Approach
No. PC0055APP
Purpose
The Financial Services Regulatory Authority of Ontario’s[1] (“FSRA”) Own Risk and Solvency Assessment Guidance (“Guidance”) for Ontario-incorporated insurance companies and reciprocal exchanges (“Insurers”) sets out:
- FSRA’s approach to reviewing an Insurer’s Own Risk and Solvency Assessment (“ORSA”), which is used to determine the insurer’s supervisory target capital ratio and Internal Capital Target Ratio (“ICT”).
Scope
This Guidance[2] applies to Insurers, as defined above.
Rationale and background
FSRA’s 2023 Minimum Capital Test (“MCT”) Guideline (No. PC0047INT) sets out minimum capital requirements and requires that certain insurers set an ICT as an important aspect of prudent capital management.[3] This ratio is determined, “after considering its risk profile and plausible variations in capital and operating results which may arise (including due to stress), to thereby avoid supervisory intervention.”[4]
Adequate capital, including overall prudent capital management practices, is critical for the overall solvency, safety, soundness, and resilience of an Insurer. Under the Risk Based Supervisory Framework for Ontario incorporated Insurance Companies and Reciprocal Insurance Exchanges (“RBSF-I”), capital is assessed based on the effectiveness of the Board and senior management oversight, capital management processes and practices, and the appropriateness of its level and quality at current state and prospectively, under both normal and stressed conditions.
The quality, complexity, and frequency of an Insurer’s ORSA is commensurate with its size, complexity and risk profile. FSRA is publishing this Guidance to set out principles and intended outcomes in relation to prudent capital management and a comprehensive ORSA process.
The minimum capital and supervisory target capital may not cover every risk that an Insurer is exposed to and does not consider an Insurer’s individual circumstances and capital needs throughout the business cycle.
Insurers determine their own capital needs and establish their internal targets based on an internal assessment of all material risks and aligned with the Enterprise Risk Management (“ERM”) framework and other related controls and governance mechanisms. A comprehensive ORSA includes forward-looking stress testing, continuity analysis, and other contingency planning to ensure the Insurer can absorb shocks and unexpected losses and readily restore or improve the Insurer’s capital adequacy position. These resilience measures promote strong and sustainable Insurers and contribute to public confidence by facilitating the safety and soundness of Insurers.
An effective ORSA protects the rights and interests of consumers because Insurers that effectively manage their risks and maintain adequate capital above regulatory capital levels under a range of plausible adverse scenarios are more likely to maintain stability, long-term viability, and succeed, thereby contributing to public confidence in the insurance sector.
FSRA objects
This Guidance supports FSRA’s statutory objects under s. 3 of the Financial Services Regulatory Authority of Ontario Act, 2016 (the “FSRA Act”), including FSRA’s objects to:
- 3(1)(a) regulate and generally supervise the regulated sectors;
- 3(1)(b) contribute to public confidence in the regulated sectors;
- 3(1)(c) monitor and evaluate developments and trends in the regulated sectors;
- 3(1)(f) promote transparency and disclosure of information by the regulated sectors;
- 3(2)(a) promote high standards of business conduct;
- 3(2)(b) protect the rights and interests of consumers; and
- 3(2)(c) foster strong, sustainable, competitive, and innovative financial services sectors.
Definitions
Please note that throughout the Guidance:
- “Board” means an Insurer’s board of directors or a reciprocal insurance exchange’s advisory board;
- “Senior Management” means an officer as defined under s. 1(2)(a) -(b) of O. Reg. 123/08[5]; and
- “Oversight Functions” means an Insurer’s functions that are responsible for providing independent, enterprise-wide oversight to operational management for each significant activity of the Insurer, including the Insurer’s: actuarial, compliance, risk management, internal audit, Senior Management, and the Board.
