The purpose of implementing an ORSA requirement is to help regulators understand how insurers identify, assess, monitor and mitigate risk. ORSA requirements have already been included in several international regulatory initiatives. The ERM solvency regulations set by the International Association of Insurance Supervisors (IAIS), for example, is a key element of the pending Solvency II directive in Europe.

The NAIC ORSA Guidance Manual details the anticipated requirements for companies to perform their ORSA. As currently proposed, more specific analysis and reporting will need to be performed as outlined within the “Form B” of the Insurance Holding Company System Annual Registration Statement of the NAIC's Insurance Holding Company System Regulatory Regulation ( No. 450). Proposed requirements include:

1. A detailed description of the company's risk management policies

2. Quantitative measures of risk exposures, “in normal and stressed environments,” requiring companies to perform complex modeling

3. An assessment of the company's economic capital and prospective solvency for the entire insurance group, in addition to entity-specific calculations

Through the ORSA process, each insurer determines the amount of capital it needs based on its own risk tolerance and business plans. The company must also demonstrate that it can continue in business over the next few years, even under stressed conditions–that is, assuming a range of adverse events or catastrophes may occur.

Key Benefits

The main thrust behind the ORSA initiatives has been the need for regulators to gain greater insight into the financial strength of insurers. By requiring companies to implement robust ERM practices, and assess their capital needs in line with their unique risk portfolios, regulators hope to improve capital adequacy across the industry, and perhaps hedge against potential future catastrophes and economic crises.

Adopting an ORSA requirement, regulators may also create financial incentives for companies to manage their risk. Down the road, companies that can demonstrate solid risk management practices could potentially benefit from more flexible capital requirements than what may be required by historical, fixed-dollar statutory thresholds.

The NAIC is striving to coordinate its ORSA protocols with international standards, with the goal of making it easier for companies operating internationally to build common regulatory reporting platforms. Shared reporting and examination requirements such as this risk self-assessment should help make multi-jurisdiction compliance faster, more streamlined, and potentially less expensive for all involved.

An ORSA requirement, in whole or part, could also serve as a helpful tool in ratings analysis, and has been supported by rating agencies. Ultimately, robust and transparent risk management practices, supported by objective financial reporting standards, may have a positive impact on insurance company share price.

Comments and Criticisms

The NAIC's original draft of proposed ORSA reporting requirements was first subject to public comment through March. More than a dozen commentaries were provided from individual state regulators and major industry organizations, including The American Council of Life Insurers (ACLI), the National Association of Mutual Insurance Companies (NAMIC), and the Property Casualty Insurers Association of America (PCI). While the value of ERM was generally recognized, opposition to the current proposed reporting mechanism has been strong. Of note:

• Many concerns have been raised with the proposed specific reporting requirements of Form B, expected to be onerous and challenging for many insurers. Pure size and complexity of a formal report and the potential expense to produce it are immediate worries for hundreds of companies. As drafted, the proposal asks for extremely broad information, which may be time consuming and difficult to answer accurately. Adoption of robust technology to manage related analysis and reporting will be crucial.
• Another worry raised early in the year was the frequency and timing of any filings. In particular, if an ORSA requirement is ultimately transformed into a Model Act enacted on a state-by-state basis, assessment results may have to be provided to multiple states at different times of the year. Commentators urged the NAIC to consider a uniform reporting system which will streamline provision of key data to either a home-state regulator or central dedicated repository.
• Proportionality, relevance to individual company size and line of business, has also been an issue. While an insurer would be exempt from the ORSA requirement if it (a) has less than $500 million in annual direct written premium and (b) it is not a member of a group of affiliated insurers that has $1 billion or more in annual direct written premium, the draft manual, as written, applies to all companies and lines of business, regardless of nature of underwriting risk assumed. Some companies may have unique or significantly different risk exposures which may not fit adequately into the generic framework as outlined. Further comments may be considered on this issue in 2012.
• Other criticisms have been received questioning the mechanics of how group reporting would be accomplished.
• Concerns continue to be raised about the confidentiality of reports, which could contain material trade secrets or other sensitive or confidential information.

Overall, most critics have argued that regulatory focus should be on the effectiveness of a company's overall ERM program, and whether these are practices embedded in the company's culture and day-to-day operations. Over-emphasis on formal regulatory reporting, at the expense of the more human elements of managing risk–identification, analysis, communication, and control–may not ultimately help companies' solvency position, or preparation for future harmful events.

To avoid these dangers, some continue to suggest that future ORSA reports should become a tool within a larger, more thorough risk-focused examination process, rather than mandated as a standalone exhibit to an annual filing. This way, ORSA discussions could balance regulators' desire for objective financial information with a discussion and analysis of companies' individual management approaches, philosophies, policies, and practices used to integrate the ERM into day-to-day operations.

At this juncture, however, many of these issues appear to have weakened over time. As of the most recent quarterly (fall) meeting, the NAIC appears to be leaning more toward its plan to use Form B as the vehicle for imposing the ORSA requirement, rather than any previously proposed or new alternative which would require statutory enactments.

Next Steps

Despite concerns and criticisms, current ORSA proposals continue to move through the NAIC approval process, under the assumption that the cost and efforts to produce the risk analysis will be far outweighed by the potential wide-ranging benefits.

Pushing the ORSA Guidance Manual forward to the Financial Condition (E ) Committee toward adoption, the Group Solvency Task Force has drafted a cover letter to the (E) Committee Chair, listing possible recommendations to “help map a successful path for the ORSA in the US Solvency Framework.” As noted in the draft letter, some of the recommendations were the result of discussions held by representatives of the North American Chief Risk Officers (CRO) Council on Oct. 20, 2011.

“Recognize that implementation of this regulatory filing will be an evolving process over many years, “ notes the Group Solvency Task Force. It suggests several possible implementation activities, including:

• Establishing an effective date for the receipt of the first ORSA Summary Report
• Developing initial technical guidance to assist analysts and financial examiners when reviewing the ORSA Summary Reports
• Considering proposals to ensure that collecting and reviewing the ORSA Summary Reports during the financial analysis and examination process will be uniformly adopted and applied among states
• Creating ERM education programs for regulators, as needed

An ORSA Feedback Pilot Project was also suggested for 2012, with five to 10 undisclosed groups submitting a test or sample ORSA Summary Report to a volunteer group of regulators. This would perhaps provide some high-level practical implementation advice and guidance to both regulators and the industry before an actual ORSA Summary Report effective date.

It remains to be seen how exactly an ORSA requirement will be implemented, and what measures will be taken to help regulators truly understand how insurers identify, assess, monitor and mitigate risk. No matter what the details, companies may want to consider strategically developing their ERM talent and modeling expertise, as well as their technology strategy, and expanding their financial analysis and reporting capabilities group-wide.