Transcription
US ORSA 2015:Walk, Run, or Hide?December 9, 2014
Introduction to FTI ConsultingFTI Consulting is aglobal businessadvisory firm thatprovidesmultidisciplinarysolutions tocomplexchallenges andopportunities. World’s leadingrestructuringfirm World’s leadingcrisismanagementfirm Global leader instrategicbusinesscommunicationsGLOBAL REACHWith offices in 24 countries on sixcontinents, our breadth and depthextends across every social,political, and economic hub acrossthe globeEXPERIENCEDPROFESSIONALSFTI CONSULTING FAST FACTS1,300 clients served97of top 100law firms85of Fortune 100companiesFTI Consulting leads all firms with 224bankruptcy matters as of December 31, 20119 of 10bank holdingcompanies4,200 trusted advisors with diverseexpertise and exceptionalcredentials serving clients globally2012 Award for Business StrategyFTI Consulting was recognized for helping The E.W.Scripps Company reinvent its newspaper operating modelDEEP EXPERTISEWe combine unparalleled expertiseand industry knowledge to addresscritical challenges, in both eventdriven and long-term scenariosRanked #1 Crisis Management Firm40 under 40 Award for 3 ConsultantsThree FTI Consulting Senior Managing Directors receivedthe M&A Advisor 2012 40 under 40 awardRanked #1 M&A PR AdvisersFTI Consulting leads all firms inTransaction volume for 2009, 2010, and 2011 2bnenterprise value80differentdisciplinesFCNpubliclytraded - NYSE300 Senior ManagingDirectors2
How We Meet Insurance Industry NeedsIssuesInsurance IndustryMETHODS & TOOLSFrameworksBest Practices ModelsProcesses & ManagementApplicationsForensicsAnalyticsOUR CAPABILITIESInsurance &Pension ulators & ServicesLegalSourcingPrivate EquityTechnologyCapital utionCareer AgencyBrokersWholesalersIntermediariesMGU’s / 3
Presenter ProfilesJim Toole, FSA, CERA, MAAAJim Toole is a Managing Director, Global Insurance Services, FTI Consulting. Mr. Toole has over 25 years of experience with life, health,property-casualty and captive insurers. Mr. Toole’s background includes expert witness, product development, financial reporting, audit,and regulatory support roles. In the securitization space Mr. Toole has experience with life settlements, XXX/AXXX reserve relief bonds,and mortality cat bonds. He is a frequent speaker and has written and/or edited articles for numerous industry publications. He iscurrently serving a two year term as Vice President of the Society of Actuaries. Mr. Toole holds a B.S. in Mathematics, Wake ForestUniversity, and is a Certified Enterprise Risk Analyst and a Fellow of the Society of Actuaries.James Schacht, President, The Schacht Group, Inc.James Schacht is the President of The Schacht Group, Inc., which advises national and international clients with respect to insuranceand regulatory matters. Mr. Schacht has fifty years of broad-based experience in the insurance industry and all areas of insuranceregulation, as well as advising clients on organizing insurance companies, resolution of troubled insurers and securing regulatoryapproval for a variety of transactions. Mr. Schacht served as the Director of the Illinois Department of Insurance on three occasions andcurrently serves on the board of directors of two insurers.Elaine Lehnert, CPAElaine Lehnert is a Managing Director, Global Insurance Services, FTI Consulting. Ms. Lehnert has over 23 years of management andconsulting experience within the life, health, and property-casualty insurance and reinsurance industries. She as a broad range ofexpertise, including GAAP; statutory accounting; forensic accounting; auditing; financial operations; fraud investigations; SEC reporting;Sarbanes-Oxley; arbitration and litigation support and expert testimony. Ms. Lehnert has contributed to the development of severaleditions of the AICPA Audit and Accounting Guides, Audits of Life and Health Insurance Entities, and Audits of Property and LiabilityInsurance Entities.Matt Stahl, ASA, CERA, MAAAMatt Stahl is a Senior Director, Global Insurance Services, FTI Consulting. Mr. Stahl is a life actuary with 15 years of experience in riskmanagement and financial reporting of life, health, and disability insurance and reinsurance. Before joining FTI, he managed thefinancial reporting of 1.5 billion in variable annuity liabilities for a large Bermuda reinsurer. Matt was part of a small team that liaisedwith the Bermuda Monetary Authority to assist in the development of the Life Insurance component of the Bermuda Solvency CapitalRequirement, part of Bermuda’s requirement to achieve Solvency II equivalence.4
ORSA: From Assessment to Implementation5
Experience Matters Presenting Based on Different Perspectives1. Regulator’s perspective2. Working with various companies3. Experience in other jurisdictions4. Feedback from NAIC pilots5. Rating agencies6
