Regulatory Management and Measurement Rules


The ISO 31000:2009, Basel III recommendations, the EU Capital Requirement Directives and the Own Risk and Solvency Assessment (ORSA)/Forward Looking Assessment of Own Risk (FLAOR) processes of Solvency II Directives profoundly affect the financing and the insurance of companies in all business sectors and local authorities.

US companies use US National Association of Insurance Commissioners (NAIC) recommendations based on the fundamental principles of ORSA; EU firms refer to FLAOR recommendations; and companies in other countries (e.g., Canada, Japan, China) refer to Solvency II as an international best practice.

This regulatory change began in June 2008 when the American International Group (AIG) faced a financial disaster. The risk maps and risk registers in place, usually under Basel II, were designed to capture incident data to calculate the relative value at risk (VaR) using a stochastic approach (statistics and probability). In this approach, VaR equals unexpected loss. Following the subprime mortgage crisis in 2008, clause 5 of ISO 31000:2009 recommended risk treatment from the point of view of the corporate manager and not from the point of view of the stochastic engineer. It is the cost accounting process of the absolute VaR (VaR = expected loss + unexpected loss) taking into account the risk appetite tolerance threshold.

In March 2012, as part of the NAIC Solvency Modernization Initiative (SMI), the NAIC voted to adopt a significant new addition to US insurance regulation:  ORSA. The manner of the calculations used in an ORSA report was left to the discretion of each insurer. This led to variations in the measurement techniques of ORSA among companies. The insurers were concerned because a hard and fast, one-size-fits-all solution does not exist. The output was specific to the company, and a set of documents should demonstrate the results of the self-assessment and understanding of own-risks.

The Information Technology-Investor Relationship Management (IT-IRM) proposes a standardized, logical process to the ORSA measurement. Our recent Journal article covers how this IT application makes ORSA a logical assessment based on real-time data, making risk controllable and assessable using the same base criteria for economic capital and the same indicators, factors or the causes as the determinants of operational risk.

Read Simon Grima, Robert W. Klein, Ronald Zhao, Frank Bezzina and Pascal Lélé’s recent Journal article:
Strengthening Value and Risk Culture Using a Real-time Logical Tool,” ISACA Journal, volume 3, 2016.

[ISACA Journal Author Blog]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.