ORSA Update

A panel of industry experts discussed the NAIC’s “Own Risk Solvency Assessment” (“ORSA”) requirements at the AIRROC Rendez-Vous in New Jersey on October 15, 2013. Kevin Madigan of PriceWaterhouseCoopers LLP, Jay Rosario, Enterprise Risk Manager of Munich Reinsurance America, Inc., and Barry Franklin, General Insurance Chief Risk Officer of Zurich Insurance, North America provided guidance on the ORSA requirements and what companies should be doing to prepare. The panel was moderated by Mark Goodman, Partner with Freeborn & Peters, LLP.

Kevin Madigan of PwC provided an overview of the ORSA requirements. Kevin emphasized that the risk assessments required by ORSA are an extension of the kind of enterprise risk management that companies have been doing for some time. He provided a history of the evolution of enterprise risk management requirements under international insurance regulations, putting ORSA in the context of risk assessment requirements already in place in the EU and elsewhere. ORSA is a response to the International Association of Insurance Supervisors’ Insurance Core Principles No. 16, Enterprise Risk Management. The NAIC ORSA model law was adopted in September 2012, and is being considered for adoption in the U.S. The model law requires that a company have a risk management framework in place, that it regularly conduct a risk assessment (addressing the factors laid out in the Model Act and in the NAIC ORSA Guidance Manual) and that it provide an ORSA summary report to its lead state regulator, beginning in 2015.

Kevin Madigan suggested that, rather than viewing ORSA as just another regulatory burden, companies should view enterprise risk management as an extension of their overall business plan, and as another tool to advance the company’s business goals. As Kevin put it, “how would you manage your risks if there were no regulations?”

Jay Rosario of Munich Reinsurance America provided the perspective of his company’s approach to preparing for the ORSA requirements. As a large international insurance group, Munich Re America already has a rigorous risk management framework in place that will be leveraged to satisfy NAIC ORSA requirements. Echoing Kevin’s comments, Jay said that his company views enterprise risk management as a means for generating shareholder value while protecting policyholder interests, and not merely as something to satisfy minimum regulatory requirements. Jay also provided an example of his company’s capital ratio thresholds and actions which consider both shareholder and policyholder interests.

Barry Franklin of Zurich Insurance, North America reported on his company’s approach to the ORSA requirements. Since his company is also part of a large international insurance group, his company already has a rigorous risk management framework in place, so it is well placed to respond to the ORSA requirements when they are adopted by the U.S. Barry also described Zurich’s overall risk management policies for measuring, assessing and managing various types of risks, such as financial risks (credit risks, investment risks, reinsurance credit risks), underwriting risks and operational risks.

The panel addressed a number of questions, including some about the confidentiality of the summary ORSA reports to be filed with regulators. All of the panelists shared the concern, evidenced in the NAIC’s Model Act itself, that the summary reports must be kept confidential by regulators, since a company’s risk management strategy is highly confidential, proprietary information. The panel also addressed reporting on a company by company basis to different regulators and the importance of not just filing a group risk report. Finally, the panel addressed questions about risk management issues that may be unique or particular to run-off companies or run-off operations of ongoing companies, such as the operational risks created by legacy computer systems, management of personnel in a run-off operation and the management of reinsurance collection and claims management in run-off.