Regulatory History and Background
ORSA History Origins of ORSA can be traced to international regulatorytrends IAIS’s Guidance Paper of October 2007 IAIS’s Revised Insurance Core Principles of 2011 EU’s Solvency I adopted 2002 Inadequacies with Respect to Capital Requirements EU’s Solvency II Directive of 2009 Financial crisis influenced and accelerated ORSA in the United States Became a part of NAIC’s Solvency Modernization Initiative adopted in 2010 Model Law adopted in September 2012 Pilot testing done in 2013 and 20148
ORSA Purpose and Objectives Form an effective level of ERM for insurers Create a process for insurers to assess future solvency position andsufficiency of capital to support risks identified Create a new surveillance tool for regulators through ORSA Summary Report Many regulators have referred to ORSA as a “Game Changer” since it departsfrom static solvency measurements Build on Schedule F filed by insurance holding companies9
ORSA Basic Requirements and Statutes 18 states have adopted to date (CA, CT, IA, IN, KY, ME, MN, NE, NH, NY, OH, PA, RI& TN) 6 states have legislation under consideration (DE, IL, MO, NJ, TX & WA) NAIC Model Law exempts insurers with less than 500 million direct premium orgroups with less than 1 billion of direct First reports due in 2015 Group level reports allowed Report must be kept current and reflect the present risk profile of an insurer orgroup Annual submission optional with the state10
Important ORSA Issues Are states equipped to review the ORSA summary reports? How will states use the information? What legal authority? Confidentiality concerns? Are international standards appropriate for the uniqueness of U.S. market? Will reporting thresholds be lowered? What is the impact if an insurer fails?11
ORSA Assessment and Implementation
Varying Views On ORSAWide range of attitudes / perceived value toward ORSAWish it Would Go Away --- View on ORSA --- Embracing It13
Varying Views On ORSAWide range of attitudes / perceived value toward ORSAWish it Would Go Away --- View on ORSA --- Embracing ItWith many companies somewhere in between14
Varying Views On ORSAPoll QuestionWhat is your firm’s overall view of ORSA?a. Think it’s a waste of time and resources 9%b. View ORSA as an invaluable value adding, business guidingmethodology 23%c. Somewhere in between: has some value but is not part of our everyday business process 68%15
ORSA Deliverables Companies must prepare a Summary Report which will be filed withthe insurer’s lead state’s RegulatorSection 1: Description of the Insurer’s Risk Management FrameworkSection 2: Insurer’s Assessment of Risk ExposureSection 3: Group Assessment of Risk Capital and Prospective SolvencyAssessment16
ORSA DeliverablesPoll QuestionHow ready are you to prepare your ORSA Summary Report?a. Ready: Well documented risk management framework, ORSA process inplace, summary report meeting NAIC’s standards is presented to Board ofDirectors 6%b. Almost ready: Well documented risk management framework, reports goto the Board though need some modification to meet standards 36%c. Not ready: Risk management framework needs documenting. Currentreporting needs to be overhauled to meet standards 42%d. Not ready and need help: Risk management framework needsdocumenting and we are not clear on how to meet standards 16%17
ORSA Assessment
ORSA AssessmentRegulators Will Consider the 5 Key Principles in NAICORSA Guidance When Reviewing the ORSA SummaryReport1. Risk Culture and Governance2. Risk Identification and Prioritization3. Risk Appetite, Tolerance, and Limits4. Risk Management and Controls5. Risk Reporting and Communication19
ORSA AssessmentRisk Culture and GovernanceNAIC suggests that insurers consider including a table identifying: The risk owner The assigned risk Their role and responsibility To which committee / department do they report to20
ORSA AssessmentRisk Register Example1. Insurance Risk SourcesRisk SourceRisk TypesRisk OwnerChief ActuaryCatastrophic RiskPricing ActuaryPricing RiskValuationActuaryPolicy ReserveRiskRisk Assessment and ControlType of RiskAssumptionsAssessmentMeasurementRisk that catastrophicStochastic calculation Based on historicalaccumulation of loss createspandemics:unacceptable level of earnings1957 - Moderatevolatility, threatening rating or1918 - Severesolvency (includes natural andman-made perils).DefinitionRisk that prices charged forStochastic calculation Pricing based oninsurance policy may ultimatelyunderwriting processbe inadequate to supportincluding companyfuture obligations or provideguidelines, market data,required return, negativelypast experience andimpacting capital.industry experience.Reserves established areStochastic calculation Assumptions based