Enterprise Risk Management and Own Risk and Solvency Assessment

Enterprise Risk Management

Pursuant to Insurance Law sections 1503(b), 1604(b), and 1717(b), an ultimate holding company that directly or indirectly controls an insurer and a domestic insurer with subsidiaries (including a domestic corporation subject to Insurance Law Article 43) must adopt a formal enterprise risk management (“ERM”) function and file an enterprise risk report by April 30 of each year.

Regulation 203 (11 NYCRR 82) sets forth ERM function objectives and the information that must be discussed in an enterprise risk report.  Regulation 203 also requires domestic insurers that have annual direct written premium and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500 million or more and that are not part of an Insurance Law Article 15, 16, or 17 system to adopt an ERM function and file an enterprise risk report by April 30 of each year.

Although not required, it would be helpful to include in an enterprise risk report a description of the ultimate holding company’s or insurer’s ERM function. With regard to an enterprise risk report filed pursuant to Insurance Law Article 15, 16, or 17, there should be one report filed that covers the entire system and not a separate report for each insurer in the system.

The Department does not require an enterprise risk report to follow a certain format.  However, an ultimate holding company or insurer must address in its report all of the items listed in section 82.2(b) of Regulation 203.  To facilitate the Department’s review, a holding company or an insurer is encouraged to include a table of contents that provides an overview of the materials submitted; notations should be made, as needed, to indicate where in its filing each item in section 82.2(b) is addressed.

Own Risk and Solvency Assessment

Section 82.3 of Regulation 203 generally requires a domestic insurer to conduct regularly an own risk and solvency assessment (ORSA) and to submit to the Superintendent an ORSA summary report by December 1 of each year. An ORSA must be conducted and an ORSA summary report must be prepared consistent with the NAIC’s ORSA Guidance Manual. A domestic insurer may comply with section 82.3 by submitting to the Superintendent the most recent and substantially similar ORSA summary report or reports provided by the domestic insurer or another member of the insurer’s holding company system, Article 16 system, or Article 17 system, to the head insurance regulator of another state or to a supervisor or regulator of a foreign jurisdiction, provided the information in the report is comparable to the information described in the ORSA Guidance Manual.

Section 82.3(c) exempts a domestic insurer from the requirements of section 82.3 if: (1) the domestic insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Insurance Program, of less than $500 million; and (2) where the domestic insurer is a member of a holding company system, Article 16 system, or Article 17 system, the system has annual direct written and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Insurance Program, of less than $1 billion.

Filing a Report Generally

Report submissions should be explanatory in nature. Any references to another document (e.g., SEC 10K Filing or SEC 10Q Filing) should be specific and appropriately mapped. Commentary should be provided, as needed, to describe content and its relevance to ERM and ORSA. With regard to an enterprise risk report, if an item in section 82.2(b) of Regulation 203 is not applicable, then the report should explain why. Finally, an ultimate holding company or insurer should define any acronyms used and consider including in its report a glossary of these acronyms.

An enterprise risk report and ORSA summary report must be signed by the chief risk officer or other executive having responsibility for the oversight of the ERM function and must include the attestation set forth in section 82.2(b)(3) (ERM) or 82.3(b)(3) (ORSA) of Regulation 203.

Ultimate holding companies and insurers must submit their enterprise risk reports and ORSA summary reports electronically through the Department’s Secure DFS Portal used for submitting insurance entity filings (even if not part of an Article 15, 16, or 17 system). 

An ultimate holding company or insurer should provide the following, as applicable, in a cover page:

• Name of filing entity
• NAIC Company Name(s)
• NAIC CoCode(s)
• NAIC Group Code ID
• Report date
• Contact person’s name, e-mail address and phone number

Note: An ultimate holding company or insurer must submit its report as a searchable document, such as an Adobe pdf file, provided, however, that it need not submit the signature page as a searchable Adobe pdf file.

Please direct all questions regarding an enterprise risk report or ORSA summary report to the appropriate person below at One State Street, New York, NY 10004.