Executive guidance on SAM reporting data lineage insurance, actuarial data, IFRS 17, and QRT reporting for South African insurers.
The real reporting risk for South African insurers is not that a SAM return, QRT pack, or IFRS 17 disclosure cannot be produced. Most insurers can produce the numbers. The harder question is whether the business can explain, with evidence, how those numbers were built from policy, claims, finance, reinsurance, actuarial, and investment data.
That is why SAM reporting data lineage insurance should be treated as an executive control issue, not an actuarial or IT housekeeping task. The Prudential Authority, external auditors, internal audit, the audit committee, the risk committee, and the board all rely on the same underlying discipline: clear definitions, traceable data movement, controlled adjustments, and accountable ownership.
For an insurer, a solvency figure is never just a calculation. It is the end result of many business decisions and data transformations. If those cannot be traced, the organisation is depending on expert memory, spreadsheet workarounds, and late-cycle reviews. That may work in a quiet quarter. It is much weaker when assumptions change, systems fail, staff leave, or a regulator asks for evidence.
SAM and IFRS 17 have different purposes, but they often depend on overlapping data. Policy status, premium patterns, claims history, lapse behaviour, expenses, reinsurance recoveries, risk classifications, and investment balances can influence both regulatory and financial reporting.
A life insurer, for example, may use policy administration data to support best estimate liabilities, risk margin calculations, IFRS 17 fulfilment cash flows, and board reporting on embedded risk. A non-life insurer may use claims development triangles, catastrophe exposures, salvage recoveries, broker bordereaux, and reinsurance data across actuarial reserving, solvency capital assessment, and financial disclosures.
If each reporting team extracts and interprets this data differently, reconciliation becomes a monthly negotiation. Finance may recognise a data cut based on ledger close. Actuarial may use a valuation extract at a different date. Operations may update policy corrections after both teams have started. Reinsurance may hold separate treaty adjustments. None of this is unusual in South African insurers, especially where legacy systems, outsourced administration, and spreadsheet-based actuarial processes remain part of the environment.
The executive concern is not whether differences exist. Differences will exist. The concern is whether they are understood, approved, and repeatable.
Actuarial data lineage is the documented route from original business event to reported actuarial or regulatory result. It should show how a policy, claim, premium, reserve, assumption, or adjustment moves through systems, models, spreadsheets, reviews, and sign-off packs.
For SAM and QRT reporting, lineage should answer practical questions:
This should not become a theoretical mapping exercise covering every data field in the insurer. The priority is critical actuarial data: the items that materially affect solvency position, technical provisions, capital requirements, IFRS 17 results, QRT submissions, or executive attestations.
For wider context on building a controlled insurance data environment, see Zorinthia’s insurance data strategy advisory hub.
Quantitative Reporting Templates can make definition problems visible. A field that looks simple in a return may depend on several interpretations inside the business.
Consider a commercial property insurer. A policy may be classified by product code in the administration system, by industry sector in underwriting, by risk location in catastrophe modelling, by broker channel in management reporting, and by accounting treatment in finance. For a QRT line item, one controlled interpretation is required.
The same issue appears in life insurance. A funeral policy, credit life product, group scheme, or rider benefit may be treated differently across sales reporting, claims management, actuarial modelling, and finance. If the reporting definition is not formally owned, the actuarial team is forced to make judgement calls under time pressure.
A useful reporting data dictionary should therefore do more than define terms. It should record the approved business meaning, permitted classifications, source of authority, system of record, owner, exception rule, and effective date. This matters when definitions change after a new product launch, a migration, a regulatory interpretation, or a revised actuarial methodology.
IT can help maintain the repository and data flows. It should not be expected to decide the regulatory meaning of a policy boundary, onerous group, risk category, lapse assumption, or reinsurance treatment. Those are business, actuarial, finance, and compliance decisions.
South African insurers operate with constraints that are not theoretical. Load-shedding can disrupt overnight processing. Network outages can delay data warehouse refreshes. Smaller administrators may send files late. Older policy systems may not hold all fields needed for current reporting. Actuarial teams often maintain controlled but still manual spreadsheets because full automation is not affordable or realistic in the short term.
These realities do not excuse weak control. They make visible control more important.
If a valuation extract is delayed, the insurer should know which downstream models and reports are affected. If a claims file is incomplete, the impact should be assessed and documented. If a spreadsheet adjustment is needed, the source, rationale, reviewer, and version should be clear. If a system migration changes product codes, the mapping to SAM and IFRS 17 reporting categories should be approved before it reaches reporting close.
Good lineage also supports resilience. When a key actuarial analyst is unavailable, another suitably skilled person should be able to follow the evidence trail. When the board asks why the solvency coverage ratio moved, management should not have to reconstruct the answer from email threads and workbook tabs.
Actuarial and regulatory reporting can involve personal information, even when the final return is aggregated. Policyholder identifiers, health information, claims histories, income indicators, beneficiary details, debit order behaviour, and underwriting information may all appear in source extracts or actuarial working files.
POPIA does not prevent insurers from meeting regulatory obligations. It does require that personal information is handled for a clear purpose, protected appropriately, and not retained casually in uncontrolled locations.
In practice, this means actuarial and reporting teams should avoid unnecessary personal data in working packs where aggregated data is sufficient. Access to detailed extracts should be limited. Files shared between actuarial, finance, reinsurance, and external advisors should follow approved security processes. Retention periods should be clear. Personal drives and duplicated spreadsheets create avoidable privacy and audit risk.
The same discipline helps assurance. If an auditor challenges a movement in liabilities or a regulator asks for support for a QRT submission, the insurer should retrieve the relevant evidence without exposing more personal information than necessary.
Many insurers hesitate because the problem feels too large. Full enterprise lineage across all actuarial, finance, and regulatory data may be a long journey. The better starting point is one material reporting chain.
Choose an area with high impact or recurring pain. Examples include technical provisions for a major product line, SCR inputs for underwriting risk, claims triangles for a short-term portfolio, reinsurance recoverables, policyholder liability movements, or a QRT section with repeated late adjustments.
Then trace it end to end:
The result should be a practical control map, not a glossy architecture diagram. It should show where the process is strong, where it depends on individuals, where definitions are unsettled, and where remediation will reduce the greatest reporting risk.
Zorinthia’s insurance examples illustrate the kind of sector-specific situations where controlled data foundations become important for executive decision-making.
Executives do not need to inspect every actuarial model or data file. They do need to know whether the insurer can defend its regulatory and financial reporting numbers under scrutiny.
The next useful question for the CFO, CRO, Chief Actuary, or audit committee is simple:
If we selected one material SAM return or actuarial result from the last reporting cycle, could we trace the number back to source data, assumptions, adjustments, reconciliations, approvals, and retained evidence within a reasonable time?
If the honest answer is no, the organisation does not only have a reporting workload problem. It has a control gap in the data supply chain that supports solvency, financial reporting, and board confidence.