- Type of Publication: Instruction Guide
- Date: March 2002
- Audiences: Life
This instruction guide provides direction to life insurers that wish to use internal models for determining required capital for segregated fund risks. This instruction guide applies to all segregated fund products that are subject to the provisions of Chapter 7 of the Life Insurance Capital Adequacy Test (LICAT) guideline. Separate approvals will be required for in-Canada and out-of-Canada segregated fund products. Additional criteria may be applicable for out-of-Canada segregated fund products in jurisdictions other than Canada and that wish to use their internal models for determining required capital with respect to this business should consult with OSFI for further information on these requirements.
In order to recognize expected advances in insurance risk management and
modelling, this instruction guide will likely be revised from time to
Capital factors were introduced for Canadian segregated fund guarantee risks in 2000. For United States products subject to the provisions of Chapter 7 of the LICAT guideline, institutions developed factors and submitted them to OSFI for approval. This instruction guide outlines the minimum requirements for the use of internal models for calculating required capital in respect of Canadian products that are subject to Chapter 7 requirements.
Internal models for capital purposes are appropriate only when the risk
management processes of an institution are adequate. Risk management is
the primary defence in protecting an institution against losses; capital
must be available in case losses occur. Formula requirements tend to be
conservative, as they are intended to apply to a wide range of products.
Since internal models are normally expected to produce a more customized
capital requirement, the conservatism of the formula would no longer be
present. This results in greater reliance being placed on the quality of
the risk management. Therefore, risk management is given priority in the
discussion that follows.
Federally Regulated Life Insurers (FRLIs) wishing to use their internal models to determine required capital must obtain have written approval from OSFI. FRLIs should make a written application to OSFI’s Actuarial Division with a copy to their OSFI Lead Supervisor. The model approval process can be lengthy; therefore, insurers should apply well in advance of the proposed effective date for using their models. Any approval will be conditional on continued compliance with the requirements of this guideline, as modified from time to time.
Transition rules apply to all approvals. For the initial year that approval is given, 50 per cent of the capital requirements, as determined through the use of internal models, and 50 per cent of the capital requirements, as determined by standard or pre-approved LICAT factors, will apply. At the following year end, 100 per cent of internal model requirements will be allowed.
For an FRLI to be considered for internal model approval, the required
capital or business related to segregated funds should be material. OSFI
may, from time to time, adjust its materiality threshold. Institutions
that wish to obtain approval should discuss their particular circumstances
with OSFI’s Actuarial Division.
The application must address all the requirements set out in sections 1 to
9 below. A description of all pertinent products should be included.
Supporting documentation and audit trails must be available at the
institution for subsequent OSFI review.
Many of the requirements noted in sections 1 to 9 relate specifically to
risk management systems for segregated fund exposures and to the use of
internal models for measuring such risks. However, many of the
requirements also apply more generally to the overall management of risks.
The requirements listed below are intended to highlight areas that will be
of greatest importance to OSFI when it is assessing an application to use
internal models for calculating required capital.
The application should document, by section, how the institution is
complying with the criteria, with specific emphasis on the management of
segregated fund exposures and the use of internal models in the
measurement of such risks. The application should include, as appropriate,
information on the frequency of audits and model reviews, documentation
and sample reporting.
If OSFI grants an FRLI approval to use an internal model for determining
segregated fund capital requirements as defined in this instruction guide,
that specific model must be used to determine required capital for all
relevant products. Any significant modifications to the model will require
OSFI review and concurrence. See Section 10 for further details.
FRLIs that are uncertain as to the applicability of the approved model to
a particular product or products should obtain clarification from OSFI’s
Applications for initial approval of a model, or for any modifications
requiring approval, are subject to OSFI’s user pay program.
Section 1: Role of the Board of Directors and Senior Management
The Board is responsible for:
understanding the types of risks being assumed;
approving the level of risk exposure and, therefore, the capital that
may be put at risk;
approving all significant risk management policies or significant
changes to existing policies;
approving the philosophy and functional organizational structure that
supports the risk management requirements of the institution, such
that there is clear independence and segregation between the risk
control function responsible for designing and implementing the
institution’s risk management system and its business functions;
delegating formally to senior management specific authorities for
oversight of the day-to-day risk management process;
ensuring that the risk management function has the appropriate skills
to fulfil its mandate; and
receiving and reviewing regular reports from senior management on the
risk exposures and their relationship to approved limits.
