Best practices for ORSA implementation

Similar documents
Transforming risk management into a competitive advantage kpmg.com

Internal audit value optimization for insurance organizations

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES 11 NYCRR 82 (INSURANCE REGULATION 203) ENTERPRISE RISK MANAGEMENT AND OWN RISK AND SOLVENCY ASSESSMENT

Matthew E. Breecher Breecher & Company PC November 12, 2008

NAIC OWN RISK AND SOLVENCY ASSESSMENT (ORSA) GUIDANCE MANUAL

ERM from a Small Insurance Company Perspective

PwC s 2012 U.S. Insurance ERM & ORSA Readiness Survey

Tailoring enterprise risk management strategies to the Main-Street insurer

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

top issues An annual report

Exams, Audit, SOX/MAR, ERM, ORSA,...what s next???

Risk Management. Trends for Insurance Companies. Jeffrey Lovern Genworth Financial VP, Enterprise Risk Management Global Mortgage Insurance

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Insurance Enterprise Risk Management Practices

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Role of Actuaries in Solvency II Tamsin Abbey

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

Regulatory Solvency Assessment of Property/Casualty Insurance Companies in the United States

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

Enterprise Risk Management: From Theory to Practice

ERM Learning Objectives

IAIS Insurance Core Principle 16

NY INSURANCE REGULATOR PROPOSES NEW ENTERPRISE RISK

Developing an Effective Enterprise Risk Management Program

Deriving Value from ORSA. Board Perspective

2012 US Insurance ERM & ORSA Survey Key results and findings

Understanding changes to the Trust Services Principles for SOC 2 reporting

PART A: OVERVIEW Introduction Applicability Legal Provisions Effective Date...2

Scenario Analysis Principles and Practices in the Insurance Industry

Conducting a System Implementation Risk Review at Higher Education Institutions

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Solvency II Own Risk and Solvency Assessment (ORSA)

How to Develop Successful Enterprise Risk and Vendor Management Programs

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP

Preparing for ORSA - Some practical issues

Solvency II Own risk and solvency assessment (ORSA)

Internal Control Integrated Framework. May 2013

Enterprise Risk Management A View. Clive Kelly CRO Zurich Insurance plc/zfs Europe (GI)

Planning for business transition:

Enterprise risk management: A pragmatic, four-phase implementation plan

Much attention has been focused recently on enterprise risk management (ERM),

Solutions and contact guide

Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II

Zurich s approach to Enterprise Risk Management. John Scott Chief Risk Officer Zurich Global Corporate

Enterprise Risk Management

Audit, Risk Management and Compliance Committee Charter

The role and function of insurance company board of directors risk committees

WELCOME TO SECURE

Assessing Insurers' Economic Capital Models Discussion on Methodology and Application

Integrating Risk and Capital Management into Strategy and Planning. Key to Assessing Risk and Reward for Insurers

Subcontractor default insurance Baker Tilly Virchow Krause, LLP

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

Risk Assessment & Enterprise Risk Management

Financial Institutions Industry Insights

PNC is a registered mark of The PNC Financial Services Group, Inc.( PNC ) 2013 The PNC Financial Services Group, Inc. All rights reserved.

IT Governance. What is it and how to audit it. 21 April 2009

Model Risk, A company perspective Peter K. Reilly, FSA Valuation Actuary & Head of Actuarial Strategic Initiatives Aetna, Inc

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Using Strategic Risk Management to Gain Assurance and Communicate More Effectively

WebEx guide. > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host.

Policy : Enterprise Risk Management Policy

Actuarial Aspects of ERM for Insurance Companies

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Improving Financial Performance, Governance and Compliance

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

How To Learn About An Enterprise Risk Management

Leveraging Financial Data for Enterprise Risk Management. Agenda. Agenda ERM Symposium March 16, 2011 Swissotel Chicago, Chicago, IL

Terms of Reference - Board Risk Committee

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

ERM: Integration of Finance and Risk

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

How To Understand The Role Of An Internal Audit

Uncovering outpatient operations hidden revenue busters

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

ERM Exam Core Readings Fall Table of Contents

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3

Enterprise Risk Management in Colleges and Universities

DATA AUDIT: Scope and Content

Enterprise Risk Management (ERM): In Action. January Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport

Regulations in General Insurance. Solvency II

Solvency II for Beginners

Sample Financial institution Risk Management Policy 2011

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Statement of Policy for the Risk Management Program

ERM Implementation at Professional Risk Organizations. ERM Symposium 2012 Washington, D.C.

