The NAIC adopted the Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act on September 12, 2012, with the first company filing slated for 2015. Each state will now move to adopt and pass the model law in its jurisdiction.
The RMORSA signifies a fundamental shift in the regulatory scrutiny of the insurance industry’s enterprise risk management (ERM) and capital-management practices.
- Risk management. The RMORSA will be a tool to help supervisors understand the risks insurers are exposed to, and how adept insurers are at managing those risks. Regulators plan to assess ERM capability and to use it to guide their supervisory strategy.
- Group capital assessment. Examiners and NAIC analysts will use the RMORSA to assess groups/companies’ own assessment and management of their capital. While the RMORSA will not set a capital requirement, it will provide information to regulators that will help guide supervisory action.
- Encouraging ERM. The NAIC expects the RMORSA to help foster effective ERM practices at all insurers.
The RMORSA is an internal assessment, to which regulators will have access to in order to examine the adequacy of an insurer’s risk management and its current and future prospective solvency positions. The RMORSA process and accompanying summary report is one element of an insurer’s broader ERM framework. It links the insurer’s risk identification, measurement and prioritization processes with capital management and strategic planning.
Each insurer’s RMORSA process should reflect the way it manages its business in practice and the extent to which it embeds risk management and measurement into the business planning process. The insurer’s internal risk management materials must support the summary report, which, at a minimum, should consist of the following three sections:
- Description of the insurer’s risk management framework
- Insurer’s assessment of risk exposure
- Group risk capital and prospective solvency assessment
Insurers will need to include detailed information on the following in these three sections:
The time to prepare is now
“The ORSA Summary Report may help determine the scope, depth and minimum timing of risk-focused analysis and examination procedures … Insurers with ERM frameworks deemed to be robust for their relative risk may not require the same scope or depth of review, or minimum timing for a risk-focused surveillance as those with less robust ERM functions.” – NAIC ORSA Guidance Manual1
While U.S. insurers are making strides towards RMORSA readiness, a number of material gaps do still exist throughout the industry. The recent PricewaterhouseCoopers U.S. Insurance ERM & ORSA Readiness Survey2 reveals that there is a significant difference between perceived and actual readiness for the RMORSA. For example, 82 percent of survey respondents believe their existing ERM processes are largely adequate for RMORSA requirements, yet only 38 percent of company boards are either unengaged or only passively engaged in risk management. Moreover, 35 percent of companies indicated that they do not have a risk appetite linked to business strategy and financial goals, which is crucial to a comprehensive and effective ERM program.