The Insurance Prudential Supervisory Framework (“IPSF”) sets out FSRA’s approach for supervision and risk assessment of Ontario’s provincially incorporated insurance companies (“Insurers”). Its primary focus is to determine the impacts of current and potential future events, both internal and external, on the risk profile of each Insurer, and drive FSRA’s allocation of supervisory resources.
This Guidance articulates FSRA’s supervisory approach for all Insurers, as well as the practices and processes for determining an Insurer’s Overall Risk Rating (“ORR”), Intervention Level (IL), and level of FSRA’s supervisory activity under the Insurance Act (the “Act”), supporting Regulations and FSRA Rules and Guidance.
This Approach Guidance does not prescribe compliance obligations for Insurers. Rather, it is intended to define the processes and practices that FSRA will follow when establishing supervisory plans and exercising supervisory action or discretion powers under the Act. FSRA will also use the IPSF to guide its communications with external stakeholders.
The level and extent of supervision under the IPSF will depend on the size, complexity, and risk profile of the Insurer, and the potential consequences of an Insurer’s failure including systemic impact.
This Approach Guidance affects the following entities regulated by FSRA:
- Insurers incorporated under the Act
As part of its supervisory reviews and assessments, FSRA will apply this framework to subsidiaries, joint ventures or any other entities connected to the Insurer through financial or management resources, or whose conduct may affect policyholders (i.e., consolidated group supervision).
This Guidance complements the information provided in, and should be read in conjunction with, other FSRA guidance and supporting publications available on FSRA’s website, “Guidance - Life and Health Insurance and Property and Casualty, and General Insurance”.
Rationale and background
FSRA uses an integrated IPSF to identify imprudent or unsafe business practices and misconduct impacting policyholders of Insurers and intervenes on a timely basis. FSRA’s IPSF integrates prudential and market conduct supervisory activities to comprehensively assess the risk profile and determine the overall risk rating of each Insurer.
The IPSF is designed to assist FSRA in meeting its statutory objects under the Financial Services Regulatory Authority of Ontario Act, 2016 (the FSRA Act). The IPSF will support FSRA’s efforts to:
- contribute to public confidence in the insurance sector
- promote high standards of business conduct in the insurance sector
- protect the rights and interests of policyholders
- foster strong, sustainable, competitive, and innovative financial services sectors
- promote and otherwise contribute to the stability of the insurance sector with due regard to the need to allow insurers to compete effectively while taking reasonable risks
The ORR of an Insurer will also help FSRA consider whether an Insurer should be subject to increased regulatory activity (level of supervisory engagement) and other enhanced supervisory activity. It will also determine the supervisory actions that typically occur at each of the intervention levels, which may include recovery and resolution activities.
Approach – Processes and practices
FSRA has developed this Approach Guidance to provide clarity in respect of FSRA’s supervisory practices and approach to supervision through the articulation of the key principles and features of the IPSF. This Guidance also articulates how FSRA assesses the most important prudential and conduct risks posed by Insurers to supervisory objectives and the extent to which Insurers can manage, mitigate, or contain these risks.
The IPSF is dynamic, principles-based, and aligned with national and international supervisory practices. The IPSF increases the effectiveness of supervision by enabling supervisory outcomes to be met while increasing efficiency through improved processes and resource allocation. It involves allocating resources to the areas of greatest risk; for example, not all activities within an Insurer may need to be assessed for each review or at the same intensity.
Guiding principles and supervisory standards
The foundation of FSRA’s IPSF is centered around the Risk Definition, Principles, and Supervisory Standards described below.
The Risk Definition provides clarity for the meaning of “risk” wherever it is used in the IPSF and is applied consistently in the risk assessments of all Insurers.
Risk in FSRA’s IPSF is assessed with respect to both likelihood of financial loss to policyholders and possibility that the conduct, acts, or omissions of an Insurer or its staff harm or deliver poor/unfair outcomes for its policyholders.
The IPSF Principles focus on achieving outcomes from FSRA’s supervisory approach and are aligned with FSRA’s supervisory principles.
Supervisory work is performed to achieve successful supervisory outcomes rather than completing a standard cycle or process.
Supervisory work focuses on material risks of business activities and market conduct matters that could pose threats to achieving the key supervisory outcome of minimizing possible losses to policyholders.
Dynamic, proactive and adaptable
Supervisory work is continuous, dynamic, and timely to ensure changes in the business, sector, and environment are identified early and reflected in FSRA’s actions and priorities.
