The New York State Insurance Department says insurers should be prepared for it to evaluate their enterprise risk management (ERM) functions.
Matti Peltonen, chief of the department’s capital markets bureau, talks about insurer ERM operations in a new draft circular letter addressed to all insurers operating in the state.
The New York department believes the ERM function is a key component of the risk-based surveillance process, it recently established criteria it will use to assess an insurer’s ERM practices, Peltonen says.
The department could conduct an ERM evaluation either together with an ordinary statutory examination or as a stand-alone exercise, Peltonen says.
Peltonen says the New York department believes an insurer should have:
- An individual with the right credentials and enough resources to give managers and board ongoing assessments of the insurer’s risk profile.
- A written risk policy that describes risk tolerance levels.
- Written documentation of the ERM analytical process, including detailed discussions of the risks identified, the measurement approaches used, the key assumptions made, and the outcomes of any plausible statistical tests that were conducted.
- A process for conducting scenario and stress testing and looking at both the immediate and long-range implications of the results.
- Systems in place for comparing the level of financial resources available to economic capital and the regulatory capital requirements.
- Directors and senior managers who are performing their own risk and solvency assessments (ORSA).
“An insurer should address as part of its ERM/ORSA all reasonably foreseeable and relevant material risks including, at a minimum: Insurance; underwriting; asset-liability matching; credit; market; operational; reputational; liquidity; and any other significant risks associated with group membership,” Peltonen says. “The assessment also should include identifying the relationship between risk management and the level and quality of financial resources necessary as determined with quantitative and qualitative metrics.”
An insurer that is part of a holding company also should look at risks related to the holding company and other group members, Peltonen says.