SOLVENCY II PILLAR 2 COMPLIANCE SOFTWARE FOR THE INSURANCE SYSTEM OF GOVERNANCE
Run the Solvency II System of Governance as one live system of record: board responsibility, written policies, the risk management system, the ORSA process, the four key functions including the actuarial function, fit and proper, and outsourcing. 45 Pillar 2 controls, evidenced once and reused across DORA and ISO 27001.
What is Solvency II Pillar 2 and who must comply? Solvency II (Directive 2009/138/EC, with Delegated Regulation (EU) 2015/35 and the EIOPA Guidelines on the System of Governance) is the EU prudential regime for insurers and reinsurers. Pillar 2 is its System of Governance, Articles 40 to 49, covering board (AMSB) responsibility, written policies, the risk management system, the ORSA, the internal control and compliance function, internal audit, the actuarial function, fit and proper, remuneration and outsourcing. It is supervised by EIOPA and national regulators, and it applies to every EU (re)insurer. Venvera covers Pillar 2 only; it does not perform Pillar 1 capital calculations or Pillar 3 QRT reporting. As Solvency II compliance software built around Pillar 2, Venvera manages the System of Governance, the ORSA (Own Risk and Solvency Assessment) as a governed process, the four key functions (risk management, compliance, actuarial and internal audit), and the fit and proper requirements for AMSB members and key-function holders, all evidenced against the EIOPA Guidelines and the expectations of national supervisors.

AN EFFECTIVE SYSTEM OF GOVERNANCE UNDER ARTICLES 40 AND 41
Solvency II Article 40 makes the administrative, management or supervisory body (AMSB) ultimately responsible for compliance, and Article 41 requires an effective, proportionate system of governance: a clear organisational structure, transparent reporting lines, segregation of duties, and a full set of written policies reviewed at least annually. Venvera is the Solvency II compliance software that acts as the system of record for that governance. It holds the org and reporting-line map, the written policy library with board approval and review cadence, and the evidence behind every one of the 45 Pillar 2 controls. Your CRO and key-function holders work from one live picture instead of a folder of static documents.
- Organisational structure and reporting lines mapped to Article 41(1)
- Written policy library (risk management, internal control, internal audit, outsourcing, remuneration) with annual review cadence
- AMSB approval workflow and sign-off records for every policy
- Segregation of duties evidenced across the three lines of defence
- All 45 System of Governance controls tracked with owner, status and evidence
RUN THE ORSA AS A GOVERNANCE PROCESS, NOT A SPREADSHEET
Article 45 requires every insurer to conduct its Own Risk and Solvency Assessment and to embed it in decision-making. Venvera runs the ORSA as a governed process: the ORSA policy, the annual and ad hoc trigger schedule, the board approval workflow, the documented record, and the review cadence. It is deliberately the process wrapper, not the numbers. Venvera does not calculate your solvency needs, technical provisions or capital; your actuarial function and capital model own that. Venvera makes sure the assessment is policy-driven, approved by the AMSB, documented, and repeatable, which is exactly what a supervisor tests.
- ORSA policy with defined methodology, frequency and ad hoc triggers
- AMSB approval workflow with recorded challenge and sign-off
- Documentation of the ORSA record and the internal report to management
- Review cadence and evidence that ORSA output feeds strategic decisions
- Clear boundary: governance process only, never the capital calculation
RISK MANAGEMENT, COMPLIANCE, INTERNAL AUDIT AND ACTUARIAL: ALL FOUR KEY FUNCTIONS
Solvency II names four key functions: risk management (Article 44), compliance within the internal control system (Article 46), internal audit (Article 47), and the actuarial function (Article 48). Each must be operationally independent, held by a fit and proper person, and evidenced. Venvera gives every function its own workspace: mandate, holder, independence evidence, work plan, and the reports it owes the AMSB. The actuarial function's coordination of technical provisions, opinion on the underwriting policy and opinion on reinsurance arrangements are tracked as governance deliverables. Venvera records that the opinions were produced, reviewed and delivered to the board; it does not compute the technical provisions themselves. These insurance-specific functions are native controls, evidenced directly and never auto-satisfied from generic evidence.
