What is the ORSA under Solvency II?

Solvency II is designed as a **three-pillar regime**: Pillar 1 contains the quantitative solvency capital requirement (SCR), Pillar 2 the qualitative governance and risk-management requirements, Pillar 3 disclosure. The ORSA sits at the heart of Pillar 2: it requires the insurer to assess itself — beyond the external solvency requirement ^[1].

In concrete terms, the SCR formula measures risks via a standardised model with 99.5% confidence and a one-year horizon. The ORSA, in contrast, requires the insurer to assess **its own** overall solvency need — including risks that the standard formula does not capture or captures inadequately, and over a longer planning horizon (typically three to five years).

Art. 45(1) lists three mandatory components: (a) the overall solvency needs of the undertaking taking into account its specific risk profile, approved risk tolerance and business strategy; (b) the continuous compliance with the solvency capital requirement (SCR) and minimum capital requirement (MCR) and with rules on technical provisions; (c) an assessment of the extent to which the risk profile of the undertaking deviates from the assumptions of the SCR calculation ^[1].

In practice, an ORSA consists of three parts: a **forward-looking** projection of the solvency position over the planning horizon; a set of **stress scenarios** isolating undertaking-specific risks; and a **standard-formula adequacy assessment** showing whether the standard formula captures the actual risk profile accurately — or whether an internal (partial) model would be appropriate.

Art. 45(5) requires that the ORSA be performed **at least once a year**, and **promptly after any material change** in the risk profile. Material changes include: significant M&A activity, new business lines, changes in the asset mix, material model changes, governance reorganisation. EIOPA guidelines further clarify that external shocks — market dislocations, pandemics, climate events — can also trigger an ad-hoc ORSA ^[2].

Art. 45(6) requires that a summary supervisory submission of the ORSA (the ORSA Supervisory Report, **ORSA-SR**) be submitted to the national supervisor — typically within two weeks of approval by the management or supervisory board. BaFin, FMA, ACPR and other NCAs review the ORSA-SR routinely during off-site supervision and pick it up during on-site inspections ^[2].

Important: the ORSA-SR is a **summary**, not the full documentation. The full ORSA documentation must be held internally and made available on supervisory request within a short window (often 5-10 business days). A 2026 ORSA inspection typically tests: was the process approved by the board? Are the stress scenarios risk-profile-specific or just boilerplate? Is there a documented audit trail of the assumptions?

The 2024 Solvency II review directive extends the ORSA obligations with three explicit scenario classes: (a) **liquidity stress scenarios** as part of the new liquidity risk-management duty (Art. 144a-c); (b) **sustainability risk scenarios**, including 2°C and 3°C climate pathways aligned with EIOPA guidance; (c) **systemic-risk scenarios** in which the NCA imposes sector-wide macroprudential measures ^[3]. The 2027 ORSA will therefore be materially more extensive than the 2026 ORSA.

SNCU insurers (small and non-complex undertakings) have exemptions: simplified ORSA templates, a reduced stress-scenario duty, longer submission deadlines. The SNCU classification is granted by the national supervisor on application — and 2026 is the year in which qualifying insurers should prepare that application.

From BaFin and EIOPA inspection cycles 2023-2025, four findings recur ^[2][4]: (1) **boilerplate scenarios** — the stress scenarios are copied from the prior year and do not reflect the current risk profile; (2) **top-down documentation** — the ORSA was drafted by the actuarial function but the board does not know it well enough to defend it in an inspection; (3) **missing standard-formula adequacy assessment** — Art. 45(1)(c) is ticked but not substantiated; (4) **lack of strategic linkage** — business planning does not reference ORSA limits.

Practical pointer: an ORSA that survives inspection is drafted by risk management together with the actuarial function, finance and the board — not by the actuarial function alone. Scenarios are jointly defined, limits anchored in a board resolution, standard-formula adequacy quantitatively substantiated.