Can ORSA Work For All Businesses?

In addition to impacting the way countless organizations conduct business, the 2008 financial crisis was an awakening for regulators charged with reviewing and setting the rules that shape the way organizations assume risk. Insurance, perhaps the riskiest business of them all, did not go unscathed.

Not only are insurers responsible for managing their own internal risks, but careful calculations and guidelines are built into their business models to ensure that the risks fall within set parameters. Regulators will argue, however, that this wasn’t always the case.

Own Risk Solvency Assessment (ORSA) was adopted and now serves as an internal process for insurers to assess their risk management processes and make sure that, under severe scenarios, they remains solvent.

U.S. insurers required to perform an ORSA must file a confidential summary report with their lead state’s department of insurance.  The assessment aims to demonstrate and document the insurer’s ability to:

  • Withstand financial and economic stress with a quantitative and qualitative assessment of exposures
  • Effectively apply enterprise risk management (ERM) to support decisions
  • Provide insights and assurance to external stakeholders

While ORSA is requirement for insurers, a new study by RIMS and the Property Casualty Insurers Association, Communicating the Value of Enterprise Risk Management: The Benefits of Developing an Own Risk and Solvency Assessment Report, maintains that ORSA can be used for all organizations looking to strengthen their ERM function.

According to the report:

Whether or not required by regulation or standard-setting bodies, documenting the following internal practices is a worthwhile endeavor for any company in any sector to utilize in their goal to preserve and create value:

  • Enterprise risk management capabilities

  • A solid understanding of the risks that can occur at catastrophic levels related to the chosen strategy

  • Validation that the entity has adequately considered such risks and has plans in place to address those risks and remain viable.

The connection between the ORSA regulation imposed on insurers and the development of an ERM program within an organization outside of the insurance industry is apparent.

ORSA and ERM both require the organization to strengthen communication between business functions. Breaking down those silos are key to uncovering business risk, but perhaps more importantly, is the interconnectedness of those risks.

Secondly, similar to ERM in non-insurance companies, ORSA requires risk management to document its findings, processes and strategies. Such documentation allows for the process of managing risks to be effectively communicated to operations, senior leadership, regulators and stakeholders. Additionally, documentation enhances monitoring efforts, the ability to make changes to the program and is a benefit that allows ERM to reach a “repeatable” maturity level as defined by the RIMS Risk Maturity Model.

Developing an ERM program has become a priority for many organizations as senior leaders recognize the value of having their entire organization thinking, talking and incorporating risk management into their work. Examining and implementing ORSA strategies can be an effective way for risk professionals to get their ERM program off the ground and operational.

Business Interruption Seen as Top Risk Globally

A survey of more than 1,200 risk managers and corporate insurance experts in over 50 countries identified business interruption as the top concern for 2017. According to the sixth annual Allianz Risk Barometer of top business risks, this is the fifth successive year that business interruption has been seen as the biggest risk.
top-10-risks

“Companies worldwide are bracing for a year of uncertainty,” Chris Fischer Hirs, CEO of AGCS said in a statement. “They are concerned about rather unpredictable changes in the legal, geopolitical and market environment around the world. A range of new risks are emerging beyond the perennial perils of fire and natural catastrophes and require re-thinking of current monitoring and risk management tools.”

While natural disasters and fires are what businesses fear most, non-damage events such as a cyber incident, terrorism or political violence resulting in denial of access are moving higher up on the scale, according to the report. These types of incidents can cause large loss of income to companies, without actual physical loss.

The second concern, market developments, could result from stagnant markets or M&As, or from digitalization and use of new technologies.

Cyberrisk, third on the list of perils, has jumped up from 15th place in just four years. Cyber was identified as the second concern in the United States and Europe.

According to Allianz:

The results indicate that cyber risk occupies a significant portion of a company’s exposure map. The risk now goes far and beyond the issue of privacy and data breaches. A single incident, be it a technical glitch, human error or an attack, can lead to severe business interruption, loss of market share and cause reputational damage. Of the top 10 global risks in the 2017 Allianz Risk Barometer, a cyber incident could be a potential root cause or trigger for 50% of them. In addition, the toughening of data protection regulation regimes around the world is also contributing to this risk being at the forefront of risk managers’ minds, as penalties for non-compliance are increasingly severe.

Fourth on the list, natural catastrophes added up to $150 billion in total economic losses in 2016—with insured losses accounting for $42 billion of those losses—up from $28 billion in 2015, according to the report. Businesses also are more concerned about the impact of climate change and increasing weather volatility year-on-year.

Trump outlook for 2017

“Opportunities and challenges,” says Ludovic Subran, head of Euler Hermes Economic Research and deputy chief economist of Allianz research. “Companies which are domestic, either a regional multinational or national, will benefit. However, the business environment for large multi-national corporations who do have global, strongly regionally diversified business models will be more challenging. Stronger regional interests will make the lives of companies more complicated as there will be increasing protectionist regulation.”

