What Is an ORSA (Own Risk and Solvency Assessment)?

The Own Risk and Solvency Assessment (ORSA) is an internal process that insurance companies use to evaluate their risk management and solvency positions, including future projections under various scenarios.

The Purpose and Principles of ORSA

The primary objectives of an ORSA are to enhance an entity’s understanding of its risks, improve internal risk management, and ensure adequate capital levels. It also cultivates a risk-aware culture, embedding risk considerations into daily decision-making. Regulators require ORSA to promote financial stability and protect policyholders by ensuring insurers can meet obligations, even under adverse conditions.

A fundamental principle guiding ORSA is proportionality, meaning the assessment’s depth and complexity should align with the size and intricacy of the insurance company. ORSA is designed to integrate deeply with an insurer’s business strategy, ensuring risk management is an integral part of strategic planning and decision-making. Strong internal governance is another principle, emphasizing the responsibility of the board and senior management in overseeing the ORSA process.

ORSA signifies a shift from a purely compliance-driven approach to capital requirements towards a more holistic enterprise-wide risk management framework, encouraging insurers to determine the capital necessary for their specific risk profiles. This proactive stance helps identify potential capital needs and mitigate solvency risks, fostering a more resilient financial system.

Core Components of an ORSA

Risk Identification and Assessment

Entities must identify all material risks that could impact their ability to meet policyholder obligations. These risks include underwriting, market, credit, operational, and liquidity risks. The assessment involves both qualitative evaluations and quantitative analyses to measure potential impact. This helps insurers prioritize risks and allocate resources for their management.

Own Solvency and Capital Needs Assessment

A central aspect of ORSA is the insurer’s self-assessment of its current solvency position and the capital needed to support identified risks. This involves understanding the distinction between regulatory capital, the minimum required by supervisory authorities, and economic capital, the amount an insurer believes it needs to cover risks based on its own internal models and risk appetite.

Prospective Solvency Assessment

ORSA mandates a forward-looking evaluation of how an insurer’s solvency position might evolve over a specified planning horizon. This involves rigorous stress testing and scenario analysis, where the insurer models the impact of severe but plausible adverse events on its financial health. Examples include economic downturns, natural catastrophes, or large-scale policyholder withdrawals. The goal is to ensure the insurer has sufficient financial resources to execute its multi-year business plan and maintain solvency even under challenging conditions.

Risk Management and Internal Control System

The ORSA framework requires insurers to have a robust system for managing risks and maintaining effective internal controls. This includes documenting the enterprise risk management (ERM) framework, which details how risks are governed, identified, measured, monitored, and reported. The system should outline policies for mitigating identified risks, including controls, monitoring procedures, and escalation protocols. Controls and the overall risk management system are continuously assessed to align with the insurer’s risk appetite and support sound decision-making.

Conducting and Documenting the ORSA

Internal Process and Governance

Conducting an ORSA requires active participation and clear responsibilities across the organization. The board of directors and senior management play a central role, setting the tone for risk culture and overseeing the process. Various departments, including risk management, finance, actuarial, and internal audit, contribute to the assessment. The ORSA process is integrated into the entity’s strategic planning, ensuring risk insights influence business objectives, product development, and capital allocation.

Frequency and Review

Insurers must conduct an ORSA regularly, and whenever there are significant changes in the insurer’s risk profile, business strategy, or external environment that could materially impact solvency. Regular internal reviews of ORSA findings are essential to ensure accuracy and relevance. This continuous monitoring ensures the assessment remains dynamic and responsive to evolving risks.

Documentation and Reporting

The ORSA process and its findings must be thoroughly documented. The output is an internal ORSA report, which provides a high-level summary of the insurer’s risk profile, solvency position, and risk management framework. The ORSA Summary Report is a confidential document, shared with the lead state commissioner annually, and may be requested by the domiciliary state regulator.

Regulatory Interaction

While primarily an internal self-assessment, the ORSA report is a tool for regulators to gain a deeper understanding of an insurer’s financial resilience and risk management capabilities. Regulators review these reports to assess the maturity of an insurer’s risk management practices and its ability to withstand financial stress. The ORSA Summary Report assists regulators in their oversight activities, providing a more comprehensive financial picture of insurers.