Isle of Man Insurance and Pensions Authority · Isle of Man . Insurance and Pensions Authority ....

Isle of Man Insurance and Pensions Authority

Consultation

The Corporate Governance Code of Practice for Insurers

30 November 2009

Code of Practice Consultation Paper Page 2 of 10

< THIS PAGE IS INTENTIONALLY BLANK >

Consultation – 30 November 2009 The Corporate Governance Code of Practice for Insurers


CONTENTS

1 THE CORPORATE GOVERNANCE CODE OF PRACTICE FOR INSURERS .......................................... 5

2 SCOPE OF THE CGC ......................................................................................................................... 5

3 APPLYING THE CGC AND THE PRINCIPLE OF PROPORTIONALITY .............................................. 6

4 DEMONSTRATING COMPLIANCE WITH THE CGC .......................................................................... 6

4.1 PUTTING THE CGC INTO CONTEXT ....................................................................................................... 64.2 DIRECTORS’ REPORT ON CORPORATE GOVERNANCE .................................................................................... 64.3 EFFECTIVE DATE FOR IMPLEMENTATION .................................................................................................. 6

5 THE SUPERVISORY APPROACH OF THE IPA WITH REGARD TO THE CGC .................................... 7

5.1 BINDING GUIDANCE ......................................................................................................................... 75.2 RULES VS PRINCIPLES ....................................................................................................................... 75.3 ONGOING MONITORING AND SUPERVISION .............................................................................................. 7

6 DEVELOPMENT OF THE CGC ........................................................................................................... 7

6.1 CODIFICATION OF THE IPA’S EXPECTATIONS ........................................................................................... 76.2 ALIGNING THE INDUSTRY WITH DEVELOPING INTERNATIONAL BEST PRACTICE ..................................................... 86.3 STRENGTHENING THE STANDARD OF REGULATORY COMPLIANCE ..................................................................... 86.4 LAYING THE FOUNDATIONS FOR POTENTIAL FUTURE INITIATIVES .................................................................... 9

7 CONSULTATION PROCESS AND TIMING ........................................................................................ 9

7.1 CONSULTATION PROCESS .................................................................................................................. 97.2 CONTACT ................................................................................................................................... 10

APPENDIX 1. ADDITIONAL READING

APPENDIX 2. CODE OF PRACTICE TEXT



< THIS PAGE IS INTENTIONALLY BLANK >



1 The Corporate Governance Code of Practice for Insurers

Corporate governance is fundamental to sound and prudent management and observance of the underlying principles of corporate governance by companies is an integral part of that process.

The Insurance and Pensions Authority (“the IPA”) recognises that Isle of Man insurers and insurance managers already adopt governance principles in the management of their business affairs. Many companies have a well defined governance framework with documented policies, defined roles and responsibilities, strong corporate culture, and effective risk management and internal control systems. However, there is variation within the market in the extent to which such principles are applied, and in the extent to which they are documented. For this and other reasons indicated below, the Authority proposes to introduce the Corporate Governance Code of Practice for Insurers (the “CGC”).

The CGC will formalise corporate governance requirements that are already standard practice for many insurers and insurance managers. The introduction of the CGC should provide licenceholders and their stakeholders with a clearer understanding of the standard of corporate governance that the IPA expects insurers and insurance managers to observe. The CGC will also provide a mechanism for the IPA to make consistent decisions on aspects of governance aiding transparency for all licenceholders.

The provisions of the CGC recognise various principles of corporate governance that are common to the IPA’s licenceholders. However, in recognition of the wide variation in corporate structures and risk profiles of those licenceholders, the CGC adopts a proportional approach in the way it is to be applied in each case. By using this approach, the IPA recognises that the manner in which an individual licenceholder goes about meeting the requirements of the CGC will need to take account of the nature, scale and complexity of the licenceholder, its business and the risks to which it is exposed. Proportional application of the CGC is discussed in greater detail in section 3 below.

The development of the CGC has been influenced by several factors, including:

• The need to codify the IPA’s expectations • Aligning the industry with developing international best practice • Strengthening the standard of regulatory compliance • Laying the foundations for potential future regulatory developments

Section 6 below provides further comment on the influencing factors in the development of the CGC.

2 Scope of the CGC

The CGC applies to every:

• insurer authorised under Section 8 of the Insurance Act 2008 (the “Act”); • non EU insurer permitted under Section 22 of the Act; and • insurance manager registered under Section 25 of the Act.



3 Applying the CGC and the principle of proportionality

Every Isle of Man authorised insurer, relevant permit holder and insurance manager must apply the CGC as part of its overall governance arrangements in a way that is appropriate to the nature, scale and complexity of that licenceholder, its business and the risks to which it is exposed.

Therefore, application by a licenceholder of the CGC is to be proportionate to its own circumstances. The board and senior management of a licenceholder must review and determine, on an ongoing basis, how the specific provisions of the CGC should be adopted and implemented by the licenceholder and be able to demonstrate this.

This approach is consistent with the ‘Principle of Proportionality’ which is supported by both the International Association of Insurance Supervisors (“IAIS”) and the Organisation for Economic Co-ordination and Development (“OECD”).

4 Demonstrating compliance with the CGC

4.1 Putting the CGC into context

The CGC, in placing governance requirements on the licenced entity, also places similar obligations on its board of directors and senior management to give effect to that governance.

The CGC is not intended to be exhaustive and should be viewed as a component part of a licenceholder’s framework to maintain and demonstrate appropriate corporate governance. It should be read in conjunction with relevant legislation and regulations and should not be used as a substitute for legal or professional advice.

4.2 Directors’ report on corporate governance

Each licenceholder will be required to provide with each submission of its audited annual accounts a declaration by its board of directors concerning the application of the provisions of the CGC by the licenceholder as set out in Schedule 2 to the CGC.

4.3 Effective date for implementation

The CGC is currently proposed to be effective for all relevant entities from 31 March 2010.

The annual directors’ report on corporate governance will be required to be submitted by all relevant entities in respect of annual returns submitted to the IPA whose period of account begins on or after 1 April 2011. Early adoption of the annual certificate of compliance is encouraged.



5 The supervisory approach of the IPA with regard to the CGC

5.1 Binding guidance

The CGC takes the form of binding guidance issued under Section 51 of the Insurance Act 2008.

Under section 51 (3) of the Act failure on the part of any person to observe any provision of binding guidance is not an offence. However, should a licenceholder be unable to demonstrate compliance with the provisions of the CGC, as binding guidance, then under section 51(2) the Supervisor is able to take such supervisory action as he believes to be appropriate and proportionate in the circumstances.

Supervisory action in this context means the exercise of any supervisory power available to the Supervisor under the Act.

