impressive, with an annual increase of 19% and 34% in 2005 and 2006, respectively. Average return on equity was slightly over 20% in both years, which is significantly higher than the similar Western European figure. OTP Bank became the largest bank in Central Europe based on total assets. This can in part be explained by the fact that OTP is the only Central European banking group, therefore its results include those of its subsidiaries; furthermore, in 2006 OTP made several acquisitions which also boosted its figures. The ranking shows clearly that the six largest banking groups account for more than 50% of all large banks. The Raiffeisen Group has the most banks in the Top 50, but these banks are mainly in the lower part of the ranking, due to their predominantly greenfield background. Meanwhile, Erste Bank has four banks in the top 25, all of which were acquired through privatization. Other large groups include KBC from Belgium, and Unicredit and Intesa from Italy. With one of the last big banking privatizations in Central Europe, when the controlling stake of BCR was sold to Erste Bank in 2006, the Central European banking sector is nearly fully privatized and only four banks out of the regions top 50 are still controlled by the state. These four are also coming from just two countries Poland and Slovenia, while in the regions other countries all of the big players are in private hands by now. Privatizations are mainly effected through strategic sale only one of the top 50 banks, OTP Bank, is listed without strategic owner. On the other hand, only a limited number of the banks were truly greenfield operations.

Top 20 banks
Industry Ranking 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Full name Orszgos Takarkpnztr s Kereskedelmi Bank Rt. eskoslovensk obchodn banka, a. s. esk spoitelna, a.s. Powszechna Kasa Oszczdnoci Bank Polski S.A., GK Komern banka, a.s. Hansapank AS Bank Pekao S.A., GK Bank Przemysowo Handlowy S.A., GK Skupina Nova ljubljanska banka BANCA COMERCIALA ROMANA ING Bank lski S.A., GK BRE Bank S.A., GK ZAGREBAKA BANKA d.d. Bank Handlowy S.A., GK Bank Zachodni WBK S.A., GK Slovensk sporitea Kereskedelmi s Hitelbank Rt. BRD GROUP SOCIETE GENERALE PRIVREDNA BANKA ZAGREB d.d. HVB Bank Czech Republic a.s. Country Hungary Czech Republic Czech Republic Poland Czech Republic Estonia Poland Poland Slovenia Romania Poland Poland Croatia Poland Poland Slovakia Hungary Romania Croatia Czech Republic Assets 2006 (mln Euro) 28 389,7 27 725,1 26 491,8 26 430,7 21 733,2 19 392,0 17 671,7 16 902,6 14 408,8 14 027,3 12 650,5 11 048,9 9 552,4 9 394,1 8 624,4 8 616,8 8 612,1 8 287,8 7 585,3 7 525,4

Top 10 insurance companies

Industry Ranking 1 2 3 4 5 6 7 8 9 10 Full name Country Gross Written Premium 2006 (mln Euro) 3 919,0 1 334,9 967,7 817,1 675,9 656,1 653,4 592,8 473,5 468,6

Powszechny Zakad Ubezpiecze S.A. + Powszechny Zakad Ubezpiecze na ycie S.A. esk pojiovna a.s. Kooperativa, pojiovna, a.s. Zavarovalnica Triglav d.d. ALLIANZ Hungria Biztost Rt. Towarzystwo Ubezpiecze na ycie Commercial Union S.A. + Commercial Union Towarzystwo Ubezpiecze Oglnych Towarzystwo Ubezpiecze Allianz ycie S.A.+Towarzystwo Ubezpiecze Allianz Polska S.A. Towarzystwo Ubezpiecze i Reasekuracji Warta S.A. + Towarzystwo Ubezpiecze na ycie Warta AEGON Towarzystwo Ubezpiecze na ycie S.A. GENERALI - PROVIDENCIA Biztost Zrtkren Mkd Rt.

Poland Czech Republic Czech Republic Slovenia Hungary Poland Poland Poland Poland Hungary

Based on trends in the first part of 2007, growth is expected to continue in the future at double digits, although at a slightly lower pace. The growth will be owed to retail mortgage lending, as credit market penetration in Central Europe is still significantly lower than in Western Europe. A further shrinking in margins, increased emphasis on fee income growth and enhanced cost efficiency are also expected. One should also note that at this stage, it is

hard to predict how the current subprime stock market crisis will impact the Central European banking markets. There is no direct impact here, as the Central European banks do not have or have very limited direct exposure to these subprime securities. But on the other hand, there could be several negative indirect impacts such as potential increase in cost of financing, increased default rate in case of CHF and EUR denominated loans through weaken-

ing of local currencies, lower valuation levels of the ranked banks as well as their investment portfolios, etc. Among the 50 biggest banks in terms of revenue, the bulk (12) are Polish banks. However, they dont top the rankings. The situation is different when it comes to insurance companies, where PZU is No.1 and half of top 10 insurers are entities based in Poland.