oninadequate to cover futureinternal and industryclaims or changes in policyexperience.holder behavior (i.e. actualmortality, lapse, fundallocation, annuitization differsfrom assumptions).Risk Control Measure1. Claims resulting from Moderate andSevere pandemics are assessed quarterly.2. Increased mortality increases claimsbased on death of insured (e.g. traditionallife insurance policy).3. Increased mortality decreases claimsbased on longevity (e.g. annuity policy).All new products with supporting analysisare reviewed by qualified, experiencedactuarial team to ensure products meetunderwriting guidelines.1. Constant monitoring of experiencetrends by qualified and experiencedactuarial team.2. Certain risks offset through negativecorrelation.3. Annual review by independent auditingactuaries.21
ORSA AssessmentRisk Culture and Governance What is risk management’s role? Is there regular interaction with the board? Are risk objectives coordinated with business goals? Does incentive compensation support risk managementobjectives? Are risk management policies well documented and distributedthroughout the company?22
ORSA AssessmentRisk Identification and PrioritizationStandard & Poor’s lists the following as important risks facinginsurers: Reserve risk – risk that reserves will develop adverselyCat risk – both natural and man-madeReinsurance recoverable risk (i.e. counter party credit risk)Equity risk arising from embedded guarantees in insuranceproductsInterest rate risk – historically low interest rate environmentcould add significant risk if rates rise or fallInsurance concentration and event riskUnderwriting cycle managementCorporate governanceIT data security riskSource: S&P’s ‘Evaluating The Enterprise Risk Management Practices of Insurance Companies’23
ORSA AssessmentRisk Appetite, Tolerance, & LimitsFor each risk identified, regulators will want to see a correspondingrisk tolerance statement and limit Qualitative Quantitative Reflect company’s strategy and business plan Same time horizon as corporate strategic planRegulators will want to know: Is the risk appetite set by the board? Are the statements clearly defined? Do tolerance statements set boundaries for how much risk afirm is prepared to take on? Is risk tolerance determined in line with company’s long-termstrategic plan?24
ORSA AssessmentRisk Management and ControlsManaging risk is an ongoing ERM activity, operating at multiplelevels of the firmRegulators will be looking for: Does the company monitor significant risks on a regular basis? Is there a clear process for risk management or is it ad hoc? Is the risk monitoring process consistent and accurate? Does exceeding limits have consequences? What is the post-mortem review process following a loss?25
ORSA AssessmentRisk Reporting and CommunicationRegulators will look to see that key stakeholders have transparencyinto the risk-management processes to be able to form a view ofrisk-taking and managementRegulators will form opinions on the effectiveness of feedback loops Is there an established threshold for reporting losses, incidents,or failures? What is the escalation process for various issues? Is there a common risk language such that all partiesunderstand? Are templates standardized across the company?26
ORSA Gap Analysis and Maturity Level
ORSA Gap AnalysisGap Analysis leads to: Knowing where you stand today Mapping different facets of ERM and ORSA process to MaturityLevels Companies will have strong areas and weaker areas Establish priorities on which area demands soonest attention Buy-in at multiple levels in firm Establish actionable plan for progress Buy-in at multiple levels in firm Appropriate funding Milestones Progress reports28
ORSA Maturity LevelNAIC uses the following definitions of ERM / ORSA maturityLevel 5 – Leadership: you are at the leading edge of companies in relation to riskmanagementLevel 4 – Managed: you are advanced in risk management capabilitiesLevel 3 – Repeatable: you have risk management processes in place designedand operated in a timely, consistent, and sustained wayLevel 2 – Initial: you have implemented risk management processes, but theymay not be operating consistently and effectivelyLevel 1 – Ad hoc: you have not developed or documented standardized riskmanagement processesLevel 0 – Non-existent: risks are not directly identified, monitored, or managed29
ORSA Maturity LevelNAIC recommends that companies provide an initialassessment of their ERM maturity level in the summaryreport Considering the 5 key principles Examples of various levels are given Management’s view of areas of strength and weakness Actions to be taken, if any Discussion of Board’s use of the report30