Supervisory work results in a consolidated assessment of risks in the business of an Insurer. This holistic approach includes assessment of all material Insurer entities such as subsidiaries, joint ventures, and other material investments and activities.
The Supervisory Standards describe key aspects of how FSRA supervisors conduct supervisory work using the IPSF. They form the standards of practice and roles of FSRA supervisors.
To the extent possible, assessments are forward-looking and consider the velocity, persistence, and amount of change of the risks. This enables early identification of issues, timely intervention, and higher likelihood of achieving desired outcomes.
Supervisors exercise sound judgment, supported by rationale, in identifying and evaluating risks of an Insurer.
Supervisors combine sufficient quantitative and qualitative evidence to support judgments, findings, recommendations, and requirements.
Efficient and effective
Supervisory work and assessments are planned and completed in an efficient and effective way and with due regard to the risk profile of each Insurer. This includes use of FSRA’s regulatory actions, data collection, filing requirements, guidance documents, enforcement tools, and service standards.
Use of work of others
FSRA uses, where appropriate, the work of others (e.g., External Audit, Internal Audit, the Appointed Actuary, and an Insurer’s other oversight functions and other regulators) to augment its supervisory work and minimize duplication of effort.
FSRA designates a relationship manager (RM) for each Insurer. The RM is the main point of contact for the Insurer and engages in ongoing dialogue with the Insurer’s management. The RM is responsible for maintaining an up-to-date risk profile of the Insurer and is supported by other staff within FSRA in performing this function. The RM is responsible for providing FSRA’s feedback to the Insurer, leading discussions about the assessment and examination results, and the development, implementation, and monitoring of timely remediation plans by an Insurer.
The level and extent of supervision will depend on the size, complexity, and risk profile of an Insurer, and the potential consequences of an Insurer’s failure. Where there are identified risks or other areas of concern including market conduct matters, the degree of intervention will be commensurate with the risk profile. Insurers that are well managed relative to their risks will require less oversight.
Insurance Prudential Supervisory Framework overview
This section of the Guidance articulates the three essential elements of FSRA’s IPSF: the Risk Assessment Process, the Risk Management Process, and the Supervisory Process.
A. Risk assessment process
The following elements of FSRA’s IPSF enable a common approach to risk assessment across Insurers and over time. The Risk Matrix (as shown in Appendix A: Risk Matrix) is used to record all the assessment ratings for the various elements of the IPSF that are described below.
For each of the elements in the matrix, FSRA will apply a rating based on a five-level scale where the criteria are tailored to each of the elements assessed.
1. Significant activities and importance
An Insurer’s significant activities are identified at the start of the risk assessment process. A significant activity can be a line of business, business unit or enterprise-wide process that is fundamental to an Insurer’s business model and its ability to meet its overall business objectives. The identification and assessment of significant activities and their relative importance (i.e., materiality) require the use of supervisory judgment which is informed by knowledge of an Insurer’s external environment, sector, and business profile. To understand the business profile of an Insurer, supervisors use various sources including organization charts, strategic business plan, capital allocations, internal audit reports, and internal/external reporting.
2. Inherent risk
Inherent risks are assessed for each significant activity of an Insurer. Inherent risk is intrinsic to a business (significant) activity and arises from exposure to, and uncertainty from, potential future events. Inherent risk is evaluated before any mitigation and by considering the probability of an adverse impact to an Insurer’s capital or earnings, and ultimately its policyholders. When determining the probability of an adverse impact arising from Market Conduct Risk, FSRA will consider the probability that the conduct, acts, or omissions of an Insurer or its staff harm or result in poor/unfair outcomes for its policyholders.
Inherent risk is assessed without regard to the size of the activity relative to the size of an Insurer, and before considering an Insurer’s Quality of Controls and Oversight. FSRA uses the following seven categories to assess inherent risk:
Financial inherent risks
Non-financial inherent risks
- operational (including Legal)
- market conduct
The above umbrella inherent risk categories cover other risk sub-categories including for example, legal risk, as noted above, and reputational risk.
Based on the inherent risks identified for a significant activity and the level of these inherent risks, FSRA will assess the extent to which a commensurate level of controls and oversight is needed to adequately mitigate the inherent risks.
Refer to Appendix D for details regarding market conduct risk assessments.
