Please contact your OSFI Relationship Manager with any questions concerning the guidelines or their implementation.

Reference: Guidelines for Federally Regulated Insurers November 11, 2013 To: Federally Regulated Insurers 1 Subject: Own Risk and Solvency Assessment guidance On December 21, 2012, OSFI published draft Guideline E-19: Own Risk and Solvency Assessment (ORSA) and a draft of revised Guideline A-4: Internal Target Capital Ratio for Insurance Companies. The comment period ended on April 12, 2013. OSFI received 13 submissions from various stakeholders on the draft guidelines. I would like to thank everyone who provided comments and suggestions. OSFI reviewed the submissions and today is publishing the final versions of Guideline E-19 and Guideline A-4, which has been renamed Regulatory Capital and Internal Capital Targets. In addition, the Appendices to this letter provide a summary of the key comments received and an explanation of how they were dealt with in the final guidance. Both guidelines have an implementation date of January 1, 2014. While OSFI recognizes that a number of insurers will not immediately meet all of the expectations outlined in guidelines E-19 and A-4, OSFI expects insurers will, over a period of time, put in place the processes needed to meet the expectations. OSFI requests that insurers inform their Relationship Manager by March 31, 2014, of the expected date in 2014 when their ORSA report will be available. In its review of the ORSA report, OSFI Supervision will take into consideration the time required for Board education and for developing /implementing the necessary processes. Please contact your OSFI Relationship Manager with any questions concerning the guidelines or their implementation. Yours truly, Mark Zelmer Deputy Superintendent Attachments 1 Including Canadian operations of foreign life and property and casualty companies operating in Canada on a branch basis, as well as fraternal benefit societies operating in Canada, except for regulated insurance holding companies and non-operating insurance companies. 255 Albert Street Ottawa, Canada K1A 0H2 www.osfi-bsif.gc.ca

Appendix 1 Draft Guideline E-19 (ORSA) - Summary of Consultation Comments and OSFI Reponses Timing and Implementation Industry Comment The effective date has been communicated as January 1, 2014 with little guidance on what this date will tangibly mean for companies. Is OSFI s expectation that companies will initiate the ORSA process by that date but may not necessarily comply with all the requirements immediately? Does OSFI expect insurers to have an initial ORSA completed and approved during 2014 rather than by January 2014? It was suggested that : - for many companies, it would be a somewhat limited version and OSFI should clarify that they understand this, and accept the ORSA will become fuller and more robust over time. - in order for a Canadian subsidiary to make use of consolidated group methodologies in the Canadian company s ORSA and to better coordinate a system of complementary ORSA for branches and worldwide insurance groups, the ORSA requirements be effective no earlier than 2014. - in order to prevent resorting to less than optimal tools, cutting corners and not achieving the real objectives, OSFI extend the deadline by at least 1 year. - OSFI consider phasing in the implementation. A phased implementation: - should be reflective of the nature, scale and complexity of each insurer. - is critical to ensuring that Board members and senior management have sufficient training on and knowledge of ORSA. - is particularly noteworthy for operational risk; the quantification of this risk would have a relatively longer transition. - would be consistent with E-19 ICAAP. - would more closely reflect the anticipated timeframe required for completion of an end-to-end ORSA process as defined within E-19. - would provide more time required for integration with business and strategic planning (i.e.: insufficient time to integrate with the 2014 business planning process for most companies). While the guideline will be effective on January 1, 2014, OSFI recognizes that a number of insurers will not likely immediately meet all the expectations of the guideline. OSFI Supervision will take into consideration time required for Board education and for developing / implementing the appropriate processes to conduct an effective ORSA. Insurers should confirm the timing of making their ORSA reports available with their OSFI Relationship Manager. The guideline will be effective on January 1, 2014. Guideline A-4 currently expects insurers to have internal targets. In addition, several other components including stress testing, AA report and DCAT can be useful for preparing an ORSA and have been in place for a number of years. OSFI recognizes that a number of insurers will not likely immediately meet all the expectations of the guideline. OSFI Supervision will work with insurers, taking into consideration time required for Board education and for developing / implementing the appropriate processes to conduct an effective ORSA. Insurers should confirm specific expectations with respect to ORSA November 2013 Page 2 of 16

