ICP 16 Enterprise Risk Management for Solvency Purposes

The supervisor requires the insurer to establish within its risk management system an enterprise risk management (ERM) framework for solvency purposes to identify, measure, report and manage the insurer’s risks in an ongoing and integrated manner.


Enterprise risk management framework - risk identification


16.1

The supervisor requires the insurer’s ERM framework to provide for the identification of all reasonably foreseeable and relevant material risks and risk interdependencies for risk and capital management.



Enterprise risk management framework - quantitative techniques to measure risk


16.2
The supervisor requires the insurer’s ERM framework to:
  • provide for the quantification of risk and risk interdependencies under a sufficiently wide range of techniques for risk and capital management; and
  • as necessary, include the performance of stress testing to assess the resilience of its total balance sheet against macroeconomic stresses.


Enterprise risk management framework - Inter-relationship of risk appetite, risk limits and capital adequacy


16.3

The supervisor requires the insurer’s ERM framework to reflect the relationship between the insurer’s risk appetite, risk limits, regulatory capital requirements, economic capital and the processes and methods for monitoring risk.



16.3.1    

An insurer's ERM framework should reflect how its risk management coordinates with strategic planning and its management of capital (regulatory capital requirement and economic capital).

16.3.2    

As an integral part of its ERM framework, an insurer should also reflect how its risk management links with corporate objectives, strategy and current circumstances to maintain capital adequacy and solvency and to operate within the risk appetite and risk limits described in the risk appetite statement.

16.3.3    

An insurer’s ERM framework should use reasonably long time horizon, consistent with the nature of the insurer’s risks and the business planning horizon, so that it maintains relevance to the insurer's business going forward. This can be done by using methods (such as scenario models) that produce a range of outcomes based on plausible future business assumptions which reflect sufficiently adverse scenarios. The analysis of these outcomes may help the Board and Senior Management in strategic business planning.

16.3.4    

Risks should be monitored and reported to the Board and Senior Management, in a regular and timely manner, so that they are fully aware of the insurer's risk profile and how it is evolving and make effective decisions on risk appetite and capital management.

16.3.5    

Where internal models are used for business forecasting, the insurer should perform back-testing, to the extent practicable, to validate the accuracy of the model over time.

16.3.6    
The insurer’s ERM framework should note the insurer’s reinsurance arrangements and how they:
  • reflect the insurer’s risk limits structure;
  • play a role in mitigating risk; and
  • impact the insurer’s capital requirements.
The use of any non-traditional forms of reinsurance (eg finite reinsurance) should also be addressed.

Enterprise risk management framework - risk appetite statement


16.4
The supervisor requires the insurer to have a risk appetite statement that:
  • articulates the aggregate level and types of risk the insurer is willing to assume within its risk capacity to achieve its financial and strategic objectives, and business plan;
  • takes into account all relevant and material categories of risk and their interdependencies within the insurer’s current and target risk profiles; and
  • is operationalised in its business strategy and day-to-day operations through a more granular risk limits structure.


16.4.1    

An insurer’s risk appetite statement should include qualitative statements as well as quantitative measures expressed relative to earnings, capital, risk measures, liquidity and other relevant measures as appropriate.

16.4.2    
Qualitative statements should:
  • complement quantitative measures;
  • set the overall tone for the insurer’s approach to risk taking; and
  • articulate clearly the motivations for taking on or avoiding certain types of risks, products, jurisdictional/regional exposures, or other categories.

16.4.3    

Risk appetite may not necessarily be expressed in a single document. However the way it is expressed should provide the insurer’s Board with a coherent and holistic, yet concise and easily understood, view of the insurer’s risk appetite.

​16.4.4    
The supervisor should require risk capacity of the insurer to include the consideration of regulatory capital requirements, economic capital, liquidity and operational environment.

​16.4.5    
The risk appetite statement should give clear guidance to operational management on the level of risk to which the insurer is prepared to be exposed and the limits of risk to which they are able to expose the insurer. It should also be communicated across and within the insurer to facilitate entrenching the risk appetite into the insurer’s risk culture.

​16.4.6     
An insurer should consider how to embed these limits in its ongoing operations. This may be achieved by expressing limits in a way that can be measured and monitored as part of ongoing operations. Stress testing may provide an insurer with a tool to help ascertain whether the limits are suitable for its business.


Group perspectives


​16.4.7    
An insurance legal entity’s risk appetite statement should define risk limits taking into account all of the group risks it faces to the extent that they are relevant and material to the insurance legal entity.

​16.4.8     
When creating a risk limits structure at the insurance legal entity level, the entity’s Board and Senior Management should take into account risk limits at the group level.

​CF 16.4.a    
 The group-wide supervisor requires the group-wide ERM framework to establish and maintain processes to communicate its risk appetite internally and externally.

​CF 16.4.a.1    
 The granularity of disclosure may differ between internal and external communication.


Asset-liability management, investment, underwriting and liquidity risk management policies


16.5

The supervisor requires the insurer’s ERM framework to include an explicit asset-liability management (ALM) policy which specifies the nature, role and extent of ALM activities and their relationship with product development, pricing functions and investment management.


16.6
The supervisor requires the insurer’s ERM framework to include an explicit investment policy that:
  • addresses investment risk according to the insurer’s risk appetite and risk limits structure;
  • specifies the nature, role and extent of the insurer’s investment activities and how the insurer complies with regulatory investment requirements; and
  • establishes explicit risk management procedures with regard to more complex and less transparent classes of asset and investments in markets or instruments that are subject to less governance or regulation; and
  • as necessary, includes a counterparty risk appetite statement.


16.6.1    

An investment policy may set out the insurer’s strategy for optimising investment returns and specify asset allocation strategies and authorities for investment activities and how these are related to the ALM policy.

16.6.2    

The investment policy should address the safe-keeping of assets including custodial arrangements and the conditions under which investments may be pledged or lent.

16.6.3    

Credit risk should be considered in the investment policy.

16.6.4    
The investment policy should consider excessive asset concentration based on certain characteristics, including:
  • type of asset;
  • credit rating;
  • issuer/counterparty or related entities of an issuer/counterparty;
  • financial market;
  • sector; and
  • geographic area.

16.6.5    

It is important for the insurer to understand the source, type and amount of investment risk. For example, it is important to understand who has the ultimate legal risk or basis risk in a complex chain of transactions. Similar questions arise where the investment is via external funds, especially when such funds are not transparent.

16.6.6    

A number of factors may shape the insurer’s investment strategy. For insurers in many jurisdictions concentration risk arising from the limited availability of suitable domestic investment vehicles may be an issue. By contrast, international insurers’ investment strategies may be complex because of a need to manage or match assets and liabilities in a number of currencies and different markets. In addition, the need for liquidity resulting from potential large-scale payments may further complicate an insurer’s investment strategy.