5.2 Rules vs principles

The Authority has adopted a principles-based approach in its drafting of the CGC. Such an approach necessarily requires the board of the insurer or insurance manager, together with its senior management, to exercise judgment as to how the provisions of the CGC are implemented in a manner proportionate to the licenceholders business and risk profile.

An alternative approach would have been to prescribe detailed rules within regulations. However, the IPA considered that such an approach would provide limited flexibility and may be unnecessarily burdensome for some licenceholders.

5.3 Ongoing monitoring and supervision

The IPA will include assessment of a licenceholder’s governance arrangements taking into account the CGC as part of its ongoing onsite inspection programme and as part of its routine enquiries arising from its examination of regulatory returns and other communications and contact with the licenceholder.

Evidence of weak or ineffective corporate governance systems and practices may result in supervisory action being taken as appropriate.

6 Development of the CGC

As detailed in section 1 above the development and issue for consultation of the CGC has been influenced by several factors and these are discussed in further detail below.

6.1 Codification of the IPA’s expectations

The IPA believes that the introduction of the CGC will:

• provide regulated entities and their stakeholders with a clearer understanding of the standard of corporate governance that the IPA expects its licenceholders to exhibit;



• provide a framework which should stimulate the use of and further improve upon the appropriate corporate governance practices adopted within the insurance sector in the Isle of Man; and

• provide a mechanism ensuring consistent decisions and supervision on aspects of governance aiding transparency and certainty for relevant licenceholders.

6.2 Aligning the industry with developing international best practice

The Isle of Man is committed to observing relevant international standards. Accordingly, the CGC recognises certain international standards for corporate governance that are relevant to insurance businesses. In developing the CGC, the IPA has had particular regard to:

• IAIS Insurance Core Principles and Methodology • IAIS and the OECD joint Issues Paper on Corporate Governance issued in July 2009 • OECD Principles of Corporate Governance • OECD Guidelines on Insurers’ Governance

The CGC draws significantly upon the IAIS Insurance Core Principles and Methodology which sets out essential principles that should be in place for a supervisory system to be effective and serves as a basic benchmark for insurance supervisors in all jurisdictions.

Insurance Core Principle 9 states that:

“The corporate governance framework recognises and protects rights of all interested parties. The supervisory authority requires compliance with all applicable corporate governance standards”.

Consideration has also been given to the joint issues paper on the corporate governance of insurers issued by the International Association of Insurance Supervisors (IAIS) and the Organisation for Economic Co-operation and Development (OECD). This issues paper is distinct in having an insurer corporate governance focus and discusses a variety of topics from this perspective. By describing essential components of an insurer’s corporate governance framework, the joint issues paper aims to provide a basis for further work by the IAIS and OECD. To this extent, the paper also aims to contribute to improving regulatory and supervisory efficiency.

6.3 Strengthening the standard of regulatory compliance

As noted above, the IAIS Insurance Core Principles and Methodology (ICPs) sets out the essential principles that should be in place for a supervisory system to be effective and serves as a basic benchmark for insurance supervisors in all jurisdictions. The findings of the most recent assessment by the IMF in this regard were published in September 2009.

The report of the IMF notes that:

“The IOM has maintained and improved on the generally high standard of compliance with the ICPs, which was noted in the previous assessment. The IPA is commended for its proactive stance in establishing and enforcing high standards for supervision, which have contributed to the maintenance of the IOM’s good reputation as an international financial centre”.



However, it also states:

“There are no industry-specific standards on corporate governance and related issues. However, the IPA is close to adopting new binding guidance setting out its expectations in these areas. It already covers governance and related issues in its on-site work.”

The CGC will make visible the supervisory framework for corporate governance in the Island and should therefore strengthen any future external assessment of the Island’s regulatory and supervisory framework against the IAIS ICPs.

6.4 Laying the foundations for potential future initiatives

Many developments currently under consideration by international standard setters may have an impact on the Island’s framework in due course. The EU directive in respect of Solvency II is one such example.

The Solvency II regime, which will come into force in the EU in 2012, is a fundamental review of the capital adequacy regime for the European insurance industry. It will establish a revised set of EU-wide capital requirements and risk management standards that will replace the current Solvency I requirements.

Possible implications on the Isle of Man will be that companies that are members of EU insurance groups may find that the group capital management policy changes with the consequential impact on the Isle of Man operations. Another potential consequence is that EU insurers may only be able to take full account of reinsurance ceded to other EU insurers or to insurers domiciled in jurisdictions outside the EU (“third countries”) that have been granted equivalence status under the Solvency II Directive. CEIOPS, the Committee of European Insurance and Occupational Pensions Supervisors, is currently developing criteria for assessing equivalence and expects to finalise these in 2010.

Any changes that may be considered to the regulatory framework in the Isle of Man as a result of Solvency II will first require an effective corporate governance framework to be in place. Thus, the development and effective implementation of the CGC is seen to be an important first step in this work.

7 Consultation process and timing

7.1 Consultation process

The IPA invites licenceholders to ensure that this document is considered as widely as possible, including by its board of directors and senior management such that all parties are able to consider and assess the impact of the CGC.

The IPA appreciates that the contents of the Code will need to be considered carefully. The period of consultation will therefore be open until 28 February 2010. However, early submission would be appreciated.



7.2 Contact

Written responses should be addressed to:

Mr Alan Rowe Insurance and Pensions Authority 4th

Ridgeway Street, Floor, HSBC House

Douglas, Isle of Man IM1 1ER Tel: +44 (0) 1624 646000 Email: [email protected] The purpose of consultation is to obtain views and gather evidence from which to take an informed decision on the content of proposed legislation. A response to this consultation will not necessarily guarantee a change to that which is proposed.

A summary of the comments received, together with the IPA’s response will be published on the IPA’s website after all comments have been considered.

mailto:[email protected]�


Code of Practice Consultation Paper

Appendix 1. Additional Reading

IAIS Insurance Core Principles and Methodology, October 2003

These principles and methodologies set out the essential principles that should be in place for a supervisory system to be effective and serve as a basic benchmark for insurance supervisors in all jurisdictions, including corporate governance.

IAIS Issues Paper on Corporate Governance, July 2009

This issues paper is distinct in having an insurer corporate governance focus and discusses a variety of topics from this perspective. Material on topics discussed in other IAIS papers is included in the issues paper in order to provide a complete picture of insurer corporate governance issues.