3. Quality of controls and oversight (“QCO”)
The assessment of QCO for each significant activity (activity) considers both the appropriateness of their characteristics and the effectiveness of their performance, in the context of the size, complexity, and risk profile of an Insurer. Characteristics of a function refers to how it is designed to carry out its role. Performance of a function refers to its effectiveness in carrying out its role and responsibilities. The performance assessment is more important than the characteristics assessment. Consequently, the performance assessment will carry more weight when determining the rating of an activity.
Operational management of an Insurer for any significant activity (activity) is responsible for the controls used to manage that activity’s inherent risks on a day-to-day basis. Operational management ensures that an Insurer’s line staff clearly understand the risks that the activity faces and must manage, and that policies, processes, and staff are sufficient and effective in managing these risks. When assessing operational management, FSRA’s primary concern is whether operational management can identify the potential for material loss or misconduct that may arise by taking on that activity and has in place adequate controls to mitigate the inherent risks that may materialize and cause loss or misconduct (see Appendix D). In general, the extent to which FSRA needs to review the effectiveness of operational management of a significant activity depends on the effectiveness of an Insurer’s oversight functions. If an Insurer has sufficient and effective (e.g., adequate) oversight functions, FSRA may not need to also assess the effectiveness of operational management independent of the oversight functions.
An Insurer’s oversight functions are responsible for providing independent, enterprise-wide oversight to operational management for each significant activity. There are six oversight functions: Compliance; Actuarial; Risk Management; Internal Audit; Senior Management; and Board of Directors.
The Oversight Functions provide objective assessments to the directors of the Board and Senior Management to allow them to fulfill their responsibilities. The Oversight Functions identify, measure, and report on an Insurer’s risks, assess the effectiveness of an Insurer’s risk management and internal controls, and determine whether an Insurer’s operations and risk exposures are consistent with an Insurer’s risk appetite.
The presence and nature of these functions vary based on the size, complexity, and risk profile of an Insurer and the inherent risks in its significant activities. Where an Insurer lacks a critical oversight function (e.g., internal audit, risk management, etc.) and has engaged external expertise to perform that function, FSRA expects an Insurer to maintain accountability for that function (i.e., Insurers can outsource the function’s responsibility but not the accountability and not ownership of risks).
Where an Insurer lacks some of the other Oversight Functions, they are not sufficiently independent, or they do not have enterprise-wide responsibility, in applying proportionality, FSRA will assess the effectiveness of other functions (e.g., Senior Management) in providing the expected, adequate, and independent oversight.
FSRA will assess the stature and authority of the executive leadership (heads) of the Oversight Functions within the Insurer and the extent to which they are independent from operational management. FSRA will look to ensure that the heads have unfettered access and a functional reporting line to the Board or the appropriate Board committee.
Controls and Oversight, including corporate governance assessments, are based on an evaluation of an Insurer's current practices for each risk management control and oversight function related to the insurer’s significant activities.
Enterprise-wide oversight ratings
The enterprise-wide oversight assessment is FSRA’s determination of the oversight function’s effectiveness across all activities to provide an enterprise-wide view. It considers the function’s characteristics and performance (and FSRA’s expected outcomes) in executing its oversight responsibilities.
The assessment focuses on how well the oversight function oversees an Insurer and considers any weaknesses in the function’s characteristics that may not have affected its performance yet but may do so in the future. Hence, these ratings act as early warning indicators of potential future performance issues with the oversight functions within the activities.
4. Residual risk
Residual Risk is defined as Inherent Risks mitigated by the Quality of Controls and Oversight. For each significant activity the level of residual risk is determined by considering all relevant and rated inherent risks and QCO ratings. Insurers should be managing risk prudently such that the Residual Risks are appropriate.
5. Prudential Summary Residual Risk (“PSRR”), Market Conduct Summary Residual Risk (MCSRR), Summary Residual Risk (“SRR”)
The PSRR and MCSRR measure the prudential and market conduct risk profiles of an Insurer based on inherent risks taken on by engaging in significant activities, mitigated by controls and oversight functions, but before the assessment of capital, liquidity, and resilience.
The PSRR is the aggregation of the ratings for the Prudential Residual Risks of all significant activities weighed according to their importance. The MCSRR is determined in a similar way to the PSRR but from a market conduct perspective.
The SRR is determined after considering both the PSRR and the MCSRR.
6. Capital and earnings, liquidity, and resilience
This section should be read and interpreted in conjunction with the information published in other FSRA guidance, rules and supporting publications related to capital and earnings, liquidity and resilience located on the FSRA website.