P&C Insurers Face Lower Profit Margins

High insured losses from natural catastrophes, challenges from the personal auto business and pricing competition will make it more difficult for the property and casualty industry to maintain the favorable underwriting results it has seen for the past three years, according to S&P Global Market Intelligence.

In its U.S. P&C Insurance Market Report, S&P predicts an increase in the industry’sDown chart2 statutory combined ratio to 99.5% in 2016 from 97.6% in 2015 and reduction of pretax returns on equity to 8.7% from 10.8%—or to 7.5% from 9.9% when adjusting for the impact of prior-year reserve development.

“Profit margins are projected to be much narrower than they have been in the last few years, unless something dramatic happens,” report authors Tim Zawacki, senior editor and Terry Leone, manager of insurance research at S&P Global Market Intelligence said in a statement. “While insurers have wisely accounted for the fact that they haven’t been able to depend on investment gains to subsidize underwriting losses, they still need to practice restraint as they seek growth.”

Commercial Lines
The commercial lines combined ratio is projected to increase to 95.1% from 93.4% for 2015, which represented the third-consecutive year that the measure of underwriting profitability had ranged between 93.3% and 93.5%.

According to the report, premium growth in the commercial lines has benefited from factors such as slow, but steady macroeconomic growth and rate increases in commercial auto business, offset by continued downward pressure on commercial property rates. The outlook anticipates that the 93.9% combined ratio in the workers compensation line in 2015—which marked the first sub-100% result in that business since 2006—will not be repeated and that historically favorable results of the past three years in commercial multiperil and the fire and allied lines will begin to normalize over time.

Factors such as abundant reinsurance capacity, favorable underwriting results and relatively high levels of capitalization have contributed to downward pressure on commercial lines rates. The outlook assumes that carriers will continue to exhibit discipline in their underwriting, as recent contractions in Treasury yields in the aftermath of the U.K.’s June Brexit vote offer a reminder of the reinvestment risk the industry continues to confront, in what remains a low-for-long interest rate environment, S&P said.

Key observations
• Reduced Profitability: The P&C industry’s pre-tax ROE is projected to decline about 2 percentage points in 2016 while its combined ratio, which measures expenses incurred relative to premiums earned, is projected to increase to 99.5%, the highest level since 2012.
• Increased Investment Risk: Declining Treasury yields in the aftermath of the U.K.’s Brexit referendum have reinforced the challenges the industry faces to earn reliable, low-risk investment income, putting additional pressure on underwriting discipline.
• Weak First Half: Large increases in the amount of insured catastrophe losses during the first half of 2016 will negatively impact loss ratios in several business lines that have produced historically favorable results during the past three years.
• Personal lines: Historically unfavorable results in the private-passenger auto business are projected to deteriorate further in 2016 as miles driven by Americans continue to rise due to low gas prices. They will begin to improve once broad-based rate increases fully take hold, but this will take some time.
• Financial Results Hinge on Auto Line Performance: Private auto lines accounted for 34.4% of the industry’s 2015 direct premiums and, as financials demonstrated, the performance of those lines have played a significant role on the fate of underwriting.
• Future Issues: Favorable reserve development, broad access to reinsurance capacity, and a series of benign hurricane seasons have provided tailwinds to the industry in recent years. But none of those elements will continue in perpetuity and the absence of any one of them could create additional hurdles for the industry from a profitability perspective in 2016 and beyond.

Internal Audit Role Expanding Further into Risk Areas

With more companies focusing on enterprise risk management and strategic risk, the role of internal auditors is being expanded to include risk identification and risk management, a study by the Institute of Internal Auditors (IIA) and Protiviti has found.

According to Relationships and Risk, Insights from Stakeholders in North America, the top three areas where respondents wish to expand the role of internal audit involve identifying and managing risk. Of 433 North American stakeholders surveyed, 85% said they want internal audit involved in identifying known and emerging risk areas; 78% would like to see internal audit facilitating and monitoring effective risk management practices by operational management; and 78% want audit to identify appropriate risk management frameworks, practices and processes.
IIA 2

The survey also found that 58% of stakeholders believe internal audit should be more active in assessing strategic risk.
IIA 1

When asked to choose the best avenues for internal audit to improve its role in responding to the organization’s strategic risks, stakeholders said:

  • Internal audit should focus on strategic risks as well as operational, financial, and compliance risks during audit projects.
  • Internal audit should periodically evaluate and communicate key risks to the board and executive management.

The report concluded that chief audit executives (CAEs) should consider methods to meet and surpass the needs and expectations of their stakeholders, including:

  • Focusing on risk activities—risk identification and management—when performing advisory services.
  • Demonstrating an understanding of strategic risks in all audit work. Educating stakeholders on ways you can give attention to nontraditional strategic risks.
  • Building soft skills. Communication and relationship building are needed to set priorities when there are competing expectations.