ORSA requirements: Model risk management for insurance companies

Download RFP
Insurance companies are being required to implement a model risk management (MRM) program. The National Association of Insurance Commissioners’ Own Risk and Solvency Assessment (ORSA) guidance manual states: “The ORSA summary report requires insurers to provide a general description of the insurer’s process for model validation, including factors considered and model calibration.”  In addition, the guidance also notes, “One of the most difficult exercises in modeling insurer results is determining the relationships, if any, between risk categories.”  

In order for insurance companies to ensure compliance with the ORSA regulation as it relates to model validation, insurers can look to guidance from:

Regulatory MRM requirements for banks are emerging as the leading guidance for insurance models.  Model documentation for ensuring guidance should include:

  • A MRM governance and controls framework 
  • An inventory of all models utilized by the company, and a risk ranking for each model
  • A model validation process to ensure the accuracy of the models 

Model inventory Responsibility for maintaining an inventory of models is typically maintained by a company’s ERM function. Examples of types of models in the inventory could include:

  • Valuation models — designed to capture snapshot, "frozen-in-time" estimates of financial metrics, like assets, liabilities or other items commonly found in financial statements
  • Actuarial models — designed to quantify/measure actuarial risk in order to determine pricing premiums, or the amount of reserves to hold
  • Statistical models — designed to use statistical tools like regression analysis to transform and extrapolate an input data set into desired outputs and forecasts  
  • Risk and capital models — designed to assess/monitor risk metrics and capital requirements, i.e., solvency models, credit default risk models and catastrophe models.
  • Financial accounting models — designed to project financial metrics such as income, expenses, assets, liabilities and cash flow
  • Strategic models — designed to assess implications on key performance indicators in support of the business’ shifts in strategic initiatives 

Model validation
The guidance states, “Model validation is the set of processes and activities intended to verify that models are performing as expected and in line with their design objectives and business uses. Effective validation helps ensure that models are sound. It also identifies potential limitations and assumptions, and assesses their possible impact.”  All model components, including input processing and reporting, should be subject to validation both as the model is initially developed, and periodically as set by the MRM policy.   

Model owners are responsible for performing and documenting that proper model validations (balance controls, back testing, etc.) have been completed.  

A central principle for managing model risk is the need for “effective challenge.”  Effective challenge is critical analysis by informed, objective parties who can identify model limitations and assumptions and produce appropriate changes. Model owners ensure that models have undergone appropriate independent validation and approval, promptly identify new or changed models, and provide all necessary information for validation activities.   

It is the model owner’s responsibility to interpret validation results, and implement any appropriate and practical modeling changes that are recommended through the independent review or validation process. 

Grant Thornton’s proven methodology Grant Thornton LLP’s model risk management framework provides an approach to conduct a comprehensive model risk assessment. We assist clients by providing independent and objective assessments of their MRM governance and controls framework. We assist financial institutions in assessing roles and responsibilities among their “first and second line-of-defense mechanisms” and assist institutions in the “third line of defense” and work with internal audit functions to assess controls and compliance with MRM requirements.A comprehensive MRM protocol should have a life cycle view to model risk. The insurance company’s MRM framework should include standards for model development, implementation, use, validation, ongoing monitoring and maintenance.

Model risk management insurance  Conclusion Model risk is an inherent part of day-to-day life for today’s financial institutions. By identifying each material risk category independently, and reporting results in both normal and stressed conditions, insurance company management and the commissioner are better placed to evaluate certain risk combinations that could cause an insurer to fail. It is important to remember that models are a highly simplified structure and not all output errors are due to model inadequacy. Paying too little attention to model risk can leave firms much more vulnerable to losses.

For more information, contact
John Swanick,Mark Lastner  or   Ilieva Ageenko.