ORSA's Head? International Actuarial Association on ORSA Value

Unknown unknowns
- just say it one more time...

A rather verbose piece from the International Actuarial Association, or AAI if you are inclined comme ça, on Delivering Value From ORSA. Always worth a glance over these at this stage of proceedings, regardless of which side of the Atlantic you are currently rocking (with both Canada and the States keeping noisy on the topic in recent weeks).

As one might expect from a publication from an actuarial representative body (and one which aims to cover all IAIS bases, rather than the specificities of US/Canada/EU ORSA), it struggles for semblance once it needs to cover non-quant, and is therefore heavily flannelized.


The definition used by the IAA is:

ORSA provides a declaration of the company’s assessment of its position in terms of profit, risk and capital, both now and in the future, under different scenarios and relative to the company’s appetite to risk.

The purpose of the paper is to provide Board members with "insight into the value of the ORSA Process", which is a noble aim in itself, and a few nice touches can be found throughout, in particular:

• The word “profit” features on virtually every page, almost unheard of in the EIOPA Guideline world where being able to “enhance the management of the undertaking” is King. Heaven forbid anyone makes a quid or two out of it!
• The coverage of how insurance companies tend to profile risk is clean and rational (p3).
• The concept of mitigation through company policies, overseen by good governance structures, as opposed to either holding capital or purchasing mitigation, is also expressed with clarity.
• “A company’s risk appetite, once determined by management and approved by the board, can be treated as a budget”. Lovely concept, though it needs more flesh to provide the 'insight on ORSA Process value' that the paper is intended to.

A few contradictions emerge in the document;

• ORSA “needs to consider and be consistent with an insurance company’s business strategy” – does the process not need to as good as set it? Indeed, they go on to say on page 2 “The true value of ORSA can only be realized when ORSA becomes integral to management’s strategic decision making”!
• Does ORSA “help build/maintain risk awareness throughout the company” – it would be a struggle to say it could do that any further than the relevant staff which EIOPA ultimately allude to. 
• Concept of “Solvency Risk Profile” is borderline unintelligible (p3)
• Terminologically, the section on risk appetite and risk profile on p3 is heavily quant-based, and feels country miles away from similar materials published by the CRO Forum a few weeks back. Specifically, it talks of “acceptable levels” of solvency risk, “minimum and maximum bands”, and that in aggregate across risk categories “This band of acceptable risk is referred to as the risk appetite”. Given it doesn't appear to veer to far away from the FSB's take on Risk Appetite, perhaps this is more of a step forward than EIOPA's 2013 back pass to the AMSB on the matter (p59-60)
• That models used should be “subject to independent validation” – is it that important if you are not using your model for regulatory capital purposes (i.e. just for ORSA)?
• The residue of Rumsfeld, which I had hoped had been resigned to the Noughties dustbin, reappears on pages 7 & 8, specifically “A complete ORSA would include the assessment of unknown unknowns”. Pacino said it best in Godfather III…

ORSA/Forward Looking Assessment of Risk - EIOPA's FINAL preparatory guidance for national supervisors

EIOPA reuse the preamble from the System of Governance guidance in their ORSA/FLAOR guidance, save for confirming that an assessment of overall solvency needs will be expected in 2014 and 2015 (more on that later). I will use ORSA rather than EIOPA's shiny new acronym for my own convenience throughout this post!

It ultimately reads in parts as a circuitous and convoluted piece due to the way that EIOPA have had to splice the ORSA requirements into three component parts, as per Article 45.1 of the Directive, to accommodate the postponement of some elements until 2015. An horrific example of this is point 3.112, which to paraphrase Chris Morris, reads like the ramblings of a drugged horse.

That said, they have clearly had to contend with a mountain of feedback since the initial consultation paper was released, and have done a better job of explaining why most comments were, in EIOPA's view at least, misguided.

Again from the practitioner's perspective I would highlight in general that;

1. There is almost no discernible movement in EIOPA's position, even after lobbying;
2. That explanations for the inclusion of contentious content are generally forthcoming, though for this subject are more forthright and pragmatic (perhaps naturally due to the lack of L1 and L2 substance);
3. That 2014 ORSA is a genuine piece of work which will require the attention of the most senior staff in insurance firms - it would be a brave company that play-acts at any elements of the documentation, processes and outputs of the assessment.

Supporting arguments for EIOPA's final views are listed below, along with any relevant commentary from my practitioner's angle; 

Clarification re Omnibus II
3.49 - If go-live in 2016 does not happen due to further Omnibus II delays, "...undertakings will still be expected to perform the [overall solvency needs] assessment from 2014 onwards"

Clarification re continuous compliance with SCR and Technical Provisions calculations requirements, and the deviation from SF SCR assumptions assessment
3.50 - Confirm that these elements are postponed until 2015, and that technical specifications will be forthcoming from EIOPA by year-end to aid in the conduct of some of this activity.

Parallel running Sol I/Sol II concerns
3.53 - basically, not EIOPA's problem!

