NAIC OWN RISK AND SOLVENCY ASSESSMENT (ORSA

NAIC

OWN RISK AND SOLVENCY

ASSESSMENT (ORSA)

UIDANCE MANUAL

Maintained by the

Group Solvency Issues (E) Working Group

of the Financial Condition (E) Committee

As of December 2022

 

TheNAICistheauthoritativesourceforinsurancein dustryinformation.Ourexpertsolutionssupporttheefforts 

ofregulators,insurersandresearchersbyprovidingdetailedandcomprehensiveinsuranceinformation.TheNAIC

offersawiderangeofpublicationsinthefollowingcategories:

Accounting&Reporting

Informationaboutstatutoryaccountingprinciplesandthe

proceduresnecessaryforfilingfinancialannualstatements

andconductingrisk‐basedcapitalcalculations.



SpecialStudies

Studies,reports,handbooksandregulatoryresearch

conductedbyNAICmembersonavarietyofinsurancerelated

topics.



ConsumerInformation

Importantanswerstocommonquestionsaboutauto,home,

healthandlifeinsurance—aswellasbuyer’sguideson

annuities,long‐termcareinsuranceandMedicare supplement

plans.



StatisticalReports

Valuableandin‐demandinsuranceindustry‐widestatistical

dataforvariouslinesofbusiness,includingauto,home,

healthandlifeinsurance.

FinancialRegulation

Usefulhandbooks,compliance

guidesandreportsonfinancial

analysis,companylicensing,stateauditrequirementsand

receiverships.



SupplementaryProducts

Guidancemanuals,handbooks,surveysandresearchona

widevarietyofissues.

Legal

ComprehensivecollectionofNAICmodellaws,regulations

andguidelines;statelawsoninsurancetopics;andother

regulatoryguidanceonantifraudandconsumer

privacy.



CapitalMarkets&InvestmentAnalysis

Informationregardingportfoliovaluesandproceduresfor

complyingwithNAICreportingrequirements.



MarketRegulation

Regulatoryandindustryguidanceonmarket‐relatedissues,

includingantifraud,productfilingrequirements,producer

licensingandmarketanalysis.



WhitePapers

Relevantstudies,guidanceandNAICpolicypositionsona 

varietyofinsurancetopics.

NAICActivities

NAICmemberdirectories,in‐depthreportingofstate

regulatoryactivitiesandofficialhistoricalrecordsofNAIC

nationalmeetingsandotheractivities.





FormoreinformationaboutNAIC

publications,visitus at:

https://content.n aic.org/resource‐center



©1999‐2022NationalAssociationofInsuranceCommissioners.Allrightsreserved.



ISBN:978‐1‐64179‐193‐9



PrintedintheUnitedStatesofAmerica



Nopartofthisbookmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyanymeans,electronicor

mechanical,

includingphotocopying,recording,oranystorageorretrievalsystem,withoutwrittenpermissionfromtheNAIC.



NAICExecutiveOffice

444NorthCapitolStreet,NW

Suite700

Washington,DC20001

202.471.3990



NAICCentralOffice

1100WalnutStreet

Suite1500

KansasCity,MO64106

816.842.3600



NAICCapitalMarkets

&InvestmentAnalysisOffice

OneNewYorkPlaza,Suite4210

NewYork,NY10004

212.398.9000



Date: August 11, 2022

To: Users of the NAIC Own Risk and Solvency Assessment (ORSA) Guidance Manual

From: Group Solvency Issues (E) Working Group

This edition of the ORSA Guidance Manual has been revised from the previous edition. The following summarizes

the most significant changes since the December 2017 edition:

1. Added various updates throughout the ORSA Guidance Manual to incorporate additional elements

deemed appropriate by state insurance regulators, including additions from International Association of

Insurance Supervisors (IAIS) guidance to incorporate:

A. Enhancements related to the treatment and disclosure of liquidity and business strategies within the

Own Risk and Solvency Assessment (ORSA).

B. Enhancements related to additional considerations relevant to internationally active insurance groups

(IAIGs), as outlined in the Common Framework for the Supervision of Internationally Active

Insurance Groups (ComFrame).

ABLE OF CONTENTS

PAGE

INTRODUCTION 1

A. EXEMPTION 2

B. APPLICATION FOR WAIVER 3

C. GENERAL GUIDANCE 3

D. MAINTENANCE PROCESS 5

SECTION 1 – DESCRIPTION OF THE INSURER’S ENTERPRISE RISK MANAGEMENT FRAMEWORK 7

SECTION 2 – INSURER’S ASSESSMENT OF RISK EXPOSURES 7

SECTION 3 – GROUP ASSESSMENT OF RISK CAPITAL AND PROSPECTIVE SOLVENCY ASSESSMENT 9

A. GROUP ASSESSMENT OF RISK CAPITAL 9

B. PROSPECTIVE SOLVENCY ASSESSMENT 11

ADDITIONAL EXPECTATIONS FOR INTERNIONALLY ACTIVE INSURANCE GROUPS 12

APPENDIX – GLOSSARY 14

The requirements outlined in this manual are based on the requirements of the Risk

Management and Own Risk and Solvency Assessment Model Act (#505). An insurer using this

manual should refer to the laws adopted by the insurer’s state of domicile when determining

its requirements for risk management, determining its Own Risk and Solvency Assessment

(ORSA), and preparing its ORSA Summary Report.

INTRODUCTION

The purpose of this manual is to provide guidance to an insurer and/or an insurance group of which

the insurer is a member, hereinafter referred to as “insurer” or “insurers,” with regard to reporting

on its Own Risk and Solvency Assessment (ORSA), as required by the domestic state’s version of

the Risk Management and Own Risk and Solvency Assessment Model Act (#505).