ORSA Maturity LevelPoll QuestionWhat level of the NAIC’s ERM maturity level is your firm currently at?a. Level 5 – Leadership: you are at the leading edge of companies in relationto risk management 4%b. Level 4 – Managed: you are advanced in risk management capabilities 13%c. Level 3 – Repeatable: you have risk management processes in placedesigned and operated in a timely, consistent, and sustained way 23%d. Level 2 – Initial: you have implemented risk management processes, butthey may not be operating consistently and effectively 37%e. Level 1 – Ad hoc: you have not developed or documented standardized riskmanagement processes 21%f. Level 0 – Non-existent: risks are not directly identified, monitored, ormanaged 2%31
ORSA Maturity LevelPoll QuestionWhat level of the NAIC’s ERM maturity level do you hope your firm is at a yearfrom now?a. Level 5 – Leadership: you are at the leading edge of companies in relationto risk management 9%b. Level 4 – Managed: you are advanced in risk management capabilities 20%c. Level 3 – Repeatable: you have risk management processes in placedesigned and operated in a timely, consistent, and sustained way 58%d. Level 2 – Initial: you have implemented risk management processes, butthey may not be operating consistently and effectively 9%e. Level 1 – Ad hoc: you have not developed or documented standardized riskmanagement processes 4%f. Level 0 – Non-existent: risks are not directly identified, monitored, ormanaged 0%32
ORSA Implementation
ORSA ImplementationORSA: What you put into it depends on what you want out of itGiven the wide view of the ORSA process, firms will have different long-term goalsrelated to ORSATherefore, ORSA implementations in the short term and longer term will varygreatly from firm to firm34
ORSA ImplementationORSA: What you put into it depends on what you want out of itGiven the wide view of the ORSA process, firms will have different long-term goalsrelated to ORSATherefore, ORSA implementations in the short term and longer term will varygreatly from firm to firmView on ORSAView as a waste of time and resourcesImplementationORSA may never be a truly integrated process, butrather will do as little as possible to comply with therequirement35
ORSA ImplementationORSA: What you put into it depends on what you want out of itGiven the wide view of the ORSA process, firms will have different long-term goalsrelated to ORSATherefore, ORSA implementations in the short term and longer term will varygreatly from firm to firmView on ORSAImplementationView as a waste of time and resourcesORSA may never be a truly integrated process, butrather will do as little as possible to comply with therequirementView as having value but are not currently up tospeed or fully resourcedWill do what it takes to be compliant in the firstyear and plan to improve on integrated process anddocumentation going forward36
ORSA ImplementationORSA: What you put into it depends on what you want out of itGiven the wide view of the ORSA process, firms will have different long-term goalsrelated to ORSATherefore, ORSA implementations in the short term and longer term will varygreatly from firm to firmView on ORSAImplementationView as a waste of time and resourcesORSA may never be a truly integrated process, butrather will do as little as possible to comply with therequirementView as having value but are not currently up tospeed or fully resourcedWill do what it takes to be compliant in the firstyear and plan to improve on integrated process anddocumentation going forwardView as a valuable, integral component ofMature ERM function likely already in place. ORSAunderstanding a firm's strengths, exploiting desired implementation will be gathering existingrisks, and limiting unacceptable risksdocumentation, shaping to requirement37
ORSA ImplementationLike getting in shape, 2015 ORSA implementation depends onwhere you are todayLong Way to Go --- ORSA Readiness --- Ready38
ORSA ImplementationThe man in the doctor’s office will not become a chiseled athleteovernight Or in a month Or in a year But improvement can be made with some commitment and targetedeffort, which could mean some lifestyle changeIt also clear that firms will not jump multiple levels of Maturity overnight Or in a month Or because they wrote a nifty-sounding ORSA paperORSA IS NOT A REPORTFor many firms, implementing ORSA will be a different way of thinking,and a lifestyle change for some39
alpi tCaMaganERMA Holistic ApproachtenemBusiness Strategy40
alpi tCaMaganERMA Holistic ApproachtenemBusiness StrategyStrategic vision, recognition of strengths, risk appetite, rolesand responsibilities, performance management41
alpi tCaMaganERM and RiskManagement Frameworkprovide theunderpinnings of a firm’sORSA Process Risk Identification Risk Measurement Risk Reporting Risk ManagementERMA Holistic ApproachtenemBusiness StrategyStrategic vision, recognition of strengths, risk appetite, rolesand responsibilities, performance management42