Senior management is responsible for ensuring the establishment of a risk
management process that operates in accordance with the authorities
delegated by the Board, specifically that:
a risk management culture exists within the organization;
the risk management function is comprehensive and global in scope,
with underlying risks being incorporated into the overall risk
management systems of the organization;
written policies and procedures are in place to deal with identifying,
measuring, testing, allocating and monitoring all pertinent risks;
there are specific policies and procedures in place to address the
design, pricing and management of new or emerging risks;
risk and procedural benchmarks reflecting industry best practices are
in place and reviewed regularly;
within the organization there exists independence and a clear
separation of responsibilities between those who are responsible for
risk monitoring and those who have a significant sales or business
lines of responsibility and authority are formally detailed and
codes of conduct are clearly defined and in place;
the qualifications of all people associated directly or indirectly
with the risk management function are regularly assessed and reviewed
to ensure that the skills of staff are current;
the necessary management information systems and technology are in
place and are commensurate with the activities being handled, and that
contingency plans exist; and
there is a timely risk reporting process satisfying the needs of both
senior management and the Board.
Section 2: Risk Management Infrastructure
The measurement of risk, its allocation, monitoring and control,
should rest within a structure that is independent of the business
function. Internal Audit is the most prominent example of such a
The organizational structure of the institution and its relevant
committees should indicate a direct flow of risk management
responsibilities from the Board to the senior management and risk
The level of skill and experience of key unit staff should be
commensurate with the complexity of the risks they monitor. Skills
should include systems, finance, business and actuarial. The Appointed
Actuary should be an integral element of the risk management process.
Individuals involved in the risk management process should not have
conflicting responsibilities or conflicting priorities.
Risk reporting and related analysis of output from the risk
measurement models must provide senior management and the Board with
information that permits them to assess the level and direction of
exposures being assumed, and should allow them to assess and evaluate
the extent to which the business risks are within approved operational
and capital limits.
Reports should be produced that satisfy the needs of each level of
risk monitoring and limit control accountability, and should be
available to and understood by both the business function and the
independent risk management function. Reports, at a minimum, should
address risk exposures and action plans, compliance with applicable
policies, and audits.
The reliability of the data underpinning the reports must be
Both short- and long-term contingency plans should be in place to
address the potential inability to operate the models. The plans
should include a tested procedure for disaster recovery.
Qualified systems support should be available on short notice to deal
with technical failures.
Section 3: Corporate and Operational Limits
Senior management should ensure that aggregate exposure limits exist
and are approved by the Board.
Senior management must ensure that the limit allocation architecture
and reporting systems are such that the institution is capable of
ensuring that aggregate exposure does not exceed established limits.
There must be a formalized process by which proposed risk metrics are
reviewed and, as appropriate, integrated into the risk management
system and process.
The allocation of limits and their relationship to the risk management
model should be clearly documented and well understood by each
business unit to which the limits apply.
Section 4: Model Integration
The models used for determining required capital should be closely
integrated into the pricing and valuation processes of the institution.
Accordingly, the output from these models should be an integral part of
the process of planning, monitoring and controlling the institution's risk
Section 5: Stress Testing (including, but not limited to, DCAT analysis)
Stress testing scenarios should incorporate single and multiple
events, both quantitative and qualitative.
Rigorous stress tests must regularly be applied to supplement
the output of the risk model. Although the frequency of the
tests rests with the institution, monthly analysis is strongly
The results of stress testing must be reviewed regularly by both
senior management and the Board, and should be considered when
establishing policies and limits.
Stress testing scenarios should capture all material market and
insurance risks to which the institution is exposed with respect to
segregated fund products, including policyholder behaviour and market
liquidity. Sufficiently adverse events must be captured within these
scenarios. As an example, a significant market downturn with little or
no recovery for a number of years should be tested. Stress tests
should provide information about the effect of tail events beyond the
confidence level assumed in the calculation of required capital.
For scenarios that exhibit vulnerabilities, a discussion of
appropriate management actions is warranted. Such strategies should
focus on risk reduction and capital preservation. If possible, the
strategies should also be modelled to quantify their effects.
Section 6: Documented Policies
Written responsibilities and accountabilities for each position in the
risk management system should be in place and clearly understood by
Documented policies, controls and procedures integral to the risk
management process or function must be in place. Examples include
valuation, stochastic modelling, validation and sign-off.