The ORSA, which is a component of an insurer’s enterprise risk management (ERM) framework,

is a confidential internal assessment appropriate to the nature, scale, and complexity of an insurer

conducted by that insurer of the material and relevant risks identified by the insurer associated

with an insurer’s current business plan and the sufficiency of capital resources to support those

risks. As described below, an insurer that is subject to the ORSA requirements will be expected

to:

1. Regularly—i.e., no less than annually—conduct an ORSA to assess the adequacy of its risk

management framework, as well as its current and estimated projected future solvency

position.

2. Internally document the process and results of the assessment.

3. Provide a confidential high-level ORSA Summary Report annually to the lead state

commissioner if the insurer is a member of an insurance group and, upon request, to the

domiciliary state insurance regulator.

The ORSA has two primary goals:

1. To foster an effective level of ERM at all insurers, through which each insurer identifies,

assesses, monitors, prioritizes, and reports on its material and relevant risks identified by

the insurer using techniques that are appropriate to the nature, scale, and complexity of the

insurer’s risks in a manner that is adequate to support risk and capital decisions.

2. To provide a group-level perspective on risk and capital as a supplement to the existing

legal entity view.

An insurer that is subject to the ORSA requirement should consider the guidance provided in this

manual when conducting its ORSA and compiling its ORSA Summary Report. As the process and

results are likely to include proprietary and forward-looking information, any ORSA Summary

Report submitted to the commissioner shall be confidential by state law.

A. EXEMPTION

An insurer shall be exempt from maintaining a risk management framework, conducting an Own

Risk and Solvency Assessment (ORSA) and filing an ORSA Summary Report, if:

1. The individual insurer’s annual direct written and unaffiliated assumed premium, including

international direct and assumed premium but excluding premiums reinsured with the

Federal Crop Insurance Corporation (FCIC) and the National Flood Insurance Program

(NFIP), is less than $500 million.

2. If the insurer is a member of an insurance group and the insurance group’s—i.e., all

insurance legal entities within the group—annual direct written and unaffiliated assumed

premium, including international direct and assumed premium but excluding premiums

reinsured with the FCIC and the NFIP, is less than $1 billion.

If the insurer does not qualify for an exemption, upon the commissioner’s request, and no more

than once each year, an insurer shall submit to the commissioner an ORSA Summary Report that

contains the information described in this manual. If the group is an internationally active

insurance group (IAIG) with a U.S. global group-wide supervisor, a group ORSA Summary Report

should be filed; otherwise, a single or combination of reports may be used by the insurer to

represent the group perspective. For example, the property/casualty (P/C) insurers within a group

could be included in one ORSA Summary Report or a combination of reports, and the life insurers

within the same group could be included in another ORSA Summary Report or a combination of

reports if those groups operate under different enterprise risk management (ERM) frameworks.

Notwithstanding any request from the commissioner, if the insurer is a member of an insurance

group, the insurer shall submit the ORSA Summary Report(s) required by this manual to the lead

state commissioner of the insurance group. The lead state is determined by the procedures within

the Financial Analysis Handbook.

If an insurer qualifies for an exemption pursuant to paragraph 1 but the insurance group of which

the insurer is a member does not qualify for an exemption pursuant to paragraph 2, then the insurer

may supply an ORSA Summary Report in any combination, as long as every insurer within the

group is covered by the ORSA Summary Report(s).

If an insurer does not qualify for an exemption pursuant to paragraph 1 but the insurance group of

which it is a member qualifies for an exemption under paragraph 2, then the only ORSA Summary

Report that may be required is the report of that insurer. However, such an exemption does not

eliminate the requirement for any insurer that is subject to the Risk Management and Own Risk

and Solvency Assessment Model Act (#505) to complete Section III – Group Assessment of Risk

Capital and Prospective Solvency Assessment.

Notwithstanding the above exemptions, the commissioner may require the insurer to maintain a

risk management framework; conduct an ORSA; and file an ORSA Summary Report based on

unique circumstances, including, but not limited to, the type of business written, ownership and

organizational structure, federal agency requests, international supervisor requests, and regulatory

concerns about the rapidly growing concentration of risk or risk exposure.

A commissioner may also require the insurer to maintain a risk management framework; conduct

an ORSA; and file an ORSA Summary Report if the insurer has triggered a risk-based capital

(RBC) company-action-level event, meets one or more of the standards of an insurer deemed to

be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer, as

determined by the commissioner.

If an insurer that qualifies for an exemption subsequently no longer qualifies for that exemption

due to changes in premium, as reflected in the insurer’s most recent annual financial statement or

in the most recent annual financial statements of the insurers within the insurance group of which

the insurer is a member, the insurer shall have one year following the year the threshold is exceeded

to comply with the ORSA requirements.

B. APPLICATION FOR WAIVER

An insurer that does not qualify for an exemption may apply to the commissioner for a waiver

from the requirements of the Own Risk and Solvency Assessment (ORSA) based upon unique

circumstances. The commissioner may consider various factors, including, but not limited to, the

type of business entity, volume of business written, and material reduction in risk or risk exposures.

If the insurer is part of a nonexempted insurance group, the commissioner shall coordinate with

the lead state commissioner and the other domiciliary commissioners in considering the request

for a waiver.

C. GENERAL GUIDANCE

The Own Risk and Solvency Assessment (ORSA) should be one element of an insurer’s enterprise

risk management (ERM) framework. The ORSA and the ORSA Summary Report link the insurer’s

risk identification, assessment, monitoring, prioritization, and reporting processes with capital

management and strategic planning. Each insurer’s ORSA and ORSA Summary Report will be

unique, reflecting the insurer’s business, strategic planning, and approach to ERM. The

commissioner will utilize the ORSA Summary Report to gain a high-level understanding of the

insurer’s ORSA. The ORSA Summary Report will be supported by the insurer’s internal risk

management materials.

