Last Updated 2/1/2023
Issue: The U.S. group supervisory framework was tested during the 2008 global financial crisis when American International Group (AIG) faced financial uncertainty. The AIG Financial Products unit based in London, a non-insurance component of the AIG holding company system, took on huge losses from risky investments. The contagion effects experienced by U.S. insurers in the AIG holding company system's near collapse prompted U.S. insurance regulators to re-evaluate their group supervisory framework and pay closer attention to the risks created by activities going on outside of those entities as well as the reputational and contagion issues that could exist.
In the wake of the financial crisis, it became clear U.S. state insurance regulators needed to be able to assess the holding company's financial condition and its impact on an insurer within the holding company system. In November 2011, as part of the NAIC Solvency Modernization Initiative (SMI), the NAIC voted to adopt a significant new addition to U.S. insurance regulation: the U.S. Own Risk and Solvency Assessment (ORSA). An ORSA will require insurance companies to issue their own assessment of their current and future risk through an internal risk self-assessment process, and it will allow regulators to form an enhanced view of an insurer's ability to withstand financial stress.
Overview: The NAIC Risk Management and Own Risk and Solvency Assessment Model Act (#505) went into effect on Jan. 1, 2015. Under Model (#505), large and medium-size U.S. insurers and insurance groups are required to regularly perform an ORSA and file a confidential ORSA Summary Report of the assessment with the regulator of each insurance company upon request, and with the lead state regulator for each insurance group whether or not any request is made. Model #505 provides the requirements for completing an annual ORSA and provides guidance and instructions for filing an ORSA Summary Report.
ORSA: WHAT IS IT?
An ORSA is an internal process undertaken by an insurer or insurance group to assess the adequacy of its risk management and current and prospective solvency positions under normal and severe stress scenarios. An ORSA will require insurers to analyze all reasonably foreseeable and relevant material risks (i.e., underwriting, credit, market, operational, liquidity risks, etc.) that could have an impact on an insurer's ability to meet its policyholder obligations.
The "O" in ORSA represents the insurer's "own" assessment of their current and future risks. Insurers and/or insurance groups are required to articulate their own judgment about risk management and the adequacy of their capital position. This is meant to encourage management to anticipate potential capital needs and to take proactive steps to reduce solvency risks. ORSA is not a one-off exercise--it is a continuously evolving process and should be a component of an insurer's Enterprise Risk Management (ERM) framework. Moreover, there is no mechanical way of conducting an ORSA; how to conduct the ORSA is left to each insurer to decide, and actual results and contents of an ORSA report will vary from company to company. The output will be a set of documents that demonstrate the results of management's self-assessment.
NAIC U.S. ORSA
In light of the financial crisis, U.S. insurance regulators began to modify their supervisory framework. In 2008, the NAIC launched the SMI--a critical self-examination to update the U.S. insurance solvency framework. SMI focused on key issues such as capital requirements, governance and risk management, group supervision, statutory accounting and financial reporting, and reinsurance. As part of the SMI, the NAIC re-evaluated risk-based capital (RBC) in the United States and determined RBC will continue to form the backstop function for insurer solvency to: (1) guarantee regulator action; and (2) provide the legal authority to intervene without extensive litigation.
State insurance regulators decided that additional capital assessments evaluating prospective solvency should be added to the system. Additional capital assessments will be included in the ORSA to complement RBC as a financial regulatory safeguard. The ORSA Guidance Manual, which was adopted by the NAIC Executive (EX) Committee and Plenary in March 2012, provides information for insurers on performing its ORSA and documenting risk policies and procedures.
Pursuant to the ORSA Guidance Manual and the Risk Management and Own Risk and Solvency Assessment Model Act (#505), the ORSA has two primary goals: 1) to foster an effective level of ERM at all insurers, through which each insurer identifies, assesses, monitors, prioritizes and reports on its material and relevant risk identified by the insurer, using techniques that are appropriate to support risk and capital decisions; and 2) to provide a group-level perspective on risk and capital, as a supplement to the existing legal entity view.
The ORSA applies to any individual U.S. insurer that writes more than $500 million of annual direct written and assumed premium, and/or insurance groups that collectively write more than $1 billion of annual direct written and assumed premium. An insurer that is subject to the ORSA requirements is expected to: 1) regularly, no less than annually, conduct an ORSA to assess the adequacy of its risk management framework and current and estimated projected future solvency position; 2) internally document the process and results of the assessment; and 3) provide a confidential high-level ORSA Summary Report annually to the lead state commissioner if the insurer is a member of an insurance group and, upon request, to the domiciliary state regulator.
When the NAIC Executive (EX) Committee and Plenary adopted Model #505 on Sept. 12, 2012, it was expected that each jurisdiction would adopt risk-management and ORSA requirements into state law prior to 2015. A majority of states have formally enacted Model #505, which was added as an NAIC accreditation standard in 2017. The NAIC estimates about 300 reports will be filed every year, once all states have adopted Model #505, of which approximately 200 will be at group level and 100 at single-entity level.
Status: Pursuant to Model #505, large and medium-size U.S. insurance groups and/or insurers were required to submit the first ORSAs in 2015. State insurance regulators first began reviewing ORSA Summary Reports in 2016.
The NAIC ORSA Implementation (E) Subgroup is charged to provide and enhance an enterprise risk management (ERM) education program for regulators in support of ORSA implementation and to continually review and monitor the effectiveness of Model #505 and supporting ORSA Guidance Manual and consider revisions as necessary. The ORSA Implementation (E) Subgroup released an ORSA Information Sharing Best Practices for use in sharing ORSA-related information among state regulators. The best practices are aimed at maintaining the confidentiality of a company's ORSA report during the course of coordinating with other states in connection with conducting financial analysis and financial examinations.
Committees Related to This Topic
A Comparison of the Risk Management and Own Risk Solvency Assessment Model Act and Insurer Ratings
Journal of Insurance Regulation (2017), Vol. 36, No. 3
Own Risk and Solvency Assessment: Origins and Implications for Enterprise Risk Management
Journal of Insurance Regulation (2015), Vol. 34, No. 9
The ORSA Journey Has Begun
CIPR Newsletter, March 2016
Insurers, Are You Ready? The Own Risk and Solvency Assessment (ORSA) Is On Its Way
CIPR Newsletter, October 2012
Insurance Group Supervision
CIPR Newsletter, April 2012
Media queries should be directed to the NAIC Communications Division at 816-783-8909 or firstname.lastname@example.org.
Bruce Jenson, CPA
Sr. Manager - Solvency Oversight Policy