PwC’s 2012 U.S. Insurance ERM and ORSA Readiness Survey

download PwC’s 2012 U.S. Insurance ERM and ORSA Readiness Survey

of 15

Embed Size (px)


US life, P&C and health insurers are changing their ERM practices to prepare for the Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act. And our survey finds some insurers are ahead of the curve. But the industry as a whole might not be as prepared for RMORSA as it thinks it is. There's still a lot of work to do on building the underlying risk strategy. More info:

Transcript of PwC’s 2012 U.S. Insurance ERM and ORSA Readiness Survey

  • 1. 2012 U.S. Insurance ERM & ORSA Readiness Survey

2. PwCs 2012 U.S. Insurance ERM & ORSA Readiness Survey In September 2011, the National Association of Insurance Commissioners unanimously adopted the Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act, with an effective date of January 1, 2015. This Act signifies a fundamental shift in the regulatory scrutiny of the insurance industrys enterprise risk management (ERM) practices, and insurers are likely to feel its impact well before the effective date. The Act, which each jurisdiction now needs to adopt in state law, requires insurers to maintain a comprehensive risk management framework that is embedded into company operations. In particular, this includes assessments of current and prospective solvency positions under normal and stressed scenarios. The RMORSA requires an ORSA Summary Report to be filed first with the insurance commissioner in the lead state of domicile starting from 2015. However, we note that some insurance departments are already asking companies for their ORSA or similar documentation as part of the review process. All documentation and evidence that supports the report must be available for regulatory inspection. Accordingly, most insurers will need to make significant investments in resources and organizational commitment in order to operationalize the process and facilitate filing a complete and comprehensive report on time.PwCPage 2 of 15 3. About the survey Over May to September 2012, PwC undertook a survey of ERM practices and readiness for the RMORSA requirements. This 2012 survey is, in part, a continuation of PwCs two previous global ERM surveys, but in this case exclusively targeted the U.S. insurance market. The survey consisted of four main sections covering risk strategy, governance, management, and quantification. The 65 survey participants have a combined premium income in excess of $530bn (approximately 30 percent of the U.S. market) and represent a cross section of life, P&C and health insurance companies. They include U.S. headquartered international groups, U.S. domestic groups or companies, and U.S. subsidiaries of European or other foreign groups. We conducted the survey primarily through in-person interviews and discussions with chief risk officers or others directly responsible for designing and overseeing ERM, such as chief actuaries, heads of ERM, and sometimes chief finance officers. Responding companies sometimes delegated specific questions to specialist personnel within their organizations. The responses represent individual participants views, and their interpretation of the questions and self-assessments vary. For companies that are part of global groups, respondents were asked to provide feedback specific to risk management practices of the U.S. entities, as feasible. In addition to complying with the RMORSA, 45 survey participants also have to comply with other supervisory regimes. Companies assessments of their level of preparedness for the RMORSA do appear to vary by the additional regulatory regimes with which they may have to comply. Those additionally subject to EU Solvency II, OSFI requirements or the CISSA requirements under the new Bermuda Monetary Authority regime are generally further along the journey to being fully prepared (please see Figure 1). Figure 1. Preparedness for RMORSA 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% No other regimesSIICanadianBermudanFederal ReserveProcess unlikely to be adequate but preparation not yet started Process unlikely to be adequate and at early stages of preparation Process largely adequate or considerable progress made - some significant items still to be addressed Process likely to be adequate or considerable progress made - awaiting further clarity from appropriate regulator(s)PwCPage 3 of 15 4. Perceptions of preparedness 35% of companies indicated that they do not have a fully operational risk appetite with tolerances linked to business strategy.38% of company boards are not engaged or are only passively engaged in risk management.And yet, 82% of respondents believe that existing ERM processes are largely or already adequate for the RMORSA.A potentially significant gap appears to exist between perceptions of RMORSA preparedness and the actual completeness of underlying risk frameworks.Select highlights from the survey follow below.Risk strategy In our experience, risk strategy should be at the heart of the organization. Risk should be a core consideration when setting strategy, formulating business plans, managing performance, and rewarding management success. Risk appetite should be clearly