The National Association of Insurance Commissioners’ (NAIC’s) Own Risk and Solvency Assessment (ORSA) goes into effect on January 1, 2015. Currently, many (re)insurers are in the process of developing and implementing their ORSA plans and approaches to the new regulation. They may be challenged over how much work has yet to be done and how best to do it. However, while some of the challenges are understandable, through “Business Management Integration” (BMI) there is an easier and more reliable way to approach this new regulation.
See link to register for webinar below
What is ORSA?
ORSA is a (re)insurer’s self-assessment of its risk and capital. Beginning January 1, 2015, certain (re)insurers will be required by the NAIC to complete an ORSA Summary Report on an annual basis that will provide the regulator with a high-level understanding of the (re)insurer’s ORSA. At a minimum, the ORSA Summary Report (“the story”) should include discussions in three areas:
- Section 1: Description of the (Re)insurer’s Risk Management Framework
- Section 2: Insurer’s Assessment of Risk Exposure
- Section 3: Group Risk Capital and Prospective Solvency Assessment
The NAIC ORSA Guidance Manual that was published in November of 2012 states that ORSA is required for:
- Companies with over USD500 Million in direct written premium excluding premiums reinsured with the Federal Crop Insurance Corporation and the Federal Flood Program
- Companies in a corporate group with over USD1 Billion in direct written premium excluding premiums reinsured with the Federal Crop Insurance Corporation and the Federal Flood Program
- Distressed companies in risk based capital (RBC) action levels (at the regulator’s discretion)
The primary objectives of the NAIC are to provide for a more integrated insurance market, achieve better protection of the policyholders, improve competitiveness and improve and promote better regulation. ORSA now broadens these objectives by requiring (re)insurers to complete a forward looking solvency self-assessment on an annual basis for each statutory company and at the group level. The purpose of the self-assessment is for (re)insurers to be able to demonstrate that the statutory company and group have enough regulatory and economic capital to remain viable and run its businesses.
The implementation of ORSA would normally present significant challenges to (re)insurers – especially those that fail to consider the strength of their own and existing enterprise risk management (ERM) programs, the degree a risk-aware culture is embedded in the organization and the degree ORSA is already integrated into the running of the business. Some of these challenges along with a suggested approach to minimize these challenges through BMI are discussed below.
ORSA compliance on the part of (re)insurers requires the implementation and documentation of the processes and procedures that employ the identification, assessment, monitoring, managing and reporting on risks, in the short and long term. These are the risks that a (re)insurer faces or may face while simultaneously determining the funds necessary to cover these risks. Compounding a smooth ORSA implementation is the painful memory, agony and costs everyone experienced when the Sarbanes/Oxley (SOX) initiatives took effect in 2002.
Through BMI (re)insurers can navigate through the ORSA challenges and especially those that center around the ability of the enterprise to view and accept ORSA as an opportunity and a driver of performance improvement. BMI also helps overcome the traditional “silo-based” organizational and cultural obstacles. Simply put, the key to a successful ORSA with the desired outcome is through a fully integrated approach and the effective integration of risk-based information, while demonstrating the ability to manage multiple firm-wide objectives.
BMI will also help (re)insurers tackle several technical challenges as management begins telling the ORSA story, including whether or not to use Generally Accepted Accounting Principles, Statutory Accounting Principles or even International Financial Reporting Standards. BMI will also help (re)insurers deal with the technical considerations involving questions around how to implement an effective internal model and determine the level of capital that is required to meet its regulatory obligations and run its business.
Yet, the greatest benefit of BMI to (re)insurers is that it will help (re)insurers overcome the challenge of demonstrating how the internal model assists management in satisfying the “use test.” Satisfying the use test could include a demonstration on how the internal model assists management in pricing the business it plans to write; enabling decisions on writing newly created products or the cessation of writing existing product; purchasing reinsurance at the right price and right limit; setting investment strategies; paying dividends and even deciding on stock repurchase programs. Other measures (re)insurers may take in order to demonstrate the use test is the successful demonstration of how stress, scenario and reverse stress testing are used in the planning process. Finally, (re)insurers should show how engaged the board is with the results of these tests and ultimately how the results are used in the risk decision-making and planning process.
While the use test is not an explicit regulatory requirement of the NAIC, one could make the argument that it is implicitly implied and that it is considered an approach that (re)insurers can take in demonstrating a culture of risk-aware decision making. For example, if (re)insurers assess their regulatory capital requirements and the level of capital needed to run their businesses they can do it through an internal model and by showing the internal model is used and is part of its ORSA process.