To allow the commissioner to achieve a high-level understanding of the insurer’s ORSA, the

ORSA Summary Report should discuss three major areas, which will be referred to as the

following sections:

 Section 1 – Description of the Insurer’s Risk Management Framework

 Section 2 – Insurer’s Assessment of Risk Exposures

 Section 3 – Group Assessment of Risk Capital and Prospective Solvency Assessment

When developing an ORSA Summary Report, the content should be consistent with the ERM

information that is reported to senior management and/or the Board of Directors or the appropriate

committee. While some of the format, structure, and content of the ORSA Summary Report may

be tailored for the state insurance regulator, the content should be based on the insurer’s internal

reporting of its ERM information. The ORSA Summary Report itself does not need to be the

medium of reporting its ERM to the Board of Directors or the appropriate committee, and the

report to the Board of Directors or the appropriate committee may not be at the same level of detail

as the ORSA Summary Report.

In order to aid the commissioner’s understanding of the information provided in the ORSA

Summary Report, it should include certain key information. The ORSA Summary Report should

identify the basis(es) of accounting for the report (e.g., generally accepted accounting principles

[GAAP], statutory accounting principles [SAPs], or international financial reporting standards)

and the date or time period that the numerical information represents. The ORSA Summary Report

should also explain the scope of the ORSA conducted such that the report identifies which

insurer(s) are included in the report. This may be accomplished by including an organizational

chart. In subsequent years, the ORSA Summary Report should also include a short summary of

material changes to the ORSA from the prior year, including supporting rationale, as well as

updates to the sections listed above, if applicable.

The commissioner may develop a deeper understanding of the insurer’s ERM framework upon

examination or an annual risk-focused update. Additionally, as part of the risk-focused analysis

and/or examination process, the commissioner may also request and review confidential

supporting materials to supplement his/her understanding of the information contained in the

ORSA Summary Report. These materials may include risk management policies or programs, such

as the insurer’s underwriting, investment, claims, asset and liability management (ALM),

reinsurance counterparty, and operational risk policies.

This manual is intended to provide guidance for completing each section of the ORSA Summary

Report. The depth and detail of information are likely to be influenced by the nature and

complexity of the insurer and should be updated at least annually for the insurer. The insurer is

permitted discretion to determine how best to communicate its ERM processes. An insurer may

avoid duplicative information and supporting documents by referencing other documents,

provided that those documents are available to the state insurance regulator upon examination or

request. In order to ensure that the commissioner is receiving the most current information from

an insurer, the timing for filing the ORSA Summary Report during the calendar year may vary

from insurer to insurer, depending on when an insurer conducts its internal strategic planning

process. In any event, the ORSA Summary Report shall be filed once each year, with the insurer

apprising the commissioner as to the anticipated time of filing.

The ORSA Summary Report shall include a signature of the insurer’s chief risk officer or other

executive having responsibility for the oversight of the insurer’s ERM process attesting to the best

of his/her belief and knowledge that the insurer applies the ERM process described in the ORSA

Summary Report and that a copy of the ORSA Summary Report has been provided to the insurer’s

board of directors or the appropriate committee.

An insurer may comply with the ORSA requirement by providing the most recent report(s)

filed

by the insurer or another member of an insurance group of which the insurer is a member to the

commissioner of another state or a supervisor or regulator of a foreign jurisdiction if that report

provides information that is comparable to the information described in this manual. If a U.S. state

insurance commissioner is the global group-wide supervisor of an internationally active insurance

group (IAIG), the U.S. state insurance commissioner should receive the ORSA Summary Report

covering all material group-wide insurance operations. In addition, the insurer should work with a

U.S. global group-wide supervisor to identify the scope of the group, whether the group is an IAIG

or not; identify the head of the IAIG using the guidance contained in the Financial Analysis

Handbook; and determine which noninsurance operations, if any, within the group should be

included within the scope of the group and therefore the ORSA Summary Report. However, for

all ORSA filers, the noninsurance operations that present material and relevant risks to the insurer

should be included in the scope of the ORSA Summary Report.

Reports filed to foreign jurisdictions that are a report on an insurer’s ORSA shall henceforth for the purposes of this

manual be referred to as an ORSA Summary Report.

If the U.S. is not the global group-wide supervisor, the insurer may file ORSA Summary Reports

encompassing, at a minimum, the U.S. insurance operations as long as the lead state receives

ORSA Summary Reports encompassing the non-U.S. insurance operations from the global group-

wide supervisor. If an ORSA Summary Report encompassing the non-U.S. insurance operations

is not provided by the global group-wide supervisor, it should be provided by the insurer. If the

insurer files an ORSA Summary Report encompassing only the U.S. insurance operations, and in

it, the insurer states that the U.S. ERM framework is based on the insurers’ global ERM

framework, then the global ERM framework should be explained either within the U.S. ORSA

Summary Report or in an ORSA Summary Report encompassing the non-U.S. insurance

operations and be provided to the lead state at a time agreed upon by the insurer and the lead state.

If the report is in a language other than English, it must be accompanied by a translation into the

English language. The commissioner should discuss with the global group-wide supervisor from

the relevant foreign jurisdiction(s) the report received to inquire about any concerns and either

confirm that the report was compliant with the foreign jurisdiction’s requirements or consistent

with the applicable principles outlined in the International Association of Insurance Supervisors

(IAIS) Insurance Core Principle (ICP) 16: Enterprise Risk Management to the extent included in

this manual, as well as this manual to determine if additional information is needed. The

commissioner will, where possible, avoid creating duplicative regulatory requirements for

internationally active insurers.

In analyzing an ORSA Summary Report, the commissioner will expect that the report represents

a work product of the ERM framework that includes all of the material risks identified by the

insurer to which an insurer(s), if applicable, is exposed.

