What profound changes we have seen in the insurance industry injust the past year! After working for insurance and reinsurancecompanies for many years, I was away from the industry for severalmonths. When I returned, the number of major changes in the legal,regulatory, and risk environments surprised me. I can certainlyrelate to the story of Rip van Winkle, awakening to a world of newideas and advancements.

One year ago, the biggest concerns I faced as in-house counseland compliance officer included the Non-Admitted and Reinsurance Reform Act, new Medicare claim reporting requirements, and increasingly onerousprivacy regulations. These issues now seem pale in comparison tothe issues inherent in health care reform with the passage of thenew Patient Protection and Affordable Care Act.

In my previous role at a U.K.-owned company, our compliance teamhad started major work on Solvency II-related initiatives, but it was an effort I viewedas primarily impacting our overseas affiliates. Today, I marvel athow much progress the National Association of InsuranceCommissioners (NAIC) has made on a similar “solvency modernization”plan over the past 12 months, working diligently—often with foreignregulators—toward improvement of global accounting, financialreporting, and capitalization review standards.

But nowhere have industry changes been more apparent than in thearea of enterprise risk management (ERM) – looselydefined as the process of planning, organizing, leading, andcontrolling all activities of a company in an integrated fashion inorder to minimize the effects of risk on a company’s capital andearnings. Just a short time ago, the insurance industry wasbecoming familiar with ERM initiatives, with a key focus onassessing risks specific to legal departments. As a departmenthead, I reviewed what other managers identified as their concerns,and understood that somehow all of this information was going to bewrapped up, attested to, and shared with the Board. However, itsometimes seemed like ERM was going to be just another layer ofcompliance reporting and paperwork, and, perhaps, an operationalheadache.

Fast forward to a year later, and we are now in a world whereERM has become one of the most important and valuable managementtools for insurance companies. Actually, I feel like Riskvan Winkle. I see that increased focus on ERM by regulators,auditing firms, and rating agencies have heightened pressure oncarriers to adopt robust ERM processes.

Just from a regulatory perspective, progress has been swift.Last July, the Wall Street Reform and Consumer Protection Act (akathe Dodd-Frank Act) was signed. In an unprecedented move towardfederal oversight of insurance, the Act created a new FederalInsurance Office (FIO) within the Treasury Department. The FIO willcollect information and monitor most lines of insurance, and isalso charged with recommending improvements to the state-basedregulation of insurance. Within the FIO’s planned formal study andreport on the regulatory system, due in 2012, carriers’ ERMpractices are expected to play an important role, and may serve asa foundation for future federal regulation.

At the same time, the NAIC has been promoting the adoption ofERM strategies with more force. For example, this past December,the NAIC adopted a significant revision to the Insurance HoldingCompany System Regulatory Act (Model 440) and the Insurance HoldingCompany System Model Regulation (Model 450), requiring holdingcompanies to report elements of enterprise risk at leastannually.

Additionally, the NAIC is currently discussing potentialrequirements for companies to provide formal “Own Risk and SolvencyAssessments” (ORSAs). A formal ORSA regulation would mandate thatcompanies carry out regular reviews of all of its risksenterprise-wide—whether insurance, market, credit, operational orstrategic—and evaluate their current and likely future solvency orcapital needs in light of the company’s own risk tolerance andbusiness plans.

As if awakening from a dream, I am trying to clear the fog ofthis new risk-clouded world—and I’m discovering that many otherinsurance professionals share this feeling. We all need to learnthe new risk language. We need to determine what exactlyare companies doing for ERM to meet these new requirements? Howwill companies now manage their compliance and regulatory policiesand procedures on a day-to-day basis to support wider risk andcontrol reviews? What are the best practices for integrating riskreporting with financial reporting and capital planning? How areregulators and auditors testing and evaluating insurer ERM?

These are all questions I plan to address with this new blog. Ihope it will help serve as a blueprint for others grappling withERM issues. We’ll discuss emerging risks and find out what the heckreally is “stress testing.” For those of you who are ERMapprentices, I’ll cover the basics. For those of you who mayconsider yourself ERM artisans, I will ask for your advice andopinions. So grab a cup of coffee, and let’s all wake up!