Capital and earnings
Capital is a source of financial support to protect against unexpected losses and is a key contributor to the safety and soundness of the insurer. Capital management is the on-going process of raising and maintaining capital at levels sufficient to support planned operations. For more complex insurers, capital management also involves allocation of capital to recognize the level of risk in its various activities. Insurers must consider their exposure to Environmental, Social and Governance (ESG) risks and assess their effects on capital.
FSRA assesses the capital adequacy of an Insurer on both a current (at time of assessment) and forward-looking time frame (e.g., how expected earnings would affect the capital position). This approach enables a longer and wider view of an Insurer’s capital adequacy and recognizes the key role that retained earnings plays in maintaining and building the capital base of Insurers.
Liquidity is the ability of an Insurer to obtain sufficient cash or its equivalents in a timely manner at a reasonable price to meet its commitments as they fall due. Managing and maintaining adequate levels of liquidity are critical for the overall safety and soundness of an Insurer. An Insurer must ensure that there is enough liquidity to ensure orderly funding, operational expenses and other obligations and provide a prudent cushion for unforeseen liquidity needs. An Insurer’s obligations, and the funding sources used to meet them, depend significantly on its business mix, balance sheet structure, and the cash flow profiles of its on and off-balance sheet obligations.
Liquidity risk management is necessary given that a liquidity shortfall at an Insurer can have potential sector-wide repercussions. Insurers must consider their exposure to Environmental, Social and Governance (“ESG”) risks and assess their effects on liquidity. FSRA uses quantitative and qualitative measures in the assessment of an Insurer’s liquidity adequacy and liquidity management programs. high
Resilience is the ability of an Insurer to respond to adversity, absorb shocks, and adapt to changes especially during a period of stress or crisis. It is the ability of an Insurer to continue to:
- deliver on its objectives
- remain sustainable and prosper
- make positive adjustments under challenging conditions
- emerge strengthened and more resourceful
The Board and Senior Management of an Insurer have a fiduciary duty which includes the obligation to plan for adverse scenarios and to ensure that an Insurer is crisis ready. This aligns with FSRA’s goal of protecting policyholders’ interests and contributing to the stability of the sector.
Significant stress or failure of one Insurer could accelerate stress at others and lead to other failures in the sector. Risk of contagion could further manifest in the broader financial services system due to loss of confidence of policyholders.
A resilient Insurer should be able to:
- respond effectively to any type of event
- monitor current environment
- anticipate future threats and opportunities
- learn from past failures and successes
Overall resilience of an Insurer is assessed holistically through both financial and non-financial factors and considers both “business as usual” and “post-stress event” conditions. Financial resilience factors include capital and liquidity; non-financial factors are generally governance and operational-based and focus on crisis preparedness. Some key indicators of resilience performance and characteristics are the strength of an Insurer’s Own Risk & Solvency Assessment (“ORSA”), adequacy and implementation of the Recovery Plan, the Business Continuity Plan and the Disaster Recovery Plan during stress.
A resilient Insurer is expected to anticipate future threats and opportunities including being able to identify and manage ESG risks. Inadequate or mismanagement of these could negatively impact an Insurer’s franchise strength and risk profile, while more serious deficiencies could ultimately threaten an Insurer’s reputation, capital and earnings, liquidity, and viability.
7. Overall Risk Rating (“ORR”)
The ORR is an assessment of the insurer’s overall risk profile, after considering the impact of Capital (including earnings), Liquidity, and Resilience on its SRR. It reflects FSRA’s assessment of the safety and soundness of an Insurer. The ratings from the Capital, Liquidity, and Resilience assessments are used to determine modification needed to the SRR, if any, to arrive at the ORR.
The five risk ratings for the ORR are: “Low”, “Low-Moderate”, “Moderate”, “Moderate-High” and “High” (Descriptions of each of the five ORR risk ratings are detailed in Appendix B).
B. Risk management process
The International Association of Insurance Supervision (“IAIS”) is the international body responsible for developing the Insurance Core Principles (“ICPs”) for Supervision that regulatory bodies can use to assess their supervisory systems and identify areas for improvement.
C. Supervisory process
FSRA uses a defined process to guide its insurance-specific supervisory framework that includes the following steps:
1. Developing a supervisory strategy and planning supervisory work
A supervisory strategy (“Strategy”) for each Insurer is prepared annually. The Strategy identifies the supervisory work necessary to keep the Insurer’s risk profile current. The intensity of supervisory work depends on the size, complexity, and risk profile of an Insurer. The Strategy outlines the supervisory work planned for the next three years, with more detailed description of work for the upcoming year. The Strategy is the basis for a more detailed annual plan, which indicates the expected work and resource allocations for the upcoming year.
