Public Consultation on draft regulation regarding Own Risk and Solvency Assessment opened in Brazil

On December 19, 2023, Brazil’s Private Insurance Authority (Susep) submitted a draft regulation on the Own Risk and Solvency Assessment process (Orsa) pursuant to Public Consultation No. 1/2023. Already implemented in foreign jurisdictions, the Orsa is a process for mapping internal and external risks taken on by Susep-supervised companies classified in the S1 and S2 segments. The process supports these companies in identifying the impact of solvency risks and, when appropriate, assessing the need to make adjustments to their solvency and liquidity.

Susep’s explanatory memorandum states that the Orsa process ensures senior management has a complete, holistic view of the risks assumed by the company. This facilitates informed decision-making and allows a stronger focus on solvency, in a complementary fashion to the existing provisions in Brazilian Private Insurance Council (CNSP) Resolution No. 416/2021.

As per the terms of the draft, the Orsa should be:

• Compatible with the nature, size, complexity, risk profile, and business model of the supervised company;
• Aligned with the supervised company’s strategic planning and risk management structure;
• Based on well-documented and consistent processes, methodologies, and assumptions, which can be repeated over time;
• Prospective in its approach, considering specific risks.

Regarding this last point, in addition to subscription, credit, market, operational, liquidity, cyber and sustainability risks, Susep has also established that S1-classified companies must consider strategic, reputational, contagion and concentration-related risks, as defined in the draft.

Furthermore, supervised companies must carry out the Orsa at least once a year, alongside updates to their business plans. To test the consistency of the process, the Orsa must also be validated at least every three years by a unit/department that:

• Is not subordinate to the company’s internal controls officer;
• Has not been involved in any aspect of its design, implementation or execution.

Provided that these requirements are met, the supervised company’s internal audit unit may lead this validation process.

Capital Contingency Plan

Susep’s draft includes a chapter dedicated to ‘Capital Management’, which provides that a capital contingency plan should be created for the entire period contemplated by the Orsa. The plan should be based on the results of the Orsa and the risk appetite of the supervised company, defining:

• Levels of control regarding Adjusted Net Worth (ANW);
• Funding sources or corrective actions for restoring ANW levels.

As a general rule, capital transfers from other companies within the same group as the supervised company cannot be considered funding sources, unless the funding company is also supervised and belongs to the same unified internal control system (SCI) and risk management structure (EGR) as the receiving company.

From a governance perspective, the draft establishes that the Orsa policy and the capital contingency plan must be approved by the supervised company’s board of directors (or executive board in the absence of a board of directors). The planning and execution of the Orsa must be coordinated by a department subordinate to the internal control officer (such as the risk management department) and structured according to the provisions of CNSP Resolution No. 416/2021. Moreover, supervised companies with a unified SCI and EGR must all be included within a single Orsa, however, the Orsa must contain individual projections and analyses for each company.

Furthermore, the draft provides for new responsibilities for internal control officers at supervised companies, stipulating that they must:

• Guide and supervise the design, implementation and execution of the Orsa;
• Inform management about matters related to the design, implementation, and execution of the Orsa on a periodic basis (and whenever necessary);
• Approve any necessary internal regulations for designing, implementing and execution of the Orsa;
• Propose changes to the Orsa policy;
• Approve the Orsa report.

Importantly, the draft provides that the supervised entities will have the duty to preserve, under current regulations, all versions (current and previous) of the policy and Orsa report, the capital contingency plan, and other documents that prove compliance with regulatory requirements.

Susep’s draft provides that S1 and S2 supervised companies would have until December 31, 2025, and December 31, 2026, respectively, to comply with the new rules. However, these deadlines may be subject to change depending on the date the regulation resulting from the draft is published.

For more information, please contact Mattos Filho’s Insurance, Reinsurance & Private Pensions practice.