Suggestions for phase-in timelines and deliverables: - ORSA report provided sometime in 2014 (or shortly after the company s fiscal year end), the exact date of which should be company specific reflective of when their planning cycles occur. o During the transition years, OSFI should consider the industry s, and an individual insurer s, current state and future plans when evaluating ORSA submissions. - January 1, 2014 established as the start of a formal transition year with full compliance to the Guidelines expected to be in-force and implemented by calendar year 2015. o Consistent with the OSFI approach on E-19 ICAAP for DTIs. o Consistent with the timeframes announced for ORSA compliance in the US (i.e.: full report meeting all Guideline criteria to be delivered to the Board in calendar year 2015). - ORSA report required no earlier than December 31, 2014. o Less complex insurers should have more time to comply with the guideline. - In order to track progress, OSFI may request that all companies submit to OSFI by June 30 th, 2014 a roadmap laying out the steps they will take to reach compliance and which they will review with their relationship manager. Introduction An apparent inconsistency in the ORSA guideline with respect to the use of the word risk needs to be clarified. Footnote 4 states that reference to risk throughout the guideline means net risk, while some areas appear to refer to inherent risk (e.g.: page 5, 4 th paragraph). It is suggested that the ORSA encompass an assessment of the adequacy of key mitigation and controls. Scope The guideline suggests foreign subs or branches may borrow from consolidated groups ORSA methodologies. It is suggested that this approach be extended to Canadian subs of domestic insurers. OSFI should not review or challenge ORSAs under the purview of foreign jurisdictions. implementation and with respect to the timing of making their ORSA reports available with their OSFI Relationship Manager. The footnote reference to net risk has been deleted. This is not precluded in the guideline. OSFI has amended the ORSA Guideline to clarify expectations with respect to the use of a Group ORSA and for related insurers operating in Canada. ORSA processes used by the Canadian operations of a foreign company are not treated differently for ORSA than other processes that support the Canadian operations, whether in Canada or at the home office, and these are all likely within the scope of OSFI s review of the insurer. November 2013 Page 3 of 16

The guideline states that an insurer s ORSA is to cover consolidated operations from the top level OSFI regulated entity. The (consolidated) approach is not always appropriate given that: - Factors other than the consolidated ORSA will determine internal targets for subsidiaries. - Some FRIs are managed under single leadership, have common corporate functions as well as common Board membership and do not have a single FRI parent / holding company resulting in the need to complete more than one ORSA processes / reports. - Other jurisdictions are not following the same timeframe for ORSA implementation as Canada (e.g.: US first ORSA report due by 12/31/15). - A branch of a foreign legal entity or a Canadian business that is part of a global business portfolio would be subject to ORSA requirements by its home regulator. Therefore, the need to produce an entirely Canadian specific ORSA would present a false view of the organization and its risks and capital needs, and would be unnecessarily costly, largely duplicative and would not provide OSFI with the best insight into the business risk and capital. o It is suggested OSFI rely on a combination of a generic ORSA and supplementary exhibits covering specific Canadian risks, or describing why the Canadian element of a particular risk is unexceptional and accordingly has appropriately been dealt with within overall capital. o It is suggested that an insurer subject to comparable ORSA requirements be permitted to satisfy its Canadian ORSA requirements by referring to a comparable (i.e.: substantially similar) ORSA undertaken in satisfaction of the requirements of its home regulator. o It is suggested that the ORSA be effectively and efficiently integrated with other ORSAs and equivalents domestically and globally (e.g.: US and Solvency II), to avoid duplication and inconsistencies and to help ensure Canadian companies will not be disadvantaged in the application of these international standards as implementation / monitoring of ORSA standards evolve. - Risk in certain subsidiaries may be considerably lower or higher than in the consolidated entity. Canadian subsidiaries of domestic insurers should determine internal targets in the same manner as Canadian subsidiaries or branches of foreign insurers. An OSFI regulated insurer operating in Canada is expected to comply with OSFI guidance. OSFI s intention is not to create duplicative or redundant work for insurers. As such, the ORSA Guideline has been amended to clarify OSFI expectations with respect to branches, groups and related insurers operating in Canada. Where commonalities exist, a foreign insurer operating in Canada should be able to leverage from its home jurisdiction ORSA to meet OSFI expectations. However, OSFI expects the ORSA to adequately reflect the business and risk profile or circumstances of the insurer s Canadian operations, to provide sufficient information to support conclusions related to the insurer in Canada, to contain adequate documentation for OSFI to assess its appropriateness for the insurer in Canada and for the determination of its internal targets. Where insurers in a group do not share common processes, it may be more appropriate to have a separate ORSA for each insurer. Even if ORSA requirements have not been finalized in an insurer s home jurisdiction, internal processes being developed by an insurer or its home office may be leveraged in conducting the Canadian ORSA. In the event that an insurer intends to use its home jurisdiction ORSA in Canada, but it is not yet available, the insurer should provide, in a branch s first ORSA report, a brief status update on the home jurisdiction ORSA along with highlights of areas and timelines for expected future improvements. OSFI recognizes that risks may vary by subsidiary and that internal targets should reflect this. A separate ORSA may be appropriate in these situations, where a Group ORSA does not address the specific risks of an insurer. Insurers should confirm specific expectations with respect to ORSA implementation and documentation with their OSFI Relationship Managers. November 2013 Page 4 of 16