16.6.7    

Where appropriate, the investment policy should outline how the insurer deals with inherently complex financial instruments such as derivatives, hybrid instruments that embed derivatives, private equity, hedge funds, insurance linked instruments and commitments transacted through special purpose entities. Complex or less transparent assets may present operational risks that are difficult to assess reliably, especially in adverse conditions.

16.6.8    

An effective investment policy and ERM framework should provide for appropriately robust models reflecting relevant risks of complex investment activities (including underwriting guarantees for such complex securities). There should be explicit procedures to evaluate non-standard risks associated with complex structured products, especially new forms of concentration risk that may not be obvious.

​16.6.9    
For complex investment strategies, the insurer’s investment policy and ERM framework may incorporate the use of stress testing and contingency planning to handle hard-to-model risks such as liquidity and sudden market movements. Trial operation of procedures may also be appropriate in advance of ‘live’ operation.

​16.6.10    
The insurer’s investment policy and ERM framework should be clear about the purpose of using derivatives and address whether it is appropriate for it to prohibit or restrict the use of some types of derivatives where, for example:
  • the potential exposure cannot be reliably measured;
  • closing out of a derivative is difficult considering the illiquidity of the market;
  • the derivative is not readily marketable as may be the case with over-the-counter instruments;
  • independent (ie external) verification of pricing is not available;
  • collateral arrangements do not fully cover the exposure to the counterparty;
  • the counterparty is not suitably creditworthy; and
  • the exposure to any one counterparty exceeds a specified amount.
These factors are particularly important for unregulated over-the-counter derivatives. The effectiveness of clearing facilities available may be a relevant consideration in assessing the counterparty risk associated with some types of over-the-counter derivatives, such as credit default swaps.

​16.6.11    
A counterparty risk appetite statement sets out the level of risk the insurer is willing to accept that a counterparty will be unable to meet its obligations as they fall due. This may impact the insurer’s financial position through, for example, reductions in fair value or impairment of investments, loss of reinsurance cover, open market exposures or the loss of securities that have been loaned.

​16.6.12     
In deciding whether it is necessary to require a counterparty risk appetite statement, the supervisor should take into account the size of the insurer’s counterparty exposures, both in absolute terms and relative to the insurer’s portfolio, according to the characteristics outlined in Guidance 16.6.4, as well as the complexity and form of these exposures. Particular attention should be paid to financial sector counterparties, as these counterparties may be more likely to contribute to the build-up of systemic risk. Attention should also be paid to off-balance sheet exposures or commitments, as these may be more likely to materialise during stress.

CF 16.6.a    
The group-wide supervisor requires the Head of the IAIG to establish and maintain a group-wide investment policy that sets criteria for investment quality and addresses the selection of, and exposure to, low-quality investments or investments whose security is difficult to assess.

​CF 16.6.a.1    
The group-wide investment policy should take into account the different regulatory investment requirements of the jurisdictions in which the IAIG operates.

​CF 16.6.b     
The group-wide supervisor requires the Head of the IAIG to:
  • set limits, or other requirements, in the group-wide investment policy so that assets are properly diversified and asset concentration risk is mitigated; and
  • have a counterparty risk appetite statement.

​CF 16.6.b.1     
The IAIG should avoid excessive concentrations in any particular:
  • type of asset;
  • credit rating;
  • issuer/counterparty or related entities of an issuer/ counterparty;
  • financial market;
  • sector; or
  • geographic area.

​CF 16.6.b.2    
To support the assessment of concentrations, the IAIG should analyse aggregate exposures to individual counterparties and to groups of related counterparties both at the legal entity level and group-wide level.

​CF 16.6.c    
 The group-wide supervisor requires the Head of the IAIG to establish criteria on intra-group investments in the group-wide investment policy.

​CF 16.6.c.1     
Criteria on intra-group investments should take into account, when appropriate:
  • liquidity;
  • contagion or reputational risk;
  • valuation uncertainty;
  • impact on capital resources;
  • nature of the IAIG’s business; and
  • financial condition of the individual legal entities.
The fact that intragroup investments may be subject to supervisory approval, in certain jurisdictions, does not remove the requirement for the Head of the IAIG to set its own criteria.

CF 16.6.d     
The group-wide supervisor requires the Head of the IAIG to monitor investments on a group-wide basis to identify levels of investment exposure that do not comply with the group-wide investment policy.

​CF 16.6.d.1     
Group-wide investment exposures that exceed limits, or any other non-compliance, should be reported to the IAIG Board and Senior Management upon identification. Reports to the IAIG Board and Senior Management should include material exposures that, even if within limits, could create financial difficulties within the IAIG if the value or liquidity of the investments decreases.

16.7
The supervisor requires the insurer’s ERM framework to include an underwriting policy that addresses the:
  • insurer’s underwriting risk according to the insurer’s risk appetite and risk limits structure;
  • nature of risks to be underwritten, including any material relationship with macroeconomic conditions; and
  • interaction of the underwriting strategy with the insurer’s reinsurance strategy and pricing.


16.7.1    
An underwriting policy should cover the underwriting process, pricing, claims settlement and expense control (where applicable and relevant to the expenses of the underwriting process). Such a policy may include:
  • the terms on which contracts are written and any exclusions;
  • the procedures and conditions that need to be satisfied for risks to be accepted;
  • additional premiums for substandard risks; and
  • procedures and conditions that need to be satisfied for claims to be paid.

16.7.2    
Control of expenses associated with underwriting and payment of claims is an important part of managing risk especially in conditions of high general rates of inflation. Inflation of claim amounts also tends to be high in such conditions for some types of risk. Insurers should have systems in place to control their expenses. These expenses should be monitored by the insurer on an ongoing basis.

16.7.3    
The underwriting policy should take into account the effectiveness of risk transfer. This includes ensuring that:
  • the insurer’s reinsurance programme provides coverage appropriate to its level of capital, the profile of the risks it underwrites, its business strategy and risk appetite; and
  • the risk will not revert to the insurer in adverse circumstances.

16.7.4    
In addressing the nature and amount of risks to be underwritten the underwriting policy should cover, at least:
  • product classes the insurer is willing to write;
  • relevant exposure limits (eg geographical, counterparty, economic sector); and
  • a process for setting underwriting limits.

16.7.5    
The underwriting policy should address the potential impact on the insurer’s financial position from material correlations between macroeconomic conditions and the insurance portfolio (for example by assessing the potential impact stemming from certain insurance products with embedded guarantees and options).

16.7.6    
The underwriting policy should address:
  • how an insurer analyses emerging risks in the underwritten portfolio; and
  • how emerging risks are considered in modifying underwriting practices.

​16.7.7     
The underwriting policy should describe interactions with the reinsurance strategy and associated credit risk, and should include details of the reinsurance cover of certain product classes or particular risks.