OECD Principles of Corporate Governance

OECD Guidelines on Insurers’ Governance

These guidelines provide governments and the insurance industry with a roadmap for promoting insurer corporate governance, and thereby better protecting policyholders and other stakeholders. The OECD’s two main objectives in drafting the guidelines were:

• to enhance the protection of policyholders and shareholders beyond the protection already provided by existing regulation and supervision;

• to develop guidance specifically directed to the insurance sector that would supplement corporate governance rules generally applicable to non-insurer companies.

http://www.iaisweb.org/view/element_href.cfm?src=1/94.pdf�

http://www.iaisweb.org/view/element_href.cfm?src=1/7520.pdf�

http://www.oecd.org/document/49/0,3343,en_2649_34813_31530865_1_1_1_1,00.html�

http://www.oecd.org/dataoecd/54/28/40990025.pdf�

Appendix 2. Code of Practice Text

1

SD XXX/10

CORPORATE GOVERNANCE CODE OF PRACTICE FOR INSURERS

(herein “the CGC”)

Laid before Tynwald 2010

Coming into operation 31st

March 2010

In exercise of the powers conferred on the Insurance Supervisor by Section 51(1) of the Insurance Act 2008 (“the Act”) and of all other enabling powers, and having consulted such organisations and persons as appear to him to be likely to be affected, the following Guidance Notes are hereby issued as binding guidance:—

2

Contents Page

1. INTRODUCTION .......................................................................................................... 6

1.1 Corporate governance ................................................................................................ 6

1.2 The CGC ....................................................................................................................... 6

2. TITLE AND COMMENCEMENT ............................................................................... 7

3. GOVERNANCE REQUIREMENT AND APPLICATION OF CGC ..................... 7

3.1 Application of the CGC ............................................................................................. 7

3.2 Application to permit holders and insurance managers ..................................... 7

3.3 Governance requirement and proportional application of CGC ...................... 7

4. DIRECTORS’ REPORT ON CORPORATE GOVERNANCE ............................... 8

5. GENERAL GOVERNANCE REQUIREMENTS FOR INSURERS ....................... 8

5.1 Integrity ......................................................................................................................... 8

5.2 Compliance with legal and regulatory requirements and codes of practice ... 8

5.3 Care, skill and diligence ............................................................................................ 8

5.4 Stakeholder interests .................................................................................................. 9

5.5 Sound and prudent management ............................................................................ 9

5.6 Documentation .......................................................................................................... 10

6. BOARD COMPOSITION AND OPERATION ...................................................... 10

6.1 Appointment and removal of directors ................................................................ 10

6.2 Board composition .................................................................................................... 10

6.3 Powers of the board .................................................................................................. 11

6.4 Non-executive directors ........................................................................................... 11

6.5 Chairman and chief executive officer ................................................................... 11

6.6 Frequency of board meetings ................................................................................. 11

6.7 Matters reserved to the board ................................................................................. 11

6.8 Committees of the board ......................................................................................... 12

6.9 Minutes of board and board committee meetings ............................................. 12

7. KEY FUNCTIONS AND RESPONSIBILITIES OF THE BOARD ...................... 12

7.1 Ultimate accountability and responsibility, and delegation ............................ 12

3

7.2 Adoption of corporate governance principles ..................................................... 13

7.3 Standards of conduct ................................................................................................ 13

7.4 Business strategies, policies and business plans ................................................ 14

7.5 Identification of responsibilities and divisions of authority ........................... 15

7.6 Committees of the board ......................................................................................... 15

7.7 Information ................................................................................................................ 15

7.8 Financial reporting .................................................................................................... 16

7.9 Appointment and removal of senior management and key outsourcing ...... 16

7.10 Fitness and propriety of senior management and key outsourcing ................ 16

7.11 Establishment of senior management and key outsourced arrangements .... 16

7.12 Remuneration policy ................................................................................................ 16

7.13 Culture ......................................................................................................................... 17

7.14 Risk management ...................................................................................................... 17

7.15 Internal controls ........................................................................................................ 17

7.16 Internal audit (or equivalent process) and compliance ..................................... 18

7.17 Self assessment .......................................................................................................... 18

8. DIRECTORS .................................................................................................................. 19

8.1 Key duties and responsibilities of directors ........................................................ 19

8.2 Competence of directors .......................................................................................... 19

9. SENIOR MANAGEMENT ......................................................................................... 19

9.1 Key responsibilities .................................................................................................. 19

9.2 Conflicts of duty or interest .................................................................................... 20

10. ACTUARY ...................................................................................................................... 20

10.1 Operational requirements ....................................................................................... 20

10.2 Dual role of appointed actuary and director ....................................................... 21

11. INTERNAL AUDIT OR EQUIVALENT PROCESS .............................................. 21

11.1 General ........................................................................................................................ 21

11.2 Reporting and records .............................................................................................. 22

11.3 Outsourcing ................................................................................................................ 22

4

12. COMPLIANCE MONITORING FUNCTION ........................................................ 23

12.1 General ........................................................................................................................ 23

12.2 Nature and location of function ............................................................................. 23


13. EXTERNAL AUDIT ..................................................................................................... 24

13.1 General ........................................................................................................................ 24

13.2 Engagement letter ..................................................................................................... 24

13.3 Governance communication ................................................................................... 24

14. RISK MANAGEMENT SYSTEM .............................................................................. 25

14.1 General ........................................................................................................................ 25


14.3 Market environment ................................................................................................. 26

15. INTERNAL CONTROLS ............................................................................................ 26

15.1 General ........................................................................................................................ 26

15.2 Internal control framework ..................................................................................... 27

16. FRAUD PREVENTION ............................................................................................... 27

17. WHISTLE BLOWING .................................................................................................. 28

18. POLICYHOLDERS AS STAKEHOLDERS ............................................................. 29

18.1 Policyholders ............................................................................................................. 29

18.2 Member policyholders and participating policyholders .................................. 29

19. INTERACTION WITH THE SUPERVISOR ........................................................... 30

20. REFERENCES ................................................................................................................ 30

21. INTERPRETATION ..................................................................................................... 30

22. SCHEDULES ................................................................................................................. 34

22.1 Schedule 1 – Risks .................................................................................................... 34

22.2 Schedule 2 – Directors’ Report on Corporate Governance ............................... 34

SCHEDULE 1 – RISKS ............................................................................................................. 35

Underwriting risk ..................................................................................................................... 35

Insurance provisions and reserves risk ................................................................................ 36

5

Investment risk .......................................................................................................................... 37

Derivative risk ........................................................................................................................... 39

Market risk ................................................................................................................................. 41

Credit risk ................................................................................................................................... 41

Liquidity risk ............................................................................................................................. 42

Operational risk ........................................................................................................................ 43

Group risk .................................................................................................................................. 43

Business market and environment risk ................................................................................ 43

Business planning risk ............................................................................................................. 43

Information technology and communication technology risk ........................................ 43

Business continuity and disaster risks ................................................................................. 43

Legal and compliance risk ....................................................................................................... 44

Crime and fraud risk ................................................................................................................ 44

Reputational risk ....................................................................................................................... 44

SCHEDULE 2 ............................................................................................................................. 45

6

1. INTRODUCTION

1.1 Corporate governance

Corporate governance is the system by which the persons who are responsible for an insurer (or insurance manager) control and oversee its affairs, and the means by which they are held accountable for their performance and actions. It encompasses all aspects relating to the insurer’s organisation and business including but not limited to its constitutional structures and rules, its corporate culture and environment, as well as its business and operational strategies, policies, procedures, controls, decision making processes and conduct.