ORSA and Enterprise-Wide Risk Management The following sentence is not needed: As part of its ERM framework, an insurer should have policies that set organization-wide controls on its activities that are consistent with its overall risk tolerance and risk-taking appetite and capacity. These policies should be effectively communicated throughout the organization. This should be principles based since local jurisdictions will have their unique environments. Throughout the document there is reference to the ERM and ORSA processes that seem to imply they are two distinct processes, but it s not clear how OSFI views the relationship between the two. Some view ORSA as a subset of ERM, and some vice-versa, while yet others view the two as interchangeable terms. It is suggested that the document be reviewed to clarify OSFI s meaning. ERM should not be referred to specifically in the ORSA guideline. Comprehensive Identification and Assessment of Risks Reference to economic assessment; it is suggested that it be up to the company to define and asses the relative economic impacts. Some or most risks can be broken down ; it should be up to the company to define their own risk taxonomy, the granularity of which reflects the nature, scale and complexity of the insurer. There is reference to insurance, market, credit and operational risk. Terms such as insurance, financial, operational, and strategic risks would better capture all relevant risks as market and credit risks are included within financial risks. The language in the final paragraph of the section describing the expectations of content regarding not easily quantifiable risks, suggests a level of detail that may render the ORSA too long, too complex and inappropriate for the effective Board Oversight that OSFI seeks. Agree that the reference to ERM may be too prescriptive. As this is addressed under the Corporate Governance Guideline, the reference has been deleted. In the guideline, OSFI uses the general meaning of term ERM. The ORSA should be linked to an insurer s ERM process and other management processes. OSFI does not prescribe a specific integration approach however there should not be a disconnect between, for example, the ORSA process and the capital or business planning processes, that would cause the results to be incompatible or incongruent. Text has been modified to enhance clarity of OSFI s intent. Agree. Although the term financial would capture both market and credit risks, OSFI will maintain the references as they are, given that this is in line with OSFI guidelines and Regulatory Framework. Text has been revised and reflects a reduced expectation in terms of documentation for mitigating all risks. The additional details provided in the supplementary report / Key Metrics Report (KMR) table should provide both the Board and OSFI with insight into assumptions and appropriateness of the types of methodologies used in the insurer s ORSA. November 2013 Page 5 of 16

The Draft Guidance provides that At a minimum, the ORSA should explicitly address insurance, market, credit and operational risks. Each and every aspect of a complete insurance company s operations is not always found in a branch although the guideline, as currently drafted, requires that they be present. Relating Risk to Capital (Nature, Scale and Complexity) OSFI needs to provide a clearer distinction between what it considers to be insurers with more complex and diverse risk profiles and insurers taking on less complex risks. The language seems to suggest that the complexity of risks that an insurer is exposed to equates to its size; this may not always be the case. OSFI should remove or modify the last two sentences on page 5 as their meaning / purpose is not clear as currently written. Relating Risk to Capital (Determining Capital Needs) Inasmuch as a branch is not a stand-alone legal entity but rather an office of the legal entity, a branch has direct and immediate access to the entirety of the company s capital capital does not have to be moved from parent to subsidiary. Accordingly, regulations that require a branch to determine whether or not, for each risk, an explicit amount (quantity) and type (quality) of capital should be held are not necessarily appropriate for branch offices. Aside from maintaining regulatory and risk capital in accordance with existing OSFI requirements, all other capital needs associated with the branch s operations are properly calculated by and satisfied from the home office legal entity and its capital. This point is also relevant to other areas of the guideline where capital needs are discussed. The reference to the determination of if an explicit amount (quantity) and type (quality) of capital should be held suggests a level of detail that best sits outside of the ORSA, which should be at a level to allow the Board to review and exercise oversight of the work undertaken by Senior Management and appropriate resources within the organization, but make reference to the range of underlying risk and capital setting processes that run through the course of the year. Noted. The expectation that the ORSA address a risk does not mean that the risk must be present, but that the risk should be assessed. If a risk is not material or non-existent, the ORSA should include such a determination. Text has been revised to no longer refer to a minimum. Proportionality is the overriding principle; the language has been modified slightly. Agree that placing these sentences under the proportionality principle is not optimal. Sentences have been moved. An insurer operating in Canada is expected to comply with OSFI guidance. As such, it should, as part of its ORSA, determine capital needs and establish internal targets. Clarifications have been brought to the guideline for branches including a reference to the concept of margin of assets over liabilities. Additional guidance for Group ORSAs and for groups that are not consolidated with a top-level federally regulated insurer has also been added. The reference to type (quality) of capital held has been removed in relation to each risk as an insurer may choose to make this assessment on an aggregate basis and not on a risk by risk basis. OSFI expects that in determining own capital needs, an insurer will make use of the most appropriate and relevant assessment processes and tools, including stress and scenario testing. November 2013 Page 6 of 16