Compulsion for model applicants to also use SF in the assessment
3.54 - clarify that this in NOT about benchmarking models, rather "taking into account contingencies" should a firm's model not get through IMAP. A thoroughly negative and unsympathetic approach from EIOPA on this one I'm afraid

Timing
3.58 - "EIOPA considers it necessary that all undertakings perform the assessment of overall solvency needs at least two times during the preparatory phase, once in 2014 and once in 2015...[and] at any time during 2014"
3.60 - Stress that "...it is for the undertaking to decide on the appropriate reference date for its FLAOR", though couched in an expectation that financial year-end is most likely.

Guideline 5 - Delegation of activity by the AMSB
3.73 - "not acceptable" to delegate full responsibility for ORSA to sub-committees of the AMSB

Guideline 7 - ORSA Policy
3.62 - "...it is necessary to develop a full policy during the preparatory phase"
3.63 - "...[The ORSA Policy] may be part of the policy on Risk Management", though must be clearly identifiable

Guideline 8 - Record of the ORSA
3.64 - Rather bizarrely suggest that the ORSA Record is "...no less, but maybe even more important during preparation that after the start of Solvency II", but either way the message is clear - maintain the records carefully

Guideline 9 - Sharing information internally
3.77 - "It is for the AMSB to decide which parts of the information will be distributed to whom" - clearly some panic amongst respondents that they may have to start telling the 'proles' about their future employemnt prospects!

Guideline 10 - Supervisory Report
3.66 - EIOPA "...does however not expect that the first report will necessarily already be perfect"
3.69 - AMSB sign-off, accepting the results of the ORSA is the trigger for the 2 week window in which to submit the Supervisory Report
3.70 and 3.71 - Some rather confused paragraphs which seem to indicate that, if there is enough resistance to the results internally, that extra time may be afforded to the firm

Guideline 11 - Valuation bases
3.79 - EIOPA scrutiny postponed until 2015, but justifications on bases used expected

Guideline 12 - Overall Solvency Needs assessment
3.83 - EIOPA expect "...it will take several years" before this assessment is good enough, hence they expect the preparatory phase to include practice!

Guideline 14/15 - Continuous compliance with SCR requirements and Technical Provisions calculation rules
3.85 - Postponed until 2015, and again justify activity prior to Solvency II going live by using a practice makes perfect mantra, noting that attempting to do this will "...intensify the learning experience"! I wonder if anyone ever used that phrase in their budgeting requests...

Guideline 16 - Deviation of one's Risk Profile from SF SCR assumptions 
3.89 - Postponed until 2015, and also note that quantifying one's deviation from the SF assumptions will not be necessary "...if there is no indication that the deviation is significant". I guess modellers will have to wind their necks in around Credit Risk assumptions in particular on this matter, bearing in mind the diversity of methods currently on display.

Ultimately, little opportunity for shortcuts then, but perhaps enough time to review what's already in place before resource planning your 2014 activities.

Financial Reporting Council - documenting 'principal risks' in Strategic Reports

I had recently spotted that the UK's Financial Reporting Council had issued draft guidance on the compilation of the Strategic Report for listed entities. This segment of a company's Annual Report and Accounts (currently called the 'Business Review') has been a rather ubiquitous and clunky affair regardless of industry, delivering little information to prospective and existing shareholders about how the company's risk profile, appetite, preferences etc. are catered for when executing its strategy.

Strategic reporting for UK companies 
- elimination of flannel?

Insurers have been prominent in efforts to improve this, though driven more by the need to pacify the FSA/PRA than by Parliament - see "risk appetite" break out from its box in  Aviva's AR&A between 2007 and 2012 for example - but the fact that a substantial piece of statutory reporting generally in the hands of executive management can potentially stray from the lexicon and structure of their increasingly professionalised Control Functions (and for banks and insurers, potentially their Internal Models), is clearly one that warrants some focus.

The Strategic Report will be compulsory content for Annual Reports and Accounts from October (Companies Act 2006 414C). The FRC's (non-mandatory) guidance regarding the incorporation of risk-related material into this section is to address the requirement on p2 that the Strategic Report;

...should include a description of the principal risks and uncertainties facing the company

The FRC's specific definition of Principal Risk is found on p35 of the draft guidance as;

A risk or combination of risks that can seriously affect the performance, future prospects or reputation of the entity. These should include those risks that affect the viability of an entity.

The draft guidance (p23) aims to tack on a few definitional aspects of how "risks and uncertainties" are reported in the context of strategy, most pointedly;

• [The risks] should be limited to those considered by the entity’s management to be the most important to the future development, performance or position of the entity. They will generally be matters that the directors regularly monitor and discuss because of their likelihood, the magnitude of their potential effect on the entity, or a combination of the two
• Principal risks or uncertainties with potential effects of such a magnitude that they may threaten the entity’s viability (ie its solvency and/or liquidity) should be explained fully and given due prominence
• Directors should consider the full range of business risks including commercial, operational and financial risks
• The descriptions...should be 
  sufficiently specific that a shareholder can understand why they are important to the 
  entity. This might include a description of the likelihood of the risk, an indication of when 
  the risk might be most relevant to the entity and its possible effects. Significant changes...

  such as a change in likelihood or possible effect, or the inclusion of new 

  risks, should be highlighted and explained. An explanation of how the principal risks and 
  uncertainties are managed or mitigated should also be included.
• 
  

  Where the risk or uncertainty is more generic, the description should make 

  clear how it might affect the entity specifically.