However, many (re)insurers already have adequate ERM frameworks and processes in place. Why not leverage the hard work that went into ERM and tackle the ORSA challenge not by looking at it as a regulatory exercise, but instead as a way the business is, or should be, run? In simple terms, (re)insurers may be wise to adopt a simple approach to this new requirement and consider implementation through BMI.
Further, if (re)insurers approach ORSA through the BMI lens instead of the regulatory lens, then passing the “ORSA use test” will be much easier. Telling a passionate and compelling story on how an organization’s own ORSA is integrated into the culture of the company and how management uses ORSA to run its business can be more convincing than saying that ORSA was implemented to achieve a regulatory requirement. Sometimes it is not what management says about how they comply with regulations that matters, but it is how management says it that counts.
Insurance regulation, and in particular insurer solvency regulation, has moved into the Twenty First century and into new territory for the regulatory community. Gone are the days of a regulator taking a retrospective look at a (re)insurer’s solvency. A (re)insurer’s management and board will now be called upon to report on their company’s ORSA. The new judgment and self-assessment is expected to better reflect the adequacy of the (re)insurer’s risk management and current, and likely future, solvency position, internally document the process and results and provide a high-level summary report annually to the domiciliary regulator.
The ORSA and ORSA Summary Report will play a significant role in the NAIC’s supervision of (re)insurers in a number of different areas allowing the regulators:
1. The opportunity to become more familiar with and knowledgeable about the adequacy of the capital levels of the (re)insurer at both the group and statutory company level
2. The opportunity to better assess, at the entity level, the amount of capital required for the (re)insurer to meet its regulatory and business capital needs
3. The chance to better understand the ORSA story when it is told by management and when management describes how risks and capital are managed and ultimately governed by the board
4. The opportunity to raise the ORSA bar as supervisors become more familiar with the subject and industry best practices
If (re)insurers look at ORSA as an opportunity and as a way to run the business and not as a regulatory exercise the benefits will far outweigh the costs and the inconvenience of its implementation. Some of the benefits to (re)insurers include:
1. Regulators will better understand the (re)insurer’s business
2. There will be a better alignment of risk and capital
3. Potential help in creating a competitive advantage for those (re)insurers that implement a robust ORSA
4. More effective risk and capital management
5. Stronger risk management and governance that will enable a culture of risk-aware decision making.
How to Ace ORSA
The success a (re)insurer achieves with its ORSA will be contingent on a combination of a comprehensive ORSA implementation plan as well as the quality of the ORSA story it tells to the regulators. At a high level, the organization’s ORSA implementation plan should require: (1) board and management buy-in and involvement; (2) executive sponsorship and active participation in the ORSA implementation; (3) ORSA team members representing each critical risk area (underwriting, claims, information technology, compliance, finance, claims, among others); (4) a strong governance structure top down and bottom up; (5) a comprehensive gap analysis between the minimum ORSA requirements versus the organization’s desired state; (6) a qualitative and quantitative assessment of relevant risks associated with the business plans; (7) clearly defined and board approved risk tolerances and risk appetite statements; (8) a comprehensive set of risk policies; and (9) a documented ORSA implementation plan.
The most important ORSA question of the day is “how does an organization go about acing its ORSA test?” While there are many points of view on this very important question perhaps the best answer lies internally and with just how comfortable management is with its culture of risk-aware decision making. If management believes the organization is enwrapped with a strong culture the ORSA story they tell is more compelling and believable.
Webinar Scheduled for October 10, 2013
If you missed the forum at Guy Carpenter’s Enterprise Risk Management Conference in September, you will surely want to participate in this follow-up session.
The Webinar will allow participants to:
- Learn how to “Ace” ORSA by adopting their own ERM framework.
- Make sense of both the quantitative and qualitative requirements.
- See how successful ORSA implementation transforms compliance into competitive value.
- Simplify ORSA into four layers of review: Strategy, Process, Infrastructure, and Culture.
- Find out about Guy Carpenter’s BenchmaRQTM Capital Advisory service.
- Hear about implementation through Business Management Integration.’
- Discuss the ORSA framework in action.
The Webinar will feature a joint presentation from Micah Woolstenhulme, ERM Advisory, Guy Carpenter & Company and Steve Sumner, ERM Consultancy, Oliver Wyman.
Click here to register for the Webinar: October 10, 2013, 2:00PM, EDT.