Reference to material risks in this sub-section seems to imply inherent risk, not net risk. OSFI should provide guidance on the definition of material. Text has been clarified with respect to material risks. Material risk should be determined on inherent basis as quality of mitigations and controls should be tested. Companies should decide how to determine materiality. Policies differ for different types of risk under ICAAP. Under ORSA, it should be up to the company to define and assess which types of risks are most material to them. Stating more prudent seems to impose a higher standard of conservatism. The sentence should be reworded as follows: still provides an appropriate yet less refined but more prudent estimate. To the extent a company can receive verification, especially external, of appropriateness; the extent of prudence can be smaller than otherwise applicable. Determining if an explicit amount of capital is required should be for material risks only. Agree that it should be the insurer s own assessment of which risks are material. Text has been amended to further clarify the intent. Indeed, if an estimation method is less sophisticated, and therefore less precise, it should contain more prudent assumptions. One of the purposes of developing more sophisticated techniques is to more accurately reflect the risks and reduce capital where it is not needed, but if this is not feasible / completed, the capital cannot be reduced. The ORSA self-assessment should have the proper controls and ensure the reasonableness, accuracy, sensitivity, etc. of the tools, methodologies and processes used and that it is commensurate with the risk profile and risk appetite of the insurer. An external verification may be one of the factors considered but should not be the only one. The determination of a material risk forms part of the process to determine whether capital should be held for that specific risk. Individual discrete risks may not be material on their own, however, an insurer may choose to hold capital for a group of risks, taken together, that is material or hold capital for a number of lesser material risks that may be seen as emerging or growing. The intent of the Guideline is that material risks are given appropriate attention and consideration and that they be related to capital needs. November 2013 Page 7 of 16

With regards to the expectation that high quality capital instruments form the substantial part of capital ; many elements of capital (e.g.: DTAs and intangibles) have considerable value in stressed situations. Also, it must be recognized that there are other means to manage capital in stressed situations other than only raising capital instruments, such as the ability to improve capital adequacy through curtailing new business, reinsurance transactions and other means. ORSA should develop an internal view of the required quality of capital instruments based on debt and policy holder interests, not on views imposed from outside the ORSA, but based on the risk strategy of the company. Bullet points listed on page 6 appear overly prescriptive. Also, some of the points do not belong within the ORSA process (e.g.: it is not always necessary to consider credit agency ratings). While some may perform all of these, this should not be viewed as a minimum requirement of an ORSA process. Regarding peer group analysis: - It is very difficult without standardized assessments of risk and capital. How will OSFI and the industry ensure consistency in these assessments? - Such benchmarking should not be expected to be given a significant weight to avoid following the herd, since the purpose of the ORSA is intended to be a self-assessment. - It is not a relevant or valid exercise as ORSA is concerned with the needs of a unique combination of risks and appetite that will not be replicated in or known to another organization. Definitions of quality capital may differ under a regulatory and an insurer s view. It is OSFI s view that, in a period of stress, an insurer with higher quality capital will have more flexibility and be better able to survive than an insurer with lesser quality capital, all other things being equal. Therefore, OSFI expects that high quality capital elements (such as retained earnings and common shares) should form the substantial part of core capital resources. DTAs and intangibles are normally valued using a going-concern assumption; when this assumption is questioned in periods where the insurer is under stress, these elements may be written down and contribute to reduce the capital base of an insurer and accelerate insolvency. Therefore, in OSFI s view, an insurer should not place undue reliance on these elements for surviving periods of stress. Agree that it is not an expectation for these to be included and therefore the text has been modified. To the extent that peers publicly share their ORSA methods/tools and results (e.g. risk measurement / management and capital needs), an insurer can consider these and may identify areas where further analysis may be beneficial. November 2013 Page 8 of 16