The ORSA Summary Report may assist the commissioner in determining the scope, depth, and

minimum timing of risk-focused analysis and examination procedures. For example, insurers may

have varying ERM frameworks, ranging from a business plan to a combination of investment plans

and underwriting policies to more complex risk management processes and sophisticated

modeling. Insurers with ERM frameworks appropriate to their risk profile may not require the

same scope or depth of review upon examination and analysis as those with less relatively

comprehensive ERM frameworks. Therefore, the insurer should consider whether the ORSA

Summary Report demonstrates the strengths of its framework, including how it meets the

guidelines within this manual for the relative risk of the insurer.

In addition to the ORSA Summary Report, the insurer should internally document the ORSA

results to facilitate a more in-depth review by the commissioner through analysis and examination

processes. Such a review may depend on several factors, such as the nature, complexity, financial

position, and/or prioritization of the insurer, as well as external considerations such as the

economic environment. These factors may result in the commissioner requesting additional

information about the insurer’s ERM framework through the financial analysis or examination

processes. The information requested may include, but is not limited to, risk management policies

and programs, such as the insurer’s underwriting, investment, claims, duration, or ALM, as well

as reinsurance counterparty or operational risk policies.

D. MAINTENANCE PROCESS

The following establishes procedures of the Group Solvency Issues (E) Working Group or its

designated subgroup for proposed changes, amendments, and/or modifications to the manual:

1. The Working Group may consider relevant proposals to change the manual at any

conference call, interim, or national meeting throughout the year as scheduled by the

Working Group.

2. If a proposal for suggested changes, amendments, and/or modifications is submitted to or

filed with NAIC staff support, it may be considered at the next regularly scheduled meeting

of the Working Group.

3. The Working Group publishes a formal submission form and instructions that can be used

to submit proposals, which are available on the Working Group’s web page. However,

proposals may also be submitted in an alternate format provided that they are stated in a

concise and complete format. In addition, if another NAIC committee, task force, or

working group is known to have considered this proposal, that committee, task force, or

working group should provide any relevant information.

4. Any proposal that would change the manual will be effective Jan. 1 following the NAIC

Summer National Meeting—i.e., of the preceding year—in which it was adopted by the

Working Group (e.g., a change proposed to be effective Jan. 1, 2018, must be adopted by

the Working Group no later than the 2017 Summer National Meeting) and the Fall National

Meeting in which it was adopted by the NAIC.

5. Upon receipt of a proposal, the Working Group will review the proposal at the next

scheduled meeting and determine whether to consider the proposal for adoption. If the

proposal is to be considered by the Working Group, it will be exposed for public comment.

The public comment period shall be no less than 30 days and may be extended by the

Working Group. The Working Group will consider comments received on each proposal

at its next meeting and take action to revise, adopt, reject, refer, or continue the

consideration of the proposal and comments thereto. Proposals under consideration may

be deferred by the Working Group until the following scheduled meeting. The Working

Group may form an ad hoc group to study the proposal, if needed. The Working Group

may also refer proposals to other NAIC committees for technical expertise or review. If a

proposal has been referred to another NAIC committee, the proposal will temporarily be

removed from the Working Group’s agenda until a response has been received. At that

time, it will be added back to the Working Group’s agenda.

6. NAIC staff support will prepare an agenda inclusive of all proposed changes. The agenda

and relevant materials shall be sent via e-mail to each member of the Working Group,

interested state insurance regulators, and interested parties and posted to the Working

Group’s web page approximately 5 to 10 business days prior to the next regularly

scheduled meeting during which the proposal would be considered.

7. In rare instances, or where emergency action may be required, suggested changes and

amendments can be considered as an exception to the above-stated process and timeline

based on a two-thirds majority consent of the Working Group members present.

Notwithstanding the foregoing, in no event may a proposal be adopted without an exposure

for public comment.

8. NAIC staff support will publish the manual on or about Dec. 15 of each year. NAIC staff

will post to the Working Group and NAIC Publications web pages the current versions and

any material subsequent corrections to these publications.

SECTION 1 – DESCRIPTION OF THE INSURER’S ENTERPRISE RISK MANAGEMENT

FRAMEWORK

An effective enterprise risk management (ERM) framework should, at a minimum, incorporate the

following key principles:

 Risk Culture and Governance – A governance structure that clearly defines and

articulates roles, responsibilities, and accountabilities; and a risk culture that supports

accountability in risk-based decision making.

 Risk Identification and Prioritization – A risk identification and prioritization process

that is key to the organization; responsibility for this activity is clear; the risk management

function is responsible for ensuring that the process is appropriate and functioning properly

at all organizational levels; key risks of the insurer are identified, prioritized, and clearly

presented.

 Risk Appetite, Tolerances, and Limits – A formal risk appetite statement and associated

risk tolerances and limits are foundational elements of risk management for an insurer; an

understanding of the risk appetite statement ensures alignment with risk strategy by the

Board of Directors.

 Risk Management and Controls – Managing risk is an ongoing ERM activity, operating

at many levels within the organization.

 Risk Reporting and Communication – Provides key constituents with transparency into

the risk management processes and facilitates active, informal decisions on risk-taking and

management.

Section 1 of the Own Risk and Solvency Assessment (ORSA) Summary Report should provide a

high-level summary of the aforementioned ERM framework principles, if present. The ORSA

Summary Report should describe the main goals and objectives of the insurers’ business strategy—

i.e., for all insurance and noninsurance operations in scope—and how the insurer identifies and

categorizes relevant and material risks and manages those risks as it executes its business strategy.