​CF 16.7.a    
The group-wide supervisor requires the Head of the IAIG to ensure that the IAIG implements its group-wide ERM framework by establishing procedures and monitoring practices for the use of sufficient, reliable and relevant data for its underwriting, pricing, reserving and reinsurance processes.

​Group-wide claims management policy

CF 16.7.b     
The group-wide supervisor requires the Head of the IAIG to establish and maintain a group-wide claims management policy, as part of the group-wide ERM framework, that includes procedures for:
  • claims estimation and settlement;
  • feedback into the group-wide underwriting policy and reinsurance strategy; and
  • claims data reporting for group analysis.

CF 16.7.b.1     
The group-wide claims management policy may establish procedures for:
  • delegations of authority for claims settlement;
  • criteria for accepting or rejecting claims; and
  • escalating claims.

​CF 16.7.b.2    
 A group-wide claims management policy should allow insurance legal entities to establish individual claims management policies and processes, adjusted to supervisory requirements and circumstances in their jurisdictions.

​CF 16.7.b.3    
 Escalating claims may include information about sudden increases in claim activity, delays in settlements and increased rejections.

​Group-wide strategy for reinsurance and other forms of risk transfer

CF 16.7.c     
The group-wide supervisor requires the Head of the IAIG to establish and maintain a group-wide strategy for reinsurance and other forms of risk transfer as part of the group-wide ERM framework that considers the following issues, as applicable:
  • the interaction with the group-wide risk and capital management strategies;
  • how the risk appetite is achieved, on both a gross limit and net retention basis;
  • the appetite for reinsurer credit risk, including approved security criteria for reinsurance transactions and aggregate exposure criteria to individual or related reinsurers;
  • the autonomy afforded to individual insurance legal entities to enter into “entity specific” reinsurance arrangements, and the management and the aggregation of these exposures in the group-wide context;
  • procedures for managing reinsurance recoverables, including required reporting from insurers;
  • intra-group reinsurance strategy and practice;
  • use of alternative risk transfer, including capital markets risk transfer products; and
  • effectiveness of risk transfer in adverse circumstances.​

​CF 16.7.c.1    
A strategy for other forms of risk transfer may include the use of capital markets risk transfer products (for example, insurance linked securities). Strategic considerations may include factors like the maturity of the capital markets offering such risk transfer products, regulatory approaches regarding the use of such risk transfer products, and overall mix of traditional reinsurance with other forms of risk transfer.

Group-wide actuarial policy​

CF 16.7.d     
The group-wide supervisor requires the Head of the IAIG to establish and maintain a group-wide actuarial policy, as part of the group-wide ERM framework, that consists of a set of group-wide practice standards, covering at least:
  • the process to assess the appropriateness, at the group-wide level, of the data, methodologies and underlying models used, as well as the assumptions made in the calculation of technical provisions;
  • the process to calculate reinsurance recoverable assets taking into account the design of the reinsurance programme under the reinsurance strategy of the IAIG; and
  • model risk management of internal models that generate actuarial and financial projections for solvency purposes.

​CF 16.7.d.1     
The group-wide practice standards comprising the group-wide actuarial policy should:
  • be compliant with applicable laws and regulations, accounting regime, and professional actuarial standards;
  • formalise materiality thresholds to trigger higher levels of management actions to ensure well-governed activities;
  • provide for a data validation process that supports actuarial activities to ensure data quality, comprehensiveness, granularity and timeliness;
  • provide a framework for determining assumptions used in valuations, including a process of incorporating the experience of the IAIG and its insurance legal entities, as well as a process of developing assumptions if the IAIG does not have enough experience in a particular business line or market;
  • articulate model validation and maintenance procedure to ensure that model usage and model modifications align with the risk appetite and risk limits structure; and
  • create consistent management information requirements from in-depth reviews and monitoring of actuarial activities.

​CF 16.7.d.2    
The group-wide actuarial policy should contain practice standards to raise awareness of matters that have, or are likely to have, a materially adverse effect on the solvency, reserves or financial condition of one of the insurance legal entities, or the IAIG as a whole. Such standards would prompt the group-wide actuarial function to inform the relevant Board, Senior Management or Key Persons in Control Functions, as appropriate, for suitable action (see ICP 8 Risk Management and Internal Controls).

​CF 16.7.d.3    
Differences in reporting may exist at the insurance legal entity level to comply with jurisdictional requirements. The group-wide actuarial policy should focus on group-wide reporting requirements, both for internal management purposes and for reporting and disclosure purposes. The group-wide reporting should reflect jurisdictional differences.

​CF 16.7.d.4    
The group-wide actuarial policy should require an assessment of the consistency of the base assumptions used to derive technical provisions compared to those used to derive capital requirements, economic capital models, or the forward-looking view in the ORSA. Such an assessment of consistency may provide insight as to the coherence of the base assumptions and those applied in stress conditions.

​CF 16.7.e    
The group-wide supervisor requires the group-wide actuarial function, as part of the group-wide ERM framework, to report (whether certified or not) to the IAIG Board annually on at least the following:
  • a prospective actuarial analysis of the financial condition of the IAIG which goes beyond the current balance sheet of the IAIG;
  • the reliability and sufficiency of the technical provisions;
  • ​the adequacy of reinsurance credit for technical provisions; and
  • ​consideration of non-insurance legal entities and non-regulated legal entities.

​CF 16.7.e.1     
The group-wide actuarial function should provide the IAIG Board an actuarial analysis of the current and future financial condition of the IAIG given recent experience and the group-wide policies for underwriting, claims management and investment and the group-wide reinsurance strategy.

CF 16.7.e.2    
The group-wide actuarial function may use the underlying actuarial reports submitted by the individual insurance legal entities as input to its annual reporting to the IAIG Board. Further examples of issues that could be addressed include:
  • the assumptions used by all of the insurance legal entities in the group and the consolidation/aggregation method applied at the group level;
  • the methodologies used to determine current estimates by each insurance legal entity and the consolidation/ aggregation method applied at the group level;
  • the methodologies used to determine the margin over current estimate by each insurance legal entity and the consolidation/aggregation method applied at the group level;
  • the availability and appropriateness of data used in valuations;
  • back-testing of assumptions and valuations;
  • uncertainty in current estimates used by both insurance legal entities and at the consolidated/aggregated group level;
  • the adequacy of pricing, taking into account the underwriting policies, at the appropriate unit level, the insurance legal entity level and the group level;
  • the performance of the IAIG's insurance portfolios and analysis of any changes in business volumes, exposures, claims experience, mix of business and pricing during the year;
  • asset-liability management under the group-wide investment policy;
  • suitability and adequacy of reinsurance or other forms of risk transfer arrangements, taking into account the strategies for underwriting and claims management, as well as the overall financial condition and risk appetite of the IAIG; and
  • the extent of reliance on the values provided by non-insurance legal entities.

