Committees Active on This Topic

Additional Resources


Media queries should be directed to the NAIC Communications Division at 816-783-8909 or

Jane Koenigsman
Sr. Manager, L/H Financial Analysis
Phone: 816.783.8145
Fax: 816.460.7599

NAIC Center for Insurance Policy and Research (CIPR)

CIPR Homepage

Enterprise Risk Management (ERM)

Last Updated 6/12/17

Issue: Enterprise risk management (ERM) has attracted much attention in the last several years, particularly following the great global financial crisis. In today’s uncertain world of complex and interrelated risks, an increasing number of financial institutions, including insurance companies, have implemented or are developing an ERM system.

Overview: Managing risks is paramount for insurers who have implemented or are further enhancing or developing their ERM systems. The accurate and deeper understanding of the extent and composition of risk-taking and the greater risk control gained by ERM can deliver significant strategic advantages. These advantages can be translated as increased efficiencies and ultimately as important tangibles as reduced earnings volatility, stronger capital position and higher profitability. The success of ERM depends on how well it integrates into its framework already proven and effective risk management tools, such as Asset Liability Management (ALM), which cuts across different risk categories (underwriting, asset and operational risks). All departments within an insurance company including finance, actuarial, strategy, etc., are critical in the implementation of ERM, first mainly within their departments by embedding ERM into their daily operations, and then by connecting across the organization risk management infrastructure to become part of the overall calculus of decision-making.

Company size and complexity are among the key determinants for ERM adoption with larger companies facing multiple risks more likely to develop a holistic risk management framework. Insurers active in a number of markets offering complex products have a need for specialists to deal with different risks, and they predictably move toward developing strong ERM systems. External institutional pressures, particularly from the regulatory community, have also been driving ERM implementation. The regulators’ intent is to foster an effective level of risk management at the enterprise (group) level for all insurers. Other external factors for ERM adoption originate from the market whose signals are expressed through the stock market and credit ratings agencies, which have added ERM as a criterion in their credit analysis and their overall assessment of insurance companies’ financial strength.

Status: The current solvency surveillance framework includes examination and analysis of insurers’ ERM as outlined in the Exam and Analysis Handbooks. In October 2011, the IAIS adopted an Insurance Core Principle (ICP 8) on Risk Management and Internal Controls, which heightens the need for standards and provides guidance on ERM. During 2011, the Group Solvency Issues (E) Working Group determined that ERM, as well as ORSA (Own Risk and Solvency Assessment) requirements, were appropriate and beneficial for inclusion in the U.S. solvency framework. In 2012, the NAIC ORSA Guidance Manual and the Risk Management and ORSA Model Act (Model #505) was adopted.

The NAIC ORSA Guidance Manual provides information for insurers on performing its ORSA and documenting risk policies and procedures. NAIC Model #505 went into effect on Jan. 1, 2015 and requires insurers above a specified premium threshold to maintain a risk management framework, complete an ORSA, and file a confidential annual ORSA Summary Report with their lead state supervisor. All states are expected to adopt Model #505 by the end of 2017, as the Model becomes a standard for accreditation of the state departments. Most of the adopting states required an ORSA Summary Report to be filed by the end of 2015. The rest required the first filing to be made by the end of 2016 or 2017, depending on the state.