
Search for Solvency II reporting software and you will find two categories of product wearing almost identical marketing language, solving almost entirely different problems. One category generates the quantitative returns your supervisor ingests as XBRL. The other governs the people, policies, decisions and evidence that sit behind those returns. They are both called "reporting" because the Directive calls them both reporting, but a tool built for one is structurally incapable of doing the other well. Understanding that split is the single most useful thing a Chief Risk Officer or Head of Compliance can do before signing a contract.
This guide draws the line clearly. We explain the two reporting worlds under Directive 2009/138/EC, show which tool belongs in which world, and are explicit about where Venvera fits: we are a Pillar 2 governance platform, not a quantitative reporting engine. If you take one thing away, let it be this: the right Solvency II reporting software stack is usually two tools that complement each other, not one tool pretending to be both.
The two kinds of Solvency II reporting
Solvency II rests on three pillars. Pillar 1 covers the quantitative capital requirements: the Solvency Capital Requirement (SCR), the Minimum Capital Requirement (MCR), technical provisions, the balance sheet under the standard formula or an internal model. Pillar 2 covers the system of governance: how the undertaking is run, who is accountable, the risk management system, the four key functions, fit & proper, remuneration and outsourcing. Pillar 3 covers disclosure and supervisory reporting: what the undertaking tells its supervisor and the market.

Reporting, in the everyday sense insurers use the word, splits across Pillars 1 and 3 on one side and Pillar 2 on the other. It helps to name the two worlds precisely.
1. Quantitative reporting - the QRTs and XBRL returns
This is the world of the Quantitative Reporting Templates (QRTs), the annual and quarterly numerical returns submitted to national supervisors and, ultimately, EIOPA. These templates carry the balance sheet, own funds, SCR and MCR figures, technical provisions, asset-by-asset detail and reinsurance. They are produced from actuarial and finance systems, validated against EIOPA business rules, and filed as XBRL through supervisory gateways. This is precise, calculation-heavy, taxonomy-driven work, and it is the domain of dedicated actuarial and regulatory-reporting engines.
2. Governance and narrative reporting - the story behind the numbers
This is the world of board risk packs, the ORSA report and its supporting documentation, the narrative System of Governance sections of the SFCR and RSR, and the evidence packs and audit trails a supervisor asks for during a review or a fit & proper assessment. None of it is a number in a template. All of it is the demonstrable proof that the undertaking is well governed, that its policies exist and are approved, that its key functions operate independently, and that decisions were made by the right people with the right information. This is the world Venvera's Solvency II Pillar 2 module is built for.
| Dimension | Quantitative reporting (QRT / XBRL) | Governance reporting (Pillar 2) |
|---|---|---|
| Legal basis | Pillar 1 and Pillar 3 quantitative disclosure | Pillar 2, Directive Arts 40-49 |
| Output | SCR, MCR, technical provisions, XBRL returns | Board packs, ORSA report, policies, evidence, audit trail |
| Owner | Actuarial and finance teams | CRO, compliance, key-function holders, the board |
| Tool type | Actuarial / regulatory-reporting engine | GRC / governance platform (Venvera) |
| Failure mode if wrong tool | Wrong numbers, rejected filing | No evidence, findings, governance gaps at review |
To be completely explicit: Venvera does not produce QRTs and does not file XBRL. We do not calculate your SCR, your MCR or your technical provisions, and we do not do capital modelling. If a vendor tells you a single platform will do the QRTs and run your governance, ask them to show you both live. Usually one side is a thin veneer over the other.
Why Pillar 2 governance is its own reporting discipline