As a framework, corporate governance defines roles, responsibilities and accountabilities. It clarifies who possesses the duty and legal power to act on behalf of the insurer and under which circumstances. It sets requirements for documenting decisions and actions, along with their rationale, and for making appropriate disclosures to stakeholders. It provides for corrective action for non-compliance or weak oversight, controls and management. Thus corporate governance is about the allocation and oversight of power and accountabilities, and includes avoiding undue concentration of power.

Appropriate corporate governance recognises and protects the rights of all interested parties. There is no single model of corporate governance as approaches will differ to take account of particular circumstances and preferences. However, corporate governance that is appropriate includes active concern with, understanding of and diligent discharge of responsibilities in a prudent and responsible manner. In particular it requires the commitment of directors and senior managers both individually and collectively, and their active encouragement of a supportive culture and environment.

1.2 The CGC

Each insurer, by way of its board and senior management, shall apply the provisions of the Corporate Governance Code of Practice for Insurers (“the CGC”) as part of its overall governance arrangements in a way that is proportionate to its business and risks.

The CGC is not intended to be, and should not be interpreted as, exhaustive. It should be viewed as a component part of an insurer maintaining and demonstrating corporate governance appropriate to its circumstances. The CGC should be read in conjunction with relevant legislation and regulation and should not be used as a substitute for legal advice.

7

2. TITLE AND COMMENCEMENT

The title of these Guidance Notes is the Corporate Governance Code of Practice for Insurers and they shall come into operation on 31st

3. GOVERNANCE REQUIREMENT AND APPLICATION OF CGC

March 2010.

3.1 Application of the CGC

Subject to paragraph 3.2, the CGC applies to every person —

(a) authorised under Section 8 of the Act;

(b) permitted under Section 22 of the Act; and

(c) registered under Section 25 of the Act.

3.2 Application to permit holders and insurance managers

In relation to persons referred to in paragraph 3.1 —

(a) paragraph 3.1(b) shall not have effect in relation to persons that are authorised to carry on an insurance business in any Member State of the European Union;

(b) paragraph 6.4 shall not apply to a person permitted under Section 22 of the Act; and

(c) paragraphs 6.4, 13 and 18 shall not apply to a person registered under Section 25 of the Act.

The Supervisor may, in writing, remove in full or in part any of the exemptions contained in paragraphs (a) to (c) in respect of any insurer.

3.3 Governance requirement and proportional application of CGC

An insurer shall have in place appropriate arrangements for its effective corporate governance. This includes, but is not limited to, its board and senior management applying the provisions of the CGC in a way that is proportionate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed.

8

4. DIRECTORS’ REPORT ON CORPORATE GOVERNANCE

An insurer shall provide to the Supervisor a completed report in the form as set out in Schedule 2 which shall be submitted within 21 days after the date of the meeting at which its annual accounts were approved by its board and in any event within 6 months after the close of the year to which those accounts relate.

This requirement is applicable in respect of annual accounts whose period of account commences on or after 1 April 2011.

5. GENERAL GOVERNANCE REQUIREMENTS FOR INSURERS

5.1 Integrity

An insurer shall —

(a) act honestly and in a straightforward manner; and

(b) ensure that it makes clear to those with whom it has dealings in the course of its business, or prospective business, its name and regulatory status as appearing on the relevant register kept under Section 48 of the Act.

An insurer shall not —

(a) seek to exclude or restrict any duty or liability it rightly owes; or

(b) knowingly carry on any business or activity of such a kind or in such a way as may be likely to bring the Island into disrepute or damage its standing as a financial centre.

5.2 Compliance with legal and regulatory requirements and codes of practice

An insurer shall take all reasonable steps and exercise all due diligence to identify and comply with the legal and regulatory requirements applicable to it, and comply with any other codes of practice which it has adopted.

5.3 Care, skill and diligence

An insurer shall conduct its business with due care, skill and diligence as may be expected from a competent insurer having due regard for the provisions of the CGC.

9

5.4 Stakeholder interests

An insurer, in conducting its affairs, shall have due regard for the interests and information needs of its policyholders and other stakeholders, and shall take account of these factors within its governance arrangements as necessary to ensure that its stakeholders are treated fairly.

5.5 Sound and prudent management

An insurer shall be managed soundly, effectively and prudently. For this purpose an insurer shall —

(a) have in place adequate and competent staffing and resources for the nature, scale and complexity of the insurer and its business and the risks to which it is exposed;

(b) have adequate and effective control and oversight exercised respectively by its board and senior management that is consistent with their respective roles;

(c) have in place an effective accountability framework that clearly defines the roles and demarcates the responsibilities respectively of its board, senior management and any outsourced providers of a significant function of the insurer;

(d) have in place appropriate systems including but not limited to financial and risk management systems and controls to ensure sound, effective and prudent management of the insurer’s business without inappropriate risk taking or assuming risks without taking account of the potential consequences; this includes —

(i) having due regard for the risks to which it is exposed and maintaining adequate financial resources to meet its liabilities that might reasonably be expected to arise out of those risks;

(ii) maintaining sufficient asset liquidity to meet its liability cash flows as they fall due; and

(iii) where appropriate, undertaking periodic forward-looking analysis of its ability to meet its obligations under various adverse economic and business scenarios to ensure that it adequately covers its risk exposure;

(e) take all reasonable and practicable steps to reduce the likelihood, impact and possible duration of disruption to the continuity of its operations and

10

have in place appropriate arrangements to ensure that it can continue to function and meet its business, legal and regulatory obligations in the event of anticipated or unforeseen disruption.

5.6 Documentation

An insurer shall have in place adequate documentation of its system of governance including its —

(a) governance principles and structures;

(b) objectives, strategies, policies, procedures, reporting systems and controls; and

(c) decision making processes.

An insurer shall maintain such records and evidence as are necessary to adequately demonstrate its compliance with its system of governance.

Without prejudice to any other record retention requirement, such documentation and evidence shall be kept for a minimum of six years from the date it is made or, if later, ceases to be relevant.

