ERM for solvency purposes is the coordination of risk management, strategic planning, capital adequacy, and financial efficiency in order to enhance sound operation of the insurer and ensure the adequate protection of policyholders. Capital adequacy measures the insurer’s assessment of residual risk of its business, after overlaying the mitigating financial effect of the insurer’s established risk management system. Any decision affecting risk management, strategic planning or capital would likely necessitate a compensating change in one or both of the other two. Successful implementation of ERM for solvency purposes results in enhanced insight into an insurer’s risk profile and solvency position that promotes an insurer’s risk culture, earnings stability, sustained profitability, and long-term viability, as well as the insurer’s ability to meet obligations to policyholders. Collectively practiced in the industry, ERM for solvency purposes supports the operation and financial condition of the insurance sector. These aspects of ERM should therefore be encouraged from a prudential standpoint.

The ERM framework for solvency purposes (ERM framework) is an integrated set of strategies, policies and processes, established by the insurer for an effective implementation of ERM for solvency purposes.

• Risk identification (including group risk and relationship between risks);
• Quantitative techniques to measure risk;
• Inter-relationship of risk appetite, risk limits and capital adequacy;
• Risk appetite statement;
• Asset-liability management, investment, underwriting and liquidity risk management policies;
• Own risk and solvency assessment (ORSA); and
• Recovery planning.

The ERM framework should be integrated within the insurer’s risk management system (see ICP 8 Risk Management and Internal Controls).

The ERM framework should enhance an insurer’s understanding of material risk types, their characteristics, interdependencies, and the sources of the risks, as well as their potential aggregated financial impact on the business for a holistic view of risk at enterprise level. Senior Management should exhibit an understanding of the insurer’s enterprise risk issues and show a willingness and ability to address those issues. A fundamental aspect of ERM is the development and execution of a consistent, transparent, deliberate, and systematic approach to manage risks, both individually and in aggregate, on an ongoing basis to maintain solvency and operation within the risk appetite and risk limits. ERM should be embedded in an insurer’s corporate culture to ensure that the whole organisation contributes to risk awareness, feedback loops and coordinated responses to risk management needs.

The objective of ERM is not to eliminate risk. Rather, it is to manage risks within a framework that includes self-imposed limits. In setting limits for risk, the insurer should consider its solvency position and its risk appetite. Risk limits should be set after careful consideration of strategic objectives, business plans and circumstances and should take into account the projected outcomes of scenarios run using a range of plausible future business assumptions which reflect sufficiently adverse scenarios. A risk limits structure is used to establish guardrails on an insurer’s risk profile to optimise its returns without endangering the ability of the insurer to meet its commitments to policyholders.

Some insurers may utilise internal models as part of their ERM process in order to generate sophisticated risk metrics to inform management actions and capital needs. Internal models may enhance risk management and embed risk culture in the insurer. They may provide a common measurement basis across all risks (eg same methodology, time horizon, risk measure, level of confidence) and strengthened risk-based strategic decision-making across the organisation. Such an approach typically adopts a total balance sheet approach whereby the impact of the totality of material risks is fully recognised on an economic basis. A total balance sheet approach reflects the interdependence between assets, liabilities, capital requirements and capital resources, and identifies the capital allocation sufficient to protect the insurer and its policyholders, as well as to improve capital efficiency.

The insurer should have adequate governance and internal controls in place for models used in the ERM framework. The calculation of risk metrics should be transparent, supportable, and repeatable.

An insurer should have contingency plans that describe in advance the necessary actions and resources to limit business disruption and losses resulting from an adverse financial event (such as risk exposures exceeding risk limits), or an operational event (such as a natural disaster). Contingency planning may include a recovery plan, when deemed necessary.