The ORSA Summary Report should also describe risk monitoring processes and methods, provide

risk appetite statements, and explain the relationship between risk tolerances and the amount and

quality of risk capital. The ORSA Summary Report should identify assessment tools (e.g.,

feedback loops) used to monitor and respond to any changes in the insurer’s risk profile due to

economic changes, operational changes, or changes in business strategy. Finally, the ORSA

Summary Report should describe how the insurer incorporates new risk information in order to

monitor and respond to changes in its risk profile due to economic and/or operational changes and

changes in strategy.

The manner and depth in which the insurer addresses these principles are dependent upon its own

risk management processes. Any strengths or weaknesses noted by the commissioner in evaluating

this section of the ORSA Summary Report will have relevance to the commissioner’s ongoing

supervision of the insurer, and the commissioner will consider the entirety of the risk management

program and its appropriateness for the risks of the insurer.

SECTION 2 – INSURER’S ASSESSMENT OF RISK EXPOSURES

Section 2 of the Own Risk and Solvency Assessment (ORSA) Summary Report should provide a

high-level summary of the quantitative and/or qualitative assessments of risk exposure in both

normal and stressed environments for each material risk category in Section 1. This assessment

process should consider a range of outcomes using risk assessment techniques that are appropriate

to the nature, scale, and complexity of the risks. Examples of relevant material risk categories may

include, but are not limited to, credit, market, liquidity, underwriting, and operational risks.

Section 2 may include detailed descriptions and explanations of the material and relevant risks

identified by the insurer, the assessment methods used, key assumptions made, risk-mitigation

activities, and outcomes of any plausible adverse scenarios assessed. The assessment of each risk

will depend on its specific characteristics. For some risks, quantitative methods may not be well

established, and in these cases, a qualitative assessment may be appropriate. Examples of these

risks may include certain operational and reputational risks. In addition, each insurer’s quantitative

methods for assessing risk may vary; however, insurers generally consider the likelihood and

impact that each material and relevant risk identified by the insurer will have on the firm’s balance

sheet, income statement, and future cash flows. Methods for determining the impact on a future

financial position may include simple stress tests or more complex stochastic analyses. When

evaluating a risk, the insurer should analyze the results under both normal and stressed

environments. Lastly, the insurer’s risk assessment should consider the impact of stresses on

capital, which may include the consideration of risk capital requirements; available capital; and

regulatory, economic, rating agency, and/or other views of capital requirements.

The analysis should be conducted in a manner that is consistent with the way in which the business

is managed, whether on a group, legal entity, or another basis. Stress tests for certain risks may be

performed at the group level. Where relevant to the management of the business, some group-level

stresses may be mapped into legal entities. The commissioner may request additional information

to map the results to an individual insurance legal entity.

Any risk tolerance statements should include material quantitative and qualitative risk tolerance

limits and how the tolerance statements and limits are determined, taking into account relevant and

material categories of risk and the risk relationships that are identified.

Because the risk profile of each insurer is unique, each insurer should utilize assessment techniques

(e.g., stress tests, etc.) applicable to its risk profile. U.S. state insurance regulators do not believe

there is a standard set of stress conditions that each insurer should test. The commissioner may

provide input regarding the level of stress that the insurer’s management should consider for each

risk category. The ORSA Summary Report should provide a general description of the insurer’s

process for model validation, including factors considered and model calibration. Unless a

particular assumption is stochastically modeled, the group’s management should set assumptions

regarding the expected values based on its current anticipated experience, what it expects to occur

during the next year or multiple future years, and consideration of expert judgment. The

commissioner may provide input to an insurer’s management on the assumptions and scenarios to

be used in its assessment techniques. For assumptions that are stochastically modeled, the

commissioner may provide input on the level of the measurement metric to use in the stressed

condition or specify particular parameters used in the economic scenario generator (ESG).

Commissioner input will likely occur during the financial analysis process and/or the financial

examination process.

By identifying each material risk category independently and reporting results in both normal and

stressed conditions, insurer management and the commissioner are better placed to evaluate certain

risk combinations that could cause an insurer to fail. One of the most difficult exercises in

modeling insurer results is determining the relationships, if any, between risk categories. History

may provide some empirical evidence of relationships, but the future is not always best estimated

by historical data.

SECTION 3 – GROUP ASSESSMENT OF RISK CAPITAL AND PROSPECTIVE

SOLVENCY ASSESSMENT

Section 3 of the Own Risk and Solvency Assessment (ORSA) Summary Report should describe

how the insurer combines the qualitative elements of its risk management policy with the

quantitative measures of risk exposure in determining the level of financial resources needed to

manage its current business and over a longer-term business cycle (e.g., the next one to three

years). The group risk capital assessment should be performed as part of the ORSA, regardless of

the basis (e.g., group, legal entity, or another subset basis) and in a manner that encompasses the

entire insurance group. The information provided in Section 3 is intended to assist the

commissioner in assessing the quality of the insurer’s risk and capital management.

A. GROUP ASSESSMENT OF RISK CAPITAL

Within the group assessment of risk capital, aggregate available capital is compared against the

various risks that may adversely affect the enterprise. The insurer should consider how the group

capital assessment is integrated into the insurer’s management and decision-making culture, how

the insurer evaluates its available capital, and how risk capital is integrated into its capital-

management activities.

The insurer should have sound processes for assessing capital adequacy in relation to its risk

profile, and those processes should be integrated into the insurer’s management and decision-

making culture. These processes may assess risk capital through myriad metrics and future

forecasting periods, reflecting varying time horizons, valuation approaches, and capital-

management strategies (e.g., the mix of capital). While a single internal risk capital measure may

play a primary role in internal capital adequacy assessment, insurers may evaluate how risk and

capital interrelate over various time horizons or through the lens of alternative risk capital or

accounting frameworks; i.e., economic, rating agency, and/or regulatory frameworks. This section

is intended to assist the commissioner in understanding the insurer’s capital adequacy in relation

to its aggregate risk profiles.

