9
(5) use prospective solvency assessments, including scenario analysis and stress testing;
(6) incorporate risk tolerance levels and limits in the policies and procedures, business
strategy, and day-to-day strategic decision-making processes;
(7) consider a risk and capital management process to monitor the level of financial
resources relative to economic capital and regulatory capital requirements;
(8) incorporate investment policy, asset-liability management policy, effective controls on
internal models, longer-term continuity analysis, and feedback loops to update and improve
the enterprise risk management function continuously;
(9) address all reasonably foreseeable and relevant material risks including, as applicable,
insurance, underwriting, asset-liability matching, credit, market, operational, reputational,
liquidity, and any other significant risks;
(10) include an assessment that identifies the relationship between risk management and
the level and quality of financial resources necessary as determined with quantitative and
qualitative metrics; and
(11) identify, quantify, and manage any risks to which the insurer may be exposed by
transactions or affiliations with any other member of the holding company system, article
16 system, or article 17 system of which the insurer is a member.”
Further, Insurance Circular Letter No. 14 (2011), states in part:
“Given the importance of risk management, the Department of Financial Services
(“Department”) expects every insurer to adopt a formal Enterprise Risk Management
(“ERM”) function. An effective ERM function should identify, measure, aggregate, and
manage risk exposures within predetermined tolerance levels, across all activities of the
enterprise of which the insurer is part, or at the company level when the insurer is a stand-
alone entity.”
In accordance with Insurance Regulation No. 203 (11 NYCRR 82) “Enterprise Risk
Management and Own Risk and Solvency Assessment,” as of June 25, 2014, the Company’s
ultimate parent, Thrive Partners III GP, LLC, is required to adopt a formal enterprise risk
management function to proactively identify and mitigate various business risks, including
prospective business risks. However, no such ERM framework was in place during the
examination period. One has subsequently been put into place.