An insurer shall make available to the Supervisor upon request its corporate governance system documentation and compliance records and evidence.

6. BOARD COMPOSITION AND OPERATION

6.1 Appointment and removal of directors

An insurer shall have in place a documented and transparent board nomination, election and removal process.

6.2 Board composition

The board of an insurer shall —

(a) include an adequate number of directors with an appropriate overall combined level of knowledge, skills, experience and commitment such that it is able to perform its functions and discharge its responsibilities properly in relation to the insurer; and

(b) be able to exercise appropriately robust oversight of the insurer’s executive functions by its non-executive directors.

11

6.3 Powers of the board

The board of an insurer shall have adequate powers and resources to carry out its oversight and other governance functions and responsibilities effectively in relation to the insurer. For this purpose the board shall —

(a) be provided with timely, accurate, relevant and sufficiently comprehensive information relating to the management and activities of the insurer and have the power, where necessary and appropriate, to request and obtain further information as it sees fit;

(b) be able to delegate authority to perform its functions as appropriate, including to various committees of the board which it establishes as appropriate; and

(c) be able to obtain external expertise where necessary and as appropriate.

6.4 Non-executive directors

The board of an insurer shall include at least one independent non-executive director who is resident in the Isle of Man.

6.5 Chairman and chief executive officer

Ordinarily, the posts of chairman and chief executive officer (or equivalent) of an insurer shall not be combined in one person within the same insurer.

If for any reason it becomes necessary for the posts of chairman and chief executive officer (or equivalent) to be combined, the board of the insurer shall establish and maintain appropriate and effective controls to ensure that the management of the insurer is held sufficiently accountable to the board. The board of the insurer shall review these controls (where such are applicable) at appropriate intervals, and at least annually, to ensure that they remain appropriate and effective.

6.6 Frequency of board meetings

The board of an insurer shall meet sufficiently regularly to perform its functions and discharge its responsibilities properly in relation to the insurer.

6.7 Matters reserved to the board


(a) establish and maintain a formal, written schedule which clearly sets out such matters as are specifically reserved for the board’s decision; and

12

(b) monitor and review at appropriate intervals, and at least annually, the range and focus of the matters specified in the schedule, as referred to in paragraph (a), to ensure they remain appropriate and sufficient to enable the board to perform its functions and discharge its responsibilities properly in relation to the insurer.

6.8 Committees of the board

Where a committee of the board of an insurer is established, its mandate, composition and operational procedures shall be well defined and overseen effectively by the board. In addition, its terms of reference shall be set out in writing and be made available to relevant parties, including, but not limited to, the insurer’s senior management and external auditor.

6.9 Minutes of board and board committee meetings

The board of an insurer shall ensure that the insurer keeps minutes and associated documents of all of its board and board committee meetings. These shall provide a sufficient record of corresponding proceedings including but not limited to all material decisions, considerations and actions.

Such minutes shall —

(a) without undue delay after the meeting to which they relate, be written up, approved and distributed in final draft to all those entitled to receive a copy; and

(b) as soon as is practicable, be accepted by the attendees of the meeting and signed as a formal record of the insurer by a duly authorised person.

7. KEY FUNCTIONS AND RESPONSIBILITIES OF THE BOARD

7.1 Ultimate accountability and responsibility, and delegation

The board of an insurer is ultimately accountable and responsible for the affairs of the insurer. Delegating authority to board committees, management or others does not absolve the board of its duties and responsibilities.

(a) Where the board of an insurer delegates authority to perform any of its functions, it shall only do so in a manner that shall, in relation to the insurer, not —

13

(i) dilute its accountability, or reduce its ability to perform its functions or discharge its responsibilities fully; or

(ii) lead to any person having unfettered powers.

(b) The board of an insurer shall ensure that any authority it has delegated is appropriately authorised and documented.

Notwithstanding any delegation, the board shall —

(a) satisfy itself that any policies and procedures it has established in relation to the insurer remain appropriate and adequate for their respective purposes, and that those policies and procedures have been properly implemented and compliance monitored effectively;

(b) satisfy itself that any authority it has delegated has been responsibly and prudently exercised, and such authority has not been exceeded; and

(c) ensure that the insurer has taken all reasonable steps and exercised all due diligence to identify and comply with the legal and regulatory requirements applicable to it, and comply with any other codes of practice which it has adopted.

7.2 Adoption of corporate governance principles


(a) establish and maintain specific corporate governance principles in respect of the insurer that are appropriate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed;

(b) ensure that the objectives, strategies and policies established by the board in relation to the insurer have due regard for, and are consistent with, the principles referred to in paragraph (a); and

(c) review at appropriate intervals, and at least annually, the principles referred to in paragraph (a) to ensure they remain appropriate.

7.3 Standards of conduct


(a) establish and maintain policies defining standards of business conduct for its directors, senior managers and other officers and employees, and outsourced providers of a significant function of the insurer, that address in an appropriate manner —

14

(i) conflicts of duty or interest in relation to the insurer;

(ii) matters in relation to the insurer involving private transactions, self-dealing, preferential treatment of favoured internal and external parties, covering trading losses and any other practices of a potentially non-arm’s length nature; and

(iii) the fair treatment of, and information sharing with, the insurer’s policyholders and other stakeholders;

(b) review at appropriate intervals, and at least annually, the policies referred to in paragraph (a) to ensure they remain appropriate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed, and have due regard for the interests of its policyholders and other stakeholders; and

(c) ensure that the insurer has in place ongoing, appropriate and effective processes to ensure adherence to the policies referred to in paragraph (a).

7.4 Business strategies, policies and business plans

The board shall —

(a) establish and maintain the strategies and significant policies of the insurer, the means of attaining them and procedures to monitor and evaluate adherence to, or progress towards, them; these strategies and policies shall cover all significant decision areas including (as applicable) but not limited to the insurer’s —

(i) strategic direction and marketplace positioning;

(ii) risk tolerance;

(iii) choice of insurance lines, new products and other business activities and associated risks;

(iv) product pricing, underwriting, reinsurance cover and use of other risk transfer, mitigation and diversification mechanisms;

(v) insurance provisioning and reserving;

(vi) investments, asset-liability management and use of derivatives;

(vii) market conduct activities;

(viii) mergers, acquisitions and strategic alliances;

(ix) choice of corporate structure;

15

(x) outsourcing, including use of group and external resources;

(xi) funding and financing strategies as well as assessing and ensuring the adequacy of financial resources;

(xii) annual budget;

(xiii) remuneration; and

(xiv) other areas including but not limited to disclosures, business continuity planning, complaints, claims handling, dividends and policy bonuses;

(b) consider and approve the business plans of the insurer;

(c) review at appropriate intervals, and at least annually, the insurer’s strategies, significant policies, means and procedures as referred to in paragraph (a) and adapt them as necessary in view of any significant changes in the insurer’s internal or external environment; and

(d) evaluate at appropriate intervals the insurer’s performance against its business plans and in light of its strategies and significant policies.