The PNC Financial Services Group, Inc. Business Continuity Program

IT Compliance After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

Risk management systems of responsible entities: Further proposals

fs viewpoint

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

ENTERPRISE RISK MANAGEMENT BENCHMARK REVIEW: 2013 UPDATE

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Guiding Principles for Implementing Enterprise Risk Management (ERM)

Session 7: Regulatory Update T HOMAS PASUIT, M E T L I F E J I M F RASHER, N O RT HWEST ERN M U T UA L

Owner s project control review Baker Tilly Virchow Krause, LLP

Society of Actuaries in Ireland

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Transcription:

Best practices for ORSA implementation October 21, 2014 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Agenda I. What is ORSA? II. Review process III. What is enterprise risk management? IV. Sections of an ORSA Summary Report V. Building the engine for the ERM process VI. Risk assessment process VII. Key ERM challenges VIII. Questions? 6

WHAT IS ORSA? 7

What is ORSA? The Own Risk and Solvency Assessment (ORSA) is becoming a key part of the regulatory framework for US insurers. The ORSA Guidance Manual states that ORSA is: > A component of the insurer s Enterprise Risk Management (ERM) framework > A confidential internal assessment appropriate to the nature, scale, and complexity of an insurer conducted by that insurer of the material and relevant risks identified by the insurer associated with an insurer s current business plan and the sufficiency of capital resources to support those risks 8

NAIC Own Risk and Solvency Assessment Guidance Manual Overall, the ORSA is essentially an internal assessment of the risks associated with an insurer s current business plan, and the sufficiency of capital resources to support those risks. 9

NAIC Own Risk and Solvency Assessment Guidance Manual ORSA s two primary goals > To foster an effective level of enterprise risk management at all insurers, through which each insurer identifies and quantifies its material and relevant risks, using techniques that are appropriate to the nature, scale, and complexity of the insurer s risks, in a manner that is adequate to support risk and capital decisions > To provide a group-level perspective on risk and capital, as a supplement to the existing legal entity view 10

NAIC Own Risk and Solvency Assessment Guidance Manual General guidance The ORSA process is one element of an insurer s broader Enterprise Risk Management (ERM) framework. It links the insurer s risk identification, measurement, and prioritization processes with capital management and strategic planning. Effective date: January 1, 2015 with the first Summary Report filing sometime in 2015, a date yet to be determined. High-level ORSA Summary Report annually to the domiciliary regulator, if requested. 11

NAIC Own Risk and Solvency Assessment Guidance Manual General guidance > Each ORSA process will be unique > The ORSA Summary Report will be used to gain a high-level understanding of the process > The report will be supported by the insurer s internal risk management materials > Minimum the ORSA Summary Report should discuss: Section 1: Description of the insurer s risk management framework Section 2: Insurer s assessment of risk exposure Section 3: Group risk capital and prospective solvency assessment 12

2013 ORSA guidance revisions > Identify the basis of accounting for the ORSA Summary Report (e.g., GAAP, SAP, or IFRS) > Explain the scope of the ORSA such that the ORSA Summary Report identifies which entities within the group are included, possibly accompanied by an organizational chart > Include a summary of material changes to the ORSA from the prior year > Provide a comparative view of risk capital from the prior year > Included changes to synchronize guidance in the Manual with the requirements in the adopted Risk Management and Own Risk and Solvency Assessment Model Act (#505) 13

Leveraging ORSA to understand corporate governance An ORSA program sets up a corporate governance structure. > To obtain information regarding guidance and oversight provided by the board of directors and executive management, the examiner must understand the corporate governance structure and be able to assess the tone at the top. > This information, along with information on how the insurer identifies, controls, monitors, evaluates, and responds to risks will enhance the examiner s consideration of current and prospective risk areas and assist with the appropriate determination of detailed examination procedures that should be performed as described in the NAIC s 2012 Financial Examination handbook. 14

REVIEW PROCESS 16

Understanding the review process The biggest challenge facing companies submitting their first ORSA summary report? Trying to understand what the regulator will be looking for. 17

Understanding the review process Currently, many regulators are concerned that their staffs do not have the skills to understand a company s ERM programs. The summary report should be drafted in a way that the key elements are laid out as plainly as possible. 18

