Solvency II requires insurers to prepare and implement assessments of the company’s own risks.
Under Pillar 2’s Own Risk and Solvency Assessment (ORSA), insurers are to define and create value for the stakeholders and embed an Enterprise Risk Management Frameworks into governance and decision making processes.
ORSA
requires a joint approach across the company as it encompasses the following:-
1. All pillars of Solvency II
2. Risk Outputs
3. Capital and Strategic Planning
4. Report to the Board on Company's Operation
5. Capital Requirements
6. Risk appetite and external environment.
I
will cover ORSA’s components, processes and how each stake holders contribute
in subsequent posts. This post will cover the scope and benefits of implementing an ERM framework.
ERM CAPABILITIES
To
fulfill the ORSA requirements, companies are to implement an Enterprise Risk
Management framework that is capable of the following:-
1. Quantify
potential risks under wide scope of outcomes (Qualitative as well as
Quantitative outcomes).
2. Identify and select most appropriate risks responses
(Avoidance, reduction, sharing and acceptance) for risk identified
3. Provide risks tolerance levels and buffers for daily
operations.
4. Response to changes made in the risk profile.
5. Generates
ORSA reports to Board.
6. Analyze capital requirements and assist in stress testing.
7.
Consist of existing policies and procedures in line with company’s size.
8. Aligning risk appetite set to the company’s strategy.
ERM BENEFITS
ERM provides the following benefits:-
1. Effective decision making against quantified risks
2. Decisions are mapped to high level strategic objectives
3. Unified compliance framework and reduce duplication.
4. Provide better governance, accountability, and audit trail
5. Better reporting to
senior management involving all parties and availability of monitoring the
turn-around-time.
ERM IMPLEMENTATIONS
Key processes to consider in implementing a risk management framework as part of an ERM framework.
1.Define
Conduct a gap analysis to identify the gaps and non-compliances.
Conduct a gap analysis to identify the gaps and non-compliances.
2. Design
Ensure risks related to non-compliance to regulatory requirements are identified, analyzed, and addressed. Quantified risks identified and tag with appropriate responses such as Mitigate, Accept, Share and Transfer.
Ensure risks related to non-compliance to regulatory requirements are identified, analyzed, and addressed. Quantified risks identified and tag with appropriate responses such as Mitigate, Accept, Share and Transfer.
3. Develop a reporting and governance requirement
Embed governance, risks reponses and compliance methodologies to overall control mechanisms to ensure adequate transparency, audit trail and reporting of results.
Embed governance, risks reponses and compliance methodologies to overall control mechanisms to ensure adequate transparency, audit trail and reporting of results.
4. Develop an internal control Framework
Ensure adequate input of regulatory requirements with corresponding risks and controls to ensure compliance.
Ensure adequate input of regulatory requirements with corresponding risks and controls to ensure compliance.
5. Deploy
Perform regular testing and review of the risk levels & internal controls indentifid for their effectiveness.
Perform regular testing and review of the risk levels & internal controls indentifid for their effectiveness.
CONCLUSION
ERM frameworks helps to embed compliance requirements into the business workflows and makes monitoring and decision making easier.
With an integrated compliance culture with business processes properly documented , the requirements or accountability and traceability can be easily mirrored and repeated with less concern on people risks
