What Regulators Actually Look for in Statutory Submissions — From Someone Who Sat on Both Sides

Most insurance and finance companies treat statutory submissions as a technical exercise: validate the schema, pass the controls, hit the deadline. That mindset is exactly why reviewers keep finding the same issues year after year.

I spent time on the regulator side reviewing submissions from insurance companies. Then I spent over a decade on the other side, preparing and signing off on reports going to EGM and other authorities. The gap between what compliance teams think reviewers care about and what reviewers actually flag is wider than most CFOs realize.

The Myth of Technical Validity

Walk into any reporting team meeting before a submission and you'll hear the same checklist: schema validation, totals reconcile to the trial balance, mandatory fields populated, file format correct. Teams celebrate when the submission is accepted by the portal.

Acceptance is not approval. The portal accepts almost anything that parses. What happens next — the silent review period before any follow-up question arrives — is where the real assessment occurs.

Reviewers are not running your validation rules again. They already know your file is technically valid. They are looking for something else entirely.

What Reviewers Actually Open First

When I reviewed submissions, the first thing I did was not look at the current period in isolation. I pulled the last four to eight quarters and looked at the trend lines on key technical provisions, claims development triangles, and reinsurance recoverables.

The questions that formed in my head within the first ten minutes were:

• Does this quarter's movement make sense given what they reported last quarter?
• Did a line item suddenly change category, and was there a disclosure explaining why?
• Are the ratios between related accounts stable, or did something shift without explanation?
• Does the claims reserve movement reconcile with the premium pattern they reported six quarters ago?

None of these are technical validations. They are consistency checks across time. And almost no internal compliance team runs them before submission because their tooling is built around the current period.

The Reconciliation Trail Test

Here is what separates a submission that passes quietly from one that triggers a follow-up letter: can the preparer answer a reconciliation question within 48 hours, with documentation, without restating numbers?

When a reviewer asks "explain the 12% increase in line 4023 between Q2 and Q3," the company has three possible responses:

1. A clean trail showing the source transactions, the business reason, and a tie-back to the general ledger.
2. A reconstruction attempt that takes two weeks and produces a number that doesn't quite match what was submitted.
3. Silence, followed by a request for extension.

Response two is worse than response three. It tells the reviewer that the original number was assembled, not derived. Once that signal is sent, every subsequent submission from that company gets read with a different level of skepticism for years.

I watched companies I worked with later realize this only after they were already on the watch list. By then, the cost of getting off it was a multi-year governance project.

Signals That Flag a Data Governance Problem

Reviewers are pattern matchers. They are not running statistical anomaly detection on your file — they are using experience to spot signals that indicate the underlying data infrastructure is weak.

The signals I learned to look for, and later worked to eliminate from my own submissions:

• Round numbers in places they shouldn't appear. Technical provisions ending in three zeros suggest manual override rather than actuarial calculation.
• Stable ratios that suddenly diverge. Claims-to-premium ratios that held for eight quarters and then jump 15% without a corresponding disclosure usually mean someone reclassified something quietly.
• Restatements buried in current-period figures. If prior period comparatives in the new submission don't match what was originally submitted, and there's no explicit restatement note, you've just told the reviewer your numbers are fluid.
• Disclosures that read like they were written by a different team than the numbers were prepared by. This one is subtle but obvious to anyone who reads submissions for a living. When the narrative doesn't match the data shape, the data was prepared first and the narrative bolted on.
• Inconsistent treatment of the same transaction type across quarters. Reinsurance commission shown net one quarter, gross the next, with no policy change disclosed.

None of these will fail validation. All of them will get your file pulled for deeper review.

What Compliance Teams Should Actually Do

The industry has spent enormous amounts on regulatory reporting tools that focus on the wrong layer. Schema validation is solved. What isn't solved, in most companies, is the layer between source systems and the submitted file.

If I were rebuilding a statutory reporting function today, I would do three things before touching any tooling:

1. Run a multi-period consistency review before every submission. Not just the current quarter against the prior quarter, but the full trend on the twenty or so line items that reviewers actually focus on. Insurance companies know which lines these are. Most don't check them.
2. Build the reconciliation trail at the time of preparation, not when a question arrives. Every figure in the submission should have a documented path from source transactions, with the business logic explicit. Storing this alongside the submission, not in someone's email, is the difference between a 48-hour response and a two-week panic.
3. Read your own submission as a reviewer would. Pull the last six quarters of your own filings. Look at the trend. Find the inconsistencies before someone else does. If you can't reconcile them yourself, the next letter you receive will not be a routine one.

The Pattern That Matters Most

The companies that get scrutinized hardest are not the ones with the largest errors. They are the ones whose submissions show, over time, that the data governance underneath is weak. Reviewers form a view of an institution over years, not over a single filing.

Once a company is categorized as "prepared" rather than "derived," follow-up questions get harder, deadlines get shorter, and on-site reviews get more frequent. The cost of being in that category is enormous, and almost none of it shows up in the compliance budget.

The inverse is also true. Institutions that consistently produce submissions where every number ties cleanly to source, where trends are internally consistent, and where disclosures match the data shape get a level of trust that compounds. Their submissions get reviewed faster, their follow-up questions are fewer, and when a genuine issue does arise, the conversation starts from a different place.

That trust is built one submission at a time. And it's lost the same way.