Office of Corporate and Financial Regulation
January 2006
Issue: Risk-Focused Approach to Solvency Monitoring
The Risk Assessment Working Group (formerly known as the Risk Classification Subgroup), of
which Pennsylvania is a member, was formed to develop a structure for evaluating the risk
inherent in an insurer’s operations with the ultimate goal to make financial analysis and
examinations more effective and efficient.
In the past, insurance markets have developed from state to state, reflecting differences in
demographics and geography. However, as insurance markets become more competitive and
financial markets converge, the structure and operations of the industry are changing. The
complexity of new products and the speed at which they are introduced have increased
dramatically as insurers compete with other divisions of the financial services sector. As the
insurance industry evolves and complexity increases, the regulatory environment must also
enhance its current supervision process to better identify the risks insurers are assuming. On the
global and domestic frontier, many financial institutions and trade organizations are assessing the
need to restructure their current risk management systems. As the financial services industry
launches products that contain the use of derivative and other complex investment features, many
entities are implementing more futuristic tools for measuring these products’ financial risks.
Firms in all sectors are giving attention to the effectiveness of their risk assessment and
management systems, including the allocation of capital to cover their risks.
In response to these market developments, a number of regulators have introduced a “riskfocused” approach to supervision. In the banking sector, this approach has been adopted by the
Federal Reserve, OCC, OTS, and FDIC, as well as banking regulators in other countries. In
1997, the Basel Committee on Banking Supervision, an international association of banking
supervisors, released its Core Principles for Banking Supervision. According to the Core
Principles, “Banking, by its nature, entails taking a wide variety of risks. Banking supervisors
need to understand these risks and be satisfied that banks are adequately measuring and
managing them.” The Basel Committee has subsequently issued guidance describing best
practices for bank management of various risks.
In addition to banking regulators, insurance regulators around the world are adopting a riskfocused approach to supervision. Examples can be found in the UK, Canada, Australia, and
Sweden, among other countries. The Core Principles for Insurance Supervision, developed by
the International Association of Insurance Supervisors (IAIS), support regulatory processes that
ensure the prudent management and control of risk concentrations by insurers.
The recent enactment of the Sarbanes-Oxley Act of 2002 requires all publicly traded companies
to significantly enhance management controls associated with financial reporting. The
requirements imposed by this legislation will provide state regulators with an enhanced ability to
perform the risk assessment contemplated by the Risk Assessment Working Group by leveraging
off of the work performed by these companies. The NAIC/AICPA Working Group has
developed revisions to the Model Audit Rule designed to implement the pertinent portions of
Sarbanes-Oxley for non-publicly held insurance companies. The timeliness of the enactment of
Sarbanes-Oxley and the heightened concern about sound corporate governance in today’s
environment will assist the NAIC in working towards enhancing risk assessment in the financial
solvency oversight function.
1
Office of Corporate and Financial Regulation
January 2006
Through their activities, insurers assume a variety of risks, as that is the essence of an insurance
transaction. The type of risk and its significance varies by activity. Investment activities may
involve credit risk, market risk and liquidity risk. In product sales, insurers may assume
catastrophe risk, market risk, pricing/underwriting risk, strategic risk or liquidity risk in varying
degrees depending on the product. Over the years, state insurance regulators have developed
numerous tools that address the risks insurers assume. Investment laws limit the market and
credit risk insurers can assume. Limitations on net retentions help address catastrophe risk. Riskbased capital requirements establish capital levels in recognition of a variety of risks.
Insurance regulators have always considered the risk profiles of licensed insurers and the
activities that may pose risk to the company in the future. Although prior on-site financial
examinations were based on a risk-focused approach, that approach primarily focused on
financial reporting risk. Solvency issues generally are a result of operating risks that were not
mitigated by adequate controls to an acceptable level. Inadequately controlled operating risks
may take several years to be reflected in the company’s financial statements.
The revised risk assessment approach was developed by the NAIC in response to a
recommendation by the Risk Assessment Working Group, of which Pennsylvania is a member.
The recommendation was based on the need to enhance the qualitative aspects of examination
and financial analysis functions. The Risk Assessment Working Group determined that solvency
surveillance needed a broader risk focus to become more proactive in identifying emerging
solvency issues. When the revised approach is utilized by regulators, examination activities will
be enhanced by a risk-focused methodology that more clearly directs the selection of financial
statement verification to only those accounts with the greatest risk. In addition, the examination
will also assist in identifying strategic and operating risks, investigating mitigation strategies for
those risks and developing recommendations to reduce risk to an acceptable level. A broader,
organization-wide business risk assessment that also focuses on strategic and operational issues
enhances the process for evaluating the entire solvency risks inherent in an insurer’s operations.
