New Regulation Expected in the U.S. – Own Risk and Solvency Assessment (ORSA)

The NAIC is currently discussing a proposal that some describe as the biggest enhancement to the U.S. financial regulatory framework since RBC was introduced in the 1990s. This change is a Solvency Modernization Initiative proposal to require large insurance groups and some large insurers to perform an Own Risk and Solvency Assessment (ORSA).

An ORSA is a process undertaken by an insurer or an insurance group to assess the adequacy of its risk management and current and expected future solvency position. This process will include filing an annual summary report to regulators, when requested, which can be the same or similar to the report made to the Board of Directors, senior management, rating agencies, and the like.

Regulators are not being prescriptive in requirements but will be supplying guidance to insurers on the completion of the ORSA report. Expectations as laid out in the current draft guidance manual are that the assessment will include the following three major sections, at a minimum:

  • Section 1 – Description of the Risk Management Policy.
  • Section 2 – Insurer Assessment of Risk Exposures (including Stress Testing).
  • Section 3 – Group Economic Capital and Prospective Solvency Assessment.

The ORSA requirement will apply to all insurance groups (and the insurance legal entities within the groups) with defined premiums greater than $1 billion and to any individual insurer in a smaller group with defined premiums greater than $500 million. Using this criteria, this proposal applies to approximately 90% of the U.S. insurance market.

The ORSA report that an insurer or insurance group produces has direct use in risk evaluation in the current and recently enhanced U.S. risk-focused surveillance process, in which U.S. regulators assess risks and the insurer’s ability to manage or mitigate risks. The combination of the regulators’ assessment and the company/group’s assessment will aid the evaluation and prioritization processes. The use of the ORSA expands upon the current process of risk-focused surveillance, though, and introduces a company’s own stress testing and group capital assessment to aid financial assessments of hazardous financial condition.

The ORSA report could be required as early as May 2013. More information can be found in the Solvency Modernization Initiative section on the NAIC Web Site at

We are interested in CAS members’ views: What role should actuaries play in the ORSA process?


About Kris DeFrain

Kris DeFrain, FCAS, MAAA, CPCU is the 2010-2011 Vice President-International of the Casualty Actuarial Society. She is the NAIC Director, Actuarial and Statistical Department in Kansas City, Missouri.

8 Responses to New Regulation Expected in the U.S. – Own Risk and Solvency Assessment (ORSA)

  1. avatar Ira Robbin says:

    US companies and regulators need to keep ORSA out of the US regulatory environment. Let EIOPA destroy itself and the European insurance industry. ORSA has no place in regulation. It eliminates clear guidelines and defined metrics in favor of reams of paper, tons of blather, and a zillion runs of self-promoting models like those that failed to predict the 2007 financial crisis. No company actuary or consultant that wants to keep their jobs will ever find their company is short of capital under the very nebulous standards of ORSA. ORSA will promote the illusion of security all the while making it easier for weak companies to masquerade as strong ones.

    Regulatory implementation of ORSA has not been thought through. How exactly will review of a company’s ORSA trigger regulatory action? There are no standards like there are for RBC or IRIS.

    Best course is to add a CAT piece to RBC and sit back and be ready to pick up the pieces of European insurers and reinsurers.

    • avatar Bryant Russell says:

      Taking the first response as serious in its criticisms of ORSA:

      I disagree with the premise that ORSA will in some way “eliminate clear guidelines and defined metrics” for the US regulatory environment. The SMI Roadmap indicates ORSA is in addition to computing the RBC formula.

      ORSA is an opportunity for a company to demonstrate that it “gets it” with respect to risk management. The impact of risk on each company is distinct, management’s reaction to current and future contingent events is varied. ORSA represents the company’s view of risk, something that RBC can never provide… RBC is one size fits all, good “on average”.

      One place where we might have agreement: If someone treats ORSA as a paperwork exercise, rather than a true risk assessment, then ORSA has no internal benefit to a company. However, if the report is just “reams of paper and tons of blather”, perhaps informed regulators will take a closer look at how such a company truly handles its risks.