7.5 Identification of responsibilities and divisions of authority


(a) distinguish between the responsibilities, decision-making, interaction and cooperation of the board, chairman, chief executive and senior management of the insurer; and

(b) establish and maintain decision-making processes and divisions of responsibilities that ensure an appropriate balance of power and authority for the insurer, so that no person has unfettered powers of decision.

7.6 Committees of the board

The board of an insurer shall assess the need for, and where appropriate establish, committees of the board.

7.7 Information

The board of an insurer shall ensure it has access to, and receives, timely, accurate, relevant and sufficiently comprehensive information and analyses about the insurer and actively asks for, and receives, any additional information and analyses it considers

16

necessary such that it is able to perform its functions and discharge its responsibilities properly in relation to the insurer.

7.8 Financial reporting

The board of an insurer shall establish a process for the financial reporting of the insurer that ensures the integrity, reliability and transparency of the insurer’s financial reporting both for public (where applicable) and regulatory purposes, and ensure the effective implementation and oversight of such process.

7.9 Appointment and removal of senior management and key outsourcing

The board of an insurer shall approve the selection, appointment, removal and any related succession planning of the senior management and any outsourced provider of a significant function of the insurer.

7.10 Fitness and propriety of senior management and key outsourcing

The board of an insurer shall ensure that all senior managers and outsourced providers of a significant function of the insurer possess the appropriate integrity, competency, experience and qualifications for their respective roles in relation to the insurer.

7.11 Establishment of senior management and key outsourced arrangements


(a) establish and maintain the authorities and responsibilities of the senior management and any outsourced provider of a significant function of the insurer, as well as requirements to ensure the accountability of such persons to the board; and

(b) satisfy itself that the insurer is organised and controlled in a way that —

(i) promotes the sound, effective and prudent management of the insurer; and

(ii) facilitates adequate and effective oversight of the insurer’s management by its board.

7.12 Remuneration policy

The board of an insurer shall approve the remuneration policy for the directors, senior managers and other officers and employees of the insurer, as well as any outsourced provider of a significant function of the insurer.

17

This policy, together with any relevant controls, shall ensure that such remuneration is consistent with the effective risk management of the insurer such that imprudent or improper behaviour is not encouraged.

7.13 Culture

The board of an insurer shall promote a culture within the insurer that supports its ongoing, effective risk management and compliance.

7.14 Risk management


(a) establish and maintain a risk management system for the insurer that is consistent with paragraph 14;

(b) establish and maintain the risk strategies and significant risk policies of the insurer, including, but not limited to, appropriate risk tolerance limits for the insurer, in respect of all material sources of risk to which it is exposed; (18ECb)

(c) ensure it receives at appropriate intervals, and at least annually, risk management reports and all other relevant information that will enable it to adequately and effectively —

(i) oversee the insurer’s risk management systems and ultimately remain in control of all of the material risk taking of the insurer; and

(ii) review the risk profile of the insurer;

(d) take due account of the insurer’s risk profile, including the potential for it to experience unusually adverse results, and ensure that it maintains adequate financial resources; and

(e) review at appropriate intervals, and at least annually, the risk strategies, significant risk policies and risk management system of the insurer and make any changes as may be necessary to ensure these remain appropriate and effective.

7.15 Internal controls


(a) establish and maintain effective internal controls and compliance framework for the insurer which are consistent with paragraph 15;

18

(b) ensure it receives at appropriate intervals and at least annually —

(i) reports on the effectiveness of the insurer’s internal controls; and

(ii) reports of any deficiencies identified in the insurer’s internal controls to allow appropriate and timely remedial action to be taken;

(c) ensure timely action is taken, where necessary, to correct any —

(i) compliance failings in relation to the insurer’s internal controls; and

(ii) deficiencies identified in the insurer’s internal controls

(d) review at appropriate intervals, and at least annually, the insurer’s internal controls to ensure they remain adequate and effective in all material respects; and

(e) ensure that that all outsourced functions of the insurer, whether performed by group or external parties, are clearly and ultimately accountable to the insurer’s board and subject to a standard of control as might be reasonably expected if the functions were carried out internally by the insurer.

7.16 Internal audit (or equivalent process) and compliance


(a) establish and maintain an internal audit function and a compliance monitoring function for the insurer that are consistent with paragraphs 11 and 12 respectively;

(b) ensure it receives at appropriate intervals and at least annually reports from the insurer’s internal audit function and compliance monitoring function that are adequate in order to assess the matters corresponding to those functions; and

(c) allocate, as appropriate, responsibilities for reporting to the board in relation to the insurer’s internal audit function and compliance monitoring function.

7.17 Self assessment

The board of an insurer shall at appropriate intervals, and at least annually, evaluate its own performance and take remedial measures as necessary to address identified inadequacies and follow up any actions arising from such an exercise.

19

8. DIRECTORS

8.1 Key duties and responsibilities of directors

Each director of an insurer shall —

(a) act on a well informed basis, in good faith, with due care, skill and diligence, with integrity and in the best interests of the insurer;

(b) take due account of the interests of the insurer’s policyholders and other stakeholders in his decision making;

(c) identify and either avoid or promptly disclose to the board of the insurer any conflicts of duty or interest he may have in relation to the insurer;

(d) be free from undue external or internal influence in exercising his judgement in respect of the insurer; and

(e) properly —

(i) perform the relevant functions; and

(ii) discharge the responsibilities,

assigned to him in relation to the insurer.

8.2 Competence of directors

Each director of an insurer must ensure he has the appropriate knowledge, skills, experience and commitment to be able to discharge his duties and responsibilities and carry out his functions in relation to the insurer.

9. SENIOR MANAGEMENT

9.1 Key responsibilities

The senior management of an insurer shall —

(a) oversee the operations of the insurer and provide direction to it on a day to day basis to ensure that its day to day operations are carried out in accordance with the strategies, policies and procedures established by the board of the insurer, the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2, and any other codes of conduct adopted by the insurer;

20

(b) establish and implement systems and controls to ensure the sound, effective and prudent management of the insurer within the strategies, policies and procedures established by its board;

(c) promote a culture within the insurer that supports its ongoing, effective risk management and compliance;

(d) review at appropriate intervals, and at least annually, the insurer’s objectives, strategies, policies and business plans that govern the operation of the insurer, and develop and provide to the board of the insurer recommendations for the board’s review and approval on such matters; and

(e) provide to the insurer’s board with timely, accurate, relevant, and sufficiently comprehensive information and analyses to enable the board to review —

(i) the insurer’s objectives, strategies, policies and business plans;

(ii) the risks to which the insurer is exposed;

(iii) the adequacy of the insurer’s financial resources; and

(iv) the insurer’s performance and the performance of its senior management, and hold the senior management accountable for its performance.

