CNSP Resolution No. 471/2024: guidelines on own risk and solvency assessment and capital management defined

On September 25, 2024, the Superintendence of Private Insurance (“SUSEP”) published CNSP Resolution No. 471/2024, which establishes the rules applicable to own risk and solvency assessment (“ORSA”) and capital management for insurance companies, open supplementary pension entities (“EAPCs”), capitalization companies and local reinsurers, excluding entities in segments S3, S4 and Special Purpose Insurance Companies (“SSPE”).

The ORSA is the process periodically carried out by the supervised company to assess the suitability of its capital and liquidity under regular and stressed conditions, considering the risks of its current and planned operations.

Based on the results obtained from this self-assessment and the risk appetite, the supervised company must manage its capital, establish, assess, and monitor control levels on an ongoing basis, and take the appropriate action if they are breached.

The main rules introduced by CNSP Resolution No. 471/2024 are summarized below:

• Risk self-assessment: the ORSA must be compatible with the entity’s size, complexity, risk profile, and business model, considering significant material risks such as underwriting, credit, market, operational, liquidity, cyber and sustainability. The results must be integrated into strategic planning, the improvement of the Risk Management Framework (“EGR”) and capital management.

• Policy and execution: The ORSA policy complements the risk management policy and must define guidelines, roles and responsibilities, to be detailed in internal regulations. The execution must be carried out annually, when the business plan is drawn up or updated, including economic and financial projections and stress tests, under the coordination of a unit subordinate to the officer in charge of internal controls. A new ORSA must be carried out in the event of a significant update to the business plan outside the annual cycle or a substantial change in the risk profile.

• Reports: the results, methodologies and analyses must be documented in a report, which must be approved by the officer in charge of internal controls and by the highest management body of the supervised company. It must also be forwarded to the board of directors, the risk committee and the risk management unit. These persons, bodies and units must consider the contents of the report when carrying out their duties and, where applicable, provide the information and conclusions contained in the report to those involved in the risk management, strategic planning and capital management processes.

• Validation: the process requires a full review every four years, carried out by independent and trained units. If, before this period has elapsed, there are significant changes in the operations, business plan, structure of the supervised company, regulations, or any change capable of substantially altering its risk profile, the entity must prioritize the validation of specific aspects of the ORSA.

• Capital management: establishes control levels for adjusted net assets (“PLA”) and corrective actions for cases of breach, requiring a formal and approved contingency plan. The plan must define specific levels of control, including:
  • a suitable level to ensure full coverage of capital requirements even in stress situations;
  • a level equivalent to the Minimum Capital Requirement (“CMR”); and
  • an intermediate level between these two levels.

In addition, the contingency plan must be formally registered, approved by the supervised company’s highest management body, disclosed to its employees whose roles and responsibilities are associated with implementing the plan, and reassessed at least once the ORSA has been implemented.

• Prudential groups: In the case of a unified Risk Management Structure, both the ORSA and the capital contingency plan must cover the individual supervised companies and the group as a whole. The group’s lead supervisor will be in charge of establishing the ORSA policy, coordinating its execution, drawing up reports, and monitoring the PLA of the supervised group.

• Compliance deadlines: S1 Segment entities must comply with the reverse stress tests by December 31, 2026, and other provisions by December 31, 2025. Supervised companies in Segment S2 must comply with the new rules by December 31, 2026.

• Supervision: SUSEP may establish complementary guidelines, including standardized formats and mandatory stress tests. Entities must also ensure that all documentation is accessible to SUSEP, including policies, reports and contingency plans.

CNSP Resolution No. 471/2024 has been in force since it was published on September 25, 2024. The full text is available on the SUSEP portal.

Demarest’s Insurance, Reinsurance, Health and Private Pension team is available to provide any clarification on the new regulation and any corresponding legislation.