In addition to being Insurer-specific, FSRA’s planning also includes a process to compare the work effort across Insurers. This is to ensure that assessments of risk for individual Insurers are subject to a broader standard, and to assign supervisory resources effectively to higher-risk Insurers and significant activities.
2. Executing supervisory work
There is a continuum of supervisory work that ranges from lesser to greater supervisory intensity:
- document review
- meeting with senior management and board
- off-site desk review
- limited (targeted) scope off-site or on-site assessment/review/examination
- expanded scope off-site or on-site assessment/review/examination
- comprehensive off-site or on-site assessment/review/examination
Monitoring refers to the regular review of information about an Insurer, its industry, and external environment to keep abreast of changes that are occurring or planned in an Insurer, and to identify emerging risks and issues.
Insurer-specific monitoring includes the analysis of an Insurer’s financial and operating results, typically considering its performance by business line and vis-à-vis its peers and any significant internal developments. Reviews and examinations refer to more extensive supervisory work than monitoring and may involve on-site examinations depending on the specific requirements identified in the planning process.
In addition to the core supervisory work of monitoring and reviews, FSRA frequently undertakes thematic, comparative, or benchmarking reviews to identify standards and best industry practices.
Given the dynamic environment in which insurers operate, FSRA also scans the external environment and industry, gathering information as broadly as possible, to identify emerging issues. Issues include both Insurer-specific and sector-wide concerns.
FSRA periodically requires Insurers to perform specific stress tests that FSRA uses to assess the potential impact of changes in the operating environment on individual insurers or industries. Environmental scanning and stress testing have increased in importance as changes in the external environment are a main driver of rapid changes in Insurer risk profiles. FSRA may also request the insurer’s internal auditor, or at an Insurer’s expense, its external auditor, or other external resource (e.g., consulting firm or appointed actuary) to investigate and report on a matter to FSRA.
3. Updating risk assessments
In between full examinations, supervisors monitor an Insurer and if new information indicates a material change in an Insurer’s risk profile, supervisors will update an Insurer’s risk assessment ratings as needed. When there are shifts in the risk assessment of an Insurer, FSRA responds by adjusting work priorities set out in the supervisory strategy and annual supervisory plan as necessary to ensure that important emerging matters take precedence over items of lesser risk. Such flexibility is vital to FSRA’s successful implementation of risk-based supervision and its ability to ensure the safety and soundness and appropriate business conduct of an Insurer.
Risk assessments for all insurers are subject to internal quality assurance and reviews to ensure ratings are consistent and accurately represent the risk profile of an Insurer.
4. Reporting and communication to insurers
In addition to ongoing discussions with Insurer management through the RM, FSRA communicates to insurers through Supervisory Letters, when warranted. Supervisory Letters summarize FSRA’s key findings (including those resulting from examinations), recommendations, and requirements, as necessary based on the supervisory work (both prudential and market conduct) that was completed since issuing the last Supervisory Letter. The Supervisory Letter may require an Insurer to develop, implement and report on a remediation plan to address the issues arising from this review. FSRA may also choose to meet with Senior Management and/or directors to discuss its supervisory findings and any issues of concern. The Supervisory Letter also reports the Insurer’s ORR.
During the year, FSRA may also issue an Interim Letter to an Insurer to provide an Insurer with timely feedback on issues arising from a specific body of supervisory work, especially if the insurer is on the Watchlist.
With both types of letters, FSRA will discuss the findings, recommendations, and requirements with an Insurer before issuing the letter. FSRA’s considers communication and the provision of feedback to an Insurer an important part of its supervisory process.
5. Intervention level
The ORR of an Insurer is used in determining the level of intervention FSRA will take to address identified prudential or conduct issues. FSRA’s Intervention Guide (The Guide) addresses situations where FSRA has concerns with an Insurer’s vulnerabilities or when viability or solvency are of concern. The Guide (included as Appendix C of this Guidance) aims to communicate at which stage an action/intervention would typically occur. The Guide also provides a mapping of the typical combinations of ORRs and Intervention Levels.
