ORSA and ERM

Use the upcoming compliance deadline to boost existing ERM practices

  • Share

After several years of planning and industry input, ORSA will soon become a reality for insurers. The time has come for insurers to actively plan compliance strategies.

Beyond compliance though, forward-looking insurers are emphasizing the strategic opportunity ORSA presents. Preparing for ORSA gives insurers an opening to boost existing enterprise risk management (ERM) practices—provided they look beyond a strictly "check the box" compliance-driven attitude.

ORSA can help bolster ERM functions because of its focus in these areas:

  • Better use of risk capacity, while remaining within stated risk appetites
  • Improved risk-based decision-making through a single framework for risk, capital and performance management
  • Increased understanding of risk exposures across the enterprise
  • Promotion of a risk-management culture and greater visibility for risk at the executive level
  • Deeper insights into the solvency impacts of future economic conditions
  • Clearer visibility into capital tiers supporting risk-taking activity and optimization of capital structures

ORSA's basic requirements mask nuances and strategic implications

Baseline ORSA requirements are deceptively simple. Insurers tempted to simply create a "check the boxes" summary report will miss the chance to strengthen their ERM capabilities.

In particular, there are four areas with significant gaps between minimal compliance (as delineated in the ORSA Guidance Manual) and ERM-boosting opportunities.

Risk appetite
A meaningful risk appetite statement approved by upper management enables effective ERM frameworks. However, if poorly defined, it can be regarded as a meaningless qualitative statement unrelated to day-to-day operations or decision-making.

Risk measurement
Consistency is crucial when comparing risks between different types, product lines and jurisdictions. Only a consistent approach provides management with a full picture of risk exposure.

Future capital requirements
ORSA requires the projection of future capital requirements over the next one to three years. For some product lines and balances, projecting risk capital may seem fairly straightforward; for others, it can be very complex.

Group-wide risk and capital assessment
Consistent views of risk and capital across various legal entities are difficult to achieve. The ORSA Guidance Manual implicitly raises this issue and points the way toward future evolution of standards that could help.


Future requirements are likely to be more complex, robust and prescriptive

ORSA makes clear that the length, depth and granularity of its requirements depend on the nature, scale and complexity of the business. Insurers are sure to find plenty of room for interpretation.
Moreover, risk-based capital (RBC) regulation in insurance and Basel guidelines for banks provide a template for ORSA's evolution. ORSA is highly likely to become a fundamental risk-reporting metric with more comprehensive reporting requirements and progress-tracking that includes annual updates and milestones to achieve.


ERM assessments are the best first step

Connection points between ERM frameworks and the ORSA process are numerous and direct. However, ERM frameworks alone are not sufficient for ORSA compliance.

Rather, ORSA assessments can help insurers evaluate their current ERM capabilities, identify gaps and prioritize improvement plans. For instance, ORSA can help insurers address common organizational challenges such as unclear or fragmented committee structures or lack of board engagement.


Assessing organizational readiness

Insurers can assess their readiness for ORSA by answering these questions:

1. Do you understand and comply to the requirements as stated by the ORSA Guidance Manual and the key components of ICP 16 on ERM?

2. Is a documented risk appetite statement used to inform business decision-making?

3. Is exposure for all types of risks measured in a consistent way?

4. Can the company project future risk capital requirements consistent with short-term business plans?

5. Is it possible to create a group-wide risk and capital assessment with a consistent measurement framework?

Organizations answering "no" to any of these questions can take some comfort in knowing there is time to enhance their capabilities prior to ORSA's effective date.

Contact us for help with ORSA compliance and ERM.

Bill Spinard
+1 703 747 1070
bill.spinard@ey.com

Chad Runchey
+1 212 773 1015
chad.runchey@ey.com

James Collingwood
+1 312 879 6306
james.collingwood@ey.com