Relating Risk to Capital (Stress & Scenario Testing) While the guideline addresses potential duplication between the DCAT, stress testing and the ORSA processes, it should clarify that these processes are expected to be part of ORSA and not a standalone. It is important that OSFI acknowledge that DCAT scenarios and E-18 Stress Tests should only be considered, i.e. in practice DCAT scenarios should not be considered minimums. DCAT and E-18 have difference purposes and different stakeholders. Because DCAT is now required by OSFI in Guideline E-15, many regard DCAT as a compliance exercise, an actuarial task that may not be perceived as adding a lot of value over ERM. There is confusion within the industry with respect to the relationship between DCAT and ORSA and some believe there is unnecessary overlap between the two. ORSA should be deemed to meet the requirements of expected future financial condition review as required by ICA, thus eliminating this overlap in analysis and reporting. The ORSA and the DCAT may have different views (i.e.: company view vs. appointed actuary opinion) and methodologies /purposes (i.e.: insurer s own vs. professional standards). The guideline states that stress and scenario testing, including but not limited to those conducted as per E-18 / DCAT, should be considered and, where appropriate, used / referenced in the ORSA. The results should be considered in the insurer s ORSA as appropriate to the insurer s processes. At this time, OSFI intends to maintain the DCAT process. However, should the CIA modify and extend its standards to cover scenario testing within ORSA as well as wider but related aspects of ORSA, OSFI may consider the impact of the changes and the continued use of the DCAT process. The requirement for DCAT reports by the AA should be eliminated. Detailed scenario testing should be included directly as an integral part of ORSA. If ORSA is to be accepted as an integral part of insurers corporate cultures then OSFI should let companies carry out this exercise in a way that best suits each of them. Specific reference to DCAT should be removed from E-15. The CIA could easily modify and extend their DCAT material to cover scenario testing within ORSA as well as wider but related aspects of ORSA. OSFI should encourage the CIA to expand their guidance to cover banking as well. November 2013 Page 9 of 16

Relating Risk to Capital (Setting Internal Targets) It should not be necessary in all cases for internal targets to exceed supervisory targets, especially significantly, and at all times. - If a company, using economic capital modeling as well as scenario and stress testing arrives at requirements that are below the supervisory targets, it is not clear how additional scenario and stress testing will be useful in raising them. o OSFI should provide more formal guidance / parameters around the use of the additional stress testing, as well as additional consultation in these situations, to ensure the approach is meaningful, not perceived as arbitrary / regulatory requirements, and is embraced by management and the Board. - Using MCT / MCCSR, larger companies with very conservative risk profiles may require disproportionately higher minimum regulatory capital when compared to internally modeled risk capital targets. A company with a very conservative risk profile could have lower internal targets based on ORSA than the regulatory minimums, even allowing for consideration of stress testing results. OSFI should acknowledge that internal targets at all levels of aggregation (i.e.: by risk component, by legal entity and at the consolidated level) will not be floored at the supervisory target. Legal entity targets will be determined taking into account the company s own view of risks, appropriately adjusted for circumstances of each legal entity, and taking into account requirements and conditions of a jurisdiction in which the entity operates. In this context it is important to recognize that risks are identified, measured and managed holistically from a total enterprise perspective. A legal-entity view represents a subset of this holistic approach, necessitating flexibility in exercising expert judgment in how to relate companywide risk methodology to specific circumstances of a legal entity. Recommend internal targets should be at least the supervisory targets and leave it at that. Although the ORSA is the insurer s own process, OSFI has expectations regarding this process, including internal targets set above the Supervisory Target. OSFI has amended the guideline to provide more guidance with respect to the process for setting Internal Targets in consideration of the Supervisory Targets. If an insurer s internal capital were to fall below the Supervisory Target, OSFI would expect the insurer to improve its capital position. The Supervisory Target is a standard measure that marks an important point in the continuum between normal operations and a point where an insurer s ability to remain as a going-concern is challenged or in doubt. The ORSA process is not a standardized process. Substituting its results in lieu of regulatory requirements presents certain challenges and would require a level of review and assessment that is not foreseen for the ORSA. If an insurer obtains approval for the use of internal models for MCCSR / MCT purposes, they may generate results that can replace the standard measures. Scenario and stress testing can be used to quantify an insurer s capital needs but they can also be used to assess the adequacy of actual capital levels in relation to limits and targets. In setting internal targets, an insurer should consider external and third party capital expectations. In this regard, an insurer is expected to set internal targets above the Supervisory Targets. This should be done by conducting a series of stress tests with varying severity levels and considering various loss levels, in line with the insurer s risk appetite and profile. Also, while OSFI agrees that requirements and conditions of other jurisdictions in which the insurer operates should be taken into consideration in establishing internal targets of some insurers in a group, federally regulated insurers are subject to Canadian standards and, as such, internal targets are expected to be set above the standard Supervisory Target. November 2013 Page 10 of 16

