Main Menu
Print PDF

Report, Report, Report - Further Defining Risks for the Insurance World Through Enterprise Risk Management and Own Risk Solvency Assessment

Insurance Transactional and Regulatory Alert | January 17, 2014
By: Robert Ansehl

The New York State Department of Financial Services, Department of Insurance (the DFS) recently published proposed Insurance Regulation 203[1] (the Proposed Regulation) establishing Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) guidelines for insurers and holdings companies. Broadly, the proposal requires that all insurers or their holding company[2] must file an ERM Report. Certain insurers with premiums in excess of $500 million per annum and holding company systems with an aggregate of more than $1.0 billion of premium must file an ORSA Report. ERM Reports must be filed annually by each April 30th. ORSA Reports must be filed annually by December 1 commencing in 2015.

A Brief Overview

The National Association of Insurance Commissioners (the NAIC) has long focused upon various holistic aspects of enterprise risk and risk assessment by insurers and affiliated entities, including holding companies, that may adversely affect the solvency and stability of an insurer. Enterprise risk management and other risk assessment issues attracted a particular amount of attention during the last several years following the financial crisis.[3] Insurance regulators increasingly view an accurate understanding of the extent and composition of risk-taking and greater risk control as significant strategic advantages, resulting in increased efficiencies and ultimately reduced earnings volatility, stronger capital position and higher profitability. After several years of consideration, the NAIC adopted ERM and ORSA requirements to facilitate the regulators’ ability to better assess regulated entities’ risks profile and address any untoward risks in advance and solvency threatening situations. The NAIC Model Regulation serves as guidance to state insurance regulators and as the foundation for the adoption of the Proposed Regulation by the DFS.

A Summary of ERM Requirements

All entities, including insurers and holding companies that are subject to regulation by the DFS must adopt and file an ERM plan that manages the entities’ enterprise risk. The Proposed Regulation requires (1) internal operational aspects (that is, who has the authority to direct the process); (2) what minimum components of the ERM risks must be identified, monitored and addressed; and, (3) annual reporting to the DFS on the ERM risk assessment. Highlights of an ERM management and reporting process include:

  • Operational Control: The ERM management function must be headed by an appropriately experienced individual(s) with authority and access to the board of directors and senior management.
  • Internal Policies and Operations: For each covered entity, the ERM unit must adopt a written risk policy, specifically approved by the applicable entities’ board of directors. That policy must delineate the risk/reward framework, risk tolerance levels, and risk limits for the insurer or holding company system, as the case may be. The policy must identify and measure risk under a sufficiently wide range of outcomes and specificity, address the type, scale, and complexity of the risks the insurer and/or holding company system assumes, and must address the adequacy of capital management and solvency purposes. The written policy also must:
      • Have an identifiable process of risk identification and measurement supported by detailed documentation addressing the entity’s risks and plausible risk exposure scenarios and stress testing;
      • Have a strategy and day-to-day strategic decision-making process to address those risk scenarios including; monitoring risk and capital management process to ensure the adequacy of the entity’s level of financial resources relative to economic capital and regulatory capital requirements; and,
      • Incorporate investment policy, asset-liability management policy, effective controls on internal models, longer-term continuity analysis, and feedback loops to update and improve the enterprise risk management function continuously.
  • Some Basics of the ERM Report: The ERM Report must be submitted to the DFS by each April 30th and must address all reasonably foreseeable and relevant material risks including, as applicable, insurance, underwriting, asset-liability matching, credit, market, operational, reputational, liquidity, and any other significant risks. ERM filing entities are advised to include among other things:
      • An assessment of the relationship between risk management and the level and quality of financial resources necessary, as determined with quantitative and qualitative metrics;
      • material developments regarding strategy, internal audit findings, compliance or risk management, acquisitions and dispositions and material changes of equity control;
      • regulatory and litigation developments;
      • transactional and affiliate risk with respect to other members of the holding company system; and,
      • other activities that may adversely affect the insurer or the holding company.
  • Who must file ERM Plans?: All holding companies must file an ERM plan with the DFS. In addition, any domestic insurer that is not a member of a holding company system and has annual written premium (broadly defined) in excess of $500 million must file an ERM plan.

A Summary of ORSA

All domestic insurers must conduct an ORSA review consistent with the ORSA guidance manual. That review must occur any time there are material changes to the filing insurer’s risk profile but not less often than each year. An insurer’s obligation may be addressed if it is properly included in the ORSA filing of its parent or holding company or by submission to the DFS if substantially similar reports were submitted to other comparable regulators. In either event, commencing in 2015, the ORSA filing must be submitted to the DFS by December 1st. An insurer is exempt from filing if it has less than $500 million in premium (broadly defined). Nonetheless, holding companies and their affiliated insurers may qualify if the aggregate premium within the holding company system exceeds $1.0 billion. In addition, waivers from filing are available and the DFS may require insurers to conduct an ORSA review and file a report under certain circumstance.

The White and Williams Insurance Transactional and Regulatory Group understands the complexities of insurance regulation and can assist clients with their ERM and ORSA filings. The Group regularly represents large, midsized and smaller life, property, casualty and surplus lines insurers and can efficiently and economically assist with regulatory matters including filing and reporting issues. If you have questions or we can be of assistance to you, please contact Robert Ansehl. ( | 212.631.4410)

[1] New York Insurance Regulation 11 NYCRR 82.

[2] Authorized domestic insurers that are registered or required to register under New York Insurance Law Article 16 and parent corporations (and its subsidiaries) that are registered or required to register under New York Insurance Law Article 17. See New York Insurance Law §§1501(a)(7), 1607(b)(2) and 1702(f).

[3] ERM and ORSA components have been included in the rating and assessment process of insurers by each of the Nationally Recognized Statistical Rating Organizations.

This correspondence should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult a lawyer concerning your own situation and legal questions.
Back to Page