Criteria for the ranking

1. The data was collected in three categories: Companies, Banks and Insurers. 2. The main category of ranking and the value which determine the companys position in the ranking is revenues from sale, assets and gross written premiums respectively for Companies, Banks and Insurers. 3. The information was collected locally - preferably according to IFRS. 4. The ranking was composed of consolidated values (if the company published consolidated financial statements). 5. The preferred source of data was audited financial statements, then data provided to us by company and databases. If there was no possibility of collecting the revenues for 2006, they were estimated or assumed to be at the 2005 level.

Countries covered by the ranking

Poland, Albania, Bosnia and Herzegovina, Bulgaria, Croatia, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Macedonia, Moldova, Montenegro, Romania, Serbia, Slovakia, Slovenia, Ukraine

2007 Global Security Survey

The shifting security paradigm
While information security incidents continue to grab the attention of business executives, ownership of the underlying problems is still perceived to rest with IT, according to the 2007 edition of the Global Security Survey by Deloitte Touche Tohmatsu (DTT). Less than two thirds (63%) of respondents to DTTs 2007 Global Security Survey have an information security strategy. Only 10% of this years respondents have their information security led by business line leaders. These findings support an emerging security paradox: the gap between awareness of the problem and support for the solution. The survey also revealed that the greatest root cause of external breaches continues to be the human factor: an organizations employees, customers, third parties and business partners. The contradictory findings in this years survey highlight the security paradox financial institutions are facing, says Petr Brich, Risk Management Leader for Deloittes Financial Services practice in the Czech & Slovak Republics. On the one hand, it is clear that respondents have identified the major security issues and the necessary actions they must take to improve security and privacy practices. On the other hand many financial institutions are falling behind when it comes to taking action. One of the elements most worrisome for organizations when it comes to breaches is customers. The DTT survey found that the top three breaches (those that were repeated the greatest number of times) were viruses and worms; e-mail attacks, e.g. spam; and phishing/pharming. All of these breaches are perpetrated via the customer, e.g. customers as unwitting providers of sensitive information and conduits into financial institutions. But even though financial institutions are directly affected by these types of breaches, they are still reluctant to take responsibility for the security of their customers computers, most likely because of the enormity of such an undertaking. When asked whether they should be held accountable for protecting the computers of their customers who do online business with them, two thirds of respondents (66%) replied that they should not. In addition to breaches perpetrated through the customer channel, the DTT survey reveals that ahigh number of repeated occurrences of breaches can be attributed to employees: both misconduct (intentional action) and errors and omissions (unintentional action). An overwhelming majority of respondents (91%) are concerned about employees and cite the human factor as the root cause for information security failures (79%). But while errors and omissions on the part of employees are identified as amajor security issue, almost aquarter (22%) of respondents provided no employee security training over the past year and only one-third of respondents (30%) say their staff is well skilled with adequate competencies to respond to security needs.

Despite these gaps, identifying the problem is at least half the battle and so financial institutions are definitely moving in the right direction to close these gaps, adds Petr Brich. Security training and awareness, along with access and identity management of employees, clients and suppliers, and data protection are among organizations top initiatives this year, as they fight to keep pace with the everchanging threat landscape.
Additional key findings of the survey:

Shifting priorities and integration problems were identified as top reasons for information security projects failure (48% and 32%, respectively).

How much some things change. In the 2003 security survey, the DTT GFSI Group wrote, There seems to be little insightful data on the state of either IT security or privacy in financial institutions - or any other sector for that matter - and there is almost no data

E-mail attacks top the list of external security breaches financial institutions experienced over the past 12 months (57%). Two-thirds (66%) of respondents do not feel they should be accountable for protecting the computer of customers who bank on-line. Virtually all respondents (98%) indicate increased security budgets, but 35% feel that their investment in information security is lagging behind business needs.

Europe, Middle East and Africa (EMEA): The EMEA region has the highest percentage of respondents (39%) among all regions who feel they presently have both the required skills and competencies to respond effectively and efficiently to current and foreseeable security requirements. Additionally, the majority of participants (82%) feel that security has risen to the C-suite or board level, with more than three-quarters (77%) believing they have both the commitment and funding to address regulatory compliance. With regards to security breaches, the percentage of institutions in EMEA that experienced security breaches both internally (31%) and externally (71%) is above the global averages of 30% and 65%, respectively.