Relating Risk to Capital (Integration with other Business Processes) How does OSFI foresee the integration of ORSA into the capital planning and management process? For example, will it be necessary to project ORSA capital throughout the entire financial planning cycle? Rather than being prescriptive, this expectation need only be reflective of the insurer s nature, scale and complexity, including the extent it needs to satisfy OSFI the ORSA is integrated into the overall ERM activities of the company. With regard to internal validation, the Board should satisfy itself that the ORSA has been independently validated, providing it with the necessary confidence in the ORSA outputs. Board Oversight and Senior Management Responsibility The failure of the Draft Guideline to properly differentiate branches cannot be overcome by simply replacing board of directors with Chief Agent. Since branches can vary greatly in terms of size and headcount, they do not necessarily have senior management resident at the branch in addition to the Chief Agent himself. The guideline should be redrafted with greater sensitivity to the likely possibility that a branch will not have resident senior management apart from the Chief Agent. For clarity, does the reference to an insurer s Board is responsible for reviewing its approved stated risk appetite mean that the Board approves the risk appetite and reviews its prior decisions of approval? Monitoring and Reporting The goals of the ORSA report overlap with those of DCAT and E18 (i.e. evaluate the level and trend of material risks and potential effect on capital levels / determine that the insurer holds sufficient capital / determine the level of capital in various stresses and scenarios / assess future capital requirements. The ORSA should be consistent with an insurer s strategic, business and capital planning. The ORSA should be linked to an insurer s ERM process and other management processes, including its regular planning cycle. OSFI does not prescribe a specific integration approach however there should not be a disconnect between, for example, the ORSA process and the capital or business planning processes, that would cause the results to be incompatible or incongruent. The guideline notes that an insurer s ORSA should be reflective of its nature, scale and complexity. The reference has been removed. The text has been modified to more clearly outline expectations and applicability to branches, including references to the concept of margin of assets over liabilities and additional guidance on the use of Group ORSAs and home jurisdiction ORSAs. Yes, this is what it means. OSFI expects the results of the DCAT and E18 will either be referenced or otherwise incorporated/considered in the ORSA, where relevant. November 2013 Page 11 of 16

Instead of making the point that the Board establishes or confirms the insurer s internal targets ; the guideline should instead indicate that Senior Management develops the targets for the Board s approval. The guideline states that OSFI may review the report and assess whether the process and its results are appropriate. However, the company should not be required to re-do its ORSA if OSFI disapproves, since it is the company s own, but OSFI s comments would influence the content or presentation of subsequent ORSAs. Bullets on page 9: - The 3 rd bullet should not necessarily imply zero diversification credits. - The 5 th bullet should read any necessary adjustments instead of necessary adjustments. The reference that capital is adequate during periods of stress and through entire business cycles should be judged by the Board (not OSFI s input into what stresses to assume, covered by E-18). Internal Controls and Independent Review Rather than stating the Board should regularly verify internal controls, it is proposed instead that the Board be satisfied Senior Management has an appropriate internal control framework that is operating effectively. This is generally consistent with the Corporate Governance Guideline. Verification of internal controls would ordinarily be performed by the insurer s internal audit / risk management functions. The 2 nd bullet on page 10 on the identification of risk should be limited to material risks as typically each company would inventory all risks before determining which risks are material. Footnote 11 (whereby OSFI may request an independent review report be prepared and made available), should be limited to where OSFI is not satisfied with a previous ORSA report. Agree that once the report has been submitted to the Board, internal targets would need to be confirmed. The text has been revised. Agree. New wording is introduced to nuance the message. Noted. Text has been clarified. Agree. Text has been changed. All insurer processes that OSFI reviews usually factor in its determination of the insurer s risk profile. Text has been modified for clarity. Risks should be identified prior to determining their materiality; therefore bullet 2 includes all risks. While there may be situations where this would be the case, it may not be limited to these situations. The text has been amended. November 2013 Page 12 of 16