16.8

The supervisor requires the insurer’s ERM framework to address liquidity risk and to contain strategies, policies and processes to maintain adequate liquidity to meet its liabilities as they fall due in normal and stressed conditions.


16.8.1    
When analysing its liquidity profile, the insurer should assess the liquidity of both its assets and liabilities. The insurer should consider, where applicable, issues such as:
  • market liquidity in normal and stressed conditions, quality of assets and its ability to monetise assets in each situation
  • characteristics of insurance contracts that may affect policyholder behaviour around lapse, withdrawal or renewal;
  • adverse insurance events that may trigger short-term liquidity needs, including catastrophes;
  • non-insurance activities such as margining or posting collateral for derivatives contracts, securities lending or repurchase agreements; and
  • contingent sources of liquidity (including committed lines of credit or future premium income) and whether these would be available in stressed conditions.

16.8.2    

An insurer should have well-defined processes and metrics in place, which may be simple or more advanced depending on its activities, to assess its liquidity position at different time horizons on a regular basis. An insurer’s liquidity analysis should cover both normal and stressed market conditions. The insurer should assess the results of such analysis in light of its risk appetite.

16.8.3    
Upon the supervisor’s request, the insurer should report its liquidity risk management processes and analysis, including key assumptions or metrics.


Group perspectives


16.8.4    
An insurance group’s assessment should result in a coherent view of liquidity risk across legal entities within the group. For example, where an individual legal entity relies on the head of the group for funding, this should be accounted for in both the individual legal entity’s and the head of the group’s liquidity analysis.

16.8.5    
When analysing its liquidity position, an insurance group may use different scenarios and analyses on a legal entity level and group-wide level where appropriate. Such scenarios should take into account that circumstances may differ between individual legal entities and the group as a whole.

16.9
The supervisor requires, as necessary, the insurer to establish more detailed liquidity risk management processes, as part of its ERM framework, that include:
  • liquidity stress testing;
  • maintenance of a portfolio of unencumbered highly liquid assets in appropriate locations;
  • a contingency funding plan; and
  • the submission of a liquidity risk management report to the supervisor.


16.9.1    
Liquidity risk increases as the imbalance between liquidity sources and needs grows, for instance due to liquidity transformation. Unexpected liquidity needs could be generated by, for example:
  • derivatives, particularly any collateral or margin that needs to be posted for mark-to-market declines in the value of the contract;
  • securities financing transactions, including repurchase agreements and securities lending
  • insurance products that contain provisions that allow a policyholder to withdraw cash from the policy with little notice or penalty; and
  • insurance products covering natural catastrophes.
These activities may contribute to systemic risk when not properly managed, for instance when funds received from short-term securities lending or repurchase agreements or balances from more liquid insurance products are invested in illiquid assets.

16.9.2    
Some insurers are required to establish more detailed liquidity risk management processes as compared to those processes set out in Standard 16.8. More detailed liquidity risk management processes are intended to help the insurer with its risk management. Additionally, the measures may provide the supervisor with a view on vulnerabilities that may cause funding shortfalls in stress.

16.9.3    
Liquidity stress testing is a forward looking risk management tool to reveal vulnerabilities in the insurer’s liquidity profile and provide information on its ability to meet liabilities as they fall due. A portfolio of unencumbered highly liquid assets may provide a source of liquidity for the insurer to meet its liabilities as they fall due. A contingency funding plan, describing the strategies for addressing liquidity shortfalls in stress situations, may assist the insurer in addressing an unforeseen stress situation, where its liquid assets are insufficient or unexpectedly become illiquid. A liquidity management report could assist the insurer and the supervisor to address shortcomings in the insurer’s risk management by laying out details of its liquidity risk management in an accessible format.

16.9.4    
In deciding whether it is necessary to require more detailed liquidity risk management processes, and the intensity of such processes, the supervisor should take into account the nature, scale and complexity of the insurer’s activities that lead to increased liquidity risk exposure as well as the risk amplification effects related to the size of the insurer. Increased liquidity risk exposure may depend on, for example, the magnitude of potential collateral or margin calls from derivatives or other transactions, the use of securities financing transactions or the characteristics of insurance contracts that may affect policyholder behaviour around lapse, withdrawal or renewal.

16.9.5    
The supervisor may increase or decrease the intensity of these requirements by, for example, varying the frequency, scope and granularity of liquidity stress testing, the proportion of various types of highly liquid assets allowed in the portfolio or the form and level of detail in the contingency funding plan and liquidity risk management report.

16.9.6    
Where an insurer is required to establish more detailed liquidity risk management processes, the supervisor should assess the effectiveness of their implementation, including the interaction with existing control mechanisms. Additionally, the supervisor should evaluate the quality and quantity of the assets that the insurer includes in its portfolio of highly liquid assets in light of the liquidity characteristics of its activities. The supervisor may develop its own, general, criteria for highly liquid assets.

CF 16.9.a    
The group-wide supervisor requires the Head of the IAIG to assess the IAIG’s resilience against severe but plausible liquidity stresses to determine whether current exposures are within the IAIG’s liquidity risk appetite.

CF 16.9.a.1    
Forward-looking risk assessments should be done through scenario analysis or stress testing to reveal vulnerabilities in an IAIG’s liquidity profile and should be performed for material legal entities and the IAIG as a whole.

CF 16.9.a.2    
Depending on its business model, an IAIG may be vulnerable to different liquidity stresses than other insurers. Certain activities may contribute to larger or less predictable liquidity needs. The group-wide supervisor should therefore consider the nature, scale, and complexity of the IAIG’s activities that lead to increased liquidity risk exposure as well as the risk amplification effects related to the size of the IAIG when setting its expectations of the IAIG’s stress testing. The group-wide supervisor may, based on these considerations, vary the frequency, scope and granularity of liquidity stress testing.

CF 16.9.a.3    
The group-wide supervisor may suggest the IAIG include in its assessment certain stresses that have been informed by the group-wide supervisor’s macroprudential surveillance (ICP 24 Macroprudential Supervision).

CF 16.9.a.4    
The IAIG may consider the following when designing severe but plausible stresses:
  • exposure to insurable events;
  • withdrawals from, and run-offs of, insurance policies;
  • contingent off-balance sheet exposures;
  • the impact of a deterioration in the IAIG’s credit rating;
  • the ability to transfer liquidity between legal entities and between jurisdictions;
  • currency convertibility and access to foreign exchange markets;
  • reductions in the ability to access secured and unsecured wholesale funding; and
  • the correlation and concentration of funding sources.

CF 16.9.a.5    
The IAIG may consider the impact of chosen stresses on the appropriateness of its assumptions relating to:
  • correlations between funding markets;
  • the effectiveness of diversification across its chosen sources of funding;
  • additional margin calls and collateral requirements;
  • reliance on committed lines of credit;
  • estimates of future balance sheet growth and premium income;
  • the continued availability of market liquidity, including in currently highly liquid markets;
  • ability to access secured and unsecured funding; and
  • currency convertibility.