A routine must be in place for ensuring compliance with risk
management policies, controls and procedures.
The risk measurement system must be well documented, for example, in a
manual that describes the basic principles of the risk management
system and provides an explanation of the quantitative techniques used
to measure risk.
Section 7: Internal Audit
The entire risk management process, including the use of models, must
be effectively implemented. Assurance of this should be provided by a
body that is independent of every business function within the
organization, thereby establishing it as an arm of the Board.
Typically, such assurance would be provided by internal audit,
although alternative approaches may be acceptable.
Internal audit should have in place an effective and reasonable
mandate outlining its key responsibilities.
Internal audit must be staffed with knowledgeable, experienced and
technically qualified people.
Internal audit must have formal objectives for each area for which it
has audit responsibilities and should review the overall risk
management process at regular intervals (ideally not less than once a
year). It must document its findings with respect to the following
issues, at a minimum:
the adequacy of the documentation of the risk management system
the organization of the risk control unit;
the integration of market risk measures into daily risk
the approval process for risk pricing and valuation models;
the validation of any significant change in the risk management
the scope of market risks captured by the risk measurement model;
the integrity of the management information system;
the accuracy and completeness of insurance and market data;
the verification of the consistency, timeliness and reliability of
data sources used to run internal models; and
the accuracy and appropriateness of volatility and correlation
Section 8: Quantitative Model Standards
A. Measurement of Risk
Documentation of the risk measurement system must:
provide a detailed outline of the theory, assumptions and mathematical
basis for the models used; and
elaborate on the techniques used by the institution to meet the more
difficult modelling requirements relating to policyholder behaviour
and lack of liquidity in financial markets.
On a regular basis, a compliance program must ensure that:
risk management models are used in accordance with documented
the responsibility to ensure proper use of the models rests with a
senior officer of the institution;
risk management models are reviewed by individuals not engaged in the
development or regular use of the models for soundness and
appropriateness, and the results of such reviews are documented;
suitable controls are in place to ensure that model changes are
identified, documented and audited;
the modelled results used to determine the capital requirements for
segregated funds are accurate and reflect the risk characteristics of
the business; and
there is a process for ongoing analysis of changes in modelled results
from one period to the next.
C. Equity Investment Returns and Interest Rates
The processes used by the institution for modelling equity investment
returns and interest rates must be described in detail.
A large number of scenarios should be modelled. The number of
scenarios should be appropriate to the models and methodology used
(i.e., the number of scenarios chosen should be sufficiently large
that modelled results converge at CTE (95)).
Care should be taken to ensure that negative interest rates are not
Model parameters should be updated regularly to reflect changes in
The validation process must include an analysis of the resulting
stochastic investment scenarios to ensure that sufficient market
adversity is captured.
In the case of hedging or other risk mitigation techniques where risk
mitigation is imperfect, procedures should be in place to determine
basis risk due to mismatches of:
financial instrument features versus underlying asset;
term to maturity;
specification of payments;
unavailability of appropriate instruments.
Mapping of funds to proxy classes or indices should be plausible,
intuitive and conceptually sound. Documentation, including both
theoretical and empirical evidence, must be maintained to demonstrate
that the mappings are representative of the risk of the underlying
holdings. The relationships of the mapped funds to the proxy funds
should be reviewed regularly to validate their appropriateness.
D. Data Integrity and Verification
Risk metric data must be subject to regular, rigorous reviews.
Responsibilities for the accuracy of insurance and market data should
be clearly defined.
An audit trail must be maintained for subsequent validation and
replication of results.
The financial database must be subject to a rigorous verification
program to ensure the accuracy of all data.
Sign-off on data integrity should be obtained from internal and/or
E. Incorporating Historical Data
All current and historical market price data should be derived from
reputable and verifiable sources.
Parameter estimates for new products or product features should be
based on conservative assumptions until sufficient historical data are
Data used should be sufficient to provide reliable and robust cost
The mathematical process for estimating parameters using historical
data should be robust.
F. Testing of the Models
Models must be subject to rigorous testing, and the results of testing
should be adequately documented.
Risk management personnel or other appropriate resources should test
both the implementation of the models and the theoretical soundness of
the models and the assumptions used.
Tests should ensure that the model captures all relevant and material
risk factors affecting the required capital calculation.
Tests should indicate circumstances under which the models do or do
not work effectively.
Products or features that represent significant risk to the insurer
should be modelled with particular care.
