Insurance outlook briefing: Charging ahead of recent developments in ORSA expectations

At the recent National Association of Insurance Commissioners (NAIC) Spring 2014 national meeting, two new documents were approved for release as exposure drafts:  the Draft Own Risk and Solvency Assessment (ORSA) Guidance for Financial Analysts and the Draft ORSA Guidance for Financial Examiners. While the documents are intended to be guidance for insurance department financial analysts and examiners, the guidance provides a window into expectations for the future.

Key take aways from the ORSA guidance for examiners and analysts


Proactive considerations

Regulators are guided to use a maturity level model when assessing your risk management framework, which utilizes the incorporation of concepts developed within Risk and Insurance Management Society’s (RIMS) Risk Maturity Model (RMM). Conduct your own risk management framework assessment using the RMM, stay ahead of expectations and be in a position to provide the regulator with your insights and action plans before they step onsite for your next risk-focused examination. You may find it will save examination costs and resource utilization.
Five key principles of an effective risk management framework will be assessed and procedures tailored to each principle: Develop a risk management /ERM policy that describes how you manage risk and incorporate the key principles.
1. Risk culture and governance 
  • Ensure appropriate management and/or the board level committees exist with accountability for ERM oversight.
  • Be able to describe how “tone at the top” is maintained and how risk management is embedded throughout the organization.
  • Risk management decision making shouldn’t be undermined by compensation structure.
2. Risk identification and prioritization 
  • Regularly update your risk universe.
  • Ensure there is accountability and responsibility for risk identification and risk ownership.
  • Develop an approach to rank and prioritize risks – then focus on the “critical few.”
  • Have a process to efficiently and effectively aggregate and report risks across the organization.
3. Risk appetite, tolerances, and limits 
  • Draft a formal and meaningful risk appetite statement.
  • Ensure board members are actively receiving information to review risk appetite.
  • Be in a position to explain how risk limits are set, updated and how breaches are handled.
4. Risk management and controls 
  • Evidence of committee oversight should be readily available.
  • Establish controls to monitor compliance with risk limits.
  • Risk management processes should be subject of frequent review by internal audit.
5. Risk reporting and communication 
  • Develop and/or update an organizational dashboard with risk tracking metrics (or equivalent report).
  • Ensure communication is frequent and to the proper level of management and board committees.
Stress testing examples/scenarios are provided within the guidance, which are based on risk classifications such as credit, market, pricing/underwriting, reserving, liquidity, operational, legal, strategic and operational. 
  • While stress testing is not expected for all risk classifications, be in a position to indicate how material risks are considered and stress testing applied.
  • Have explanations for quantitative versus qualitative assessments.
Analyst will be considering group capital requirements and determination of action capital, cushions based on economic capital modeling and stress testing, method of measurement, quality of capital, quantification of risks, controls and prior year considerations. 
  • Be in a position to provide evidence of controls over internal models and validation.
  • Ensure you are in a position to explain how the models consider aggregation of risks and correlation.
  • Examiners and analyst will ultimately be looking for the group to explain that it has a mechanism for gaining necessary assurance of overall capital adequacy, therefore be in a position to tell your story and provide the supportive evidence.

Guidance is provided on how the regulators’ assessment of the ORSA/ERM process can impact your examination

  • The highest maturity assessment results in examiners’ reliance on ERM controls and ORSA documentation and expected substantial reduction of examination scope and remaining activities.
  • The lowest (ad hoc or nonexistent) maturity assessment results in limited to no reliance and thus more extensive examination activities
  • After conducting your own internal assessment as recommended above, develop a gap analysis and develop a plan to address the gaps to the most cost effective and value added determined maturity level. Some insurers that are smaller in size or scale may find the costs outweigh the benefits of formalizing the ERM/ORSA processes.
  • Conduct preliminary discussions with your regulators regarding expectations and use of your ORSA summary report if your next examination is in 2015 or later.
Commentary on the exposure drafts are due Friday, May 2, 2014. 
  • Review the exposure drafts and be proactive and provide commentary to your regulator or directly to the NAIC.

The NAIC Risk Management and Own Risk and Solvency Assessment Model Act (Model #505) requires all insurers with direct written premium and unaffiliated assumed premium of $500 million and greater to submit an annual ORSA Summary Report and/or all insurers who are a member of an insurance group that have direct written premium and unaffiliated assumed premium of $1 billion and greater to submit a group annual ORSA Summary Report. However, many of the proactive considerations described above represent sound risk management practices and are relevant to all insurers, regardless of premium size.

For more information on this topic, or to learn how Baker Tilly insurance industry specialists can help, contact our team.