6. Level of supervisory engagement
After determining the intervention level, proportionality (size and complexity) is applied to the ORR of an Insurer to determine the level of supervisory engagement (i.e., FSRA resources and attention placed on an Insurer). FSRA will have a higher level of supervisory engagement with larger and/or more complex Insurers whose failure could materially impact the Ontario-regulated insurance sector. As well, FSRA will have a higher level of supervisory engagement with Insurers that are riskier.
The failure of a large, complex Insurer would likely give rise to contagion and undermine public confidence in the insurance sector. For this reason, FSRA’s risk tolerance is low for Insurers that are large and/or complex and display an elevated risk profile (e.g., High ORR). Hence, FSRA will allocate more resources and supervisory attention to those Insurers to reduce the likelihood of their failure, including in extreme cases, exercising its authority under section 62 of the Act to take possession and control of the assets of an Insurer and conducts its business, taking such steps as are required towards its rehabilitation.
Effective date and future review
This Guidance will be effective as of the date of issuance and will be reviewed on or before 3 years from date of issuance.
About this guidance
This Guidance is consistent with FSRA’s Guidance Framework.
As Approach Guidance, it describes FSRA’s internal principles, processes and practices for supervisory action and application of Chief Executive Officer discretion. Approach Guidance may refer to compliance obligations but does not in and of itself create a compliance obligation. Visit FSRA’s Guidance Framework to learn more.
Appendix A: Risk matrix
The Risk Matrix (as shown below) is used to record all the assessment ratings described above. The purpose of the Risk Matrix is to facilitate a holistic risk assessment of an Insurer. This assessment culminates in an Overall Risk Rating (ORR), which represents the overall risk profile of an Insurer.
FSRA IPSF Risk matrix – Insurance company
As previously noted, a significant activity can be a line of business, business unit or enterprise-wide process that is fundamental to an Insurer’s business model and its ability to meet its overall business objectives. FSRA uses the following six categories to assess inherent risk: credit risk; market risk; operational risk; compliance risk; market conduct risk; and strategic risk. The categories and levels of inherent risk are sufficiently broad to cover known risk at an insurer. Each inherent risk category is reviewed independently, however reputational risk is viewed as a consequence of each of the six inherent risk categories; therefore, it is contemplated in each of the inherent risk categories, rather than separately. Following the identification of significant activities, the next step in the IPSF process is to evaluate their associated inherent risks as defined below.
- Credit – the potential that a borrower or counterparty will fail to meet its obligations to the insurer.
- Market – changes in market rates or prices from activities in markets such as interest rates, investments, foreign exchange, equity, and real estate which could result in losses or a reduction in the value of assets held by an insurer.
- Insurance – arises from exposure to adverse events occurring under specified perils and conditions covered by policies, and the potential for claims or payouts to be made to policyholders or beneficiaries.
- Operational (including Legal) – risk of loss that stems from inadequate or failed internal systems, internal controls, technology, procedures, policies, employee errors, breaches, fraud, or any external event that disrupts a financial institution's processes, systems or people.
- Compliance – potential non-conformance with regulatory requirements, laws, rules, regulations, prescribed practices, internal policies and procedures or ethical standards in any jurisdiction in which the insurer operates.
- Market Conduct – risk that the conduct, acts or omissions of an insurer or its staff harm or deliver poor/unfair outcomes for members and/or customers.
- Strategic – risk from the potential inability to develop and implement proactive, appropriate business strategies, plans, decision-making, resource allocation or its inability to adapt to changes in the business environment for example resulting in reduced capital levels and elevated viability concerns in the long run.
