The Own Risk and Solvency Assessment is “an annual internal process undertaken by insurers to assess the adequacy of their enterprise risk management (ERM) and solvency positions under both normal and severe stress scenarios. An Orsa represents the insurer’s own assessment of their current and future risks.” Orsa is also defined “as a set of processes constituting a tool for decision-making and strategic analysis. It aims to assess, in a continuous and prospective way, the overall solvency needs related to the specific risk profile of the insurance company.” This risk assessment is then consolidated in an Orsa report using a prescribed format. It is somewhat akin to the Internal Capital Adequacy Assessment Process (ICAAP) in Basel II. Perhaps in its briefest form, it is a tool in decision-making to assess the risk appetite of the company. It is not a capital requirement regulation.
Orsa Report
The Orsa Report is an effective tool in risk management, which can be used by the board of directors. Indeed, risk management is ultimately the responsibility of the board of directors. In Malaysia, under MAS 126, insurers are required to submit extracts of the minutes of the board of directors showing the deliberations of the board on the Orsa report. The risk assessment should also include a stress testing. The Orsa Report should not be seen by insurers as another regulatory reporting requirement. Instead, it should be seen by the companies as a “good risk management practice.”
Development of Orsa
A significant development in insurance regulation is the European Union’s issuance of a directive in 2009 to reduce the incidence of insolvency, called the Solvency II Directive. Pillar 2 of Solvency II provides for the establishment of good corporate governance and enterprise risk management. It was under Solvency II that Orsa was conceptualized and developed. This concept was later adopted by the International Association of Insurance Supervisors (IAIS)and incorporated in Insurance Core Principle (ICP) 16. Today, the basis for the Orsa is Insurance Core Principle 16 (Enterprise Risk Management for Solvency Purposes), which provides: “The supervisor establishes enterprise risk management requirements for solvency purposes that require insurers to address all relevant and material risks.” In other words, Orsa has become an integral part of enterprise risk management.
ICP 16.11 specifically provides: “The supervisor requires the insurer to perform its Orsa regularly to assess the adequacy of its risk management and current, and likely future, solvency position.” Orsa has become an integral component in the assessment of the insurers. The Philippines, as a member of the IAIS, has agreed to be bound by the ICP. Indeed, insurance regulation is being “globalized” through the IAIS, around the ICPs.
Orsa around the world
While Orsa is required by the National Association of Insurance Commissioners to be undertaken by insurers in the US starting 2015, Orsa is not practiced nor required in the Philippines. Nor is there a mandated enterprise risk management program. Although there is a risk-based capital system in place. However, unlike in RBC which results in an “RBC ratio,” there is Orsa score or rating. Other jurisdictions, though, have enacted regulations requiring Orsa compliance. For example, in South Africa, insurers were required to perform regular Orsas starting April 2017. Malaysia introduced Enterprise Risk Management for Insurers on April 2, 2013, and it took effect on January 1, 2014. Under this framework, Orsa was required to be performed at least annually. Orsa is now being complied in China (2016), Canada (2014), Bermuda (2011), South Korea (2017), Japan (2015) and Australia (2013).
****
Dennis B. Funa is the current insurance commissioner. Funa was appointed by President Duterte as the new insurance commissioner in December 2016. E-mail: dennisfuna@yahoo.com