The enhancement in the risk assessment process and supporting tools will also benefit the
ongoing financial analysis of the insurer.
In 2004, the NAIC Risk Assessment Working Group adopted the Risk-Focused Surveillance
Framework whose five principles set the foundation for the enhancement of the risk assessment
components for financial analysis and examinations. The Framework consists of the following
five functions, all of which are currently performed under state insurance regulators’ current
financial solvency oversight role:





Risk-Focused Examinations
Off-Site Risk-Focused Financial Analysis
Review of Internal/External Changes
Priority System (CARRMELS)
Supervisory Plan
2
Office of Corporate and Financial Regulation
January 2006
The Risk Assessment Working Group determined solvency surveillance needed a broader risk
focus to become more proactive in identifying emerging solvency issues. The purposes of a
Risk-Focused Surveillance process is (1) to detect as early as possible those insurers with
potential financial trouble; (2) to timely identify noncompliance with state statutes and
regulations; (3) to compile the information needed for timely, appropriate regulatory action; (4)
to provide a clearer methodology for assessing residual risk in each activity under review and to
explain how that assessment translates into establishing examination procedures; (5) to allow the
assessment of risk management processes other than those that result in financial statement line
item verifications, for example, the effectiveness of the board of directors and other corporate
governance activities, thus providing an introspective look at the operations and quality of the
risk management processes of the insurer; and (6) to allow for the utilization of examination
findings to establish, verify or revise a uniform company priority rating. The system of financial
surveillance advocated by the Risk-Focused Surveillance Framework is designed to provide
continuous regulatory oversight. The risk-focused approach requires fully coordinated efforts
between the financial examination function and the financial analysis function. There should be a
continuous exchange of information between the field examination function and the financial
analysis function to ensure that all members of the department are properly informed of solvency
issues related to the state’s domestic insurers.
Responsibilities of the analysts in the Risk-Focused Financial Surveillance Framework (1) to
monitor the states’ domestic insurers; (2) to provide input for a regulator-wide prioritization and
internal department priority systems; and (3) to provide department management with timely
knowledge of significant events relating to the domestic insurers. This information is to be used
by the field examination function as input for scheduling and staffing of examinations. All these
elements allow for examinations that emphasize the analysis of an insurer’s current or
prospective solvency risk areas as well as the fair presentation of surplus. To conduct an
effective risk-focused examination, examiners must have adequate training and experience and
appropriately involve key regulatory functions in the department, since sound judgment must be
exercised at every stage of the examination process.
Enhanced risk assessment is not intended to add additional hours to the examination process, but
to assist the examination teams in better allocating available hours to the most critical risks
facing the companies they regulate. In order to ensure the confidentiality of an insurer’s internal
risk management processes, the work product of any risk assessment should, to the broadest
extent possible, pivot off of the statutory examination function. That process, and all the
information resulting from that process, can be held confidential under existing law for those
states that have adopted the Model Law on Examinations.
Two sub-groups, of which Pennsylvania is a member of both, were appointed to take the
Framework and all its components and incorporate it into the Examiners Handbook and the
NAIC Financial Analysis Handbook. The resources needed to process the aforementioned
revisions have not been insignificant. The changes to the Examiners Handbook have been
drafted and twice exposed for comment. The proposed comments from regulators and interested
parties are currently being reviewed by the members of the Risk Assessment Working Group.
The Financial Analysis Handbook sub-group has not yet started its work.
3
Office of Corporate and Financial Regulation
January 2006
The Risk Assessment Implementation Sub-Group, of which Pennsylvania is the chair, has been
formed to develop a plan for risk assessment implementation. The Framework is the basis for
that implementation. The enhancements proposed would tie all of them together in a more
cohesive manner that can be consistently applied by state regulators. The sub-group will need to
address insurance department staff training in multiple areas such as risk assessment overview;
changes to the examiners and analysis handbooks; interviewing skills; effective examination
planning through understanding the Company; assessment of corporate governance initiatives
including internal audit, external audit and Sarbanes-Oxley; utilizing the qualitative and
quantitative elements of risk assessment; communication with to enhance the insurer profile;
traditional substantive examination testing; recommending revisions to and compliance with
accreditation standards; teammate best practices; examination result products; examination wrapup and updating the financial surveillance plan. Clearly defined consistency of the risk-focused
concept between the analysis and examination guidance and accreditation standards will need to
be accomplished for a risk-focused approach to achieve maximum benefit.
4