The Own Risk and Solvency Assessment (ORSA) requirements are the key element of the Pillar 2 qualitative risk management requirements. The purpose of an “own risk assessment” by each company is to prove the appropriateness of the standard formula or internal model results if the company has applied for a certified internal model. While the Pillar 1 solvency capital requirement is calculated on a one-year basis to show that a company has enough capital to avoid insolvency through the end of the year in a 1-in-200 year event, the focus in Pillar 2 ORSA is the forward-looking assessment of solvency capital adequacy. Companies need to provide a projection of the risk and capital position for the entire planning period (at least three years), which has to be consistent with the business case balance sheet and profit and loss projection. The aim of ORSA is to demonstrate that there is an adequate level of capital available to support the business plan for a longer period. Based on this planning projection of the risk and capital position, (re)insurers need to define meaningful stress tests and scenarios to show they would be adequately capitalized in adverse scenarios as well. If a company would face solvency issues in certain stress scenarios, it needs to show it has countermeasures in place in order to reach the strategic targets of the corporate and risk strategy again.
A segment of Pillar 2 includes the establishment of a proper risk governance system. This requires the definition of clear responsibilities for four key functions - risk management, actuarial, compliance and internal audit. Some countries, such as the Netherlands, began ORSA reporting requirements a few years ago and its (re)insurers are well developed in providing meaningful ORSA processes and reports. (Re)insurers in many other European countries are challenged in fulfilling the Pillar 2 requirements, both on the quantitative ORSA aspects of projecting solvency and capital position and in establishing the governance system accordingly.
Reporting Requirements - Pillar 3 of Solvency II
The Pillar 3 reporting requirements are quite comprehensive. European (re)insurers need to provide a Regular Supervisory Report (RSR) to the regulator as well as a Solvency and Financial Condition Report (SFCR) to be published for clients, financial analysts, rating agencies and other stakeholders. Each of these two reports consists of a narrative risk report where companies have to describe their risk strategy, risk governance system and risk management processes in place, and extensive quantitative reporting requirements in the form of the Quantitative Reporting Templates (QRTs).
European (re)insurers have already invested heavily in data management systems but additional investments are still necessary for most companies in Europe. These systems are needed for compliance with the Pillar 3 reporting requirements to ensure complete, reliable and consistent data for internal risk and capital management purposes as well as for internal and external reporting. For the last two or three years, the preparation for Pillar 3 reporting requirements, especially the installation of an accurate data management system based on market consistent valuation principles for the QRTs, has absorbed considerable time and money and has typically become one of the largest projects for (re)insurers.