Approach
This Guidance describes FSRA’s principles-based approach for assessing an Insurer’s ORSA, which supports prudent capital management. FSRA does not approve an Insurer’s ORSA, but it does assess how an Insurer determines its ICT using the principles and intended outcomes of this Guidance. The Guidance sets out principles and FSRA’s intended outcomes, that when achieved, can demonstrate overall effective capital management. FSRA will monitor and assess, as a part of its supervisory review, how effectively Insurers adopt these principles for the purposes of determining the overall risk rating (“ORR”) of an Insurer.
This includes the determination and/or assessment of:
- quality of controls and oversight (“QCO”) functions around capital management; and
- capital as a modifier on the summary residual risk (“SRR”) to determine an Insurer’s ORR.
Principles
FSRA will assess an Insurer’s ORSA in accordance with the following principles.
Principle 1: Governance and oversight
Outcomes: Sound governance and oversight functions provide effective oversight to the assessment of capital needs based on the Insurer’s risk profile in determining its Internal Capital Target.
I. Role of senior management and the Board
The Board of Directors carries out applicable expectations for the ORSA in line with the Corporate Governance Guidance for Ontario-incorporated Insurance Companies and Reciprocal Insurance Exchanges.
Senior Management understands the appropriateness and quality of the methods, techniques and tools used for developing the Insurer’s risk exposures and risk mitigants, and for ongoing risk management and oversight processes and how these relate to adequate capital levels.
II. Integration into the risk management and oversight process
Sound risk management and oversight functions assist an Insurer in performing an effective assessment of its own capital needs, in determining its Internal Targets and in assessing the adequacy of its current and likely future solvency position. This includes the availability of capital given the unique circumstances of the Insurer. In this context, the establishment of appropriate policies, procedures, systems, controls and personnel for identifying, analysing, assessing, monitoring and measuring its risk exposures can improve the quality and effectiveness of the ORSA.
The ORSA is a tool that strengthens the Insurer’s risk assessment, risk management and capital planning by assessing potential threats to an Insurer's capital and solvency positions. For example, the results of stressed scenario tests identify actions that could be taken either to lessen the likelihood of such threats occurring or to mitigate the impact of an adverse scenario.
Principle 2: Comprehensive identification and assessment of risks
Outcomes: The materiality of all known, reasonably foreseeable, emerging and other relevant risks, in both normal and stressed situations, are well identified, clearly defined and comprehensively assessed.
I. Scope
As part of the regular risk assessment cycle, an ORSA is performed regularly, for an Insurer to assess its risk profile, the adequacy of its ERM and its current, and likely future, solvency and liquidity positions. The ORSA considers exposure to group risk and is performed at a level consistent with the way its operations and material risks are managed.
An Insurer's identified risks evolve as its business activities and external environment evolve. Some risks can be broken down into other more discrete risks and may take different forms depending on the nature of the business and activities of an Insurer. An Insurer documents underlying assumptions, processes and key considerations regarding the drivers, assessment, measurement and mitigants in place for each risk.
At a minimum, the ORSA includes insurance risk, credit risk, market risk, operational risk, liquidity risk, concentration risk and other additional risks. The ORSA considers non-material risks that may become material and consequential. For example, risk categorisation or break down does not produce a lower assessment of own capital needs that would otherwise result if related risks were combined or aggregated.
II. ORSA and ERM
The existence of a robust ERM framework enhances the ability of an Insurer to effectively reflect risks in its ORSA. The ERM, along with related controls and governance mechanisms, and the ORSA are well integrated so that the information, analysis and results from both processes are consistent. The same is true for other processes that either feed into the ORSA or are impacted by ORSA results.
III. Integration with business and strategic planning
The ORSA is a forward-looking process. It is consistent with an Insurer's business and strategic planning and includes potential adverse capital impacts over an Insurer's planning horizon. An Insurer's ORSA process is also enhanced by consistency with and links to other management processes. For example, quantifiable estimates of risks that are used for ORSA purposes consistent with or feed into the decision-making process and, where appropriate, have other business uses.
Principle 3: Relating risk to capital
Outcomes: Internal Targets are based on capital needs to cover all risks without undue reliance on regulatory capital measures.
