Life and property and casualty insurers in Canada may be required to implement their own regulatory solvency assessments (ORSAs) by next January. In December 2012 the Office of the Superintendent of Financial Institutions (OFSI) – the regulator of federally regulated financial institutions in Canada – issued Draft Guideline E-19: Own Risk and Solvency Assessment,(1) which is due to come into effect on January 1 2014. It appears that OSFI is currently assessing commentary received on the draft guideline and expects to issue the final version in Autumn 2013.
An insurer's ORSA should reflect its own view of its risks and solvency requirements (eg, as opposed to a solvency test or formula imposed by a regulator). As such, each insurer will be expected to individualise its approach to performing the assessment, proportionate to the nature, scale and complexity of its business and risk profile. Insurers that are part of a corporate group may take a consolidated approach (ie, at the level of the top OSFI-regulated entity), and subsidiaries and branches of foreign insurers may borrow from consolidated group methodologies.
The draft ORSA Guideline states that the prime purpose of the assessment is to:
- identify an insurer's material risks;
- assess the adequacy of its risk management; and
- assess the adequacy of its current and likely future capital needs and solvency positions.
ORSAs should serve as a tool to enhance insurers' understanding of the interrelationships between their risk profile and capital needs.
The ORSA concept has been recognised for a number years - for example, by the UK Financial Services Authority in 2005, by the International Association of Insurance Supervisors in its standards set in 2010 and by the European Commission in connection with Solvency II.(2) Earlier ORSA-like notions can be traced back to – among other things – dynamic capital adequacy testing (stress testing) instituted by OSFI in Canada in the 1990s.(3) The introduction of ORSA in Canada goes hand in hand with the increased emphasis on enterprise-wide risk management and risk governance set out in OSFI's revised Corporate Governance Guideline (finalised in late January 2013).(4) It serves as an additional regulatory requirement for Canadian insurers following international trends that have arisen out of recent global economic crises and financial institution bail-outs.
The draft ORSA Guideline gives ultimate responsibility for ORSA to the insurer's board of directors. While OSFI will not "approve" an insurer's ORSA, it will review it, along with related documentation and reports to the board of directors. The results of this review will be considered in OSFI's assessment of the insurer's inherent risks and risk management practices, and may be used to identify any possible need for additional supervisory work.
Simply put, the new ORSA requirement will involve implementing a methodology or process whereby an insurer undertakes an all-embracing review and analysis of its current and future risk exposures and completes a comprehensive assessment of its corresponding capital needs – all within the context of the nature, scale and complexity of its own risks, activities and operating environment. Most insurers will need to devote significant time and resources to develop their ORSA and make it part of their risk governance framework. Unless the timelines in the draft ORSA Guideline are altered, all of this work is supposed to be completed by the beginning of 2014.
This will continue to be a busy year for Canadian insurers in terms of implementing new regulatory requirements. In late January 2013 OSFI finalised its revised Corporate Governance Guideline and all insurers (other than branches) were required to provide OSFI with a compliance self-assessment by May 1 2013, setting out their plans for fully implementing the guideline by January 31 2014. In addition to concentrating on ORSA, many insurers will be spending the balance of 2013 preparing, among other things, a risk appetite framework and new mandates for the board or risk committee and the chief risk officer and other oversight functions, and designing processes and procedures in order to comply with the enhanced risk governance requirements of the Corporate Governance Guideline.
But there is more. Canadian property and casualty insurers have until September 30 2013 to provide OSFI with a compliance self-assessment regarding the newly revised Guideline B-9, entitled "Earthquake Exposure Sound Practices",(5) which was released in February 2013. Insurers must comply with the expectations established in this guideline by January 1 2014. The earthquake guideline is intended to help insurers to develop prudent approaches to managing earthquake risk. It replaces the original guideline issued in May 1998 and, among other things, emphasises a principles-based approach to managing earthquake exposure and updates best practices in managing earthquake exposure. The guideline also contains new requirements, such as data verification and earthquake model validation. Insurers may need to devote significant time and resources to develop processes for assessing data integrity, and justify and document the choice and use of an earthquake model. Each insurer subject to the guideline is required to have its board of directors (or chief agent, in the case of a branch) review and approve a compliant earthquake exposure risk management policy by January 1 2014 and file a copy with the insurer's OSFI relationship manager. Going forward, at least annually, a senior officer of the insurer will be required to make a declaration to the board of directors concerning compliance with the guideline and to present details with respect to the insurer's calculation of probable maximum loss arising out of a quake event and the financial resources it has to support this.
Canadian insurers - in particular, property and casualty insurers - have a good deal of work to do in 2013 in order to implement these OSFI regulatory initiatives. ORSA will likely involve a substantial amount of time and effort to put together and document. It appears that the January 1 2014 compliance deadline for ORSA in Canada will pre-date the effective date of ORSA compliance in the United States (the ORSA Model Act will not be effective until January 1 2015 and the National Association of Insurance Commissioners is still seeking industry feedback on ORSA) and in Europe (under Solvency II). It is not clear how this timing will work from a practical perspective for insurers that are subsidiaries or branches of foreign insurers located in the United States or Europe, and that wish to borrow ORSA elements or approaches from their parent companies or head offices, although insurers' compliance in those jurisdictions is supposed to be underway.
On the corporate governance side, many insurers will need to spend the rest of 2013 planning processes and preparing documentation that will meet the risk governance requirements of the revised Corporate Governance guideline, and then obtaining board and committee approvals. Last but not least, insurers will need to devote resources to preparing an earthquake exposure risk management policy for board approval by January 1 2014 and to addressing the new requirements for processes to verify earthquake data and utilise sound earthquake models.
For further information on this topic please contact Carol Lyons at McMillan LLP by telephone (+1 416 865 7000), fax (+1 416 865 7048) or email (email@example.com). The McMillan LLP website can be accessed at www.mcmillan.ca.
(2) See The Latest on ORSA, Actuarial Review, August 2012 www.casact.org/newsletter/index.cfm?fa=viewart&id=6406.
(3) See ORSA for Insurers – A Global Concept, Enterprise Risk Management Symposium, March 14-16, 2011 Swissôtel, Chicago, Illinois http://classes7.com/ORSA-for-Insurers---A-Global-Concept---Enterprise-Risk-Management-pdf-e47150.pdf.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.