Risk-Focused Surveillance ("RFS") is the revised regulatory examination approach adopted by the NAIC in 2006 and effective for examinations starting in January 1, 2010. RFS is an audit approach revised to broaden and enhance the identification of risk inherent in an insurer's operation and utilize the evaluation in formulating the ongoing surveillance process. There is greater focus placed on insurer's risk management culture, corporate governance structures, risk assessment programs, and control environments. The approach encourages new interaction through:
- Pre-examination interviews with key management and boards of directors.
- Pre-examination requests for additional internal control documentation (including Sarbanes-Oxley Act ("SOX") or Model Audit Rule ("MAR") compliance documentation)
- Increased coordination between external and internal auditors.
Insurance Departments will develop risk profiles and rankings of insurers and tailor the level of surveillance and monitoring required. The ranking is developed through the existing market conduct, financial filing, examination and other monitoring processes. The results are combined with key interviews and evaluation of internal control documentation to score the insurer.
The process rewards insurers who have good governance practices and evaluated internal control effectiveness. The insurer universe will be segmented into SOX compliers, MAR compliers, RFS compliers and others. RFS compliance is voluntary. The "Other" classification elevates the solvency risk of the insurer.
The opportunity for insurers is to optimize or eliminate statutory examination procedures, educate the Board and management on risk management process, and comfort of following best practices. Side benefits are the significant inherent risks insight, managements. understanding of the regulatory performance criteria, and as input for the strategic planning process. The overall Insurance Department determination is the insurer's grade as to inherent risks management.
Some insurers are uneasy about the pre-interviews with board and management. Exposure to the process educates both as to the purpose and importance of the ranking being performed.
We recommend a proactive approach to RFS. Insurers need to prepare for the change and positively influence their risk ranking. Good practices under the mandatory SOX and MAR were their reward. Under RFS, insurers will be rewarded by reduced examination efforts. The assessment and documentation effort is usually offset by workflow improvements, full deployment of existing software, and more effective processes. Initial assessments have also enabled insurers to focus on critical regulatory concerns such as:
- Mandatory Medicare/Medicaid Reporting for Casualty Risks
- Principle Based Reserving for Life, Health and Annuity Companies
- Electronic Discovery and File Retention
- Change Management and Version Control
- Business Continuity
- Back Up and Recovery
The transition to RFS involves adopting a modified, insurance specific audit approach. We can assist in RFS assessment and any remediation effort needed. We have had good results in using existing software like collaboration (i.e., SharePoint), documentation (i.e., ImageRight) or other software to address the concerns mentioned above.
In summary, the RFS Framework requires management and boards to think critically about their inherent business risks, business processes, and financial controls. It creates a great opportunity to educate, to improve business processes, enhance risk management, and improve operations with the reward of best practices and lower potential examination costs.
Our professionals understand the concerns of the insurance industry, the internal control frameworks, and the new documentation standards. Let HRMSI assist you in your internal control needs and providing innovative and effective solutions that moderate your regulatory surveillance costs. Contact us at (630) 243-0117 or email MFischer@riskinc.net