Get ORSA Over the Finish Line

Howard Mills
Insurance Experts' Forum, August 17, 2012

Cassandra, according to Greek myth, was a great beauty who was given the gift of prophecy by a smitten god Apollo. But as it often is in stories of love, Apollo’s gift wasn’t enough, and in those pre-Twitter days, the rejected god, unable to simply spill venom through the Internet, spitefully responded by placing a curse on Cassandra so that nobody would believe her predictions.

Risk management these days can sometimes be just as thankless, as relevant risks seem to multiply much faster than the resources available to tackle them. Chief risk officers run the risk of becoming Cassandras, unable to convince warning-weary, fellow c-suiters to adequately respond until it is too late.

The National Association of Insurance Commissioners’ (NAIC) Own Risk and Solvency Assessment (ORSA) program was intended to reduce the risk of inadequate or inadequately empowered risk management, and with the latest iteration of its ORSA Model Act, the NAIC may be moving within spitting distance of that goal.

And just in time, given some recent news.

New York’s influential financial services regulator has questioned the wisdom of moving toward principles-based reserving for life insurers, the Wall Street Journal recently reported. The U.S. Department of Housing and Urban Development is moving toward implementation of a “disparate impact” rule that may mean a homeowners insurance company that fully follows state regulation could still find itself running afoul of the feds, SNL Financial said.

Then there are a few other outstanding minor issues, like what the Federal Insurance Office (FIO) report will suggest for the future of insurance regulation, and if the Financial Stability Oversight Council (FSOC) will properly measure the real systemic threat, if any, from insurers.

All this points to a period of grave regulatory uncertainty—and thus, risk—for insurers. It doesn’t help that this almost-unprecedented confluence of regulatory concerns comes at a time when economic concerns continue.

So it’s a good thing that the newest proposed version of the ORSA Model Act, now in a discussion draft before the NAIC’s Group Solvency Issues Working Group, seems to add some teeth to the ORSA. This is not because I’m a big fan of regulatory micromanagement. But it does add accountability while demonstrating to other regulators, including any potential Capitol Hill onlookers, that insurance regulators have their house in order and that insurance companies are willing and able to maintain the regulatory standards that kept them safe during the crisis of 2008.

The revised proposed Act adds various measures of accountability, including individual and corporate sanctions. Ownership of the ORSA will now need to be specified. The individual responsible for risk management will have to sign the submission, much as a company’s principal officers must do for financial reports under the Sarbanes-Oxley Act (SOX).

The new draft has raised some concerns. As the Joint Trades comment letter noted, confidentiality has been a big concern all along with the ORSA, given that it will provide such a clear window into company operations, possibly including trade secrets. The newest draft seems to take a step back from previous versions in securing confidentiality for insurers. The North American CRO Council raised similar concerns in its comment letter.

There are other important questions as well: What sanctions are appropriate in a forward-looking document? What should be the timing? How best do we avoid duplication?

But the uncertain regulatory and economic environments should provide incentive to resolve these questions quickly. U.S. companies and regulators would do well to draw lessons from the delays attendant to Solvency II—delays that have damaged its credibility.

Getting an ORSA in place, even an imperfect one, is better than an endless delay while negotiators get bogged down searching for the perfect answers while good ones are available. The shifting regulatory sands demonstrate better than any speech the need for the ORSA and risk management framework that the model act requires.

As does the memory of Cassandra, trying in vain to convince her fellow Trojans of the danger posed by that giant horse the Greeks left outside the gates. The leaders of Troy no doubt discovered the perils of inadequate risk management after bringing that Trojan horse though the gates of the city, but as is usually the case in the absence of proper risk management, by then it was too late.

Howard Mills is a director and chief advisor of the Insurance Industry Group of Deloitte LLP and can be reached at

Readers are encouraged to respond to Howard using the “Add Your Comments” box below.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Other Auto Insurance Telematics Shoe Drops

Progressive's decision to charge Snapshot drivers more if their driving data indicates higher risk has started the industry down a road of data-driven adverse selection.

Core Transformation – Configuring in the Rain

The whole point of core transformation is that changes at the micro level can be used as a stimulus for changes at the macro level.

6 Ways to Develop a Productive IT-Business Dialog

Relationship management 101 for keeping IT and business on the same page.

Unified Digital Strategy: Succeeding in the Digital Revolution

A unified digital strategy recognizes that all business strategies and technologies touch the customer in some way and that a one-size-fits-all channel model is obsolete.

Agile and Continuous Delivery in a Regulated Environment

Just because a development team is doing continuous delivery or packaging releases into two-week sprints doesn’t mean that code is being moved to production.

Dealing with the COBOL Brain Drain

Documentation on aging systems often is akin to tribal knowledge, and the potential for things to go bump in the night increases as these environments face generational transition.