The NAIC adopted the Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act on September 12, 2012, with the first company filing slated for 2015. Each state will now move to adopt and pass the model law in its jurisdiction.
The RMORSA signifies a fundamental shift in the regulatory scrutiny of the insurance industry’s enterprise risk management (ERM) and capital-management practices.
- Risk management. The RMORSA will be a tool to help supervisors understand the risks insurers are exposed to, and how adept insurers are at managing those risks. Regulators plan to assess ERM capability and to use it to guide their supervisory strategy.
- Group capital assessment. Examiners and NAIC analysts will use the RMORSA to assess groups/companies’ own assessment and management of their capital. While the RMORSA will not set a capital requirement, it will provide information to regulators that will help guide supervisory action.
- Encouraging ERM. The NAIC expects the RMORSA to help foster effective ERM practices at all insurers.
The RMORSA is an internal assessment, to which regulators will have access to in order to examine the adequacy of an insurer’s risk management and its current and future prospective solvency positions. The RMORSA process and accompanying summary report is one element of an insurer’s broader ERM framework. It links the insurer’s risk identification, measurement and prioritization processes with capital management and strategic planning.
Each insurer’s RMORSA process should reflect the way it manages its business in practice and the extent to which it embeds risk management and measurement into the business planning process. The insurer’s internal risk management materials must support the summary report, which, at a minimum, should consist of the following three sections:
- Description of the insurer’s risk management framework
- Insurer’s assessment of risk exposure
- Group risk capital and prospective solvency assessment
Insurers will need to include detailed information on the following in these three sections:
The time to prepare is now
“The ORSA Summary Report may help determine the scope, depth and minimum timing of risk-focused analysis and examination procedures … Insurers with ERM frameworks deemed to be robust for their relative risk may not require the same scope or depth of review, or minimum timing for a risk-focused surveillance as those with less robust ERM functions.” – NAIC ORSA Guidance Manual1
While U.S. insurers are making strides towards RMORSA readiness, a number of material gaps do still exist throughout the industry. The recent PricewaterhouseCoopers U.S. Insurance ERM & ORSA Readiness Survey2 reveals that there is a significant difference between perceived and actual readiness for the RMORSA. For example, 82 percent of survey respondents believe their existing ERM processes are largely adequate for RMORSA requirements, yet only 38 percent of company boards are either unengaged or only passively engaged in risk management. Moreover, 35 percent of companies indicated that they do not have a risk appetite linked to business strategy and financial goals, which is crucial to a comprehensive and effective ERM program.
Even though 2015 is the effective outside date of the law becoming universally adopted, it is evident that many regulators are or will be requiring a RMORSA in their regulatory reviews. As part of their broader supervisory reviews and authority, regulators want to see that insurers are advancing their efforts to better integrate risk management in advance of 2015. Moreover, although the model act requires summary reports to be filed first in 2015, all documentation and evidence that supports the report must be available for regulatory inspection upon request or examination. Accordingly, the companies that start investing in RMORSA readiness now are likely to benefit significantly from doing so.
In particular, insurers should:
- Review the RMORSA Guidance Manual and how its requirements apply to your company.
- Consider the key features of your EMR and capital assessment programs and the message the company wishes to communicate to stakeholders to help determine the scope and impact of the RMORSA.
- Review the existing scope and documentation of the ERM framework, management metrics and evidence of its practical operation in the business to leverage your ERM work to date.
- Put the ERM program into words and start to populate an RMORSA report to identify potential gaps and assess the strength of the current communication from a regulator’s perspective.
- Use the practice RMORSA report to identify areas where your capabilities can continue to be strengthened and implement enhancements.
Regulators are likely to look favorably on insurers that embrace RMORSA and actively maintain a robust risk management and solvency framework that links risk-based decisions to strategic and capital planning. Moreover, resolution of any issues that may arise is likely to be easier for companies that demonstrate a genuine willingness to improve ERM.
Beyond compliance to risk awareness
A phased implementation that is flexible and allows staff to learn and adapt to the new regime is likely to result in more profound and permanent results. There are many important advantages to having a well embedded ERM framework that helps insurers exploit key opportunities and maximize risk-adjusted returns, while protecting policyholders’ interests. Meeting regulatory requirements as a byproduct of an effective ERM framework and risk-aware culture, rather than treating the RMORSA as a pure compliance requirement, will help differentiate tomorrow’s winners in the market.
1 Available at http://www.naic.org/documents/committees_e_orsa_wg_orsa_manual.pdf
2 Available at http://www.pwc.com/us/en/insurance/publications/insurance-survey-erm-rmorsa-2012.jhtml