CF 16.9.a.6    
The IAIG should evaluate its cash inflows (sources) and cash outflows (needs) under stress scenarios and determine its stressed liquidity position, ie its net stressed cash outflows.

CF 16.9.b    
The group-wide supervisor requires the Head of the IAIG to establish and maintain an adequate level of unencumbered highly liquid assets in appropriate locations.

CF 16.9.b.1    
The IAIG should maintain adequate liquidity to meet its liabilities as they fall due in normal and stressed conditions. Where stress scenarios reveal stressed cash outflows that exceed stressed cash inflows, the IAIG should hold unencumbered highly liquid assets, with appropriate haircuts, of sufficient value to meet excess stressed cash outflows.

CF 16.9.b.2    

The group-wide supervisor should consider the results of the IAIG’s stress testing or scenario analysis when assessing the quality and quantity of the assets that the IAIG considers to be highly liquid assets.

Where an IAIG is subject to significant short-term liquidity needs (for example daily or weekly) the supervisor may require higher quality assets than an IAIG subject to longer-term needs. The group-wide supervisor may also require an IAIG with larger or less predictable stressed liquidity needs to hold a larger amount of highly liquid assets than an IAIG with smaller and more consistent liquidity needs.

 

CF 16.9.b.3    
The IAIG should be able to demonstrate to the group-wide supervisor the liquidity of any assets it considers highly liquid assets in its liquidity risk management report.

CF 16.9.b.4    
To promote their usability, assets that the IAIG relies on for liquidity should be free of legal, regulatory, contractual or other restrictions on the ability of the IAIG to liquidate, sell, transfer, or assign the assets (ie unencumbered).

CF 16.9.b.5    
The Head of the IAIG should ensure that its portfolio of highly liquid assets is sufficiently diversified. This may include looking through to the underlying assets to determine the extent of concentration risk. The Head of the IAIG should also consider whether it holds a substantial share of the market for a particular instrument, counterparty or asset class to assess if the market would be able to bear the IAIG’s sales and whether market reaction would not adversely impact the IAIG’s ability to monetise its assets as planned.

CF 16.9.b.6    
The Head of the IAIG should consider the marketability and realisability, including as acceptable collateral, of its highly liquid assets by taking into account factors such as market depth and access, monetisation timelines (for example delays in finding a willing buyer, time to settlement) and the likelihood and extent of forced-sale losses. In stressed market conditions, it may not be feasible to value properly or sell some types of assets or to do so without a significant loss in value.

CF 16.9.b.7    
Liquidity is not always freely transferable within a group when needed. The Head of the IAIG should ensure that liquidity is available to legal entities within the group when needed, subject to any applicable legal, regulatory or operational constraints, including cross-border constraints.

CF 16.9.b.8    
The minimum criteria for determining asset liquidity may be addressed in the group-wide investment policy or a separate liquidity policy.

CF 16.9.c    
The group-wide supervisor requires the Head of the IAIG to maintain a contingency funding plan to respond to liquidity stress events.

CF 16.9.c.1    
The group-wide supervisor should consider the nature, scale, and complexity of the IAIG’s activities that lead to increased liquidity risk exposure, as well as the risk amplification effects related to the size of the IAIG, when setting its expectations of the IAIG’s contingency funding plan requirements. This includes the form and level of detail of the contingency funding plan and the frequency for reviewing and updating the plan. The group-wide supervisor’s expectations may be informed by the IAIG’s liquidity stress testing or scenario analysis, which may reveal funding sources most likely to be impacted during stress and those on which the IAIG is most reliant. The group-wide supervisor may consider requiring a more detailed or frequently updated plan from an IAIG with more unpredictable cash inflows and outflows or where cash inflows and outflows are more significantly impacted by the IAIG’s liquidity stress tests or scenario analysis.

CF 16.9.c.2    
A contingency funding plan describes the strategies for addressing liquidity shortfalls in stress situations, including the methods that the IAIG would use to access alternative sources of funding.

CF 16.9.c.3    
A contingency funding plan should include quantitative metrics that the IAIG would use to identify a liquidity stress event, including the level and nature of the effect it would have on the IAIG’s liquidity position and on sources of available funding.

CF 16.9.c.4    
A contingency funding plan should outline the strategies, policies and processes to manage a range of stresses. The plan should establish a clear allocation of roles and clear lines of management responsibility. The plan should define procedures for identifying early warning indicators for potential liquidity stress events that are based on the features of the IAIG’s business.

CF 16.9.c.5    
The supervisor may allow the IAIG’s contingency funding plan to be developed as part of a recovery plan.

CF 16.9.d    
The group-wide supervisor requires the Head of the IAIG to report, at least annually, on its management of liquidity risk. The report includes at least the following:
  • a liquidity risk appetite statement;
  • established liquidity risk limits;
  • a discussion of the current liquidity position of the IAIG in relation to its liquidity risk appetite and limits;
  • a summary of strategies, policies and processes that the IAIG has in place to manage liquidity risk;
  • a discussion of potential vulnerabilities in the IAIG’s liabilities as well as the means of enhancing the liquidity position; and
  • the IAIG’s approach to, and results of, liquidity stress testing.

CF 16.9.d.1    
The group-wide supervisor should consider the nature, scale, and complexity of the IAIG’s activities that lead to increased liquidity risk exposure as well as the risk amplification effects related to the size of the IAIG when setting liquidity reporting requirements, including the level of detail of the report and the frequency for reviewing and updating the report. The supervisor may determine that the reporting requirement is satisfied by reference to other risk management policies, risk reporting and/or the ORSA report.

CF 16.9.d.2    
The summary of strategies, policies and processes should discuss any metrics the IAIG uses to identify, measure, monitor, and control liquidity risk as well as how the results from the liquidity stress testing are incorporated into day-to-day management of the IAIG. The Head of the IAIG should have a process in place to discuss the results and take the necessary actions.


Own risk and solvency assessment (ORSA)


16.10
The supervisor requires the insurer to perform regularly its own risk and solvency assessment (ORSA) to assess the adequacy of its risk management and current, and likely future, solvency position.


16.10.1    

The insurer should document the main outcomes, rationale, calculations and action plans arising from its ORSA.

16.10.2    
ORSAs should be largely driven by how an insurer is structured and how it manages itself. The performance of an ORSA at the insurance legal entity level does not exempt the group from conducting a group-wide ORSA.

16.11
The supervisor requires the insurer’s Board and Senior Management to be responsible for the ORSA.


16.12
The supervisor requires the insurer’s ORSA to:
  • encompass all reasonably foreseeable and relevant material risks including, at least, insurance, credit, market, concentration, operational and liquidity risks and (if applicable) group risk; and
  • identify the relationship between risk management and the level and quality of financial resources needed and available 
and, as necessary:
  • assess the insurer’s resilience against severe but plausible macroeconomic stresses through scenario analysis or stress testing; and
  • assess aggregate counterparty exposures and analyse the effect of stress events on material counterparty exposures through scenario analysis or stress testing.


