OSFI.ORSA Flashcards
What does ORSA stand for?
Own Risk & Solvency Assessment
What is the general goal of ORSA?
Enhance insurers’ understanding of the relationship between risk profile and capital needs
Does OSFI approve an insurer’s ORSA?
NO, but OSFI will REVIEW a company’s ORSA as part of its assessment of the company
What is the relationship between ERM (Enterprise Risk Management) & ORSA?
ERM and ORSA should be WELL-INTEGRATED so that the analysis and its results are consistent between them.
Identify the ORSA’s 5 key elements.
- RISK identification & assessment
- RELATE risk to capital
- Board oversight & Senior Management oversight
- MONITORING & REPORTING of risks
- INTERNAL controls & OBJECTIVE review
Briefly describe the ORSA key element ‘risk identification & assessment’.
Identify & assess the MATERIALITY of foreseeable & emerging risks
Briefly describe the ORSA key element ‘relating risk to capital’.
Set ICT (Internal Capital Target) using stress-testing techniques
Must withstand a specified loss without falling below supervisory capital requirements
Briefly describe the ORSA key element ‘Board of Directors oversight and Senior Management oversight’.
Review reasonableness & appropriateness of risk profile & capital requirements in the context of board-approved risk appetite & risk tolerance
Briefly describe the ORSA key element ‘Monitoring & Reporting’.
Annual reports to Board of Directors and Senior Management on risk profile & capital management.
Briefly describe the ORSA key element ‘Internal control & Objective review’.
Internal control:
Review for accuracy, integrity, reasonableness
Objective reviewer:
Internal or external auditor OR skilled professional not involved in the ORSA process
Is the ORSA process the same for all federal insurers?
YES and NO:
- 5 key elements are the same (list them)
BUT
- specifics differ by company depending on risk profile & NSC (Nature/Scale/Complexity) of operations
Should ORSA be used to set ICT (Internal Capital Target)?
YES:
An important part of ORSA is to set ICT since ICT considers insurer-specific risks
Is cyber risk accounted for in the MCT calculation? Briefly explain whether it should be considered in the company’s internal capital target.
MCT
- not specifically part of MCT
ORSA
- should be considered in setting ICT (Internal Capital Target)
- product is sold through a mobile app
Is interest rate risk accounted for in the MCT calculation? Briefly explain whether it should be considered in the company’s internal capital target.
MCT
- part of market risk within MCT
ORSA
- should be considered in setting ICT (Internal Capital Target)
- government bonds are subject to fluctuations in interest rate
Is geographical diversification accounted for in the MCT calculation? Briefly explain whether it should be considered in the company’s internal capital target.
MCT
- not part of MCT (aside from earthquake + not part of diversification credit)
ORSA
- should be considered in setting ICT (Internal Capital Target)
- company operates in several provinces