Own Risk and Solvency Assessment

Last Updated: 8/1/2024
The 2008 global financial crisis tested the U.S. group supervisory framework when American International Group (AIG) faced financial uncertainty. The AIG Financial Products unit based in London, a non-insurance component of the AIG holding company system, incurred significant losses due to high-risk investments. This near collapse of AIG’s holding company system had a ripple effect on U.S. insurers, leading state insurance regulators to strengthen their group supervisory framework and increase scrutiny of non-insurance activities and potential reputational and systemic risks.

Consequently, U.S. state insurance regulators initiated the Solvency Modernization Initiative (SMI) to modernize the U.S. insurance supervisory framework. The SMI addresses capital requirements, governance and risk management, group supervision, statutory accounting and financial reporting, and reinsurance. It also reaffirmed the role of  Risk Based capital (RBC) as a foundational solvency safeguard, ensuring regulatory action and legal authority for intervention.

It became clear U.S. state insurance regulators needed to be able to evaluate the holding company's financial condition and its impact on an insurer within the holding company system. In November 2011, the NAIC introduced a pivotal regulatory tool as part of the SMI: the U.S. Own Risk and Solvency Assessment (ORSA). An ORSA requires insurance companies to conduct and report a comprehensive self-assessment of their current and future risks and capital adequacy, enabling regulators to gain a deeper understanding of an insurer's financial resilience.

The NAIC Risk Management and Own Risk and Solvency Assessment Model Act (#505) became effective on Jan. 1, 2015. It requires large and medium-size U.S. insurers and insurance groups to conduct an ORSA regularly and document the results in an ORSA Summary Report.

The ORSA Guidance Manual, adopted by the NAIC in March 2012, provides guidance and instructions for conducting the ORSA and filing an ORSA Summary Report.

ORSA: WHAT IS IT?
An ORSA is a critical internal process for insurers or insurance groups to evaluate their risk management and solvency positions, both current and future, under various stress scenarios. It necessitates a thorough analysis of all reasonably foreseeable and relevant material risks (i.e., underwriting, credit, market, operational, liquidity risks, etc.) that could affect an insurer's ability to meet its policyholder obligations.

The ORSA represents the insurer's own assessment of their current and future risks. This is meant to encourage management to anticipate potential capital needs and take proactive steps to reduce solvency risks. ORSA is not a one-time exercise but an ongoing process integral to an insurer's Enterprise Risk Management (ERM) framework. The approach to conducting the ORSA is at the insurer’s discretion, and actual results and contents of an ORSA report will vary from company to company.

Pursuant to the ORSA Guidance Manual and the Risk Management and Own Risk and Solvency Assessment Model Act (#505), the ORSA has two primary goals: 1) to foster an effective level of ERM at all insurers, through which each insurer identifies, assesses, monitors, prioritizes and reports on its material and relevant risk identified by the insurer, using techniques that are appropriate to support risk and capital decisions; and 2) to provide a group-level perspective on risk and capital, as a supplement to the existing legal entity view.

The ORSA applies to any individual U.S. insurer that writes more than $500 million of annual direct written and assumed premium, and/or insurance groups that collectively write more than $1 billion of annual direct written and assumed premium. These insurers must: 1) regularly, no less than annually, conduct an ORSA to assess the adequacy of its risk management framework and current and estimated projected future solvency position; 2) internally document the process and results of the assessment; and 3) provide a confidential high-level ORSA Summary Report annually to the lead state commissioner if the insurer is a member of an insurance group and, upon request, to the domiciliary state regulator.

53 of 56 U.S. jurisdictions have formally enacted Model #505, which was added as an NAIC accreditation standard in 2017. The NAIC estimates about 300 reports will be filed every year, of which approximately 200 will be at group level and 100 at single-entity level.

Pursuant to Model #505, large and medium-size U.S. insurance groups and/or insurers were required to submit the first ORSAs in 2015. State insurance regulators first began reviewing ORSA Summary Reports in 2016.

The NAIC ORSA Implementation (E) Subgroup is charged to provide and enhance an enterprise risk management (ERM) and capital modeling education program for regulators in support of ORSA implementation and to continually review and monitor the effectiveness of Model #505 and supporting ORSA Guidance Manual and consider revisions as necessary.

The ORSA Implementation (E) Subgroup released an ORSA Information Sharing Best Practices for use in sharing ORSA-related information among state regulators. The best practices are aimed at maintaining the confidentiality of a company's ORSA report while coordinating with other states in connection with conducting financial analysis and financial examinations.

In 2018, the Subgroup also released Form F/ORSA Comparison, comparing the requirements of the ORSA and Form F (also known as the Enterprise Risk Report).  ORSA is intended to capture the risks associated with the insurance entities of the holding company system and Form F is intended to capture the material risks associated with the non-insurance entities that could jeopardize the ability of the Ultimate Controlling Person (UCP) to provide financial support to the insurance entities, if they were under financial distress.

Since its first adoption, the Subgroup has updated the ORSA Guidance Manual twice.  In December 2017, a section was added to explain the process to update the manual. In December 2022, a section was added with the ORSA requirements for Internationally Active Insurance Groups (IAIGs), requiring the ERM and the capital management frameworks of these groups to have specific elements to reduce any potential systemic risk associated with their insolvency. Requirements were also added for all ORSA filers to include material risks arising from non-insurance entities in the ORSA, as well as a discussion of the main business goals and a detailed disclosure of liquidity risk.