(Re)insurers that are required to implement Own Risk and Solvency Assessment (ORSA), or a similar framework such as Internal Capital Adequacy Assessment Process (ICAAP), may benefit by adopting a strong ORSA/enterprise risk management (ERM) framework. One such framework that could work on a global basis is illustrated below.
There are four layers to the ORSA/ERM process. Layer 1, is the "Strategy" and it is here where (re)insurers articulate their mission, value proposition, risk appetite and their risk tolerances. Layer 2, is the "Risk Management Process." Layer 2 may very well be the foundation for ORSA/ERM as it is here where (re)insurers maintain their risk management processes and it is here where risks are identified, assessed (quantified), mitigated, monitored and reported on to the stakeholders. Layer 2 is also where the internal model, including the calculation kernel, under Solvency II resides and where risks and capital management are to be synchronized with the (re)insurer's planning process. Layer 3, "Infrastructure," includes corporate governance, data, systems, methodologies and models, policies and reporting. Layer 4, "Culture," is where the Board and senior management set the risk management tone through compensation, training, communication and performance standards.
An effective ERM is important because it will...
- Enable a deeper understanding of and broader adherence to the risk appetite
- Drive a positive risk culture
- Link risk, capital management and business strategy with each other
- Enable understanding of key risk drivers
- Comprehensively assess the current risk profile and aid in forward looking risk management
- Help in the planning process, especially around capital management
- Provide insight on the robustness and efficacy of risk management processes, tools and controls
- Satisfy regulatory and ratings agencies requirements and facilitate constructive dialogue