During and following the 2013 ORSA, insurance accounting, and financial reporting updates webinar, the Baker Tilly insurance team fielded several questions around Own Risk Solvency Assessment (ORSA). Here are some of the most common questions and answers.
Q: What are the essential elements of an ORSA program?
A: ORSA is the holistic, integrated management of risk and capital. It spans all areas of an insurance or reinsurance company including its risk culture, organization, governance, and risk-specific controls (underwriting, asset, credit, and operational controls). An ORSA program also should include the capability of managing emerging threats, as well as supporting strategic risk management.
The essential elements are:
- Risk management framework including internal controls,
- Risk exposure including process to assess risks, and
- Capital and solvency assessment of identified risks.
Q: Is there a prescribed framework for the ORSA program?
A: Each ORSA will be unique and vary depending on the risks unique to that insurer/group. The National Association of Insurance Commissioners (NAIC) ORSA Guidance Manual is deliberately non-prescriptive because of the uniqueness of each entity. Insurers subject to the ORSA requirements are instructed to examine their own risk profile in three major sections.
- Section 1 – Description of the Insurer’s Risk Management Framework, should be a high-level summary of its own risk management framework, including risk appetite, tolerance and limits, and internal controls.
- Section 2 – Insurer’s Assessment of Risk Exposure, should include detail showing the insurers’ process for assessing risks (both qualitative and quantitative assessments should be performed) in both normal and stressed environments.
- Section 3 – Group Risk Capital and Prospective Solvency Assessment, should demonstrate that current and future capital is sufficient to support the identified risks.
Q: Who is required to complete an ORSA?
A: Any US insurer that writes more than $500 million of annual premium and/or insurance groups that write more than $1 billion. See the Risk Management and Own Risk Solvency Assessment Model Act (#505) for additional detail.
Q. Isn’t ORSA just another regulatory exercise?
A. With many regulations, companies tend to take a check-the-boxes approach, meeting just the minimum requirements. The insurance industry today is in the midst of a true revolution. New business models are replacing old among insurers, and the whole industry is shifting toward gaining a better understanding of the enterprise view of risk. Companies that go beyond the minimum in complying with ORSA are going to find themselves in a much better position.
Q: How often does an ORSA need to be completed?
A: At least annually, but the goal for an ORSA is continuous use within the insurance organization. It is meant to become an integral piece of the operations of insurance organizations in an effort to decrease risk.
Q: Our company already completes an ORSA for international regulatory requirements, do we have to complete a separate ORSA for US requirements?
A: No, the international report should be sufficient to meet the criteria for the US ORSA requirement.
Q: In reviewing an ORSA, what are your thoughts on the ability to quantify qualitative risks (e.g., can we as business heads determine the financial impact of these types of risks)?
A: This is your OWN Risk Solvency Assessment; therefore, it is imperative that you quantify the risks since you would have the best information possible regarding each risk.
Q: Does the pilot program include repeat participants or are there new volunteers?
A: There were some companies that participated in both years, as well as new companies in 2013.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.