Other Industry Comment Summarizing the key principles / characteristics of an ORSA immediately after the scope would provide an important context to the rest of the document and deliver the objectives clearly and comprehensively without having to read through the entire document. The company should own the development / oversight of ORSA processes and the determination of internal targets, for both required and available capital, and both at the legal entity and consolidated level. OSFI should recognize and accept the possibility of wider ranges of internal capital targets in reflection of company specific qualitative considerations and different approaches to quantifying risk. Consistent with internal capital targets not being determined with undue reliance on regulatory capital requirements, the reconciliation to regulatory capital targets should not be expected. Additional clarity is required on OSFI s ultimate vision with respect to capital management. In the Canadian Vision for P&C Insurer Solvency Assessment paper (published December 2011), there was a clear distinction drawn by OSFI between the ability to use internal models versus the standardized approach. ORSA now requires companies to calculate their own view of capital requirements using internal models, subject to a minimum equal to the standardized approach. The guideline states internal targets are required to be above supervisory targets (150%) and that once a company determines its ORSA capital needs, adjustments may be needed in order to set the internal target above the supervisory target. This is contrary to the original intent of using internal models, which should preclude the need to add arbitrary buffers. If OSFI s intent is to always require the standardized approach to form the minimum capital requirement, then it would appear that the long term value of ORSA and the principle based framework is severely diminished. In past discussions, OSFI articulated that the purpose of this 50% buffer was to recognize that there are risks not explicitly accounted for in the standardized test and it was a margin intended to cover off the additional uncertainty. The 50% buffer is no longer appropriate, particularly since OSFI is now quantifying additional risk measures (i.e. interest rate risk) but not reducing the supervisory margin to take these previously unmeasured risks into account. OSFI s expectation is that insurers would indeed read through the entire document. Also, key principles (e.g.: proportionate, integrated, forwardlooking and internal) are highlighted by guideline sub-section and/or throughout the guideline. The amount of capital determined by the insurer (and the methods used to determine it) should differ from regulatory capital. A reconciliation to regulatory capital required/available may assist OSFI with its review and understanding of an insurer s ORSA and its results. A comparison is necessary to determine if the internal targets are above the Supervisory Targets. The Supervisory Target is a standard measure that marks an important point in the continuum between normal operations and a point where an insurer s ability to remain as a going-concern is challenged or in doubt. The ORSA process is not a standardized process. Substituting its results in lieu of regulatory requirements presents certain challenges and would require a level of review and assessment that is not foreseen for the ORSA. If an insurer obtains approval for the use of internal models for MCCSR /MCT purposes, they may generate results that can replace the standard measures. The ORSA does not require the use of internal models. If an insurer s internal capital were to fall below the Supervisory Target, OSFI would increase its supervisory intensity until the insurer improves its capital position. Guideline A-4 clearly defines and differentiates Supervisory Targets and Internal Targets. November 2013 Page 13 of 16

The use of the term internal target is misleading as it represents the minimum amount of capital to hold and does not represent the actual level of capital a company intends to target. Internal minimum or internal threshold would be more appropriate terminology. An ORSA document, if done properly, will contain information of a commercially sensitive nature such as long term growth projections and key risk assumptions and therefore should not be disclosed by the regulator. Disclosure of ORSA documentation will lead to entities excluding potentially relevant facts and lead to a sub-optimal outcome for OSFI. Other Risks and Risk Considerations (Appendix 1) Appendix 1 is unnecessary given that the document already refers the reader to other OSFI publications that cover this material. In addition, including the appendix increases the risk of inconsistencies both between OSFI guidelines and documents as they are updated, and in their interpretation. Having said that, the definitions included here may be more detailed than definitions provided elsewhere (e.g.: E-18) and it may be preferable to consolidate these in a single location / have other publications refer to a common document for risk definition. The terms supervisory target and internal target are already established and extensively used in Canada; the A-4 and ORSA guidelines provide an insight of what these terms mean and OSFI expectations with respect to their determination. All information, including ORSA documentation, regarding the business or affairs of institutions that is obtained or produced by OSFI is treated as confidential pursuant to legislation. Agree that maintaining these lengthy definitions and ensuring consistency with other OSFI documents could be onerous and prone to error. The Appendix has been modified. The guideline should focus on broad categories of risks and avoid unnecessary detail which could lead to difficulties in interpreting / implementing the guideline. The guideline should provide general direction to assist companies in the ORSA process and, with this, expect flexibility in its application. OSFI should provide explicit acknowledgement that some risks can be best assessed qualitatively and that insurers are not necessarily expected to quantify these risks (e.g.: reputation risk). Compensation risk should not be singled out in the ORSA guideline as it is also dealt with extensively in the Corporate Governance guideline. Additional guidance is needed on how to approach the aggregation / diversification analysis within the regulator s expectations. Text has been added to clarify OSFI expectations with respect to risks that are difficult to quantify and the role of qualitative considerations and expert judgement in the guideline. This has been addressed with the restructuring of Appendix 1. This should be done by taking into consideration the insurer s nature, scale and complexity. Details on the calculations and methods used (e.g.: correlation matrix, dependency structure, etc.) should be documented. November 2013 Page 14 of 16