I. Assessing capital needs
In conducting an ORSA, it is important to determine if, for each risk, an explicit quantity of capital are held and how the results are aggregated. In doing so, Insurers' capital assessments reflect, in a manner appropriate to their unique profile, their choice of data sets, distributions, measures, confidence levels, time horizons, valuation approaches, financial tools and methodologies.
The approaches and tools used are calibrated to determine the total amount of capital needed to cover extremely severe losses. These losses, when aggregated, represent the Insurer's total quantity of capital that it needs to absorb the losses and be left with an equal amount of assets and liabilities.
II. Minimum capital requirements, supervisory targets and internal targets
Once an Insurer has determined its own capital needs, these initial results are assessed to determine if they are appropriate in relation to external or third-party capital expectations (securities, insurance or other regulators and credit rating agencies) including FSRA's expectation that Internal Targets exceed Supervisory Targets (see below).
III. Minimum capital requirements
The MCT Guideline prescribes the method for how an Insurer determines its capital requirements and provides a framework within which FSRA assesses whether an Insurer maintains adequate capital, including supervisory target capital. In relation to these capital requirements, FSRA has set minimum and target capital levels. These serve as a gauge of an Insurer’s regulatory capital adequacy and can trigger intervention actions.
The MCT Guideline establishes criteria and limits for determining the amount of an Insurer's qualifying regulatory capital available (“Capital Resources”). If an Insurer's Capital Resources are approached or were to fall below the minimum capital level requirement, FSRA will be concerned about the ongoing viability of the Insurer and/or the level of risk to policyholders and creditors.
IV. Supervisory capital target
FSRA uses an early intervention approach. This is partly addressed by establishing supervisory capital target levels (“Supervisory Targets”) above the minimum that provide an early signal, so that intervention will be timely and for there to be a reasonable expectation that actions can successfully address difficulties.
An Insurer whose Capital Resources approach or fall below the Supervisory Target will lead to an increased level of supervisory engagement, which may also be accompanied by an increased Intervention Level (“IL”).
The amount of Capital Resources is generally expressed as a percentage of the amount of an Insurer's capital requirements and compared to the above capital levels.
V. Internal targets
All risks specific to an Insurer cannot be explicitly addressed by the MCT Guideline and the Minimum and Supervisory Targets may not be tailored to individual Insurers' risk profiles. Hence, an Insurer uses its ORSA to determine its own capital needs and establish internal capital targets including its ICT.
FSRA understands that an Insurer's Capital Resource levels may fall below its Internal Target on unusual and infrequent occasions. If this happens or is anticipated to happen within two years, the insurer informs FSRA promptly and provides plans on how it expects to manage the risks and/or restore its Capital Resource levels to its Internal Target within a relatively short period of time. Calibrating operating capital targets above the ICT is considered a prudent practice to mitigate the possibility of falling below Internal Targets.
VI. Use of stress and scenario testing
In setting its Internal Target the Insurer assesses the adequacy of its Capital Resources for supporting its current risk profile and enabling it to continue its current operations in the normal course without including any additional capital not received, under varying degrees of stress and under a wind-up scenario. An Insurer includes the impact of a range or series of adverse scenarios (e.g. an economic downturn) of varying nature or severity and its ability to avoid supervisory interventions (i.e. not fall below its Supervisory Targets) or continue as a going concern (i.e. not fall below the Minimums).
This stress testing may be done more frequently than annually in combination with other stress testing expectations. The results of this stress testing, such as single and combined forward-looking stress and reverse stress tests, enhance the effectiveness of ORSA by direct incorporation, reference or other use in the setting of an Insurer's Internal Targets.
Principle 4: Monitoring and reporting
Outcomes: Relevant and accurate information is provided to support the determination of the Internal Capital Target on an ongoing basis.
An effective ORSA is clearly and formally documented in an ORSA report at least annually and more often if circumstances warrant, for example when there are changes to the insurer's risk profile or risk appetite.
