Get ORSA Over the Finish Line

Cassandra, according to Greek myth, was a great beauty who was given the gift of prophecy by a smitten god Apollo. But as it often is in stories of love, Apollo’s gift wasn’t enough, and in those pre-Twitter days, the rejected god, unable to simply spill venom through the Internet, spitefully responded by placing a curse on Cassandra so that nobody would believe her predictions.

Risk management these days can sometimes be just as thankless, as relevant risks seem to multiply much faster than the resources available to tackle them. Chief risk officers run the risk of becoming Cassandras, unable to convince warning-weary, fellow c-suiters to adequately respond until it is too late.

The National Association of Insurance Commissioners’ (NAIC) Own Risk and Solvency Assessment (ORSA) program was intended to reduce the risk of inadequate or inadequately empowered risk management, and with the latest iteration of its ORSA Model Act, the NAIC may be moving within spitting distance of that goal.

And just in time, given some recent news.

New York’s influential financial services regulator has questioned the wisdom of moving toward principles-based reserving for life insurers, the Wall Street Journal recently reported. The U.S. Department of Housing and Urban Development is moving toward implementation of a “disparate impact” rule that may mean a homeowners insurance company that fully follows state regulation could still find itself running afoul of the feds, SNL Financial said.

Then there are a few other outstanding minor issues, like what the Federal Insurance Office (FIO) report will suggest for the future of insurance regulation, and if the Financial Stability Oversight Council (FSOC) will properly measure the real systemic threat, if any, from insurers.

All this points to a period of grave regulatory uncertainty—and thus, risk—for insurers. It doesn’t help that this almost-unprecedented confluence of regulatory concerns comes at a time when economic concerns continue.

So it’s a good thing that the newest proposed version of the ORSA Model Act, now in a discussion draft before the NAIC’s Group Solvency Issues Working Group, seems to add some teeth to the ORSA. This is not because I’m a big fan of regulatory micromanagement. But it does add accountability while demonstrating to other regulators, including any potential Capitol Hill onlookers, that insurance regulators have their house in order and that insurance companies are willing and able to maintain the regulatory standards that kept them safe during the crisis of 2008.

The revised proposed Act adds various measures of accountability, including individual and corporate sanctions. Ownership of the ORSA will now need to be specified. The individual responsible for risk management will have to sign the submission, much as a company’s principal officers must do for financial reports under the Sarbanes-Oxley Act (SOX).

The new draft has raised some concerns. As the Joint Trades comment letter noted, confidentiality has been a big concern all along with the ORSA, given that it will provide such a clear window into company operations, possibly including trade secrets. The newest draft seems to take a step back from previous versions in securing confidentiality for insurers. The North American CRO Council raised similar concerns in its comment letter.

There are other important questions as well: What sanctions are appropriate in a forward-looking document? What should be the timing? How best do we avoid duplication?

But the uncertain regulatory and economic environments should provide incentive to resolve these questions quickly. U.S. companies and regulators would do well to draw lessons from the delays attendant to Solvency II—delays that have damaged its credibility.

Getting an ORSA in place, even an imperfect one, is better than an endless delay while negotiators get bogged down searching for the perfect answers while good ones are available. The shifting regulatory sands demonstrate better than any speech the need for the ORSA and risk management framework that the model act requires.

As does the memory of Cassandra, trying in vain to convince her fellow Trojans of the danger posed by that giant horse the Greeks left outside the gates. The leaders of Troy no doubt discovered the perils of inadequate risk management after bringing that Trojan horse though the gates of the city, but as is usually the case in the absence of proper risk management, by then it was too late.

Howard Mills is a director and chief advisor of the Insurance Industry Group of Deloitte LLP and can be reached at hmills@deloitte.com.

Readers are encouraged to respond to Howard using the “Add Your Comments” box below.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

For reprint and licensing requests for this article, click here.
Security risk Compliance
MORE FROM DIGITAL INSURANCE