Quality of controls and oversight
- Operational Management
- Risk Management
- Internal Audit
- Senior Management
- Market Conduct (MC)
- PSRR, MCSRR, and SRR
Enterprise-wide oversight ratings
- Risk Management
- Internal Audit
- Senior Management
Modifiers and overall risk profile
- Capital & Earnings
- Overall Risk Rating - ORR
- Intervention Level - IL
Inherent Risk, Residual Risk, PSRR, MCSRR, SRR and ORR ratings:
Low, Low-Moderate, Moderate, Moderate-High, High
Quality of Controls & Oversight (QCO), Capital, Liquidity, Resilience ratings:
Strong, Adequate, Needs Improvement, Inadequate, Weak
Importance ratings: Low, Medium, High
Appendix B: ORR ratings and descriptions
|Low||This rating indicates a highly safe, sound, well-managed, and well-governed insurer. The combination of its summary residual risk and its capital, liquidity and resilience makes the insurer resilient to most adverse business and economic conditions, which will not materially affect its risk profile. The insurer has consistently performed well, and most key indicators are better than sector averages.|
|Low-Moderate||This rating indicates a safe, sound, well-managed, and well-governed insurer. The combination of its summary residual risk and its capital, liquidity and resilience makes the insurer resilient to many adverse business and economic conditions, which will not materially affect its risk profile. The insurer has for the most part performed well, and many key indicators are better than sector averages.|
|Moderate||This rating indicates a generally safe, sound, well-managed, and well-governed insurer. The combination of its summary residual risk and its capital, liquidity and resilience makes the insurer resilient to some adverse business and economic conditions which will not materially affect its risk profile. The insurer’s performance is satisfactory and key indicators are generally comparable to sector averages.|
|Moderate-High||The insurer has safety and soundness concerns. It has issues that trigger early warning indicators of potential financial non-viability if not addressed. One or more of the following conditions are present:
|High||The insurer has serious safety and soundness concerns. One or more of the following conditions are present:
Appendix C: Intervention guide
The ORR of an Insurer is used to determine the level of intervention or remediation FSRA will take to address any prudential or market conduct issues identified. FSRA has also developed this Intervention Guide (“The Guide”) to address situations where FSRA has concerns with an Insurer’s vulnerabilities or when viability or solvency are of concern. The Guide gives summary descriptions of Insurer risk profiles for each intervention level and indicates supervisory actions that typically occur at each level. The intervention process is not fixed as circumstances may vary from case to case. It is not a rigid regime under which every situation is necessarily addressed with a predetermined set of actions. The Guide aims to communicate at which level an action would typically occur and the actions described at one level may also be used in subsequent levels; in some situations, certain actions may also take place at earlier levels than set out in the guide. If warranted, an Insurer’s intervention level can be escalated or de-escalated by more than one level at one time. Risk profiles, as summarized by the ORR and typical supervisory actions for each corresponding intervention level are described below.
- Level 1
- Level 2
- Level 3
- Level 4
- Level 5
- Enhanced Monitoring
Level 1 – Normal
An Insurer has a sound financial position and sufficient governance and risk control frameworks for its size, complexity, and risk profile. Its practices do not indicate any significant problems or control deficiencies. Early Warning System (EWS) financial ratios are not indicating material issues or flags. An Insurer is not likely to fail or pose any undue loss to policyholders in foreseeable circumstances.
Level 1 supervisory actions include but are not limited to:
- periodic examinations and on-site reviews
- monitoring of select information on a monthly, quarterly and/or annual basis
- providing the insurer with a supervisory letter annually
- other supervisory activities as required or at the discretion of the supervisory teams
Level 2 – Early warning
An Insurer categorized at this level is not expected to fail or pose any immediate loss to policyholders; however, there are aspects of its risk profile that may create vulnerabilities under adverse circumstances, or its future trend may create vulnerabilities in the mid-term, and as such requires more extensive oversight by FSRA. EWS ratios have moved outside of normal range. At level 2, an Insurer is expected to implement an improvement plan to rectify or address identified concerns and commit to reducing its level rating. FSRA expects an insurer to return to level 1 (normal) within the timeframes established and stated in its improvement plan.
In addition to activities in the preceding level, Level 2 supervisory actions may include but are not limited to:
- placing an Insurer on the watchlist
- more frequent and/or more targeted on-site examinations and reviews
- special examinations by external experts
- enhanced monitoring and more frequent and detailed collection and analysis of data
- follow up and tracking of improvement plan
- communicating concerns to directors, Senior Management, and internal and external auditors
- requests for stress testing, revised business plans and risk appetite statements
- establishing or issuing expectations under a voluntary compliance agreement
Level 3 – Risk to financial viability or solvency
Improvements are needed as an Insurer’s business operations or circumstances potentially put policyholders at risk. EWS ratios and indicators may be significantly outside normal range. In this level, these improvements will be mandated by FSRA. An Insurer is unlikely to fail in the short-term, but this expectation relies on FSRA’s view that supervisory intervention is necessary to help avert any failure. At level 3, an Insurer must address identified problems or implement improvements to quickly reduce its level rating. The board and Senior Management must demonstrate a commitment to improvement by establishing urgent timelines. FSRA expects an Insurer to reduce its level rating within this timeframe.
