Over the last few years the NAIC has established its expectations for insurance companies to maintain a risk management framework and conduct an Own Risk and Solvency Assessment (ORSA), including the filing of an ORSA Summary Report with state regulators. In 2012, the NAIC issued a Guidance Manual to provide insurers guidance with respect to reporting on ORSA, and later the NAIC adopted an ORSA Model Act. In 2012 and 2013 the NAIC conducted two separate feedback pilot projects and provided feedback and observations in a memo to the industry. As a result of the feedback pilot projects, the Guidance Manual was updated in 2013 and 2014. Currently, the NAIC is drafting guidance for state insurance department financial examiners and analysts on utilizing the results of an insurer’s ORSA in conducting risk focused examinations and annual or quarterly financial analysis.
The Model Act states that ORSA will be effective on January 1, 2015 for individual insurance companies with total direct written and unaffiliated assumed premium of $500 million or more and for insurance groups with total direct written and unaffiliated assumed premium of $1 billion or more. Most companies and groups that meet these premium thresholds are actively involved in implementing the ORSA requirements in preparation for filing ORSA Summary Reports with state regulators during 2015.
Why should exempt companies be concerned about these ORSA regulatory requirements?
The following list summarizes just a few of the reasons why we believe companies that may be exempt from ORSA filing requirements should closely monitor ORSA developments and evaluate the state of their risk management practices.
- Enterprise risk management (ERM) and ORSA have become industry best practices.
- Rating agencies will take note of the strength of a company’s ERM practices and capital adequacy analysis.
- State regulators will evaluate a company’s ERM and solvency assessment during the course of their ongoing surveillance, including financial examinations and annual or quarterly financial analysis.
- Certain states may require that companies adopt ERM practices, regardless of size.
- Risk identification and risk mitigation strategies will influence strategic planning and could provide a competitive advantage.
Risk management, as a general concept, is fundamental to the operations of any insurance company. Boards and top management at many exempt companies will be proactive and take it upon themselves to take risk management to the next level and embrace ERM and ORSA as industry best practices. In doing so, we expect that many companies will quickly come to realize the benefits of formalizing and institutionalizing an ERM framework. As part of an ERM framework, the development and monitoring of risk appetite and limits should allow companies to more quickly respond to risks that could adversely affect a company’s near term capital position.
Rating agencies make an assessment of a company’s ERM practices. A.M. Best for example, has indicated that its rating methodology takes into consideration a company’s risk management capabilities in determining the Best’s Capital Adequacy Ratio capital requirement for each rated insurer. Companies with strong ERM and ORSA processes may be allowed to maintain lower BCAR levels relative to peer companies with similar ratings but less effective ERM and ORSA.
Strong ERM and ORSA processes can favorably influence a company’s relationship with its state regulators. In recent years state regulators have begun to focus on a prospective view of a company’s solvency risk and capital adequacy. Forward-looking companies that can demonstrate strong ERM and ORSA processes, including the identification of critical risks (both current and emerging risks) and the assessment of the impact of such risks on projected capital (under both normal and stressed scenarios) are more likely to have a constructive relationship with regulators. In addition, evaluation of ERM and ORSA will soon become a routine part of risk focused financial examinations as well as continuous annual and quarterly financial analysis. As previously mentioned, the NAIC is currently drafting guidance for state insurance department financial examiners and analysts on utilizing the results of an insurer’s ORSA. The NAIC Guidance Manual explicitly indicates that an examiner’s or analyst’s understanding of a company’s ORSA and the appropriateness of a company’s ERM framework may influence the timing, scope and depth of examination and analysis procedures. We believe that companies that are able to provide strong evidence of ERM and documentation of ORSA results will be in a position to influence the efficiency of the examination.
Certain states may enact regulation requiring insurers to maintain an ERM framework and to conduct an ORSA. For example, New York State Regulation 203 is effective in 2014 and requires all New York domestic insurers to adopt a formal ERM function, including written risk policies, a process of risk identification and risk measurement supported by adequate documentation, scenario analysis and stress testing. Other states may follow New York’s lead.
For companies of all sizes, risk identification and related risk mitigation strategies are typically incorporated into strategic planning, either explicitly or implicitly. The more sophisticated companies will be raising the bar as ERM and ORSA continue evolving. We believe that almost all insurance companies, regardless of size, will eventually feel the competitive pressure and come to understand that ERM and ORSA are best practices that can make a difference in a company’s strategic, operational and financial success.
For more information on this topic, or to learn how Baker Tilly insurance industry specialists can help, contact our team.