Pillar 2, the System of Governance, is set out in Articles 40 to 49 of Directive 2009/138/EC, elaborated by Delegated Regulation (EU) 2015/35 and the EIOPA Guidelines on the System of Governance. It is where the administrative, management or supervisory body (the AMSB, in practice the board) carries ultimate responsibility for compliance. It requires an effective, well-documented system that is proportionate to the nature, scale and complexity of the business, and it names the ingredients: written policies reviewed at least annually, a functioning risk management system, four key functions, fit & proper requirements, sound remuneration, and controlled outsourcing.
None of that produces a number. All of it produces evidence, and evidence is exactly what a supervisor asks for. When a national competent authority runs a governance review, or when EIOPA scrutinises the sector, the questions are: show me the policy, show me who approved it and when, show me the ORSA and the board minutes that discussed it, show me that your compliance function is independent, show me the fit & proper file for this key-function holder. A QRT engine has none of this. It was never designed to. That is why governance reporting needs its own software discipline built around policies, controls, workflows, ownership and an immutable audit trail.
Venvera's Solvency II module covers Pillar 2 as 45 controls mapped directly to the Directive articles, the Delegated Regulation and the EIOPA Guidelines. Each control has an owner, an evidence requirement, a review cadence and a status the board can see at a glance. The output is not a filing; it is a defensible, current, exportable picture of how the undertaking is governed.
The ORSA: a governed process, not a capital number

The Own Risk and Solvency Assessment (ORSA), required by Article 45, is the clearest example of where the two reporting worlds meet and where they must stay separate. The ORSA has a quantitative core: your own view of overall solvency needs, the projections, the stress and scenario results. That core is computed in your actuarial and capital systems, and Venvera does not calculate it. We are unambiguous about that.
But the ORSA is, in the Directive's own framing, a process embedded in strategic decision-making, not a spreadsheet. Supervisors judge the ORSA on whether it is genuinely used by the board, whether the ORSA policy exists and is approved, whether the process ran on schedule, who was involved, how results fed into decisions, and whether the ORSA report reached the AMSB and was discussed. That is governance, and it is where a governance platform earns its place.
Venvera runs the ORSA as a governed process: the ORSA policy as a living, version-controlled document; a scheduled workflow with owners and deadlines; a place to attach the quantitative outputs produced by your actuarial engine; board sign-off captured with dates and names; and a complete audit trail showing the assessment was performed, reviewed and used. When the supervisor asks "show me your ORSA process," you produce it in minutes. The number came from your capital model. The proof that it was governed properly comes from here.
SFCR and RSR: feeding the narrative, not filing the templates
The Solvency and Financial Condition Report (SFCR) and the Regular Supervisory Report (RSR) are both hybrid documents. Each has quantitative annexes driven by QRTs and XBRL, and each has a substantial narrative System of Governance section (Section B in the standard structure) describing the board, the key functions, fit & proper, risk management and remuneration.
The quantitative annexes belong to your regulatory-reporting engine. The governance narrative belongs to Pillar 2. Venvera supplies the inputs to that narrative: current descriptions of the governance system, up-to-date policy references, key-function holder details, and the evidence that each statement in Section B is true. We do not generate or file the SFCR or the RSR. We make the governance half of them accurate, consistent year to year, and backed by evidence, so the team assembling the report is not reconstructing the governance story from scattered emails every reporting cycle.
The crosswalk: evidence once, compliant everywhere
Here is where a governance platform earns its keep beyond a single framework. Most EU insurers are not only doing Solvency II. They are also subject to DORA for ICT and operational resilience, often NIS2, and many already run an ISO 27001 information security management system. These regimes share a large body of governance requirements: organisational structure, segregation of duties, records management, board oversight, and the control of ICT and third-party outsourcing.

Venvera's cross-framework crosswalk means that when you have evidenced those overlapping governance controls once - say, for DORA or ISO 27001 - the corresponding Solvency II governance controls are auto-satisfied from that existing evidence. You do not re-document your organisational structure or your outsourcing controls four times. That is the "evidence once, compliant everywhere" principle in practice, and it is where a multi-framework tool beats a Solvency-only point solution.
The crosswalk has an honest limit, and the limit is the point. Insurance-specific controls - the ORSA, the four key functions including the actuarial function, and fit & proper - are native. They are evidenced directly in Venvera and are never auto-satisfied from another framework, because nothing in DORA or ISO 27001 proves your ORSA ran or your actuarial function holder is fit & proper. Claiming otherwise would manufacture coverage that does not exist. The crosswalk reuses what genuinely overlaps and demands direct evidence for what is genuinely insurance-specific.
The four key functions - governance, not modelling