Prudential provide a good example here (from p72) of how this is currently done by an insurer - the fact that it is buried in 75 pages of 'Business Review' underlines why the streamlining of this work has become of statutory interest!

Interestingly, the FRC note that definition for "principal risks" has been developed/derived from previous FRC work, supplemented by work from the Sharman Inquiry - all of that therefore feels well divorced from anything produced by the IRM/Actuarial Profession/EIOPA around risk categorisation, and leads to the same bridging work I have been involved in previously; namely, reconciling how one manages and monitors risk within the business against what one reports externally. Might we have expected to see some kind of compulsory categorisation of "principal risks" in here that favours the financial services industry who arguably carry the largest set? 

Much of the other compulsory material in the Strategic Report (with exemptions) touches on other topical or sensitive matters such as;

• Inclusion of key performance indicators in the report ("...where possible, they should be accepted and widely used")
• Information on environmental matters, staff and social/community/human rights issues
• Information on gender splits at Board, Senior Management and All-company level

I may throw some feedback in to the FRC on this paper- comments welcome until late November. Externally, the main change for insurers will be trimming down some of the fluff and flannel already produced in the space. Internally, aligning the concept of "principal risks" with existing ERM programme/Internal Model lexicon may be a bigger job for anyone operating on a shoestring.

Deloitte on "How to conduct the ORSA" - facts and apocrypha

While our pals at the FSA, EIOPA, the CRO Forum, 3 of the Big 4 (here, here and here), the Little 3 (here, here and here), the IRM,  the Irish SoA, and even the guys in the stars and stripes have deemed to recommend to all and sundry what ingredients will make a good ORSA, Deloitte have chipped in this week with a 50-page whopper that tells us everyone else was wrong and they are right...

...well OK, not quite! Deloitte's release about this "important yet enigmatic" area, which seems to have a mainland Europe-flavour to it, works its way through EIOPA's reformulated opinion on L3 ORSA guidance released in July, summarising what changed between the Nov 2011 and July 2012 versions. I of course managed this feat two months ago, but I couldn't quite pad it to 50 pages! They then embellish a section-by-section analysis of the two documents with some charming apocryphal tales of what "many companies" or "the industry" are struggling with currently (i.e. their clients' problems!).

As with most things generated by the behemoths, it is a really useful piece of material despite on the face of it not adding anything new to the knowledge pool, so from an ORSA consultant's perspective, I've made the following notes;

• Emphasises that supervisory intervention will come from lax ORSA processes, as opposed to ORSA Report content (which will drive the US approach)
• Notes that, given the opportunity for the ORSA and the SCR calculations to to be conducted on different reference dates, that this may allow organisations to keep any existing strategic planning processes where they already are in the calendar, rather than unnecessarily shift them to, say, follow financial year-ends. The proviso of "no material change in the risk profile" may of course discourage that, if only due to the need to define "material"!
• Some rather controversial free text around risk appetite ("intuitively simple" as a concept) and risk appetite frameworks ("very much a work in progress" at insurers) - appreciating progress is somewhat inconsistent across industries and the inter-body squabbling on the matter, I can imagine many practitioners would argue the opposite of both points - it's complex, but we're well on the way!
• Highlights difficulties with performing obligatory entity-level ORSAs if risk appetite is expressed in regions/products/funds, which seem perfectly reasonable anchors for risk appetite statements on the face of it.
• "Most organisations" defining AMSB as parent company Boards, plus entities if applicable - no evidence provided though.
• "Many firms" struggling with the "cultural challenge" of getting Boards to drive ORSAs - this I found odd, as many ORSA processes will already be in place to a greater or lesser extent, and most would feature in their individual crystallised reporting form in a BAU board pack. They go on to suggest that getting AMSB input into stress and scenario testing is one way of evidencing ORSA "driving".
• Comment that "In general, the ORSA guidelines were seen as too prescriptive" [my emphasis] - I generally recall the clamour from the industry over the last 3 years being that there isn't enough!
• Common (unevidenced) theme identified that ORSA policies have tended to be signed off by Risk Committees, which may not satisfy the AMSB sign-off requirement
• "Some organisations" electing to split out record of the ORSA Process from the ORSA Report to trim the document size - makes perfect sense, as there's no danger of the co-ordinating function not retaining those records for repeatability purposes.

Plenty of other clutter in there on risk quantification and capital management, but nothing controversial, just nice to read. Bon appetit...