Last Updated 4/7/2021
Issue: Enterprise risk management (ERM) has attracted much attention in the last several years, particularly following the great global financial crisis. In today’s uncertain world of complex and interrelated risks, an increasing number of financial institutions, including insurance companies, have implemented or are developing an ERM system.
Overview: Managing risks is paramount for insurers who have implemented, are developing, or further enhancing their ERM systems. The accurate and deep understanding of the extent and composition of risk-taking and the great risk control gained by ERM can deliver significant strategic advantages. These advantages can be translated as increased efficiencies and ultimately important tangibles, reduced earnings volatility, stronger capital position, and higher profitability. The success of ERM depends on how well it integrates into the framework already proven to be effective risk management tools, such as Asset Liability Management (ALM), which cuts across different risk categories (underwriting, asset, and operational risks). All departments within an insurance company, including finance, actuarial, strategy, etc., are critical in the implementation of ERM. Each department first mainly embeds ERM into the daily operations within their departments; then, the department connects across the organization's risk management infrastructure to become part of the overall decision-making.
Company size and complexity are among the key determinants for ERM adoption, with larger companies facing multiple risks more likely to develop a holistic risk management framework. Insurers active in a number of markets and offering complex products need specialists to deal with different risks, and they predictably move toward developing strong ERM systems. External institutional pressures, particularly from the regulatory community, have also been driving ERM implementation. The regulators intend to foster effective risk management at the enterprise (group) level for all insurers. Other external factors for ERM adoption originate from the market through the stock market and credit rating agencies, which have added ERM as a criterion in their credit analysis and their overall assessment of insurance companies' financial strength.
Status: The current solvency surveillance framework includes examination and analysis of insurers' ERM as outlined in the Exam and Analysis Handbooks. In October 2011, the IAIS adopted an Insurance Core Principle (ICP 8) on Risk Management and Internal Controls, which heightens the need for standards and provides guidance on ERM. During 2011, the Group Solvency Issues (E) Working Group determined that ERM, as well as ORSA (Own Risk and Solvency Assessment) requirements, were appropriate and beneficial for inclusion in the U.S. solvency framework. In 2012, the NAIC ORSA Guidance Manual and the Risk Management and ORSA Model Act (Model #505) were adopted.
The NAIC ORSA Guidance Manual provides information for insurers on performing its ORSA and documenting risk policies and procedures. NAIC Model #505 went into effect on Jan. 1, 2015 and requires insurers above a specified premium threshold to maintain a risk management framework, complete an ORSA, and file a confidential annual ORSA Summary Report with their lead state supervisor. Model #505 is a standard for accreditation of the state departments. Most of the adopting states required an ORSA Summary Report to be filed by the end of 2015. The rest required the first filing to be made by the end of 2016 or 2017, depending on the state.
Committees Active on This Topic
Market Reactions to Enterprise Risk Management Adoption, Incorporation by Rating Agencies, and ORSA Act Passage
2021, Risk Management and Insurance Review
ERM Expectations for Non-ORSA Filers
2018 NAIC Insurance Summit
A Comparison of the Risk Management and Own Risk Solvency Assessment Model Act and Insurer Ratings
2017, Journal of Insurance Regulation Vol. 36, No. 3
COSO releases updated enterprise risk management framework
September 2017, Accounting Today
ERM Integrating with Strategy and Performance
June 2017, COSO
The ORSA Journey Has Begun
March 2016, CIPR Newsletter
Own Risk and Solvency Assessment: Origins and Implications for Enterprise Risk Management
2015, Journal of Insurance Regulation Vol. 34, No. 9
Are You Ready? The Own Risk and Solvency Assessment (ORSA) is On Its Way
October 2012, CIPR Newsletter
Media queries should be directed to the NAIC Communications Division at 816-783-8909 or firstname.lastname@example.org.
Sr. Manager, L/H Financial Analysis