Central Bank of Ireland devises ORSA reporting tool 07 August 2012

Ireland's financial supervisor has announced plans for a framework for an ORSA reporting tool for smaller firms to make the process more efficient. It says it's not adding to Eiopa's guidance on the subject -- but some will see the tool as exactly that. Lorna Davies reports.

Last month, European re/insurers were essentially told that they would get no further guidance from regulators on how to satisfy the requirements in Solvency II for the own risk and solvency assessment (ORSA) and that they should get on with their preparations for it. This message was conveyed by the final report on the ORSA from the European Insurance and Occupational Pensions Authority (Eiopa) (IERM, 12 July and 17 July). It was a message that frustrated and concerned a lot of medium and smaller-sized companies hoping for more detail in the Eiopa report on how they are meant to comply with new and often quite onerous requirements. The response of the Irish regulator, the Central Bank of Ireland (CBI), was to hold a briefing on 25 July on proposed ORSA reporting framework for medium-low and low-impact undertakings (see box). The CBI said its aim is to establish an "efficient methodology in line with our risk-based supervisory approach." But it stressed that it will not be adding to the Eiopa guidance on the ORSA process. Echoing the Eiopa report, the CBI described the main points of the ORSA as:      

the board of an insurer should be actively involved in the ORSA process; it should be integrated into business strategy; it is not an internal model; it will not be used to impose a capital add-on; the process is more important than the report; and proportionality should be applied.

The draft ORSA reporting tool contains "structured and unstructured" questions based on Solvency II requirements. There are ten sections and it will be submitted online.

The ten sections are: 1. Link to strategic decision-making framework How are the ORSA results/outcome and insights gained from the process taken into account in the strategic decision-making? 2. Frequency of the ORSA Solvency II requirements state that ORSA should be performed at least annually. The CBI tool asks: How frequently is the regular ORSA performed? Justification for the adequacy of the frequency? And what triggered a non-regular ORSA (following significant change in risk profile)? 3. Role of board of directors Has the board approved the ORSA policy including subsequent changes? Describe the involvement of the board in the ORSA, and did the board review and approve the results/outcome of the ORSA (i.e. internal report)? 4. Documentation Does the firm have the following documentation -- ORSA policy, record of each ORSA, internal report on ORSA -- and does the documentation comply with the level 3 guidelines? 5. Overall solvency needs What methodology/ies was/were used to quantify the overall solvency needs? This section also asks for an explanation of the quantitative results of the assessment of overall solvency needs and for a brief description of how the qualitative risks are addressed in the ORSA. Further questions: If the firm has approved undertaking-specific parameters, were these used in overall solvency needs assessment? Does the firm use any valuation or recognition basis that is different from Solvency II? How does the different valuation or recognition basis ensure better consideration of its risk profile? 6. Forward-looking perspective What is the time horizon of the business plans and financial projections that were taken into account in the determination of overall solvency needs? 7. Compliance on a continuous basis Did the undertaking take into account internal/external factors that could adversely impact its overall solvency needs assessment? Briefly describe the stress tests/scenario analysis performed as part of business and capital planning process.

Does the firm meet the minimum capital requirement (MCR) and solvency capital requirement (SCR) at all times since [the Solvency II Implementation date and last ORSA]. Does the assessment of compliance include at least the elements outlined in level 3 guidelines. Quantity, quality and composition of own funds and future own funds requirements. What contingency plans are in place to ensure own funds of sufficient quality are available in stressed situations? Does undertaking have processes and procedures relating to regular review of the calculation of technical provisions? Did the actuarial function provide inputs to the calculation of the technical provisions? 8. Deviations from assumptions underlying SCR calculations Does the risk profile of the undertaking materially deviate from the assumptions underlying the SCR calculation? For material deviations, provide details of the deviation and the quantification of the deviation. 9. Internal model users Does the firm use the approved internal model in calculating its overall solvency needs? Have there been significant changes to the risk profile of the undertaking since the internal model was approved (or changes approved)? Express the internal model SCR as a percentage of that which would be calculated under the SCR risk measure and calibration. 10. Undertaking's conclusions and actions from the ORSA Briefly describe the conclusions from the ORSA and proposed action plans: lessons learned and action points. Annet Evara, Solvency II work-stream manager, ORSA, at the CBI, stressed that an ORSA is specific to each firm and the tool should not influence the insurer's "own" process. "Firms must still demonstrate compliance with Solvency II requirements and retain all documentation since, in the course of our visits/thematic inspections, we may review the entire process and relevant documentation," she said. Gareth Colgan, deputy head, prudential policy at the CBI, said the reporting guidance was part of a commitment made by the CBI to "work with small firms to apply the principle of proportionality in relation to the ORSA."

Before the CBI put the approach together, a consultation on the reporting tool was held with Dublin International Insurance & Management Association (DIMA), the Irish Insurance Federation (IIF) and Financial Services Ireland (FSI). Deirdre Mullally, Solvency II project manager, prudential policy at the CBI, said "our expectation is that the CBI will start to receive the first ORSA reports from undertakings from 2015 onwards, at the end of the first year of operation of Solvency II. The undertaking can determine when in 2015 to submit the ORSA." She added that the CBI expects to have industry involved in testing of the system, during 2014.

What is PRISM? PRISM, or Probability Risk and Impact SysteM, is the CBI's risk-based supervisory regime, introduced in November 2011. The CBI says PRISM gives it a "unified and much more systematic risk-based framework making it easier for our supervisors to challenge the financial firms they regulate, judge the risks therein and take action to mitigate those risks - securing meaningful change on behalf of consumers, citizens and the state." Under PRISM, firms are categorised into four distinct impact categories, based on their size or the degree of damage the failure of a firm might cause. The impact categories are: high, medium-high, medium-low and low. Those with the ability to have the greatest impact on financial stability and the consumer receive a high level of supervision under "structured engagement plans", leading to early interventions to mitigate potential risks. Conversely, those firms which have the lowest potential adverse impact are supervised reactively or through thematic assessments, with the Central Bank taking targeted enforcement action against firms across all impact categories whose poor behaviour risks jeopardising statutory objectives including financial stability and consumer protection.