Reduce Risk

ORSA in the United States – Part 3

ORSA in the United States: Series

Background and Current Status: Part 3 of 3

Written by Jane C. Taylor, FCAS, MAAA, JD & Ronald T. “Rusty” Kuehn, FCAS, MAAA, CERA, CPCU, ARM, FCA with Carolyn Dintino

What are its Components?

The ORSA report, supported by the insurer’s internal risk management materials, should include the following three major sections:

  1. Section 1 – Description of the Insurer’s Risk Management Framework
  2. Section 2 – Insurer’s Assessment of Risk Exposure
  3. Section 3 – Group Risk Capital and Prospective Solvency Assessment
Section 1 – Description of the Risk Management Policy

This section of the ORSA Summary report should provide a summary of the following key ERM Framework principles (at a minimum):

  1. Risk Culture and Governance
  2. Risk Identification and Prioritization
  3. Risk Appetite, Tolerances and Limits
  4. Risk Management and Controls
  5. Risk Reporting and Communication

This summary must achieve the following:

  • Identify all relevant and material risk categories and describe how those risks are managed on a day-to-day basis as the company executes its business strategy
  • Provide a detailed documentation of the company’s investment policy
  • Provide a detailed documentation of any underwriting policy used to manage underwriting risk
  • Include any claims underwriting implemented to manage risks associated with determining whether the claims are covered under contract
  • Provide a description of anti-fraud policies
  • Provide a description of any Asset-Liability Management (ALM) activities and their relationship with product development, pricing and investment management functions
  • Provide a description of any retention policy or program designed to retain assets, policies in force, or market share
  • Provide a description of any reinsurance counterparty policy related to any currently effective reinsurance programs
  • Provide documentation of management policies related to identifying, assessing, measuring, monitoring, controlling and mitigating risks associated with group membership
  • Provide disclosure of how the company’s management uses its risk management policy in its daily operations. Company information, management processes, and assessment tools (feedback loops) must be disclosed
Section 2 – Insurer’s Assessment of Risk Exposures

For each material risk category in Section 1, this section of the ORSA Summary Report should provide a quantitative and/or qualitative (for risks that cannot be measured quantitatively) measurement of risk exposure in both normal and stressed environments using risk assessment techniques appropriate to the insurer’s specific risk profile.

This assessment should achieve the following:

  • Include a quantification of risk under a range of outcomes using risk measurement techniques that are appropriate to the nature, scale and complexity of the risks
  • Provide detailed descriptions and explanations of the risks identified
  • Provide detailed description of the measurement approaches used
  • Provide a description of the key assumptions
  • Provide a description of outcomes of any plausible adverse scenarios that were run
  • For quantified risks, insurer should provide exposure results for both normal and stressed environments
  • Insurer should include consideration of the impact of stresses on capital
  • Note: Regulators believe that the stress conditions should be appropriate to each company’s individual risk category. Examples of relevant material risk categories may include, but not be limited to: credit, market liquidity, underwriting, and operational risks
Section 3 – Group Risk Capital and Prospective Solvency Assessment

According to the NAIC, this section of the ORSA Summary Report should:

  • Document how the company combines the qualitative elements of its risk management policy and the quantitative measures of risk exposure in determining the level of financial resources it needs to manage its business over the long term business cycle.
  • Demonstrate that, given the current capital requirements, the quality of that capital, the current risk management policy consisting of its current risk tolerance limits, current risk exposure amounts in both a normal and stressed environments and the projected 3 – 5 year business plan, the company has the financial resources necessary to execute its 3 – 5 year business plan
  • If the company does not have the necessary financial capital to execute the 3 – 5 year business plan, the company shall describe the management actions it will take or modifications to the business plan that it will make to resolve the adequacy of its financial capital
  • The capital assessment is required from each insurer on an individual basis regardless of whether or not it’s a part of an insurance group
A. Group Risk Capital Assessment

This section is intended to provide a determination of group risk capital needs for the insurer, based upon the nature, scale, and complexity of risk within the group and its risk appetite, and to compare that risk capital to available capital to assess capital adequacy. Capital adequacy assessment is the comparison of aggregate available capital against the various risks that may adversely affect the enterprise. Risk Capital is the minimum level of capital that satisfies a predetermined security standard, and is compared to available capital to determine a measure of capital adequacy. The discussion of current group risk capital in the summary report should also include a comparative view of group risk capital from the prior year.

Insurers are expected to have a sound process for assessing capital adequacy in relation to their risk profile and those processes should be integrated into the insurer’s management and decision making culture.

The analysis of an insurer’s group risk capital requirements and associated capital adequacy description should be accompanied by a description of the approach used in conducting the analysis. This should include key methodologies, assumptions, and considerations used in quantifying available capital and risk capital. Examples of these methodologies, assumptions, definitions, and considerations might include:


Source: NAIC Own Risk and Solvency Assessment (ORSA) Guidance Manual

Other considerations include:

  • Elimination of intra-group transactions and double-gearing where the same capital is used simultaneously as a buffer against risk in two or more entities;
  • Level of leverage resulting from holding company debt;
  • Diversification credits and restrictions on the fungibility of capital within the holding company system, including the availability and transferability of surplus resources created by holding company system level diversification benefits;
  • The effects of contagion risk, concentration risk and complexity risk in the group risk capital assessment;
  • The effect of liquidity risk, or calls on the insurers cash position, due to micro-economic (internal operational) and/or macroeconomic (economic shifts) factors.
B. Prospective Solvency Assessment

This section of the assessment looks at how closely the insurer’s capital assessment process is utilized in business planning. This includes the ability to forecast future capital and its capability to support risk management in the future. This forecasting should consider possible changes to both the insurer’s internal operations and its external business environment (assessing capital in both normal and stressed economic environments).

As can be seen from the discussion above, the current situation with respect to ORSA in the United States remains fluid. The NAIC is working hard to craft a workable Model Law and to provide guidance for meeting the requirements of ORSA to insurers. Those large insurers or large insurance holding companies who will be the first to comply with ORSA are also girding for the impact of the newly emerging regulations.

Questions or concerns regarding ORSA? Contact a Huggins Actuary for assistance.