In addition to activities in preceding levels, Level 3 supervisory actions may include but are not limited to:
- requiring recovery or restructuring plans
- implementing the recovery or restructuring plan
- requiring an Insurer to revise its business plans
- expecting an Insurer to increase liquidity and/or capital levels
- issuing other orders
- requiring an Insurer to consider merger opportunities under FSRA’s oversight
- entering into a voluntary compliance agreement
- placing conditions or prohibitions on business authorization
Level 4 – Future financial viability or solvency in serious doubt
An Insurer has severe safety and stability concerns and is experiencing problems that are expected to pose loss to policyholders unless corrective measures are promptly undertaken. EWS ratios and indicators may be critically outside normal range. The Insurer failed to remedy the issues identified in level 3 and its situation is worsening. At level 4, the Insurer will be directed to immediately resolve issues or implement mandated improvements. Immediate actions will be taken to reduce an Insurer’s overall risk and intervention level.
In addition to activities in preceding levels, Level 4 supervisory actions may include but are not limited to:
- having the FSRA take possession and control of the assets of an Insurer pursuant to s. 62 of the Act after the CEO makes a report under s. 58 of the Act
- implementing the recovery plan
- winding down or merging with another Insurer
- divesting of non-core businesses
- sale of assets
- requesting financial assistance from the Property and Casualty Insurance Compensation Corporation (“PACICC”)
Level 5 – Nonviability or insolvency imminent or has occurred
An Insurer is experiencing severe financial difficulties and has deteriorated to such an extent that there is a high level of certainty that an Insurer has insufficient capital to adequately protect policyholders from undue losses.
In addition to activities in preceding levels, Level 5 supervisory actions may include but are not limited to:
- suspend or cancel an Insurer’s license
- wind-up an Insurer under the Corporations Act or other applicable insolvency and bankruptcy regime
- implementing the insurer’s resolution plan
- notifying PACICC of the insolvency
- claims payout and premium refunds, where applicable, by PACICC
Appendix D: Market Conduct assessments
As an integrated regulator, both market conduct and prudential risk are essential components of FSRA’s supervisory framework. Market conduct risk refers to the probability that the conduct, acts, or omissions of an Insurer or its staff harm or deliver poor/unfair outcomes for policyholders. Ontario Property & Casualty (“P&C”) insurers and provincially incorporated insurers, are currently subject to a risk-based approach to supervision carried out by FSRA’s Market Conduct area. In addition, P&C insurers providing auto coverage are subject to FSRA’s auto specific assessment regime, which ensures that insurance companies’ proposed rates are fair and not excessive.
Market conduct risk is assessed by evaluating the controls Insurers have in place to ensure compliance with the Act and its regulations, and with FSRA rules and guidance. Ensuring the Fair Treatment of Customers (“FTC”) is the guiding principle in conduct. Regulatory expectations for FTC are set out in FSRA’s Guidance, Fair Treatment of Customers in Insurance, and may include assessing insurer controls as they relate to:
- corporate governance
- agent training and outsourcing arrangements
- incentives and remuneration
- product marketing and advertising
- point-of-sale information
- claims handling
- complaint handling and dispute settlement
Insurer conduct examinations can be initiated pursuant to alleged patterns or practices reported, risk-based assessments, or proactive monitoring to identify non-compliant business practices (which are for the purposes of this framework are focused on Ontario incorporated insurers). FSRA utilizes the data reported through the Annual Statement on Market Conduct, annual attestations, thematic reviews and complaint trends to inform its assessment of insurers conduct risk and the selection of insurers for supervision activities. FSRA also monitors media trends, incorporates government priorities, and engages with stakeholders to identify and verify the greatest consumer protection risks in the P&C sector.
Effective date: [TBD]
1 Both the CEO of FSRA and FSRA may exercise discretion under the Act. However, for the purposes of this Guidance, reference will be made to FSRA, instead of the CEO, as the CEO may delegate his authority to FSRA, as permitted by the Act.
2 See ss. 3(1), 3(2) and 3(4) of the FSRA Act.
3 FSRA uses the following principles as the foundation for its approach to using guidance: Accountable (Internal and External), Effective, Efficient, Adaptable, Collaborative and Transparent. The definitions of these principles can be found on the FSRA Guidance Framework webpage.
4 Note that supervisors assess the insurer’s inherent risk in the context of the industry experience and the “impact” is to the generic institution (“an institution”) and not the specific insurer that is being assessed. In contrast, later when arriving at the Summary Residual Risk we refer to the impact to the specific insurer being assessed.