9.2 Conflicts of duty or interest

Each senior manager of an insurer shall identify and either avoid or promptly disclose to the board of the insurer any conflicts of duty or interest he may have in relation to the insurer.

10. ACTUARY

10.1 Operational requirements

Where an insurer has appointed an actuary under Section 18 of the Act, the insurer shall —

(a) afford the actuary —

(i) the right of direct access to the board of the insurer and to all information and data; and

21

(ii) the right of access at all reasonable times to the senior management, internal audit function, compliance monitoring function and the external auditor of the insurer,

as is necessary for the performance of the actuary’s function in respect of the insurer; and

(b) require its actuary, within the terms of the actuary’s appointment in respect of the insurer, to report to the board of the insurer on a timely basis on matters relevant to that appointment.

10.2 Dual role of appointed actuary and director

An individual may not concurrently hold the positions of actuary of an insurer appointed under Section 18 of the Act and the position of director of that insurer.

11. INTERNAL AUDIT OR EQUIVALENT PROCESS

11.1 General

An insurer shall have an ongoing internal audit function with resources and scope appropriate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed.

The internal audit function of an insurer shall test to ensure compliance with the insurer’s policies and procedures, as well as with the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2, and review whether the insurer’s policies, practices and controls remain sufficient and appropriate for the insurer and its business and the risks to which it is exposed.

An insurer shall ensure that its internal audit function, or any person carrying out an equivalent process in relation to the insurer, has —

(a) appropriate independence from the functions being assessed;

(b) direct reporting lines to the insurer’s board;

(c) sufficient status within the insurer to ensure that the directors and senior management of the insurer react appropriately to its enquiries and recommendations;

(d) unrestricted access at all reasonable times to all areas of the insurer’s business; and

22

(e) sufficient resources and staff that are suitably trained and have relevant experience to understand and evaluate effectively the insurer’s business and risks they are involved in auditing.

The internal audit function of an insurer shall employ a methodology that identifies the significant risks to which the insurer is exposed and allocate its resources accordingly.

The internal audit function of an insurer shall assess both internal and any outsourced functions of the insurer as appropriate on a risk assessed basis.

11.2 Reporting and records

An insurer’s internal audit function or the person who carries out an equivalent process shall report at appropriate intervals, and at least annually, to the board of the insurer on the sufficiency and appropriateness of the insurer’s policies, practices and controls, and make recommendations for remedial action in respect of any significant weaknesses, deficiencies or matters of noncompliance identified.

An insurer shall retain a copy of all such reports as part of its documentation requirement in paragraph 5.6.

11.3 Outsourcing

Where applicable, and where the board of the insurer considers it appropriate, the insurer’s internal audit function may be performed by —

(a) its group’s internal audit function or by another suitable resource from within the insurer’s group;

(b) its appointed insurance manager’s internal audit function or by another suitable resource from within its insurance manager’s group; or

(c) a suitable external party.

The requirements in paragraphs 11.1 and 11.2 are applicable in such instances and the insurer’s board shall satisfy itself that the insurer’s internal audit function is consistent with those paragraphs.

23

12. COMPLIANCE MONITORING FUNCTION

12.1 General

An insurer shall have an ongoing compliance monitoring function with resources and scope appropriate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed.

An insurer shall also ensure that its compliance monitoring function is performed by persons who are competent and have adequate resources for their respective compliance roles in relation to the insurer.

The compliance monitoring function of an insurer shall monitor whether the insurer has complied with the insurer’s policies and procedures, as well as with the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2.

12.2 Nature and location of function

(a) Except as indicated in paragraph (c), the compliance monitoring function of an insurer shall be performed in the Island.

(b) Where the board of the insurer considers it appropriate, the compliance monitoring function of the insurer may be performed by —

(i) the insurer’s officers and employees as a dedicated function or in addition to their other roles; or

(ii) a suitable external party.

(c) Where operational functions of an insurer are performed outside of the Island, and where the board of the insurer considers it appropriate, the insurer’s corresponding compliance monitoring function may be performed by parties, as indicated in paragraphs (b), that are either located in the Island or located outside of the Island.

The requirements in paragraph 12.1 are applicable in such instances and the insurer’s board shall satisfy itself that the insurer’s compliance monitoring function is consistent with that paragraph.


The compliance monitoring function of an insurer shall report at appropriate intervals, and at least annually, to the board of the insurer on matters of noncompliance identified in relation to the insurer.

24

An insurer shall retain a copy of all such reports as part of its documentation requirement in paragraph 5.6.

13. EXTERNAL AUDIT

13.1 General


(a) afford its external auditor all of the rights and entitlements applicable to the position of external auditor; and

(b) permit and not deter its external auditor from providing to the Supervisor such information and confirmations as the Supervisor requests for the purposes of carrying out of the functions of the Supervisor.

13.2 Engagement letter

(a) Prior to commencement of its audit, an insurer shall obtain from its external auditor an engagement letter which —

(iii) contains an undertaking of the external auditor to provide to the insurer, and upon request to the Supervisor, the governance communications referred to in paragraph 13.3;

(iv) defines clearly the extent of the rights and duties of the external auditor; and

(v) is signed and accepted in writing by or on behalf of both the insurer and the external auditor.

(b) An insurer shall provide the Supervisor with a copy of its external audit engagement letter upon request.

13.3 Governance communication

An insurer shall within 21 days after the date of the meeting at which its annual accounts were approved by its board of directors and in any event within 6 months after the close of the year to which those accounts relate —

(a) provide the Supervisor with a copy of the communication made by its external auditor to those charged with the insurer’s governance pursuant to International Standard on Auditing 260 (“ISA 260”) or International

25

Standard on Auditing (UK and Ireland) 260 (“ISA (UK and Ireland) 260”), or equivalent;

(b) provide the Supervisor with a copy of any other communication the insurer has received from its external auditor that identifies any weakness relating to the insurer’s corporate governance;

(c) inform the Supervisor whether the insurer has implemented or is implementing the recommendations, or has addressed or is addressing the weaknesses, as referred to in paragraphs (a) and (b), and, if not, provide its reasons for not doing so; and

(d) where the insurer receives no ISA 260 or ISA (UK and Ireland) 260 communication, or equivalent, provide the Supervisor with a copy of its external auditor’s confirmation that no such communication has been or is anticipated to be issued.