ORSA - economic and regulatory capital


16.13
The supervisor requires the insurer to:
  • determine, as part of its ORSA, the overall financial resources it needs to manage its business given its risk appetite and business plans;
  • base its risk management actions on consideration of its economic capital, regulatory capital requirements, financial resources, and its ORSA; and
  • assess the quality and adequacy of its capital resources to meet regulatory capital requirements and any additional capital needs.


ORSA - continuity analysis


16.14
The supervisor requires:
  • the insurer, as part of its ORSA, to analyse its ability to continue in business, and the risk management and financial resources required to do so over a longer time horizon than typically used to determine regulatory capital requirements; and
  • the insurer’s continuity analysis to address a combination of quantitative and qualitative elements in the medium and longer-term business strategy of the insurer and include projections of its future financial position and analysis of its ability to meet future regulatory capital requirements.


Capital planning and forward-looking perspectives


16.14.1    
An insurer should be able to demonstrate an ability to manage its risk over the longer term under a range of plausible adverse scenarios. An insurer’s capital management plans and capital projections are therefore key to its overall risk management strategy. These should allow the insurer to determine how it could respond to unexpected changes in market and economic conditions, innovations in the industry and other factors such as demographic, legal and regulatory, medical and social developments.

16.14.2    
Where appropriate, the supervisor should require an insurer to undertake periodic, forward-looking continuity analysis and modelling of its future financial position including its ability to continue to meet its regulatory capital requirements in future under various conditions. Insurers should ensure that the capital and cash flow projections (before and after stress) and the management actions included in their forecasts are approved at a sufficiently senior level.

16.14.3    
In carrying out its continuity analysis, the insurer should also apply reverse stress testing to identify scenarios that would be the likely cause of business failure (eg where business would become unviable or the market would lose confidence in it) and the actions necessary to manage this risk.

16.14.4    
As a result of continuity analysis, the supervisor should encourage insurers to maintain contingency plans and procedures. Such plans should identify relevant countervailing measures and off-setting actions they could realistically take to restore/improve the insurer’s capital adequacy or cash flow position after some future stress event and assess whether actions should be taken by the insurer in advance as precautionary measures.


Projections


16.14.5    
A clear distinction should be made between the assessment of the current financial position and the projections, stress testing and scenario analyses used to assess an insurer’s financial condition for the purposes of strategic risk management, including maintaining solvency. The insurer’s continuity analysis should help to ensure sound, effective and complete risk management processes, strategies and systems. It should also help to assess and maintain on an ongoing basis the amounts, types and distribution of financial resources needed to cover the nature and level of the risks to which the insurer is or may be exposed to and to enable the insurer to identify and manage all reasonably foreseeable and relevant material risks. In doing so, the insurer assesses the impact of possible changes in business or risk strategy on the level of economic capital needed as well as the level of regulatory capital requirements.

16.14.6    
Such continuity analysis should have a time horizon needed for effective business planning (for example, 3 to 5 years), which is longer than typically used to determine regulatory capital requirements. It should also place greater emphasis than may be considered in regulatory requirements on new business plans and product design and pricing, including embedded guarantees and options, and the assumptions appropriate given the way in which products are sold. The insurer’s current premium levels and strategy for future premium levels are a key element in its continuity analysis. In order for continuity analysis to remain meaningful, the insurer should also consider changes in external factors such as possible future events including changes in the political or economic situation.


Link with business strategy


16.14.7    
Through the use of continuity analysis an insurer should be better able to link its current financial position with future business plan projections and ensure its ability to maintain its financial condition in the future. This may help the insurer to further embed its ERM framework into its ongoing and future operations.

16.14.8    
An internal model may also be used for the continuity analysis, allowing the insurer to assess the capital consequences of strategic business decisions in respect of its risk profile. For example, the insurer may decide to reduce its capital requirement through diversification by writing different types of business in order to reduce the capital that is needed to be held against such risks, potentially freeing up resources for use elsewhere. This process of capital management may enable the insurer to change its capital exposure as part of its long-term strategic decision making.

16.14.9    
As a result of such strategic changes, the risk profile of an insurer may alter, so that different risks should be assessed and quantified within its internal model. In this way, an internal model may sit within a cycle of strategic risk and capital management and provide the link between these two processes.


Group perspectives


16.14.10    
An insurance group should analyse its ability to continue in business and the risk management and financial resources it requires to do so. The insurance group’s analysis should consider its ability to continue to exist as an insurance group, potential changes in group structure and the ability of its legal entities to continue in business.

16.14.11    
An insurance legal entity’s continuity analysis should assess the ongoing support from the group including the availability of financial support in adverse circumstances as well as the risks that may flow from the group to the insurance legal entity. The insurance legal entity and the insurance group should both take into account the business risks they face including the potential impact of changes in the economic, political and regulatory environment.

16.14.12    
In their continuity analysis, insurance groups should pay particular attention to whether the insurance group will have available cash flows (eg from surpluses released from long-term funds or dividends from other subsidiaries) and whether they will be transferable among legal entities within the group to cover any payments of interest or capital on loans, to finance new business and to meet any other anticipated liabilities as they fall due. Insurance groups should outline what management actions they would take to manage the potential cash flow implications in stressed conditions (eg reducing new business or cutting dividends).

16.14.13    
The insurance group’s continuity analysis should also consider the distribution of capital in the insurance group after stress and the possibility that subsidiaries within the insurance group may require re-capitalisation (either due to breaches of local regulatory requirements, a shortfall in economic capital, or for other business reasons). The assessment should consider whether sufficient sources of surplus and transferable capital would exist elsewhere in the insurance group and identify what management actions may need to be taken (eg intra-group movements of resources, other intra-group transactions or group restructuring).

16.14.14    
The insurance group should also apply reverse stress testing to identify scenarios that could result in failure or cause the financial position of the insurance group to fall below a predefined level and the actions necessary to manage this risk.


Recovery Planning


16.15
The supervisor requires, as necessary, insurers to evaluate in advance their specific risks and options in possible recovery scenarios.


16.15.1    
The supervisor may require an insurer to produce a recovery plan that identifies in advance options to restore the financial position and viability if the insurer comes under severe stress (see Application Paper on Recovery Planning). In deciding whether it is necessary to require a recovery plan, and the form, content and level of detail of such recovery planning, the supervisor should take into account, for example, the insurer’s complexity, systemic importance, risk profile and business model. A recovery plan is intended to serve the insurer as an aid to sound risk management. Additionally, if the insurer comes under severe stress, a plan may serve the supervisor as valuable input to any necessary supervisory measures.