WHAT IS ENTERPRISE RISK MANAGEMENT? 19

What is enterprise risk management? Traditional risk management, risk-based regulation, and capital management are converging. Opportunity Maximization Risk Mitigation Across all functional Business Units (e.g. Claims, Human Resources) Risk Opportunity Sustained Growth Business Preservation Compliance SOX, Model Audit Rule, regulation driven - if you manage controls you have managed risks Asset protection Corporate insurance, loss prevention, fraud, privacy, health & safety, business continuity Risk analytics Risk & control assessments, loss impact & probability and scenario analysis, risk dashboards Financial modeling Catastrophe risk & economic capital modeling, capital allocation, financial forecasting rating agency & reg capital Strategy and planning Key risks to meeting objectives; strategic, operational & emerging risks; risk appetite statements 20

What is enterprise risk management? What is ERM? The process by which organizations identify, measure, monitor, and exploit key risks for the purpose of meeting business objectives and increasing shareholder value. 21

What is enterprise risk management? What is the ERM Value Proposition? One perspective > To maximize return from an organizations chosen risk profile > Achieved by use of a risk-based decision making processes that supports achievement of business objectives, and leverage the firms business acumen, analytics, and financial modeling capabilities 22

SECTIONS OF AN ORSA SUMMARY REPORT 24

3 sections of ORSA summary report Section 1: Description of ERM Framework > Risk culture and governance > Risk identification and prioritization > Risk appetite, tolerance, and limits > Risk management and controls > Risk reporting and communication Section 2: Insurer Assessment of Risk Exposures Section 3: Group Assessment of Risk Capital and Prospective Solvency Assessment > Group assessment of risk capital > Prospective solvency assessment 25

Sample outline of ORSA report ORSA Summary Report: Table of contents Section 1 1) Risk Management Policy Statement (objectives, approach, and culture) 2) Corporate and Risk Governance (management boards and risk committees) 3) Business and Financial Management Planning Cycles (business strategy) 4) Risk Management Communication and Reporting Cycles Section 2 1) Risk and Control Assessment and Monitoring Framework 2) Identification, Classification, Quantification, and Prioritization of Business Risks 3) Risk Appetite Statements and Risk Tolerance Limits Section 3 1) Use Economic Capital Models (BCAR, ECM, RBC) and Financial Models (EAR) Section 4 1) Key Business Risk Mitigation and Management Action Plans 2) Independent Assurance (actuarial review, internal and external audit) 26

COSO 2013 impact on ORSA 27

COSO 2013 impact on ORSA 28

BUILDING THE ENGINE FOR THE ERM PROCESS 29

Building the engine for the ERM process Determine that management is continuing to: > Build consensus around the ERM process > Gather relevant information and existing data > Conduct interviews, surveys and facilitation work sessions > Identify key risks and develop a risk profile > Initiate risk mitigation, optimization activities, and ownership to emerging risks Create ERM process Risk identification, analysis, and prioritization Validate risk assessment and responses Risk monitoring and reporting 30

Building the engine for the ERM process Confirm that management has > Compiled a list of risks that impact the business sorted by category > Performed risk assessment facilitated workshops and surveys to identify, analyze, and prioritize key risks and strategies 31

Building the engine for the ERM process Risk identification, analysis, and prioritization > Results of the risk identification process are compiled > Risk are evaluated and assessed (high, medium, low) from two perspectives, impact and likelihood > Options used: - Accept = monitor - Avoid = eliminate (get out of situation) - Reduce = institute controls - Share = partner with someone (e.g. re-insurance) > Risk assessment is linked to strategic objectives > Results are compiled and risk maps developed to summarize and prioritize key risks (top 10 to 15 risks) 32

Building the engine for the ERM process Validate risk assessment and responses > Review management s feedback on risk assessment; identify and evaluate possible responses to risks (Accept, Avoid, Reduce and Share) > Evaluate options in relation to entity s risk appetite, cost vs. benefit of potential risk responses, and degree to which a response will reduce impact and/or likelihood > Select and execute response based on evaluation of the portfolio of risks and responses > Facilitate meetings or work sessions with key members of management to address developed responses 33