alpi tCaMCapital managementstructure is consistent withBusiness Strategy andsupports risk-based decisionmaking Solvency Assessment Economic CapitalModeling RAROC ModelingaganERM and RiskManagement Frameworkprovide theunderpinnings of a firm’sORSA Process Risk Identification Risk Measurement Risk Reporting Risk ManagementERMA Holistic ApproachtenemBusiness StrategyStrategic vision, recognition of strengths, risk appetite, rolesand responsibilities, performance management43
ORSA Implementation: A Holistic ApproachPotential for Enterprise Wide ParticipationFirm StakeholdersERM / isk Capital Providers, Shareholders, Debt HoldersSet the tone for the firmReview resultsBoard of DirectorsExecute Board'sOverall VisionCEOSenior ManagementCRORoles andResponsibilities,Accountability,Measure, Monitor,Support, ReportAuthoritative,Independent ROInternal / ExternalAudit44
Testing, Validation, and Oversight
Testing and ValidationKey Centerpieces of ERM and ORSA: Transparency Control46
Testing and ValidationKey Centerpieces of ERM and ORSA: Transparency ControlAssuming or hoping things are in line with expectations does not pass thetest47
Testing and ValidationKey Centerpieces of ERM and ORSA: Transparency ControlAssuming or hoping things are in line with expectations does not pass thetestItems of significance must be Shown Demonstrated Tested Validated Stressed48
Testing and ValidationWhat is being tested / validated greatly depends on Maturity LevelMaturity StageTesting / ValidatingTransitioning from NAIC's Level 1 to Level 2(from Ad hoc to Initial Implementation)Verification that a standardized, documentedprocess has been developed and distributed49
Testing and ValidationWhat is being tested / validated greatly depends on Maturity LevelMaturity StageTesting / ValidatingTransitioning from NAIC's Level 1 to Level 2(from Ad hoc to Initial Implementation)Verification that a standardized, documentedprocess has been developed and distributedTransitioning from NAIC's Level 2 to Level 3(from Initial Implementation to Repeatable)It can be shown that risk management function isproperly staffed with information consistentlyflowing to senior management50
Testing and ValidationWhat is being tested / validated greatly depends on Maturity LevelMaturity StageTesting / ValidatingTransitioning from NAIC's Level 1 to Level 2(from Ad hoc to Initial Implementation)Verification that a standardized, documentedprocess has been developed and distributedTransitioning from NAIC's Level 2 to Level 3(from Initial Implementation to Repeatable)It can be shown that risk management function isproperly staffed with information consistentlyflowing to senior managementLevel 4Advanced risk management capabilitiesAdvanced risk modeling is routinely performed.Testing / validation include: data integrity parameter specification assumptions aggregation, diversification benefits reporting51
Ongoing OversightFirm StakeholdersERM / isk Capital Providers, Shareholders, Debt HoldersSet the tone for the firmReview resultsBoard of DirectorsExecute Board'sOverall VisionCEOSenior ManagementCRORoles andResponsibilities,Accountability,Measure, Monitor,Support, ReportAuthoritative,Independent ROInternal / ExternalAudit52
Ongoing Oversight1. ORSA Overseers: Board of Directors Know what senior management is doingReview, understand, challenge, and approve ORSA Summary Report2. ORSA Executers: Senior Management Good understanding of the risk natures, exposuresGood understanding of risk management tools availableSolvency capital requirements metRisk limits monitoredCapital requirements, models, and use test3. Feedback Loop: Monitoring and Reporting ORSAMonitoring and reporting allows the Board and management to meet minimum requirementsThe Board Assess and ensure the appropriateness of the firm’s ORSA, undertakings of risks, andcapital positionSenior Management Evaluate material risks, current exposures, and trends Ensure sufficient capital is held under normal and stressed scenarios Contingency planning is in place with respect to capital needs53
Varying Views On ORSAPoll QuestionWhat level of resources will your firm have devoted to ERM, ORSA, andthe Summary Report by the end of 2015?a. Very significant 2%b. Somewhat significant 30%c. Some 38%d. Small 28%e. None 2%54
Questions?
editions of the AICPA Audit and Accounting Guides, Audits of Life and Health Insurance Entities, and Audits of Property and Liability Insurance Entities. Matt Stahl, ASA, CERA, MAAA Matt Stahl is a Senior Director, Global Insurance Services, FTI Consulting. Mr. Stahl is a life actuary with 15 years of experience in risk
