In 2005, the U.K. insurance regulator, the Financial Services Authority, created what became known as the Individual Capital Adequacy Standards Regime. It required insurers to evaluate their own risks and to report the capital they believed they needed to support those risks. The European Union subsequently endorsed the concept and it was included as part of the Solvency II Directive for all EU countries. In September 2012, the National Association of Insurance Commissioners adopted the Risk Management Own Risk Solvency Assessment (RMORSA a.k.a. ORSA) Model Act which is now an accreditation standard for all states to enact by 1-1-18. The model requires companies over a certain size threshold to conduct an annual own risk and solvency assessment consistent with the ORSA guidance manual adopted in 2011. Under the model the commissioner can request an annual filing of ORSA Summary Reports.
The ORSA Model Act is one element of a broader regulatory effort that will require insurers to continuously bolster their ERM practices. ORSA will cause insurers to check the current and future alignment between their risk management policy and their solvency position and require insurers to demonstrate a firm understanding of the risks they face. Regulators plan to use the information to evaluate the ability of insurers to manage their solvency risk. Risk-focused financial examinations and annual Enterprise Risk Reports are additional elements of the overall regulatory effort to impact insurance company ERM practices.
During the ORSA development, NAMIC strongly advocated for the size threshold and confidentiality protections. Those components were key additions to the model act.
NAMIC does not oppose adoption of the ORSA Model Act in the states if:
The enactment at the state level mirrors the model act language;
The individual company compliance threshold of $500 million in direct written premiums and the group threshold of $1 billion in direct written premium are maintained;
All confidentiality protections outlined in the model act are included without significant deviation; and
Each company may submit information about their unique enterprise risk management and is not required to conform to a system of ERM or format for reporting that reduces their ability to assess their own risk in their own way.