Modelled results should be routinely reviewed and analyzed to
ascertain their validity.
The validation process must include compliance with the calibration
criteria described in the “Report of the CIA Task Force on Segregated
Fund Investment Guarantees”, dated March 2002. The process should also
include reproducing the OSFI-prescribed capital factors for select
products in the company’s portfolio. It is not necessary to use the
assumptions underlying the OSFI factors in the actual modelling.
Any modifications of a model or use of a new model must be calibrated
in accordance with the above criteria.
Models should appropriately reflect correlations among all relevant
risk factors. In situations where correlations cannot be reasonably
determined, conservative approximations should be used.
An audit trail must be maintained for model and assumption
modifications, including the rationale supporting the changes.
Models should have the flexibility to evaluate the use of financial
derivatives within the insurance framework. In other words, the models
should allow for the evaluation of risks using both the P-measure and
the Q-measure approaches (realistic and risk-neutral).
Models must reflect the institution’s actual operating practices and
product features. For example, if the company is using dynamic
hedging, then the modelling of the hedging program should reflect the
company’s actual practices.
Models should be able to evaluate residual risks arising from hedging
The model must be validated periodically against actual market
performance. This analysis should demonstrate that actual returns over
a reasonably long time frame are within the expected range of the
scenarios used in determining required capital.
- The modelling results must be compared periodically to the capital resulting from applying the LICAT factors. The comparison should include an analysis of the key differences. A summary report of the analysis should be provided to executive management and the Board. This process should be continued for the transition period.
There should be an ongoing analysis of changes in modelled results
from one period to the next.
The actuary of the company must give an opinion on the appropriateness
of the controls, models and assumptions, and the accuracy of the
resulting required capital levels. Any differences in the assumptions
used for determining required capital versus determining actuarial
liabilities should be explained. The actuary’s opinion letter must
form part of the application.
Section 9: Systems
Systems should be developed and maintained in a controlled environment
with limited user access. Additionally, a documented change control
process should exist.
All data systems must have adequate security and back-up capabilities.
Particular attention must be paid to the documentation and consistent
use of stochastic scenario sets in the analysis of capital
requirements and liabilities.
Business recovery plans should be developed, properly documented and
tested prior to the use of the models for capital purposes.
Section 10: Modifications to Capital Models
If there are material changes in model usage, assumptions, organizational
structure or other such aspects of the risk management process, the
company must notify OSFI in writing and explain the rationale for the
changes and the resulting implications. Depending on the nature of the
changes, a new approval may be required.
Examples of material changes include, but are not limited to:
a change in model or significant modification to an existing model;
changes in assumptions that, when used in the model, result in
significant differences in capital requirements versus prior
a change in organizational structure that affects the model usage and
capital calculation; and
new products with features or options that significantly differ from
the currently modelled portfolio.
Section 11: Capital Requirements
The total gross calculated requirement is determined as the cost
calculated at CTE (95) using the approved internal model.
CTE (95) is calculated on two bases:
using explicit valuation margins for adverse deviations on the
non-scenario tested factors; and
without such margins.
The maximum of a. and b. , Text for screen readers: a. and b. = 1 and 2 is taken to be CTE (95).
The minimum required capital is the total modelled requirement at CTE (95)
for the applicable products, less the net actuarial liabilities, subject
to a capital requirement floor of zero.
Section 12: Reporting
Segregated fund risk analyses should be prepared at least monthly and
reported to senior management. Summaries of these analyses and of the
resulting capital implications should be reported to the Board or a
committee of the Board at least quarterly. The institution must monitor
the capital requirements continuously. Quarterly reported capital
requirements for applicable products must be determined using the
OSFI-approved internal model.
Section 13: Additional Capital Requirements
If the institution has deficiencies in satisfying the requirements for the
use of internal models of a nature such that substantial improvements are
required, the use of internal models for capital determination will be
disallowed. However, if the deficiencies are less serious, OSFI may agree
to permit the use of such models, but impose additional capital
requirements. In this case, the institution must submit a plan that will
rapidly achieve full compliance with the requirements for the use of
internal models, obtain OSFI approval of the plan, and implement it
quickly. The additional capital requirements will be removed once the
institution has demonstrated to OSFI’s satisfaction that it has
successfully resolved the deficiencies.
Section 14: Ongoing Compliance with Requirements
Documentation demonstrating compliance with all sections above must be
maintained. All relevant documents should be available for onsite review.