  2. avatar Michael HAMPTON says:

    Self-regulation may work in a perfect society, but we need to catch those that use loopholes for self-grandisement. I do not believe setting up loopholdes for scams. Would you pass on emails as your support of authority? Banks were unregulated, reductions of audit support went down, …. What next? We need questioning of absolutes…people make mistakes and are redirected.

  3. avatar Kevin Madigan says:

    Hi Ira, long time no talk. Hope you are well. I could not disagree more with you on ORSA. I think ORSA is a very positive move. Furthermore, since it is a requirement for all IAIS member solvency regimes it is a fait accompli, so perhaps instead of railing against it we should focus on making it work.
    I do agree that it is a bad idea to allow firms to use internally developed models to determine their solvency capital requirements, but I think ORSA, if implemented correctly, is a huge step forward. It basically boils down to requiring insurers to attest to the appropriateness/adequacy of their ERM programs and make sure their business plans are in line with their risk and capital management. How is this a bad thing?
    And it is an improvement on backward looking solvency regulation.
    I suspect Ira is confusing ORSA with Solvency II modeling requirements, but I may be wrong.

  4. avatar Kartik Patel says:

    I am a CAS student and currently working on a Solvency 2 project with a UK based insurer.

    In my limited understanding:

    The purpose of RBC (Pillar 1 in solvency 2) is calculating capital requirement from regulator’s perspective which basically assumes that the insurer is in run-off stage or it’s going to transfer all its liabilities to another insurer. So it’s a standard approach which won’t fully fit to each & every insurer. As a result there will always be some error between how much capital you should “ideally” maintain and how much capital the regulatory approach of RBC is asking you to maintain.

    ORSA is an attempt to quantify (best case) or at least identify and document (worst case) this error.
    The purpose of ORSA (Pillar 2 in solvency 2) is calculating capital requirement from insurer’s perspective which basically assumes that the insurer is a going-concern. And the regulator is interested in understanding insurer’s perspective but that in no way reduces the capital requirement calculated under RBC (or Pillar 1 under solvency 2). So it’s a kind of “obligatory opportunity” given to the insurer to allocate enough attention & resources to first develop and then explain its own point of view on its capital requirement and its ERM practices.

    Now, how honestly will insurers utilise this opportunity will depend on how well the regulator is prepared to read through tons of pages and raise queries, provide feedbacks and in some cases ask insurers to maintain even additional capital (because for some insurers standard RBC approach can be way too unfit … but then I wonder which insurer will reveal such situation?!?!).

    So ORSA is a tool which can either help the insurer & regulator or it can become just another paper work exercise. But it will not harm (as long as capital requirement is not based on it).

  5. avatar Mike Boa says:

    FYI, the Joint Risk Management Section of the Society of Actuaries, the Casualty Actuarial Society, and the Canadian Institute of Actuaries, in collaboration with the International Network of Actuaries in Risk Management (“IN-ARM”), has announced a call for essays to address “Risk Metrics for Decision Making and ORSA.” Details are available on the Joint Risk Management Section web site.

  6. avatar Ira Robbin says:

    Admittedly I was staking out an extreme position to see what sort of defense might be mounted. Appreciate all the replies.

    I am in favor of ORSA done by a company for its own management and directors, but fear that once we go to ORSA for regulatory review we will likely end up with a different assessment. The sheer complexity of the models and the numerous parameters will make it difficult for regulators to arrive at a definitive view of the results. Stress tests on defined scenarios are more objective and I tend to favor them.

    Finally RBC provides a legal foundation for regulatory action such as in the extreme case liquidating a company. What actions will a regulator be authorized or mandated to take on the basis of an ORSA evaluation?

  7. avatar Ralph Blanchard says:

    For those insurers that practice ERM, they probably already do everything that an ORSA requirement calls for. The only difference would be a possible high-level summary report annually and a more stringent requirement for an audit trail that provides evidence of the quality of their ERM.
    The NAIC already investigates a company’s ERM process as part of its zone exam process. This started several years ago when they moved to risk-focused exams. As a result, I suspect that requesting the annual report of ORSA findings from everybody would be a mistake – it would convert a regulatory diagnostic and early warning tool into a compliance exercise.

Comments are closed.