Getting Ready for ORSA

In December 2012, the Office of the Superintendent of Financial Institutions (OSFI) issued a draft Guideline on Own Risk and Solvency Assessment (ORSA). After a period of industry consultation, it is expected that OSFI will issue the final version of the ORSA guideline later this year and that ORSA will come into effect in 2014. Although the ORSA guideline is not yet finalized, it is likely that most parts of the draft guideline will be retained in the final version.

WHAT IS ORSA?

The concept of ORSA was originally developed by the Financial Services Authority in the United Kingdom. ORSA has been added to the list of insurance core principles that have been developed by the International Association of Insurance Supervisors. As a result, ORSA will become a global requirement for all insurers.

The basic purpose of ORSA is to provide a more effective means for insurers and insurance regulators to be able to effectively monitor insurance risk and capital requirements on a prospective, rather than retrospective, basis.

ORSA will require an insurer to identify its own material risks as well as assess the adequacy of its risk management and capital in order to meet current and future needs. ORSA is intended to provide a link between an insurer’s risk profile and its capital needs.

ORSA will become integrated as a key part of an insurer’s enterprise risk management (ERM) and strategic planning process. It will be necessary for an insurer to prepare a much more detailed analysis of how it identifies, measures and manages the risks that it faces as part of its business.

ORSA is an important step in risk management since it allows an insurer to develop controls and levels of capital that are appropriate for its own risks rather than simply following ones that have been mandated by an insurance regulator.

For insurers that are part of a group, ORSA will be applied to the entire group rather than just to each individual company. This approach will better reflect how insurers are managed and capital is allocated within a group. It also shows the importance of having uniform global standards for ORSA.

THE ORSA GUIDELINE

The draft OSFI guideline identifies the following elements within an ORSA:

1. Comprehensive identification and assessment of risks: insurance, market, credit and operational risks must be explicitly addressed as part of the analysis required by an ORSA. The list of risks is expected to change and evolve over time.

2. Relating risk to capital: An insurer is required to make a determination whether or not to hold capital for each type of risk. ORSA will require an insurer to establish its own “internal target” for capital. That target will be established based on an insurer’s analysis of its own risks. The amount of capital required to support the insurer’s business should be adequate for both normal and stressed market conditions.

3. Board oversight and senior management responsibility: The Board of Directors of an insurer will be responsible for the oversight of its ORSA. It will be necessary for the board to review its ORSA and to challenge management with respect to the analysis that has been made. The board will also be responsible for determining the stated risk appetite of the insurer. Senior management will be responsible for ensuring that adequate procedures are in place in order to allow the ORSA to operate effectively.

4. Monitoring and reporting: The ORSA should be reviewed on at least an annual basis and changes should be made whenever they are necessary (for example, if a new line of business is added). OSFI will require an insurer’s ORSA to be submitted to it for review, but will not actually approve it.

5. Internal controls and independent review: An insurer’s internal controls structure will be a critical part of making an ORSA effective. An ORSA should be subject to periodic independent review. OSFI’s draft guideline states that an external auditor would be an example of the type of person who would be able to perform such a review.

PREPARING AN ORSA

Because ORSA is a self-assessment process, OSFI will not require any specific approach to be taken. It will be necessary for each insurer to adopt an approach that reflects the size of its business and the volatility of the lines of business that it is writing. OSFI expects the amount of analysis that will be necessary will depend upon the size and complexity of the business.

OSFI has recognized in the draft guideline that smaller insurers may be required to do less analysis as part of their ORSAs. However, it is likely that a significant amount of documentation will be required to prepare any ORSA.

ORSA basically requires an insurer to assess the adequacy of its regulatory capital in order to mitigate the risks that exist in its business plan. An insurer will need to document its process for identifying, measuring, monitoring and managing the risks that are inherent in its business strategy.

ORSA also requires an insurer to document the level of risk it is prepared to assume and the amount of capital that is required to meet the risks. The starting point for preparing an ORSA is for an insurer to review the following:

1. its current ERM framework;

2. its capital management policy (CMP) – (OSFI Guideline A-4);

3. its stress-testing procedures – (OSFI Guideline E-18);

4. its dynamic capital adequacy test (DCAT) analysis; and

5. other relevant polices already in place, including investment, outsourcing, reinsurance risk management and responsible persons policies.

An insurer’s DCAT scenarios should be used to assist in identifying potential risks and evaluating the adequacy of capital. The stress testing procedures required by OSFI Guideline E-18 will be an important part of an insurer’s ORSA.

OSFI currently requires all Canadian licensed insurers to have both a CMP and an internal target for capital. The CMP will become incorporated as a part of the ORSA. It will also be necessary for an insurer’s broader ERM framework to be co-ordinated and linked with its ORSA.

IMPLEMENTATION ISSUES

It is likely that the preparation of an ORSA will involve a significant amount of time and expense for most insurers. Insurers that are Canadian branches or subsidiaries of European insurers may find the implementation of ORSA slightly easier due to its similarity with some aspects of Solvency II.

ORSA will require insurers to specifically define and describe risk appetite and risk profile. This process may be more complicated and difficult than it initially appears – particularly since it will require some insurers to provide public disclosure about their stated risk appetites and risk profiles.

The following are comments and concerns that are likely to be made regarding ORSA:

1. The ORSA guideline is very general and does not provide much specific direction regarding what OSFI will expect an ORSA to include.

2. An ORSA will be time-consuming to prepare and document, as well as will add another layer of expenses related to compliance.

3. ORSA may create a real burden for very small Canadian branches or companies that lack the people and resources necessary to complete an ORSA.

4. The requirement for a third-party review of ORSA will also add an additional expense.

5. There is uncertainty about when ORSA will actually become effective in Canada. There may be a relatively short time frame imposed by OSFI for insurers to develop and approve an ORSA. It is also possible the implementation date may get delayed in order to harmonize its introduction with other jurisdictions, such as the United States (the National Association of Insurance Commissioners is currently planning for a 2015 implementation date).

GOING FORWARD

ORSA will become a global regulatory requirement that will change and evolve over time. OSFI views ORSA as an important tool that insurers will
use to support their corporate governance as well as risk and capital management. OSFI will still require an insurer to meet its minimum and supervisory target regulatory requirements for capital. However, these tests will likely be viewed as minimum targets for capital.

The internal target for capital that is established by an insurer based on its ORSA will become the key capital test.

The lack of specific direction from OSFI about how an ORSA should be prepared may initially cause concern for some insurers. However, once an initial ORSA has been prepared, it is likely that most insurers will become more comfortable using it as an effective tool for determining required regulatory capital.

ORSA potentially offers insurers greater flexibility regarding the amount of regulatory capital they must maintain in Canada if they can demonstrate that they have a low risk profile or are effectively managing higher-risk lines of business.

The traditional approach to solvency regulation has been for insurance regulators to impose minimum uniform standards that must be followed by all insurers regardless of lines of business or risk profile. ORSA allows insurers to (at least partially) manage their own solvency risks. ORSA is intended to provide a more dynamic and prospective approach to the amount of regulatory capital that is required.

ORSA is really just part of an insurer’s overall ERM. It may be viewed as simply being a formalization or documentation of a number of capital and risk management processes that an insurer likely already has in place. ORSA should lead to better decision-making as well as risk and capital management if it is implemented effectively and has the full support of the insurer’s Board of Directors and senior management.

ORSA will likely be viewed as one of the most significant regulatory developments implemented by OSFI in recent years. It will be important for all insurers to begin the planning process for ORSA early in order to be ready once the ORSA guideline becomes effective.