The group capital assessment should include a comparative view of risk capital from the prior year,

including an explanation of the changes, if not already explained in another section of the Own

Risk and Solvency Assessment (ORSA) Summary Report. This information may also be requested

by the commissioner throughout the year, if needed (e.g., if material changes in the macroeconomic

environment and/or microeconomic facts and circumstances suggest that the information is needed

for the ongoing supervisory plan).

The analysis of an insurer’s group assessment of risk capital requirements and associated capital

adequacy description should be accompanied by a description of the approach used in conducting

the analysis. This should include key methodologies, assumptions, and considerations used in

quantifying available capital and risk capital. Examples might include:

Considerations Description of Methodologies and

Assumptions

Examples (not

exhaustive)

Definition of Solvency Describe how the insurer defines

solvency for the purpose of

determining risk capital and liquidity

requirements.

Cash flow basis; balance

sheet basis

Accounting or Valuation

Regime

Describe the accounting or valuation

basis for the measurement of risk

capital requirements and/or available

capital.

Generally accepted

accounting principles

(GAAP); statutory;

economic or market

consistent; International

Financial Reporting

Standards (IFRS); rating

enc

model

Business Included Describe the subset of business

included in the analysis of capital.

Positions as of a given

valuation date; new

usiness assumptions

Time Horizon Describe the time horizon over which

risks were modeled and measured.

One-year, multi-year;

lifetime; run-off

Risks Modeled Describe the risks included in the

measurement of risk capital, including

whether all relevant and material risks

identified by the insurer have been

considere

Credit; market;

liquidity; insurance;

operational

Quantification Method Describe the method used to quantify

the risk exposure.

Deterministic stress

tests; stochastic

modeling; factor-based

anal

sis

Risk Capital Metric Describe the measurement metric

utilized in the determination of

aggregate risk capital.

Value at risk (VaR),

which quantifies the

capital needed to

withstand a loss at a

certain probability; tail

value at risk (TVaR),

which quantifies the

capital needed to

withstand average losses

above a certain

probability; probability

of ruin, which quantifies

the probability of ruin

iven the capital hel

Defined Security

Standard

Describe the defined security standard

utilized in the determination of risk

capital requirements, including

linkage to business strategy and

objectives.

AA solvency; 99.X%

one-year VaR; Y%

TVaR or conditional tail

expectation (CTE); X%

of risk-based capital

(RBC)

Considerations Description of Methodologies and

Assumptions

Examples (not

exhaustive)

Aggregation and

Diversification

Describe the method of aggregation of

risks and any diversification benefits

considered or calculated in the group

risk capital determination.

Correlation matrix;

dependency structure;

sum; full/partial/no

diversification

The approach and assessment of group-wide capital adequacy should also consider the following:

 Elimination of intra-group transactions and double gearing, where the same capital is used

simultaneously as a buffer against risk in two or more entities.

 The level of leverage, if any, resulting from holding company debt.

 Diversification credits and restrictions on the fungibility of capital within the holding

company system, including the availability and transferability of surplus resources created

by holding company system-level diversification benefits.

 The effects of contagion risk, concentration risk, and complexity risk in the group

assessment of risk capital.

The goal of the group capital assessment is to provide an overall determination of risk capital needs

for the insurer based on the nature, scale, and complexity of risk within the group and its risk

appetite; and compare that risk capital to available capital to assess capital adequacy. Group

assessment of risk capital should not be perceived as the minimum amount of capital before

regulatory action will result (e.g., the triggers in the Risk-Based Capital (RBC) for Insurers Model

Act [#312]); rather, it should be recognized that this is the capital needed within a holding company

system to achieve its business objectives.

The insurer should also monitor the effect of liquidity risk, including calls on the insurer’s cash

position due to microeconomic factors—i.e., internal operational—and/or macro-economic

factors; i.e., economic shifts. The insurer should assess its resilience against severe but plausible

liquidity stresses and whether the current liquidity position is within any liquidity risk appetite

and/or limits. The insurer should describe in the ORSA the policies and processes in place to

manage liquidity risk, as well as contingency funding or other plans to mitigate potential liquidity

stresses.

B. PROSPECTIVE SOLVENCY ASSESSMENT

The insurer’s capital assessment process should be closely tied to business planning. To this end,

the insurer should have a robust capital forecasting capability that supports its management of risk

over the planning time horizon in line with its stated risk appetite. The forecasting process should

consider material and relevant changes identified by the insurer to the insurer’s internal operations

and the external business environment. It should also consider the prospect of operating in both

normal and stressed environments.

The insurer’s prospective solvency assessment should demonstrate that it has the financial

resources necessary to execute its multi-year business plan in accordance with its stated risk

appetite. If the insurer does not have the necessary available capital in terms of quantity and/or

quality to meet its current and projected risk capital requirements, then it should describe the

management actions it has taken or will take to remedy any capital adequacy concerns. These

management actions may include or describe any modifications to the business plan or

identification of additional capital resources.

The prospective solvency assessment is, in effect, a feedback loop. The insurer should project its

future financial position, including its projected economic and regulatory capital to assess its

ability to meet the regulatory capital requirements. Factors to be considered are the insurer’s

current risk profile, its risk management policy, and its quality and level of capital, including any

changes to its current risk profile caused by executing the multi-year business plan. The

prospective solvency assessment should also consider both normal and stressed environments.

While the prospective solvency assessment includes capital projections, the prospective solvency

assessment should also include a discussion of prospective risks impacting the capital projections.

This discussion should address whether risk exposures are expected to increase or decrease in the

future and what steps the insurer plans to take that may change its risk exposures. The term

“prospective” should pertain to both existing risks likely to intensify and emerging risks with the

potential to impact the insurer in the future.