16.15.2    
The supervisor should require the insurer to provide the necessary information to enable the supervisor to assess the robustness and credibility of any recovery plan required. If the supervisor identifies material deficiencies in the plan, it should provide feedback and require the insurer to address these deficiencies.

16.15.3    
The supervisor should require the insurer to review any recovery plan required on a regular basis, or when there are material changes to the insurer’s business, risk profile or structure, or any other change that could have a material impact on the recovery plan, and to update it when necessary.

CF 16.15.a    
The group-wide supervisor requires the Head of the IAIG to:
  • develop a recovery plan that identifies in advance options to restore the financial position and viability;
  • review and update the recovery plan on a regular basis, or when there are material changes; and
  • take actions for recovery if the IAIG comes under severe stress.

CF 16.15.a.1    
The group-wide supervisor should consider the IAIG’s nature, scale, and complexity when setting recovery plan requirements, including the form, content and detail of the recovery plan and the frequency for reviewing and updating the plan.

CF 16.15.a.2    
Recovery planning is the responsibility of the IAIG. The IAIG should be able to take timely actions for recovery, in particular when any pre-defined criteria are met that trigger the activation of the recovery plan.

CF 16.15.a.3    
A recovery plan developed by the IAIG should cover all material legal entities within the group.

CF 16.15.a.4    
A recovery plan should serve as a guide for the IAIG to plan and manage severe stress scenarios, although the actual nature and timing of recovery actions will depend on the circumstances.

CF 16.15.a.5    
The IAIG should ensure that:
  • it has a robust governance structure and sufficient resources to support the recovery planning process, which includes clear allocation of responsibilities; and
  • recovery planning is integrated into the IAIG’s overall governance processes.

CF 16.15.a.6    
A recovery plan is an integral part of the risk management process of an IAIG, aimed at identifying actions to be taken in severe stress scenarios that pose a serious risk to the viability of the IAIG, or any material part of its insurance business. A recovery plan describes if and how the IAIG would:
  • discontinue or divest certain portfolios, business lines, legal entities, or other services; and/or
  • continue operating certain lines of insurance business while restructuring or running off its discontinued business lines in an orderly fashion.

CF 16.15.a.7    
A recovery plan should include:
  • a description of the legal entities covered by the plan, including their legal structures, interdependencies, core business lines and main risks;
  • a description of functions and/or services that are significant for the continuation of the IAIG (for example, shared services, such as information technology services and outsourced functions);
  • pre-defined criteria with quantitative and qualitative trigger points, governance, escalation mechanisms and supporting processes;
  • a range of severe stress scenarios, including both idiosyncratic and market-wide stress
  • credible options to respond to severe stress scenarios, including actions to address capital shortfalls and liquidity pressures, and to restore the financial condition of the IAIG, taking into account intra-group transactions;
  • assessment of the necessary steps, costs, resources and time needed to implement the recovery actions, including the risks associated with the implementation of the actions; and
  • strategies for communication with stakeholders.

CF 16.15.a.8    
Pre-defined criteria should be well-defined and aligned with contingency plans. They should include qualitative and quantitative criteria, such as a potential breach of a prescribed capital requirement (PCR). Criteria may also include triggers based on: liquidity, market conditions, macro-economic conditions, and the insurer's operational conditions.

CF 16.15.a.9    
Possible actions for recovery include:
  • strengthening the IAIG’s capital position, such as recapitalisations;
  • capital conservation, such as cost containment and suspension of dividends and of payments of variable remuneration;
  • reorganisation of corporate structure and divestitures, such as sales of legal entities or portfolios;
  • voluntary restructuring of liabilities, such as debt-to-equity conversion; and
  • securing sufficient diversified funding and adequate availability of collateral in terms of volume, location and quality.

CF 16.15.a.10    
As a recovery plan may not be able to cover every possible scenario, the IAIG may take, or the group-wide supervisor may require the IAIG to take, measures for recovery other than those contemplated in the IAIG’s recovery plan.

CF 16.15.a.11    
The group-wide supervisor should regularly review the recovery plan, including the predefined criteria, the assumptions and severe stress scenarios underlying the plan, to assess its credibility and likely effectiveness. Where necessary, the group-wide supervisor should provide feedback and require the IAIG to address any material deficiencies.

CF 16.15.b    
The group-wide supervisor requires the Head of the IAIG to have and maintain group-wide management information systems that are able to produce information relevant to the recovery plan on a timely basis.

CF 16.15.b.1    
The IAIG may rely on an existing information system, so long as it fulfils the objectives of producing information relevant to the recovery plan on a timely basis.

CF 16.15.b.2    
It is important that the IAIG has available the information necessary for executing recovery actions when needed. Some of this information may be similar to the information needed for resolution; however, recovery may also require other information (see ComFrame material under ICP 12 Exit from the Market and Resolution).


Role of supervision in ERM for solvency purposes


16.16
The supervisor undertakes reviews of the insurer's ERM framework, including the ORSA. Where necessary, the supervisor requires strengthening of the insurer’s ERM framework, solvency assessment and capital management processes.


16.16.1    
The output of an insurer’s ORSA should serve as an important tool in the supervisory review process by helping the supervisor to understand the risk exposure and solvency position of the insurer.

16.16.2    
The insurer's ERM framework and risk management processes (including internal controls) are critical to solvency assessment. The supervisor should therefore assess the adequacy and soundness of an insurer’s framework and processes by receiving regularly the appropriate information, including the ORSA report.

16.16.3    
In assessing the soundness, appropriateness and strengths and weaknesses of the insurer’s ERM framework, the supervisor should consider questions such as:
  • What are the roles and responsibilities within the ERM framework?
  • Is the insurer within its stated risk appetite
  • What governance has been established for the oversight of outsourced elements of the ERM framework?
  • What modelling and stress testing (including reverse stress testing) is done?
  • Has the model risk management been applied in the ERM framework?
  • How does the insurer maintain a robust risk culture that ensures active support and adjustment of the insurer’s ERM framework in response to changing conditions?

16.16.4    
The supervisor should review an insurer's internal controls and monitor its capital adequacy, requiring strengthening where necessary. Where internal models are used to calculate the regulatory capital requirements, particularly close interaction between the supervisor and insurer is important. In these circumstances, the supervisor may consider the insurer’s internal model, its inputs and outputs and the validation processes, as a source of insight into the risk exposure and solvency position of the insurer.

16.16.5    
The supervisor should monitor the techniques employed by the insurer for risk management and capital adequacy assessment and take supervisory measures where weaknesses are identified. The supervisor should not take a one-size-fits-all approach to insurers’ risk management but rather base their expectations on the nature, scale and complexity of its business and risks. In order to do this, the supervisor should have sufficient and appropriate resources and capabilities. For example, the supervisor may have a risk assessment model or programme with which it can assess insurers' overall condition (eg risk management, capital adequacy and solvency position) and ascertain the likelihood of insurers breaching supervisory requirements. The supervisor may also prescribe minimum aspects that an ERM framework should address.