Building the engine for the ERM process Risk monitoring and reporting > Ensure accountability for risks > Summarize a risk assessment report > Create risk dashboards for high-level board reporting Leverage technology tools > Develop a continuous monitoring program Ensure updates are reflected (i.e., changes in systems or processes) Risks are being properly addressed Controls are working to mitigate risks 34

Risk management framework Strategy > Strategic Goals & Objectives > Risk Universe > Risk Appetite / Tolerance > Risk Limits Organization > Culture & Governance > Accountability > Roles & Responsibilities Process > Identification > Quantification > Prioritization > Mitigation & Execution Tools > Risk Committees & Reports > Key Risk & Performance Indicators Monitoring and Reporting > Board Meetings & Reports > Dashboard Reports (e.g. Balanced Scorecard) 35

RISK ASSESSMENT PROCESS 37

Risk assessment process Review strategic objectives Update risk dashboards for reporting Identify key risk areas and risks to meeting objectives Monitor and identify need for risk mitigation - ensure execution Conduct risk assessment to quantify and prioritize key business risks Align risk appetite statements with risk limits and key performance indicators Develop initial risk appetite statements Review initial risk appetite statements and validate 38

Risk assessment process Operationalizing risk assessments Business Strategy Risk Assessments Key Risk Mitigation Risk Control Effectiveness Management Action Plans Business Plan Objectives Includes review of: - Strategic - Operational - Emerging Risks Internal & External Audit Key Risks to Objectives Management Self Assessments Emerging Risks Self Audit Testing Risk Appetite Statements Key Risk Areas Key Risk Indicators Action Plan Activity Dashboard 39

Assessment of risk capital The ORSA requires an insurer to consider the following in its attitude towards managing risk capital: > Sound processes for assessing capital adequacy in relation to their risk profile and those processes should be integrated into the insurer s business decision making > Processes may assess risk capital through a myriad of metrics and future forecasting periods, reflecting varying time horizons, valuation approaches and capital management strategies (e.g. economic, rating agency, regulatory) > This section is intended to assist commissioners understand an insurer s capital adequacy in relation to its aggregate risk profiles 40

Assessment of risk capital Economic capital is typically assessed via use of financial modeling and includes analysis of key risks areas that may impact an organization: > Underwriting and reserving risks > Investment and credit risks > Market and liquidity risks > Strategic, emerging, and operational risks Output from capital models (deterministic or stochastic) can be utilized to assess risk reward trade-offs and create a linkage between risk appetite and risk-based decision making processes. 41

KEY ERM CHALLENGES 42

Some key ERM challenges 1) Insurers may not have effective ERM programs in place today & struggle to realize an ERM Value Proposition. This Value Proposition is simply to optimize return from a chosen risk-profile. 2) This Value Proposition can be achieved by employing an ERM Framework that enriches risk-based decision making processes, leveraging business and financial acumen across an organization. 3) This ERM Framework needs to be closely tied to the managing key business risks to be meeting strategic business objectives the risks that really matter! 4) Some organizations struggle to clearly articulate Key Risks to Meeting Business Objectives - and their chosen Risk Profile - to key stakeholders such as: employees, management, board of directors, regulators, shareholders, policyholders, and rating agencies. 5) Risk Profile can be expressed as Risk Appetite Statements or Risk Tolerance Levels, and should be defined as the level of risk a company is willing to accept in pursuing its goals & objectives. 6) Some consider Risk Appetite to be a theoretical concept, but organizations already have a risk appetite; the question is whether a mutual understanding exists between the board, management, and employees as to what it is. 7) Risk Appetites should be clearly linked to risks to meeting business objectives and demonstrate these key risks are effectively being Identified, Evaluated, Quantified, Monitored, and Mitigated. 8) Output from Financial Models such as capital models, catastrophe models, and financial projections (whether stochastic, deterministic, or cash-flow driven) can be utilized to assess risk reward trade-offs and create a linkage between risk appetite and risk-based decision making. 43

Disclosure Pursuant to the rules of professional conduct set forth in Circular 230, as promulgated by the United States Department of the Treasury, nothing contained in this communication was intended or written to be used by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer by the Internal Revenue Service, and it cannot be used by any taxpayer for such purpose. No one, without our express prior written permission, may use or refer to any tax advice in this communication in promoting, marketing, or recommending a partnership or other entity, investment plan, or arrangement to any other party. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. The information provided here is of a general nature and is not intended to address specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. 2014 Baker Tilly Virchow Krause, LLP 45

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information