This ORSA report contains sufficient information about the process, underlying principles, methodologies, key assumptions, key sensitivity information and overall results relative to the risk appetite, strategic and operational plans and capital management framework of the Insurer. The report is used by the Insurer to assess the appropriateness of the ORSA, including the overall results and the quality/composition of its capital, and confirm the Insurer's Internal Targets.
Senior Management receives regular and timely reports on the Insurer's risks and capital including a Key Metrics Report found at this link: Key Metrics Report – P&C insurers - Office of the Superintendent of Financial Institutions that compares actual capital amounts and ratios to Internal Targets. These reports allow Senior Management to, for example:
- Evaluate the level and trend of material risks and their potential effect on capital;
- Evaluate the sensitivity and reasonableness of assumptions used in the risk and capital assessment and measurement process;
- Determine that the Insurer holds sufficient capital in relation to established capital adequacy targets and goals (both internal and regulatory/external);
- Evaluate the adequacy of capital using stress tests and scenarios; and
- Assess future capital needs (e.g. dividend plans, issuance/retirement of capital instruments and capital fungibility constraints) and make any adjustments to the Insurer's strategic, capital and other plans, as necessary.
The monitoring and reporting process considers the current and forecast business environments are adjusted when appropriate so that capital remains adequate during periods when the Insurer is under stress and through entire business cycles.
Principle 5: Internal controls and objective review
Outcomes: A robust internal control structure assures the quality of the ORSA process, which includes an objective assurance of the methodologies and key assumptions for determining the Internal Targets in a manner proportionate to the Insurer’s risk profile.
An Insurer's internal control structure is essential to the quality of its ORSA. Senior Management reviews the method for monitoring and reporting on alignment with internal policies and the system for assessing and relating risks to the Insurer's own capital needs. Senior Management is satisfied that the Insurer's system of internal controls continues to be adequate for well-ordered and prudent business conduct, including the quality of its ORSA process.
In order to be effective and reflective of changes in the underlying risks, regular reviews of the ORSA are appropriate. Areas reviewed include, but are not limited to:
- Comprehensiveness and appropriateness of an Insurer's assessment process, given the Insurer's nature, size and complexity, and the soundness of the controls underpinning the ORSA process;
- Governance related to the assessment and review by the Insurer of group processes used in its operations, where the Insurer uses a group ORSA;
- Process for the identification of risks, large exposures, risk concentrations, dependencies and interactions;
- Appropriateness of the methodologies, distributions, measures, and completeness of financial and quantitative data inputs;
- Reasonableness and validity of the ORSA results, including the embedded assumptions and inputs from stress tests, scenarios, models, methodologies and tools used in the assessment process;
- Reasonableness of the individual risk and other components and overall ORSA results;
- Consistency of the ORSA results with an Insurer's risk limits and risk appetite;
- Appropriateness of the documentation that supports the ORSA and the contents of the ORSA report;
- Effectiveness of information systems that support the ORSA; and
- Consistency and linkages of the ORSA process and results with the risk management, strategic, business and capital planning processes.
The ORSA, including the ORSA report, is subject to periodic objective reviews. The objective review may be conducted by:
- an internal or external auditor;
- a skilled and experienced internal or external resource, or;
- an appropriately skilled and experienced individual,
who reports directly to, or is a member of the Board.
An objective reviewer is not responsible for and has not been actively involved in the part of ORSA that they review. For example, where the internal auditor is not otherwise involved in the process, the ORSA may be included in the internal audit plan so that it is covered within the audit cycle.
ORSA and FSRA’s RBSF-I
FSRA uses the RBSF-I to identify imprudent or unsafe business practices that may impact the Insurer’s members, subscribers, and policyholders and will intervene on a timely basis if warranted. FSRA exercises supervisory judgement to assess the most important risks posed by the Insurer to supervisory objectives and the extent to which the Insurer can identify, assess, and manage these risks as well as achieve resilience.
FSRA assesses capital adequacy at multiple levels. An Insurer maintains sufficient capital to meet both the minimum and supervisory target capital and to support its risk profile (i.e. inherent and residual risks of its significant activities and ORR).
