We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

ORSA Compliance: An Opportunity, Not An Obligation

Vote 0 Votes

Starting January 1, 2015, insurers across the United States are subject to a National Association of Insurance Commissioners (NAIC) model law requiring them to annually submit an Own Risk and Solvency Assessment (ORSA). ORSA is a self-assessment of sorts, requiring large and medium-size insurance groups* to report on their current and future risk management process.

ORSA Model Act outlines a few basic dimensions on which insurers will be analyzed. They include (1) effectiveness of risk management, (2) documentation of risk processes and results, (3) understanding of risk exposure and current/future solvency, and (4) the high-level annual report.

By nature, ORSA and ERM are inherently linked; as written on NAIC's website, "ORSA is not a one-off exercise--it is a continuous evolving process and should be a component of an insurer's enterprise risk-management (ERM) framework." The phrase not a one-off exercise here should be emphasized, as many organizations will likely approach ORSA with a dangerous 'check-the-box' mentality. Any company with this mindset sees ORSA as an obligation, and likely an annoyance.

In truth, ORSA provides a valuable opportunity for insurers to integrate risk management with a range of business processes, such as compliance with the NAIC's Model Audit Rule or even strategic planning. In doing so, insurers are able to take a mandatory compliance activity and turn it into a value-add for the business. The ability to align ORSA compliance with other business processes (i.e. IT Governance and Security, Business Continuity, etc.) increases efficiency in all of these areas, helping to build a robust ERM program. This consistency is what drives value from ERM, and has even proven to raise market value up to 25%.

But what about insurers without an ERM program? They may have the most to gain in the coming year; ORSA serves as a wake-up call, allowing them to structure an ERM framework around this new regulatory process to build a fully functional ERM program over time.

Like any organizational initiative, ORSA adherence comes with a series of challenges. These challenges include (1) managing across various stakeholders on the front line, (2) optimizing strategies across the organization, (3) centralized storage of risk management documentation, and (4) avoiding a check-the-box mentality. A risk management software can solve these challenges to greatly enhance the speed at which an ERM program will provide a return on investment. LogicManager offers a range of tools, including a risk maturity assessment and mentoring to relay successes and best practice.

ORSA is not just a year-end goal, so it should not be treated like a year-end task. The primary purpose of the process is to foster an effective level of ERM at insurance organizations. Companies with mature ERM programs will benefit by linking ORSA to an already comprehensive enterprise-wide approach to risk management.

To learn more about how your organization can prepare for ORSA compliance, download this complementary eBook titled 'ORSA Compliance: 5 Steps to Take in 2014' or watch the on-demand webinar here!


* Small insurers and insurance groups are generally exempt from the requirements of the Model Act. If an individual insurer has annual premiums of less than $500 million and belongs to a group with total annual premiums of less than $1 billion, both the individual insurer and its insurance group are exempt from ORSA requirements.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives