In 2012, the National Association of Insurance Commissioners (NAIC) adopted the landmark Risk Management and Own Risk and Solvency Assessment (ORSA) model act, which, once adopted by the various states, will require many U.S. insurers and their affiliate groups to perform self examinations on their risk profile and capital adequacy and to report the results of these to their state regulators (ORSA Summary Reports). (For a discussion of New York’s pending regulations on ORSA requirements based on the NAIC model, see our January 13, 2014 client alert.1)
Generally, ORSA requirements are a key component of the NAIC’s increased focus on group (rather than merely legal entity-based) risks to which insurers are exposed. This expanded regulatory focus is likely to have a significant impact on insurance company compliance, particularly in the areas of holding company reporting, affiliate transactions, acquisitions, divestitures and capital-raising.
As part of its ongoing pilot program for insurers on the new requirements, on January 30, 2014 the NAIC issued additional “feedback to industry” containing fresh observations and suggestions based on 2013 pilot results (Pilot Program Feedback). Among the key observations made by the NAIC’s ORSA Subgroup in the revised feedback are the ones listed below. Although not itself binding on any state or insurer, the Pilot Program Feedback constitutes some of the most specific guidance to date from the NAIC on how an ORSA should be conducted; individual state regulators can be expected to rely on some or all of these observations in crafting their respective ORSA requirements:
Observations relating to content:
- When using capital models, it is helpful for insurers to identify available capital and required capital (if available) as of the most current reporting period.
- Where the insurer reports that changes have occurred in risk limits, appetites and tolerances, it is helpful to include an explanation of (i) why the change was made and who within the risk management structure approved the change and (ii) the decision process for implementing these types of changes.
- While the insurer’s prospective solvency assessment includes a report on capital projections, it would also be helpful to explain the prospective risk associated with those capital projections. (This concept was also included in the NAIC’s revised ORSA Guidance Manual, which, like the Pilot Program Feedback, was released by the NAIC on January 30, 2014. The Manual will remain open to public comment until March 17, 2014).
- A discussion of risk mitigation activities, in addition to risk indicator/limit monitoring, would aid in understanding the management and control of significant risks (this was also included in the revised Manual).
- When “a diversification benefit” is used in connection with a capital model, the insurer should provide a discussion of how the correlation amounts are developed, tested and updated.
- While an insurer may not have discussed internal economic capital model validation, it should nevertheless consider a summary discussion of such model validations.
- To the extent that the U.S. business of an insurer is interconnected with, or reliant on, international affiliates or the parent, the ORSA should include a discussion of overall group capital (including international) and a discussion of the interconnectedness.
- When (i) an insurer’s ORSA Summary Report indicates that enterprise risk management (ERM) data and reports are evaluated or calculated quarterly or (ii) the insurer uses capital models, information from the most recent quarter should be used.
- Insurers should provide detailed stress scenarios regarding liquidity position along with a brief explanation.
- In addition to knowing that emerging risks are monitored, it is helpful to identify the key emerging risks and to understand how those emerging risks are elevated from an emerging status to a current risk.
- Identifying the priority ranking or rating of material risks aids in better understanding risk exposure.
- In describing how compensation is linked to risk management, details of the insurer’s compensation and incentive plans could be helpful as an exhibit.
Observations relating to format or appearance:
- Insurers should include a comprehensive table of contents in their ORSA Summary Reports.
- A clearly illustrated flowchart that maps legal entities to business units is suggested.
- A table identifying which departments are accountable for the various enterprise risks present in the organization (that is, identifying risk “owners”) is suggested.
- A flowchart or detailed explanation of how ERM and control “flow within the organization (bottom-up or top-down or both)” is suggested.
- Any “heat maps” identifying key risks should be accompanied by a brief explanation and interpretation, as needed.
- An appendix of reports and tools used by the insurer gives the regulator a good sense of what information is used by ERM committees and the board of directors.
- It is helpful to include a list of related ERM reports, including a report description or snapshot, that support the information provided in the ORSA Summary Report.
Observations relating to ORSA process:
- The foundation of the ORSA Summary Report should be developed from the reporting of ERM to the insurer’s own board of directors. The ORSA Summary Report should not be viewed merely as a “regulator-only” compliance report (this concept was also added to the NAIC’s draft ORSA Guidance Manual).
- Upon filing the ORSA Summary Report annually, the insurer and lead state regulator should plan to schedule a meeting or conference call where the insurer can describe and walk through its ORSA Summary Report and answer questions from the regulator.
- In advance of the filing year, the insurer and lead state regulator should reach an understanding of when the insurer expects to file the ORSA Summary Report.