FSRA may review the ORSA and upon request the ORSA report (and/or other supporting documentation) when assessing an Insurer’s risk profile. FSRA uses this to evaluate whether the ORSA is consistent with FSRA's understanding and assessment of the Insurer's risk appetite and risk profile.
The intensity and frequency of FSRA’s supervisory review with respect to an Insurer's ORSA is proportional to its size, complexity, and risk profile.
The supervisory review of the ORSA is not intended to dictate how an Insurer performs, uses, or reports on its ORSA. Rather, the supervisory review allows for dialogue between FSRA and the Insurer with respect to FSRA's assessment of inherent risks, residual risks, capital, ORR and an Insurer's ORSA. This may include:
- The approach, methodology, assumptions, data and other considerations supporting internal estimates of risks that are also explicitly captured in applicable regulatory capital guidelines;
- Risks not fully captured and/or not explicitly captured by applicable regulatory capital guidelines;
- External factors including stress testing, impact of economic cycles and other external risks;
- The level and quality of the Insurer's capital, and the quality of the assessment by the Insurer using a range of stress scenarios included or referenced in the ORSA;
- Limitations of the Insurer's ORSA;
- Other applicable regulatory requirements, expectations and market considerations;
- The identification of best practices and potential gaps arising from a cross-sector review of ORSA;
- How and to whom ORSA related information is communicated to; and
- How ORSA issues or limitations are shared with users and appropriately elevated to relevant parties within the Insurer.
In addition to quantitative efforts, expert judgement is expected to:
- Operationalize an Insurer's assessment and measurement of risks; and,
- Integrate results into the overall assessment of own capital needs and the determination of Internal Targets.
Effective date and future review
This decision became effective on [TBD] and will be reviewed no later than [TBD].
About this Guidance
This document is consistent with FSRA’s Guidance Framework. As Approach guidance, it describes FSRA’s internal principles, processes, and practices for supervisory action and application of CEO discretion where applicable. This Guidance may refer to compliance obligations but does not in and of itself create a compliance obligation
Appendix A: Illustrative ORSA report template for an Insurer
Section |
Summary description |
---|---|
Executive Summary |
|
ORSA process |
|
Governance |
|
Risk and strategy |
|
ORSA and ERM |
|
Risk Exposures |
|
Business projection and stress testing |
|
Minimum Capital Requirements and Capital Targets |
|
Solvency Assessment |
|
Internal Controls and Assurances |
|
Appendices and References |
Effective date: TBD
[1] Both the Chief Executive Officer of FSRA and FSRA may exercise regulatory authority under the Insurance Act. However, for the purposes of this Guidance, reference will only be made to FSRA as the Chief Executive Officer may delegate authority to FSRA staff, as permitted by s. 10(2.3) of the Financial Services Regulatory Authority of Ontario Act, 2016.
[2] The Guidance should be read in conjunction with: (a) FSRA’s 2023 Minimum Capital Test Guideline (No. PC0047INT) (the “MCT Guideline”), (b) the Approach Guidance on Risk Based Supervisory Framework for Ontario-incorporated Insurance Companies and Reciprocals (the “RBSF I”) (No. PC0045APP, (c) Operational Risk and Resilience Guidance for Ontario incorporated Insurance Companies and Reciprocal Insurance Exchanges, (d) Corporate Governance Guidance for Ontario-incorporated Insurance Companies and Reciprocal Insurance Exchanges, and (c) other applicable FSRA guidance and supporting publications on FSRA’s website.
[3] Please note that the MCT Guideline is not binding with respect to mutuals that are part of the Fire Mutual Guarantee Fund and reciprocal exchanges.
[4] Please refer to the MCT Guideline.
[5] An individual who must not be considered an officer of an Insurer in the circumstances described in clauses (1)-(2) of s. 1(3) of O. Reg. 123/08 is excluded from the Guidance’s definition of Senior Management.