- Risk management function (Art 44) with the risk management system and risk policies
- Compliance function (Art 46) advising the AMSB and assessing regulatory change
- Internal audit function (Art 47) with an independent, risk-based audit plan
- Actuarial function (Art 48): coordination of technical provisions tracked as a governance deliverable (not computed), plus underwriting and reinsurance opinions
- Independence, fit and proper status and AMSB reporting evidenced per function
FIT AND PROPER RECORDS AND OUTSOURCING CONTROL
Article 42 requires everyone who effectively runs the undertaking or holds a key function to be fit (professionally competent) and proper (of good repute and integrity), on appointment and continuously. Article 49 governs outsourcing, especially of critical or important functions, requiring due diligence, contractual safeguards, ongoing monitoring and notification to the supervisor. Venvera keeps the fit and proper register (qualifications, assessments, good-repute checks and renewal dates) and an outsourcing register with criticality classification, contract clauses, service monitoring and the supervisory notification trail. For ICT and security outsourcing, the same contractual and monitoring evidence you maintain for DORA is reused here through the crosswalk.
- Fit and proper register per Art 42 with reassessment and renewal reminders
- Good-repute and competence evidence for AMSB members and key-function holders
- Outsourcing register per Art 49 with critical-or-important classification
- Contractual safeguards, exit plans and ongoing service monitoring tracked
- Supervisory notification trail for outsourcing of critical or important functions
EVIDENCE ONCE, COMPLIANT EVERYWHERE: DORA AND ISO 27001 INTO SOLVENCY II
Most EU insurers are already running DORA, and many hold ISO 27001 or fall under NIS2. Their governance requirements overlap heavily with the Solvency II System of Governance. Venvera's crosswalk maps that overlap so you evidence once: satisfying your DORA or ISO governance controls auto-satisfies the equivalent Solvency II governance controls, namely organisational structure and reporting lines, segregation of duties, protection of records, and the contractual plus monitoring requirements for ICT and security outsourcing. What never auto-satisfies is the insurance-specific core: the ORSA process, the four key functions including the actuarial function, fit and proper, remuneration and non-ICT operational risk. Those stay native and are evidenced directly, because a supervisor would reject borrowed evidence for them, and so do we.
- DORA and ISO 27001 governance evidence auto-satisfies equivalent Pillar 2 controls
- Overlap covers org structure, segregation of duties, records protection and ICT outsourcing
- Insurance-specific controls stay native: ORSA, key functions, fit and proper, remuneration
- No fake coverage: generic evidence never fills an actuarial or ORSA control
- One evidence update flows to every mapped framework at once
SOLVENCY II PILLAR 2 COMPLIANCE: VENVERA VS MANUAL TRACKING
45
Pillar 2 System of Governance controls
4
Key functions: risk, compliance, audit, actuarial
Art 40-49
System of Governance scope covered
from €399
Per month, EU data residency
FREQUENTLY ASKED QUESTIONS ABOUT SOLVENCY II PILLAR 2
COMPLETE YOUR COMPLIANCE STACK
DORA
Reuse your DORA ICT governance and outsourcing evidence for Solvency II Pillar 2.
NIS2
Map NIS2 governance and security controls into your insurance system of governance.
Insurance & Reinsurance
How EU insurers run DORA and Solvency II Pillar 2 side by side in one platform.
Control Crosswalk
See how evidence-once mapping auto-satisfies equivalent controls across frameworks.
READY TO GOVERN
SOLVENCY II PILLAR 2?
Start with a free trial. Map your System of Governance to the 45 Pillar 2 controls, stand up your ORSA process and key-function workspaces, and let the crosswalk pull in the DORA and ISO 27001 evidence you already have. Pillar 2 governance from EUR 399 per month, with EU data residency. Venvera complements your actuarial engine and QRT tool; it does not replace them.