draft ORSA guideline
Life and property and casualty insurers in Canada may be required to implement their "own regulatory solvency assessment" ("ORSA") by next January. In December, 2012, OSFI1 issued Draft Guideline E-19: Own Risk and Solvency Assessment (the "Draft Guideline"), proposed to be effective January 1, 2014. OSFI is currently assessing commentary received on the Draft Guideline and expects to issue the final version in the Fall of 2013.
An insurer's ORSA is to reflect the insurer's own view of its risks and solvency requirements (as opposed, for example, to a solvency test or formula imposed by a regulator). As such, each insurer will be expected to individualize its approach to performing the assessment, proportionate to the nature, scale and complexity of the insurer's business and risk profile. Insurers that are part of a corporate group may take a consolidated approach (i.e. at the level of the top OSFI-regulated entity) and subsidiaries and branches of foreign insurers may borrow from consolidated group methodologies.
The Draft Guideline states that the prime purpose of the assessment is to identify an insurer's material risks, assess the adequacy of its risk management and the adequacy of its current and likely future capital needs and solvency positions. ORSA should serve as a tool to enhance an insurer's understanding of the interrelationships between its risk profile and capital needs.
The concept of ORSA has been recognized for a number years; for example, by the UK Financial Services Authority (FSA) in 2005, by the International Association of Insurance Supervisors (IAIS) in its standards set in 2010 and by the European Commission in connection with Solvency II.2 In fact, earlier ORSA-like notions can be traced back to, among other things, Dynamic Capital Adequacy Testing (stress testing) instituted by OSFI in Canada in the 1990s.3 The introduction of ORSA in Canada goes hand-in-hand with the increased emphasis on enterprise-wide risk management and risk governance set out in OSFI's revised Corporate Governance guideline (finalized in late January, 2013). It serves as an additional regulatory requirement for Canadian insurers following international trends that have arisen out of recent global economic crises and financial institution bail outs.
The Draft Guideline gives ultimate responsibility for ORSA to the insurer's board of directors. While OSFI will not "approve" an insurer's ORSA, OSFI intends to review it, along with related documentation and reports to the board of directors. The results of OSFI's review will be considered in OSFI's assessment of the insurer's inherent risks and risk management practices, and may be used to identify any possible need for additional supervisory work.
Simply put, the new ORSA requirement will involve implementation of a methodology or process whereby an insurer undertakes an all-embracing review and analysis of its current and future risk exposures and completes a comprehensive assessment of its corresponding capital needs – all in the context of the nature, scale and complexity of the insurer's own risks, activities and operating environment. Most insurers will need to devote significant time and resources in order to develop their ORSA and make it part of their organization's risk governance framework. Unless the timelines in the Draft Guideline are altered, all of this work is supposed to be completed by the beginning of 2014.
corporate governance and earthquake exposure sound practices
2013 will continue to be a busy year for Canadian insurers in terms of implementing new regulatory requirements. As mentioned above, in late January, 2013, OSFI finalized its revised Corporate Governance guideline and all insurers (other than branches) were required to provide OSFI with a compliance self-assessment by May 1, 2013 setting out their plans for full implementation of the guideline by January 31, 2014. In addition to concentrating on ORSA, many insurers will be spending the balance of 2013 preparing, among other things, a risk appetite framework, new mandates for the board or risk committee, the chief risk officer and other "oversight functions", and designing processes and procedures in order to comply with the enhanced risk governance requirements of the Corporate Governance guideline.
But there is more. Canadian property and casualty insurers have until September 30, 2013 to provide OSFI with a compliance self-assessment regarding the newly revised Guideline B-9 released in February 2013 entitled Earthquake Exposure Sound Practices (the "Earthquake Guideline"), and they must be in compliance with the expectations established in this guideline by January 1, 2014. The Earthquake Guideline is intended to help insurers develop prudent approaches to managing earthquake risk. It replaces the original guideline issued in May, 1998, and, among other things, emphasizes a principles-based approach to managing earthquake exposure and updates best practices in managing earthquake exposure. The Earthquake Guideline also contains new requirements such as data verification and earthquake model validation. Insurers may need to devote significant time and resources in order to develop processes for assessing data integrity and justify and document their choice and use of an earthquake model. Each insurer subject to the Earthquake Guideline is required to have its board of directors (or chief agent, in the case of a branch) review and approve a compliant earthquake exposure risk management policy by January 1, 2014, and a copy is to be filed with the insurer's OSFI relationship manager. Going forward, at least annually, a senior officer of the insurer will be required to make a declaration to the board of directors concerning compliance with the guideline and present details with respect to the insurer's calculation of "probable maximum loss" (PML) arising out of a quake event and its financial resources that support the PML.
Canadian insurers, in particular, property and casualty insurers, have a good deal of work to do in 2013 in order to implement recent OSFI regulatory initiatives. ORSA will likely involve a substantial amount of time and effort to conceive and document. It appears that the current January 1, 2014, compliance deadline for ORSA in Canada will pre-date the effective date of ORSA compliance in the United States (the ORSA Model Act will not be effective until January 1, 2015, and the National Association of Insurance Commissioners is still seeking industry feedback on ORSA) and in Europe (under Solvency II). It is not clear how this timing will work from a practical perspective for insurers that are subsidiaries or branches of foreign insurers located in the United States or Europe and that wish to borrow ORSA elements or approaches from their parent companies/head offices, although insurers' compliance in those jurisdictions is supposed to beunderway.
On the corporate governance side, many insurers will need to spend the rest of 2013 planning to implement processes and documentation that will meet the risk governance requirements of the revised Corporate Governance guideline and obtaining board and committee approvals.
Last but not least, insurers will need to devote resources to the preparation of an earthquake exposure risk management policy for board approval by January 1, 2014 and also to address the new requirements for processes to verify earthquake data and utilize sound earthquake models.