Regional highlight FSIs who feel that security has risen to the C suite or board as a critical area of business FSIs possessing a security strategy FSIs whose information security strategy is led and embraced by line and functional business leaders FSIs who have incorporated application security and privacy as part of their software development lifecycle FSIs who feel they have both commitment and funding to address regulatory requirements FSIs who feel that government driven security regulations are effective in improving security posture in their industry FSIs who have security linked to their IT security employees appraisals FSIs who feel they presently have both the required skills and competencies to respond effectively and efficiently to foreseeable security requirements FSIs whose employees have received at least one training and awareness session on security and privacy in the last 12 months FSIs who have an executive responsible for privacy FSIs who have a program for managing privacy compliance FSIs who have experienced repeated internal breaches over the last 12 months FSIs who have experienced repeated external breaches in the last 12 months

EMEA 82% 61% 10% 33% 77% 82% 44% 39% 82% 60% 78% 31% 71%

Global 81% 63% 10% 32% 73% 86% 50% 30% 78% 66% 70% 30% 65%

that delivers aworld-wide perspective.It is an indication of the truly high visibility that security and privacy has attained that this statement is no longer the case. How much some things stay the same. One of the survey respondents to the 2003 security survey offered this statement, New technologies and new business models are causing us to blindly run full speed toward the unknown. And the hot breath of threats and risk is on our necks at all times. We are constantly under siege.This statement is as true today as it was back then. The everincreasing sophistication of security breaches seems to know no bounds. The industry has produced some great minds - which have been used for us as well as against us. It has often been said that, over the course of alifetime, children are the source of ones greatest joy and ones greatest concern. In asimilar vein, this years respondents might say the same of their people (employees, customers, third parties and business partners) - they are an organizations greatest asset yet its greatest worry. The most frequent breaches organizations experienced were those perpetrated by crooks against the customer. In addition,

alarge number of organizations anticipate breaches due to employees, both intentional action (misconduct) and unintentional action (errors and omissions). Even though the majority of breaches are due to mistakes and not malicious intent, they have no less impact. But mistakes are not without their usefulness. Sam Levenson, the American humourist, once said, You must learn from the mistakes of others. You cant possibly live long enough to make them all yourself.Humour aside, from asecurity and privacy perspective, the message is clear: often times, it takes misfortune happening to others for us to learn what to do to protect ourselves. You can be sure that every time there is amajor security disaster reported in the press, many other organizations scramble to ensure that their systems are not vulnerable in the same way.

Every year, this survey demonstrates the progress in security that has been made over the course of ayear: the incidents of viruses/worms, insider fraud, and the leakage of customer data have all fallen. We know this doesnt mean that the criminals are going away - theyre just thinking up something new - but the statistic represents major progress nonetheless. And much of the progress has been as the result of proactive - rather than reactive - measures. Those of us in the security and privacy arena know that the answer to the question, Are we there yet? is that we may never be there - but we continue to work towards making sure that the journey is as safe and secure as possible. For further information on the results of the survey you can download it from Financial services section at www.deloitte.com.

Solvency II
Changing behaviours
Although the Solvency II project is still in the early stages, QIS3 (Quantitative Impact Study) is entering into a conclusive/crucial phase. The outcome of the study will affect the amount of capital an insurance company must hold as protection against potential risk. In the following paragraphs you can find some of the key current developments in the Solvency II project. Quantitative impact studies QIS3 The insurance companies were to submit the completed spreadsheets to their local supervisor by 29 June 2007 The results should be published in November 2007 Final advice on Solvency Capital Requirement (SCR) and Minimum Capital Requirement (MCR) to be presented by spring 2008 O&G were valued using very simple assumptions/models in the majority of cases In some cases, O&G assumed to be zero

Systems Some of the current systems do not hold enough information to perform proper QIS3 calculation The lack of information identified on both asset and liability sides Reporting procedures Current procedures not ready for information required by QIS3 This relates to ability to fill individual information and also to qualitative questions The European Commission The final draft of the Solvency II Directive was published on 10 July 2007. All 13 currently existing European Insurance Directives will be combined into asingle new one. The most important innovation will be the risk-based approach of Solvency II. The draft sets out essential principles for the future regime. The development and testing of the European Standard Formula is very important for the success of the whole project. Although QIS3 meant big progress in this area, there is still more calibration and testing needed to set the Formula right. It is also necessary to come up with suitable simplifications for small and medium-sized insurers. Requirements of European Commission to CEIOPS

competitive equality across the EU concerning full and partial internal models, governance requirements, systematic supervisory reporting and public disclosure requirements and the use of capital add-ons Indicate where the line between level 2 implementing measures and level 3 guidance should be Core issues from the Solvency II Directive draft Pension funds are not included The parts concerning the capital add-ons are very general (concrete approaches to be set by further implementation measures) The group supervisor will be assigned to the (re)insurance group, (concrete approaches to be set by further implementation measures) The calculation of MCR will be set according to the results of QIS3. It will have to be calculated quarterly Own Risk and Solvency Assessments to be carried out by all (re)insurance undertakings as an integral part of their business strategy - aregular practice of assessing their overall solvency needs with aview to their specific risk profile Supervisory authorities have the power to require an (re)insurance undertaking to develop apartial or full internal model in the event that the SCR standard formula does not accurately capture the risk profile of that undertaking Applications for internal models must be approved or rejected within 6 months from receipt Five tests to be met before approval internal model Use test; Statistical quality standards; Calibration standards; Validation standards and Documentation standards All insurers must have an actuarial and arisk management function (access to the required skills)