articulated and reflect the organizations risk carrying capacity, business strategy, and financial goals. Processes and procedures should be in place to manage risk on an enterprise wide basis within defined boundaries, without stifling day-to-day operations. Almost 40 percent of respondents think that their organizations will achieve additional benefits from the ORSA process. However, nearly half consider that incremental benefits were only possible. This split opinion appears to reflect a greater perceived future benefit for those carriers with ERM practices in the early stages of development. PwC believes a fully operational ORSA strategy and process brings significant benefits (such as a better rating agency view of the ERM framework, lower impact regulatory exams, better risk practices, and enhanced collaboration between actuaries and risk managers). In the short term, dedicating resources and budget to develop the overall risk strategy will help to align capabilities of companies with less developed ERM functions with their more advanced competitors. In the longer term, the focus of all market participants will hopefully move beyond regulatory compliance and become more strategic, as companies surpass the basic requirements and approach their ORSA from primarily a commercial, value-adding perspective. The most commonly reported objective of risk management is to control and limit risk events. Shareholder value enhancement is the least common (however, some survey participants are mutual organizations for whom this objective is less relevant). Figure 2 shows respondents risk management objectives.PwCPage 4 of 15 5. Figure 2. Risk management objectives 0%20%40%60%80%100%Risk return optimizationControl and limit risk eventsPolicyholder protectionShareholdervalue enhancementother OtherOf the publicly traded companies, 90 percent indicate that shareholder value enhancement is a risk management objective. Health companies were least likely to include policyholder protection as an objective. 65 percent of companies indicate they have a risk appetite statement that reflects strategy, financial goals and tolerances, suggesting there may not be sufficient focus on linkages to top down strategic objectives and metrics across the industry. Close to 75 percent of life and P&C companies have a risk appetite statement, while only 35 percent of health companies do. As might be expected, the largest organizations score very well in relation to having formal risk appetite statements for each key risk category, with scores then falling markedly for mid-sized carriers, and falling materially again for the smallest insurers (measured by premium volume). PwC believes that insurers will benefit from establishing a formal risk appetite statement with their boards. This is a fundamental component of the ERM framework for any organization. For companies with less complex risk profiles, the risk appetite statement should be developed commensurately; a relatively simple risk profile does not mean a formal risk appetite statement is any less relevant. A formal risk appetite statement should be the universal currency within an organization against which to assess all major decisions. A robust and useable risk appetite statement enhances risk governance and provides a platform on which to engage every stakeholder. Companies with risk appetite statements note that they have a large number of risk-specific statements (an average of nearly six). While having very detailed risk appetite statements is typically a positive from an ERM perspective, it can make it more difficult for insurers to ensure alignment with the corporate strategy across different functional areas. Importantly, companies also include more strategic metrics (or dimensions) in their appetite statements, the two most common being a capital at risk dimension (95 percent of companies) and earnings at risk (68 percent of companies). Many companies also include risk-specific statements, with market, underwriting, credit, liquidity and operational risks as the most common categories covered. Additionally: Life companies are more likely than P&C or health companies to include liquidity and asset/liability matching risks; P&C carriers are more likely than life or health companies to reference underwriting risks; and Health insurers are more likely than life or P&C companies to focus on operational risks.PwCPage 5 of 15 6. 77 percent of companies have a risk-specific limit framework to guide the business on compliance with risk appetite. This increases slightly (to 83 percent) for companies that have a risk appetite statement. 95 percent of life companies, 90 percent of P&C companies, and only 35 percent of health companies, have a limit framework. Where limit frameworks are in place, Figure 3 (below) shows where they are most advanced. This demonstrates a high correlation with the risk categories that appetite statements most typically reflect. Figure 3. Areas where limit frameworks are most advanced Underwriting 80% OtherMarket 60%Reputational40%Credit20% GroupLiquidity0%LegalALMStrategicOperational ReservingA plurality (45 percent) of respondents monitors the risk metrics that measure performance against risk appetit