If the prospective solvency assessment is performed for each individual insurer, the assessment

should take into account any risks associated with group membership. Such an assessment may

involve a review of any group solvency assessment and the methodology used to allocate group

capital across insurance legal entities, as well as consideration of capital fungibility; i.e., any

constraints on risk capital or the movement of risk capital to legal entities.

ADDITIONAL EXPECTATIONS FOR INTERNIONALLY ACTIVE INSURANCE GROUPS

This section identifies additional enterprise risk management (ERM) expectations that are

applicable to internationally active insurance groups (IAIGs) and should be discussed in the Own

Risk and Solvnecy Assessment (ORSA) Summary Report. These expectations are generally

consistent with elements outlined in the International Association of Insurance Supervisors (IAIS)

Common Framework for the Supervision of Internationally Active Insurance Groups

(ComFrame), and they have been incorporated into this manual to the extent deemed appropriate

by state insurance regulators.

As stated earlier in this document, an aggregated ORSA Summary Report should be filed at the

head of the IAIG level. The head of the IAIG should ensure that the risk management strategy and

framework described in the ORSA, whether located at the head of the IAIG or within another legal

entity of the IAIG, encompass both the head of the IAIG and the legal entities within the IAIG to

promote a sound risk culture across the group.

The risk management strategy should be approved by the IAIG Board, with regular risk

management reporting provided to the IAIG Board or one of its committees.

The risk management framework should be integrated with the organizational structure of the IAIG

and within its legal entities, as appropriate, to ensure that the decision-making processes, business

operations, and risk culture of the IAIG are implemented. In addition, the framework should allow

for the measurement of risk exposures of the IAIG against established risk limits on an ongoing

basis in order to identify potential concerns as early as possible. This framework should cover, at

a minimum:

 The diversity and the geographical reach of IAIG activities.

 The nature and degree of risks in individual legal entities and business lines.

 The aggregation of risks across entities within the IAIG.

 The interconnectedness of legal entities within the IAIG.

 The level of sophistication and functionality of information and reporting systems in

addressing key risks.

 The applicable laws and regulations of the jurisdictions where the IAIG operates.

The risk management framework should promote a sound risk culture across all legal entities of

the IAIG by having policies and processes that include risk management training, address

independence, create appropriate incentives for staff involved in risk management, and encourage

timely evaluation and open communication of emerging risks that may be significant to the IAIG

and its legal entities.

The risk management framework of the IAIG should be reviewed at least annually to ensure that

existing and emerging risks, as well as changes in structure and business strategy, are taken into

account. Necessary modifications and improvements to the risk management framework should

be made in a timely manner.

The IAIG’s ORSA should explain how the risk management function, actuarial function, and

internal audit function are involved in the risk management of the IAIG. The ORSA should explain

the main activities of each of these functions. Furthermore, the ORSA should describe how the

risk management function remains independent from risk-taking activities. The ORSA should

describe how the actuarial function is involved in the risk assessment and management of the risks

emanating from the legal entities in determining the IAIG’s solvency position, in any actuarial-

related modeling in the ORSA, and in the annual reporting to the IAIG Board of Directors on the

risks posed to the IAIG. Finally, the ORSA should describe how the audit function provides an

independent assessment and assurance to the IAIG Board of Directors of the operational

effectiveness of the internal controls incorporated into the risk management framework.

The risk management strategy and framework of an IAIG should generally be consistent, and any

material differences should be described in the ORSA strategic risk. The investment policies

should ensure that assets are properly diversified and asset concentration risk is mitigated across

the IAIG:

 Mechanisms to keep track of intra-group transactions that have a significant impact on the

IAIG, the risks arising from these transactions, and the qualitative and quantitative

restrictions on these risks. These intra-group transactions may include loans, guarantees,

dividend payments, reinsurance, transactions across different financial services entities

within the IAIG, and any activity undertaken by individual legal entities that may change

the risk profile of the IAIG.

 An economic capital model to measure all relevant and material risks that the IAIG faces

in different sectors, jurisdictions, and economic environments. The model should estimate

the amount of capital needed in reasonably foreseeable adverse situations. The results of

the model, how the risks were aggregated in the model, how the diversification benefit was

estimated, and the underlying assumptions used in the model should be presented in the

ORSA. The ORSA should show both the economic and the regulatory capital at the head

of the IAIG level. A discussion of the fungibility of capital and the transferability of assets

within the group should also be included.

 Risk measurements that include stress and reverse stress testing and scenario analysis

deemed relevant to the risk profile of the IAIG.

 Risk measurements of the resilience of its total balance sheet against plausible

macroeconomic stresses.

 Risk measurements that assess the aggregate investment counterparty exposures and the

effect of severe but plausible stress events on those exposures. In addition, the IAIG should

have an investment counterparty risk appetite statement to determine if the current

exposures are within the risk appetite, and this should be presented in the ORSA.

The risk management framework should include a series of mechanisms to manage the IAIG’s

liquidity risk and demonstrate the IAIG’s resilience against severe but plausible liquidity stresses.

These mechanisms include:

 A liquidity risk appetite statement and liquidity risk limits to determine if the current

liquidity position of the IAIG is within the risk appetite and the limits.

 Strategies, policies, and processes to manage liquidity risk.

 Liquidity stress testing.

 An adequate level of unencumbered highly liquid assets.

 Contingency funding to mitigate potential liquidity stresses.

The IAIG may be asked by the group-wide supervisor to devolop a recovery plan, if warranted. A

recovery plan identifies in advance options to restore the financial position and viability of the

group if it comes under severe stress. The full recovery plan is not expected to be included in the

ORSA Summary Report; however, the ORSA Summary Report should discuss at a high level the

severe stresses that could trigger a recovery plan, and it should summarize the recovery options

available.