Solvency II mandates four key functions, and a supervisor expects each to be identifiable, independent, adequately resourced and reporting to the AMSB. Venvera tracks all four as governance objects: who holds the function, whether they are fit & proper, what they are responsible for, their reporting line, and the evidence that the function actually operated.
- Risk management function (Art 44) - operates the risk management system, owns the risk policies, supports the ORSA process.
- Compliance function (Art 46) - internal control, assessing the impact of legal and regulatory change, advising the board.
- Internal audit function (Art 47) - independent assurance over the whole system of governance, reporting findings to the AMSB.
- Actuarial function (Art 48) - tracked as a governance function: who holds it, that they are fit & proper, that they coordinate technical provisions and opine on underwriting and reinsurance, and that the function reports to the board.
Note the discipline on the actuarial function. Venvera governs the function: its holder, independence, responsibilities, reporting line and the record that it produced its opinions. Venvera does not perform the actuarial calculation. The technical provisions and the actuarial opinion are computed in your actuarial systems; we hold the governance evidence that the function exists, is competent and did its job. That boundary is deliberate and we hold it firmly, because pretending otherwise is exactly the kind of fake coverage that fails at a supervisory review.
Pillar 2 governance by the numbers
The governance surface of Solvency II is larger than most teams appreciate until they map it. Articles 40 to 49 of the Directive, expanded by Delegated Regulation (EU) 2015/35 and the EIOPA Guidelines on the System of Governance, translate into 45 discrete controls in Venvera, each with an owner and an evidence trail. Written policies must be reviewed at least annually. Four key functions must be independent and report to the board. Every fit & proper assessment, every outsourcing arrangement, every remuneration policy decision needs a documented, retrievable record. Multiply that by the reporting cycle and by the other frameworks an insurer runs, and the case for a purpose-built governance platform is straightforward: the volume of evidence is simply too large to manage in spreadsheets and shared drives without something eventually going missing at the worst possible moment.
How to choose - and how the two tools fit together
Choosing your Solvency II reporting software is really two decisions, made in parallel, for two jobs that must interoperate rather than compete.
For the quantitative job
Choose a dedicated actuarial and regulatory-reporting engine. Evaluate it on the accuracy of its SCR and technical provisions calculations, the completeness of its QRT coverage, the currency of its EIOPA XBRL taxonomy, its validation rules, and how smoothly it files through your supervisor's gateway. This is where the numbers live. Venvera does not compete here and does not pretend to.
For the governance job
Choose a platform built for Pillar 2. Evaluate it on how faithfully its controls map to Arts 40-49 and the EIOPA Guidelines, whether it runs the ORSA as a real workflow, how it captures board sign-off, the strength of its audit trail, whether it handles the four key functions and fit & proper natively, and whether it can reuse governance evidence across ISO 27001, NIS2 and DORA. That is precisely the specification Venvera was built to meet.
The two tools connect at well-defined seams. Your actuarial engine computes the ORSA quantitative outputs and the QRT figures; Venvera holds the governance wrapper - the ORSA policy, workflow, board approval and audit trail, and the governance narrative inputs for the SFCR and RSR. You get correct numbers from one system and defensible governance from the other, without either one pretending to be the whole picture. For the governance half of that stack, explore Solvency II governance software built specifically for EU insurers and reinsurers.
The bottom line
"Solvency II reporting software" is not one product category, it is two. The quantitative side - QRTs, XBRL, SCR, MCR, technical provisions - belongs to your actuarial and regulatory-reporting engine. The governance side - board packs, the ORSA process, SFCR and RSR narrative inputs, the four key functions, fit & proper, and the evidence packs a supervisor actually asks for - belongs to a Pillar 2 governance platform. Venvera is the second, complementing the first, with a cross-framework crosswalk that reuses your ISO 27001 and DORA governance evidence while keeping insurance-specific controls native and honestly evidenced. Buy for the job, connect the seams, and never let a vendor blur the line between calculating a number and governing the decision behind it.
Get the governance half of Solvency II reporting right - from EUR 399/month, EU data residency.
See how Venvera runs Pillar 2 as 45 controls, a governed ORSA process and a live audit trail that complements your QRT engine. Explore Venvera's Solvency II Pillar 2 module.