Appendix 2 Draft Revised Guideline A-4 - Summary of Consultation Comments and OSFI Reponses Timing and Implementation Industry Comment The determination of internal targets for 2014 and evolutions of how to determine internal targets should be company specific. Tier 1 Capital Internal Target (Life insurers only) The increasing regulatory focus on Tier 1 capital, reflected in the proposed formalization of the Tier 1 internal capital targets, is concerning. Insurance accounting produces volatile outcomes that serve in Canada as a foundation for the solvency regime. Common equity has become the only material source of Tier 1 with which this accounting volatility could be addressed. The proposed amendment introduces the idea that capital should include elements that contribute to creditor protection in insolvency, in addition to policyholder protection. Other regulatory capital regimes, including Solvency II, focus solely on policyholder protection in their design or the regulatory capital framework. A broader scope of protection limits the range of possible capital instruments that could be considered as appropriate and in addition narrows the definition of resources that could be available to protect the fulfillment of an insurer s obligations to policyholders. Capital Management Policy This section contains some redundancies with the ORSA guideline. To avoid potential confusion and reduce redundancy in the capital management policy and the ORSA report, it would be preferable to only refer to capital management policies and eliminate several bullets (1, 3, 4, 5 and 6). Refer to responses to similar concerns in Guideline E-19. The concept is in line with OSFI policy rationale of high quality Tier 1 capital elements that reduce the likelihood of insolvency and capital elements that contribute to policyholder protection during a winding-up. Capital targets should reflect proper restrictions on the capital elements that only reduce losses in wind-up situations and provide limited support on a going-concern during periods of stress. This distinction recognizes that an insurer s likelihood of insolvency is a different measure than the likelihood of policyholders not receiving their benefits. The overall goal is to maintain a strong and resilient Canadian insurance sector with an acceptable level of risk to policyholders. The Canadian regulatory framework protects creditors to the extent that OSFI s capital guidelines and other guidance contribute to reducing the likelihood of insolvency. A solvent going-concern operation generally makes payments to all creditors, not only policyholders, as they become due. To the extent that some financial instruments are recognized as regulatory capital, it may result in additional assets available to pay claims of creditors not recognized as regulatory capital; the level of protection of policyholders versus creditors is ultimately determined by the resolution process. Agree that there are redundancies. Section has been reworded and some bullets deleted. Summary of Consultation Comments Guideline A-4 November 2013 Page 15 of 16

Appendix 3 Supervisory Request for ORSA Information and Key Metrics Report - Summary of Consultation Comments and OSFI Reponses General Industry Comment These requirements seem more prescriptive than the guideline itself. The reporting standards should not drive the ORSA requirements into a compliance exercise. The report should be simplified or OSFI should clarify that a number of elements are optional. Portions of the opening paragraph are not entirely consistent: can be used, should cover all the elements, is completely optional. It is recommended that companies be afforded flexibility to exercise judgment as to materiality levels and to define appropriate risk metrics based on the nature, scale and complexity of their operations. With paragraph 1 which refers to summary of financial position, it is suggested that OSFI, in practice, not be prescriptive in its expectations. Regarding the reference to the linkage between the stress and scenario testing done as part of the ORSA and the insurer s stress testing program done per expectations in E-18, it is suggested that OSFI not challenge any internal targets that are not reflective of any specific E-18 scenarios. Regarding paragraph 7 relating to meeting internal and regulatory targets, it is suggested that the requirement not be to meet continuously through the 3-5 year forecast period. This will be considered as this document is reviewed. This will be considered as this document is reviewed. This is important information as part of the ORSA. The sentence will likely be removed to avoid overly prescriptive guidance. Although the ORSA allows flexibility by being an insurer s own assessment, OSFI maintains its expectation that insurers will continue to meet regulatory requirements. Summary of Consultation Comments ORSA Information and Key Metrics Report November 2013 Page 16 of 16