The Own Risk and Solvency Assessment (ORSA) has evolved from a relatively unknown requirement to a present reality, and companies continue to adapt their plans to comply with the mandate.
While the ORSA may not have initially come together as many predicted, the planning process has provided tangible benefits. Gaps have been identified, action plans developed, and processes improved. Risk identification, monitoring, and mitigation for many insurance companies have become more prominent and transparent than ever before.
The inaugural year of the ORSA process and its accompanying Summary Report presented significant challenges and opportunities for insurance companies. Although based on an organization’s ERM framework, ORSA was a totally new regulatory requirement that demanded a substantial investment of resources and time—and indeed still does.
The challenge presented by the ORSA requirement is to develop a process and produce a Summary Report that closely matches the unique goals, policies, and practices of the insurer while avoiding a cookie-cutter approach.
This challenge is also an opportunity to take a fresh look at the organization’s risk protocols, deployment of capital, and ERM-related computer systems, perhaps leading to meaningful changes or simply confirming the adequacy of the current practices.
In essence, the ORSA is a mandated process that requires insurers to create internal processes to asses their risk management and solvency positions under normal and stressed scenarios.
It requires an insurer to analyze any and all relevant risks that could have an adverse impact on its ability to meet financial policyholder obligations. It is designed to be a nonprescriptive approach to risk management, where insurers are asked to use their best judgment in formulating their assessments of current and future risks.
Although it can be viewed by some as an annual report, the ORSA is designed to be continually evolving and should have a prevalent role in the enterprise risk management function.
Insurers mandated to comply with ORSA are required to:
- Conduct an ORSA no less than annually
- Document processes and results of the ORSA internally
- Provide an ORSA Summary Report to the lead state insurance commissioner annually, if the insurer is a member of an insurance group, and upon request to the domiciliary state commissioner
As the emphasis is on the "Own" in Own Risk Solvency Assessment, insurers are left to decide what would best represent their present situations. And that means there is room for error.
A lot has been learned about what does and doesn't work over the first few years of ORSA compliance. Insurance companies have discovered that producing a high quality summary report can create an undue organizational burden even if the process is carefully planned. However, many companies have learned how to prevent the ORSA process from becoming a burden on resources and organizational costs while still complying with the regulation.
Check out this blog to learn 10 best practices to follow when determining how best to create your ORSA process.