QIS4 To be conducted in 2008 (probably between April and July) Specification should be based on the Framework Directive and should include any lessons learnt from QIS3 EC (European Commission) wants CEIOPS (Comitee of European Insurance and Occupational Pensions) to deliver draft QIS4 specification by 20 December 2007

Problematic areas arising from QIS3 Models Lack of internal models Significant effort often necessary to convert the existing models to adhere to QIS3 rules The problematic areas included - Modelling of shocks on assets - Modelling of reinsurance - Modelling of interactions among assets and liabilities in shock scenarios - Determining run-off pattern (proxies) - Split of liabilities into different categories Options and guarantees (O&G) O&G were not properly valued by most companies Application of the proportionality principle in the calculation of group solvency Ideas to facilitate the effective supervision of groups and the supervision of the group support in particular Practical aspects to achieve consistent and

Tentative timetable for the Solvency II project

May 2008 2008 October 2009 2nd half 2010 2nd half 2012 Final advice from CEIOPS on the first two issues Final negotiations and agreement on the Framework Directive (before the next elections for the European Parliament) Fully consulted advice from CEIOPS Adoption of the implementing measures and finalisation of the level 3 supervisory guidance Start of the new regime in EU

Hot Issues
Our Financial Services Industry experts produce awide range of thought leadership materials covering key issues for financial institutions. Below you can find selected materials that have been published in recent weeks. More information on our recent FSI publications can be found within our FSI section at www.deloitte.com.

Financial Services in 2010: Hallmarks of success The worldwide market for financial services is evolving rapidly, and is likely to look very different by the year 2010. This study from Deloitte Research identifies major market drivers and operational challenges that financial institutions will likely face over the next four years and pin-points the strategies and practices recommended to create the Hallmarks of Success. Reversing the charges: mobile payments at point of sale Deloittes latest research suggests that the substantial investment in mobile POS payments in the UK is misjudged, and there is not acompelling case for banks or mobile operators to invest in this new technology. Deloittes experts suggest alternative directions for mobile payment technology. Life insurance product innovation: asure path to growth New products are one of the critical growth strategies of most life insurance companies. Arecent study of top life insurers by Deloitte revealed that the stock market rewards companies that grow organically, especially those who consistently develop innovative products, while leaving unrewarded those insurers that grow principally through mergers and acquisitions. But how can your business develop these new products?

The missing link: leveraging talent to drive customer loyalty In an era of soaring customer acquisition costs and spiraling attrition, most retail banks recognize the benefits of expanding share of wallet by encouraging greater loyalty among their existing customers. In recent years, many retail banks have invested heavily in initiatives designed to increase customer satisfaction and deliver aunique experience. In most cases, however, these efforts have not borne fruit - and noticeable gains in customer loyalty have remained elusive. Why? To agreat extent, retail banks have overlooked the linchpin of the customer relationship - their customer-facing employees. These employees often remain an underutilized asset for growth, but in this overview from Deloitte, we explain how you can better utilise these critical contact points with your customers.

These materials and the information contained herein are provided by Deloitte Central Europe and are intended to provide general information on aparticular subject or subjects and are not an exhaustive treatment of such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal, investment, consulting, or other professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult aqualified professional adviser. These materials and the information contained therein are provided as is, and Deloitte Central Europe makes no express or implied representations or warranties regarding these materials or the information contained therein. Without limiting the foregoing, Deloitte Central Europe does not warrant that the materials or information contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte Central Europe expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for aparticular purpose, noninfringement, compatibility, security, and accuracy. Your use of these materials and information contained therein is at your own risk, and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte Central Europe will not be liable for any special, indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of these materials or the information contained therein.

Deloitte refers to one or more of Deloitte Touche Tohmatsu, aSwiss Verein, its member firms, and their respective subsidiaries and affiliates. As aSwiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each others acts or omissions. Each of the member firms is aseparate and independent legal entity operating under the names Deloitte, Deloitte & Touche, Deloitte Touche Tohmatsu, or other related names. Services are provided by the member firms or their subsidiaries or affiliates and not by Deloitte Touche Tohmatsu Verein.

Deloitte CE c/o Budejovicka alej (Entrance B) Antala Staska 2027/77 14000 Prague 4 Czech Republic Tel.: +420 234078500 Fax: +420 234078010

2007 Deloitte Touche Tohmatsu All rights reserved