Skip to main content
  • This website sets cookies on your device. To find out more about how we use cookies please refer to our Privacy and Cookie Policy. By continuing to use the site, we’ll assume that you are content for us to set these on your device.
  • Close
Home > Prudential Regulation Authority > Management and governance

Management and governance

This page provides information on Solvency II requirements for system of governance (SoG) and the own risk and solvency assessment (ORSA).

What are the requirements for system of governance?

The Solvency II Directive states that all insurance and reinsurance firms should have an effective system of governance in place which is proportionate to the nature, scale and complexity of the business and provides sound and prudent management.

The European Insurance and Occupational Pensions Authority has issued guidelines on the system of governance covering; general requirements, remuneration; fitness and propriety; risk management; the prudent person principle; own funds; internal controls; the internal audit function; the actuarial function; valuation of assets and liabilities; outsourcing (where appropriate); and group governance. 

The PRA may request insurance and reinsurance firms to be able to demonstrate consideration of the guidelines and implementation of an effective and proportionate system of governance in compliance with all applicable requirements.

What is an ORSA?

Article 45 of the Solvency II Directive requires ‘as part of its risk-management system every insurance and reinsurance undertaking shall conduct its own risk and solvency assessment’ (ORSA).

There are numerous parallels between the PRA’s supervisory approach, the intention of the ORSA, and the outputs contained in the ORSA report. The ORSA is a key input to the PRA’s judgment-based approach.

The ORSA is an ongoing and continuous process with numerous inputs and outputs. The process should be one which provides useful outputs, which the firm and its board, use as part of their strategic decision making, risk assessment and capital management. There are three rules to the overall process; i) it should be proportionate; ii) holistic (involving different areas within the firm); and iii) forward-looking.

What are the requirements for the ORSA?

Solvency II requires firms to conduct an ORSA at least annually and also following the occurrence of any significant change in its risk profile. The ORSA must include an assessment of the:

  • forward-looking analysis of risks which should be linked to the firm’s business plan and strategy. The assessment should reveal existing controls and assess potential management actions that could counteract those risks;
  • firm’s overall solvency needs, taking into account their specific risk profile, approved risk tolerance limits and business strategy;
  • performance of stress tests on those material risks, including sensitivity analysis, scenario testing and reverse stress test; and
  • firm’s ability to comply continuously with Solvency II regulatory capital and technical provisioning requirements and determine the significance with which the risk profile of the firm deviates from the assumptions underlying the solvency capital requirement. 

The ORSA should be an integral part of the risk management culture of a firm and capital management, and results of the ORSA process should form part of firms’ strategic decision making, including business planning and product development.

Board ownership

The board is responsible for the ownership and sign-off of the process and report, while it can delegate the day-to-day management of the process to the risk function and risk committee. One of the key roles of the board is to steer and challenge the ORSA process outputs.  

PRA publications

Readers can also find more information on Management and Governance in the PRA Publications section of the website – see Related links. Select Insurance policy publications, and click on the ‘Topic’ drop down and select ‘Management and Governance’.