16.16.6    
The supervisor should require the insurer to provide appropriate information on the ERM framework and risk and solvency assessments. This should provide the supervisor with a long-term assessment of capital adequacy to aid in the assessment of insurers, as well as encourage insurers to have an effective ERM framework. This may be achieved also by, the supervisor requiring or encouraging insurers to provide a solvency and financial condition report. Such a report may include information such as:
  • a description of the relevant material categories of risk that the insurer faces;
  • the insurer’s risk appetite and risk limits structure;
  • the insurer’s overall financial resource needs, including its economic capital and regulatory capital requirements, as well as the capital available to meet these requirements; and
  • projections of how such factors will develop in future.

16.16.7    
The supervisor should be flexible and apply their skills, experience and knowledge of the insurer in assessing the adequacy of the risk appetite statement. The supervisor may be able to assess the quality of a particular risk appetite statement by discussing with the Board and Senior Management how the insurer’s business strategy is related to the risk appetite statement, as well as how the risk appetite had an impact on the insurer’s decisions. This includes reviewing other material, such as strategy and planning documents and Board reports in the context of how the Board determines, implements, and monitors its risk appetite so as to ensure that risk-taking is aligned with the Board-approved risk appetite statement.

16.16.8    
The supervisor should be provided access to the material results of stress testing, scenario analysis and risk modelling and their key underlying assumptions to be reported to them and have access to other results, if requested. Where the supervisor considers that the calculations conducted by an insurer should be supplemented with additional calculations, it should be able to require the insurer to carry out those additional calculations. The supervisor should also consider available reverse stress tests performed by insurers where they wish to assess whether appropriate action is being taken to manage the risk of business failure.

16.16.9    
While insurers should carry out stress testing, scenario analysis and risk modelling that are appropriate for their businesses, the supervisor may also develop prescribed or standard tests and require insurers to perform them when warranted. One purpose of such testing may be to improve consistency of testing among a group of similar insurers. Another purpose may be to assess the financial condition of the insurance sector to economic, market or other stresses that apply to a number of insurers simultaneously (such as pandemics or major catastrophes). Such tests may be directed to be performed by selected insurers or all insurers. The criteria the supervisor uses for scenarios for standard tests should reflect the jurisdiction’s risk environment.

16.16.10    
Forward-looking stress testing, scenario analysis and risk modelling of future capital positions and cash flows whether provided by the insurer’s own continuity analysis or in response to supervisory requirements is a valuable tool for the supervisor in assessing the financial condition of insurers. Such testing informs the discussion between the supervisor and insurers on appropriate planning, comparing risk assessments against stress test outcomes, risk management and management actions. The supervisor should consider the dynamic position of insurers and form a high-level assessment of whether the insurer is adequately capitalised to withstand a range of standardised and bespoke stresses.

16.16.11    
Where an internal model, including an economic capital model, is used in an insurer’s ORSA, the supervisor should obtain an understanding of the underlying assumptions used. The supervisor should review the outputs of the internal model, at least from the following viewpoints:
  • scope of risk categories of the internal model
  • the insurer’s prioritisation of risks in its risk appetite; and
  • the insurer’s use of the outputs in making major management decisions on capital planning for meeting regulatory capital requirements.

16.16.12    
By reviewing the insurer’s ORSA continuity analysis, the supervisor may be able to learn about the robustness of an insurer’s future financial condition and the information on which the insurer bases decisions and its contingency planning. Such information should enable the supervisor to assess whether an insurer should improve its ERM framework by taking additional countervailing measures and off-setting actions, either immediately, as a preventive measure, or including them in future plans. Objectives of such supervisory measures may be to reduce any projected financial inadequacies, improve cash flows and/or increase an insurer’s ability to restore its capital adequacy after stress events.

16.16.13    
Publicly disclosing information on risk management may improve the transparency and comparability of existing solvency requirements. There should be an appropriate balance regarding the level of information to disclose about an insurer's risk management against the level of sufficient information for external and internal stakeholders which is useful and meaningful. Therefore, the requirements for public disclosure of information on risk management, including possible disclosure of elements of a solvency and financial condition report, should be carefully considered by the supervisor taking into account the proprietary nature of the information.

16.16.14    
Where an insurer's risk management and solvency assessment are not considered adequate by the supervisor, the supervisor should take appropriate measures. This could be in the form of further supervisory reporting or additional qualitative and quantitative requirements arising from the supervisor's assessment. Additional quantitative requirements should only be applied in appropriate circumstances and be subject to a transparent supervisory framework. Otherwise, if routinely applied, such measures may undermine a consistent application of standardised approaches to regulatory capital requirements.


Group perspectives


16.16.15    
In assessing the soundness, appropriateness and strengths and weaknesses of the group’s ERM framework, the group-wide supervisor should consider questions such as:
  • How well is the group’s ERM framework tailored to the group?
  • Are decisions influenced appropriately by the group’s ERM framework outputs?
  • How responsive is the group’s ERM framework to changes in individual businesses and to the group structure?
  • How does the framework bring into account intra-group transactions; risk mitigation; and constraints on fungibility of capital, transferability of assets, and liquidity?

16.16.16    
The group-wide supervisor should review the risk management and financial condition of the insurance group. Where necessary, the group-wide supervisor should require strengthening of the insurance group’s risk management, solvency assessment and capital management processes, as appropriate to the nature, scale and complexity of risks at group level. The group-wide supervisor should inform the other involved supervisors of any action required.

16.16.17    
The group-wide supervisory review and assessment of the insurance group’s ERM framework should consider the framework’s suitability as a basis for group-wide solvency assessment. The arrangements for managing conflicts of interest across an insurance group should be a particular focus in the supervisory review and assessment of an insurance group’s ERM framework.

16.16.18    
The supervisory assessment of the group’s ERM framework may affect the level of capital that the insurance group is required to hold for regulatory purposes and any regulatory restrictions that are applied. For example, the group-wide supervisor may require changes to the recognition of diversification across the insurance group, the allowances made for operational risk and the allocation of capital within the insurance group.

16.16.19    
Although it is not a requirement in general for an insurance legal entity or an insurance group to use internal models to carry out its ORSA, the supervisor may consider it appropriate in particular cases that the ORSA should use internal models in order to achieve a sound ERM framework. The quality of an insurance group’s ORSA is dependent on how well integrated its internal capital models, the extent to which it takes into account constraints on fungibility of capital and its ability to model changes in its structure, the transfer of risks around the insurance group and insurance group risk mitigation. These factors should be taken into account by the group-wide supervisor in its review of the insurance group’s ORSA.

16.16.20    
The supervisor may wish to specify criteria or analyses as part of the supervisory risk assessments to achieve effective supervision and consistency across insurance groups. This may, for example, include prescribed stress tests that apply to insurance groups.