The risk management framework should be reviewed by the insurer at least once every three years

in order to ascertain that it remains fit for purpose based on the risk profile, structure, and business

strategy of the IAIG. The review may be carried out by an internal or external body as long as it is

neither responsible nor involved in the risk management framework that it reviews.

APPENDIX – GLOSSARY

Term Definition

Available Capital The amount of resources that an enterprise has at a given point in

time under a defined valuation or accounting basis (e.g., economic,

statutory, generally accepted accounting principles [GAAP], or a

combination) to support its business and under the defined

valuation represents the insurer’s assessment of the types of capital

required to support its business.

Conditional Tail

Expectation (CTE)

(also known as Tail

Value at Risk [TVaR])

A measure of the amount of risk that exists in the tail of a

distribution of outcomes, expressed as the probability-weighted

average of the outcomes beyond a chosen point in the distribution.

Typically expressed as CTE (1-x), which would be calculated as

the probability-weighted average of the worst x% of outcomes. For

example, CTE 95 is calculated as the probability-weighted average

of the worst 5% of outcomes, CTE 97 is the probability-weighted

average of the worst 3% of outcomes, etc. CTE can be used as a

of definin

a particular securit

standard.

Term Definition

Correlation Matrix A symmetric matrix specifying pairwise interactions between a set

of variables or data. A correlation matrix is commonly applied to

risks or capital amounts and is an important determinant of

calculated risk capital, includin

levels of diversi

ication.

Deficit Capital If the amount of available capital is less than the determined risk

capital of an enterprise, then the enterprise is said to have deficit

capita

Defined Security

Standard

The minimum threshold of available capital that a company

wishes to achieve or maintain, consistent with the company’s

usiness strate

, risk appetite, and risk tolerance.

Dependency Structure Specification of the relationship between different variables.

Commonl

specified in a correlation matrix.

Diversification The extent to which the combined impact of risks inherent to

assets and liabilities is less than the sum of the impacts of each risk

considered in isolation.

Double Gearing Used to describe situations where multiple companies, typically

parent and subsidiary, are using shared capital to buffer against

risk occurrin

in separate entities.

Economic Capital The amount of capital that an insurer is required to absorb in

unexpected losses based on its risk profile and risk appetite.

Excess Capital If the amount of available capital is greater than the determined

risk capital of an enterprise, the enterprise is said to have excess

capita

Fungibility Within a group context, the ability to redeploy available capital

from one entity to another. Fungibility is reduced where the

movement of available capital within the group is constrained or

ulation prohibits it.

Group Capital Group capital represents the aggregate available capital or risk

capital for the entire group. It will be impacted by the interaction

of the risks and capital of the individual entities within the group,

with properties such as diversification, fungibility, and the quality

and form of capital bein

important drivers.

Internationally Active

Insurance Group (IAIG)

An insurance holding company system meeting

the following criteria:

1. Premiums written in at least three countries.

2. The percentage of gross premiums written outside the

home country is at least 10% of the insurance holding

company system’s total gross written premiums.

3. Based on a three-year rolling average, the total assets of the

insurance holding company system are at least $50 billion,

or the total gross written premiums of the insurance

holdin

compan

stem are at least $10

illion.

Probability of Ruin The likelihood of liabilities exceeding assets for a given time

horizon.

Reverse Stress Test An analysis of those scenarios that would render the insurer

insolvent.

Risk Appetite Documents the overall principles that a company follows with

respect to ris

-takin

iven its business strate

, financial

Term Definition

soundness objectives, and capital resources. Often stated in

qualitative terms, a risk appetite defines how an organization

weighs strategic decisions and communicates its strategy to key

stakeholders with respect to risk-taking. It is designed to enhance

management’s ability to make informed and effective business

decisions while keeping risk exposures within acceptable

oundaries.

Risk Capital An amount of capital calculated to be sufficient to withstand

adverse outcomes associated with various risks of an enterprise, up

to a pre-defined securit

standard.

Risk Capital Metric A quantitative variable used to

e risk.

Risk Exposure For each risk listed in the company’s risk profile, the amount the

company stands to lose due to that particular risk at a particular

time, as indicated b

a chosen metric.

Risk Limit Typically quantitative boundaries that control the amount of risk

that a company takes. Risk limits are typically more granular than

risk tolerances and may be expressed at various levels of

aggregation; i.e., by type of risk, category within a type of risk,

product or line of business, or some other level of aggregation.

Risk limits should be consistent with the company’s overall risk

tolerance.

Risk Profile A delineation and description of the material risks to which an

anization is exposed.

Risk Tolerance The company’s qualitative and quantitative boundaries around

risk-taking, consistent with its risk appetite. Qualitative risk

tolerances are useful to describe the company’s preference for, or

aversion to, particular types of risk, particularly for those risks that

are difficult to measure. Quantitative risk tolerances are useful to

set numerical limits for the amount of risk that a company is

willin

to take.

Security Standard The level of a measurement metric used to determine risk capital.

It signifies the strength of capital and, in practice, should be

chosen to be consistent with the risk appetite and risk tolerance.

Solvency For a given accounting basis, the state where, and extent to which,

assets exceed liabilities.

Stochastic Analysis A methodology designed to attribute a probability distribution to a

range of possible outcomes. May use closed form solutions, or

large numbers of scenarios in order to reflect the shape of the

distribution.

Scenario Analysis An analysis of the impact of possible future outcomes based on

alternative projected assumptions. This can include changes to a

sin

le assumption or a combination of assumptions.

Stress Test A type of scenario analysis in which the change in parameters is

considered si

nificantl

adverse or even extreme.

Time Horizon In the context of risk capital calculations, the period over which

the impact of chan

es to risks is tested.

Value at Risk (VaR) An estimate of the maximum loss over a certain period of time at a

iven confidence level.