14. RISK MANAGEMENT SYSTEM

14.1 General

An insurer shall have in place a risk management system that is appropriate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed.

Risk management includes internal controls which are referred to further in paragraph 15.

The risk management system of an insurer shall —

(a) be comprehensive, including strategies, policies, processes and procedures that promptly and effectively —

(i) identify, assess and measure;

(ii) mitigate where appropriate; and

(iii) monitor and control on an ongoing basis,

all reasonably foreseeable, material risks to which the insurer is exposed;

(b) have due regard for all relevant categories of risk including, but not limited to, the risks referred to in Schedule 1 (as applicable); and

(c) contain the insurer’s risks within the risk tolerance levels established by its board in respect of the insurer.

26


The risk management system of an insurer shall include reporting at appropriate intervals, and at least annually, to the board of the insurer. These reports shall enable the board to —

(a) assess effectively the range and significance of the risks to which the insurer is exposed both on an individual and aggregated basis as appropriate; and

(b) ensure that the insurer maintains sufficient financial resources.

Without prejudice to other record retention requirements, an insurer shall retain a copy of such reports as part of its documentation requirement in paragraph 5.6.

14.3 Market environment

An insurer shall regularly review the market environment in which it operates, draw appropriate conclusions as to the risks posed by that environment and ensure that the insurer takes appropriate actions to manage any adverse impacts of that environment on the insurer’s business.

15. INTERNAL CONTROLS

15.1 General

An insurer shall have in place internal controls that are adequate to the nature, scale and complexity of the insurer and its business and the risks to which it is exposed.

The internal controls of an insurer shall be designed to ensure —

(a) that the insurer complies with —

(i) the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2, and any other codes of practice which it has adopted;

(ii) the insurer’s constitutional documents and contracts; and

(iii) the strategies, policies and procedures established by the board of the insurer;

(b) that transactions are entered into by the insurer only with appropriate authority;

(c) that the insurer’s assets, and any other assets in the insurer’s keeping, are safeguarded;

27

(d) that the insurer’s accounting and other records provide complete, accurate, verifiable and timely information;

(e) that the insurer’s risk management system is operating effectively and the insurer is maintaining adequate financial resources;

(f) that adequate systems of communication are in place between all levels of management within the insurer, and between the insurer and its shareholders, policyholders and other stakeholders;

(g) that appropriate safeguards are in place to ensure that the insurer’s policyholders and other stakeholders are treated fairly; and

(h) that appropriate safeguards are in place to prevent and detect any abuse of the insurer’s business and activities for money laundering, financial crime or the financing of terrorism,

and shall identify the extent to which the insurer has not complied with the requirements referred to in this paragraph.

15.2 Internal control framework

An insurer’s internal control framework shall —

(a) include appropriate arrangements for delegation of authority, activities and functions, as well as segregation of duties and responsibilities, in respect of the insurer;

(b) take due account of any findings and recommendations of the insurer’s external auditor communicated to the insurer; and

(c) include adequate, documented policies and procedures and adequate checks and balances in respect of the insurer’s operations and activities.

The insurer’s actuarial (as applicable), internal audit and compliance monitoring functions form part of the insurer’s internal control framework. Those functions shall perform appropriate testing and reporting on adherence to the insurer’s internal controls as well as to the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2.

16. FRAUD PREVENTION

An insurer shall ensure that high standards of integrity apply to all aspects of its business, and shall —

28

(a) allocate appropriate resources and establish and maintain effective procedures and controls to deter, detect, record and as required promptly report any fraud it becomes aware of to the appropriate authorities;

(b) assign operational responsibility for the insurer’s fraud prevention and reporting function to suitably senior officers or employees of the insurer;

(c) take effective measures to prevent fraud, including but not limited to providing counter-fraud training to its directors, officers and employees; and

(d) ensure that the procedures and controls referred to in paragraph (a) form an integral part of the insurer’s risk management system.

17. WHISTLE BLOWING

The board of an insurer shall establish and maintain an appropriate policy and procedures to encourage the reporting of any improper or unlawful behaviour. The policy and procedures shall —

(a) define the scope of improper or unlawful behaviour covered by the policy, including but not limited to —

(i) financial malpractice or fraud;

(ii) failure to comply with applicable legal and regulatory obligations;

(iii) criminal activity;

(iv) improper conduct or unethical behaviour; and

(v) attempts to conceal any malpractice;

(b) set out a reporting structure to enable the insurer’s officers and employees to raise concerns outside of the normal management reporting structure;

(c) state how, and ensure that, matters so reported are considered objectively and appropriate and timely actions are taken;

(d) appropriately protect the whistleblower from any negative repercussions arising from reporting in good faith their concerns, including but not limited to ensuring appropriate confidentiality; and

(e) be communicated effectively to the insurer’s officers and employees.

The board of an insurer shall review at appropriate intervals, and at least annually, the insurer’s whistle blowing policy and procedures to ensure they remain appropriate.

29

18. POLICYHOLDERS AS STAKEHOLDERS

18.1 Policyholders

An insurer shall have in place policies on how to treat its policyholders fairly and have systems, including training where necessary, to ensure compliance with those policies by the insurer’s officers and employees and other persons appointed to act on behalf of the insurer. This includes but is not limited to —

(a) where the insurer or an agent of the insurer is dealing directly with its policyholders, ensuring that information is sought from the policyholder that is appropriate in order to assess the policyholder’s relevant needs before giving advice or concluding a contract;

(b) ensuring that all reasonable and practicable steps are taken in a timely manner to enable its policyholders to take suitably informed decisions by providing adequate information to the policyholder, or the policyholder’s agent, concerning the insurer’s product applicable to the policyholder; this includes but is not limited to the product’s risks, benefits, obligations and charges, as well as timely disclosure to the policyholder of any conflict of interest on the part of the insurer’s officers, employees or agent that is relevant to the sale of the product;

(c) maintaining clear and effective communication with its policyholders and avoiding any false, misleading or deceptive representations or practices either by itself or knowingly on its behalf;

(d) ensuring that the insurer deals with claims and complaints effectively and fairly through an easily understood, well disclosed, easily accessible and equitable process; and

(e) ensuring that adequate and timely information is provided to its policyholders in respect of the Isle of Man Financial Services Ombudsman Scheme.

18.2 Member policyholders and participating policyholders

Where an insurer has member policyholders or participating policyholders it shall have in place processes to ensure that any rights and entitlements of such policyholders are treated by the insurer in a fair and equitable manner.

30

19. INTERACTION WITH THE SUPERVISOR


(a) maintain open, honest and timely communications with the Supervisor, including communicating with the Supervisor as required and meeting with the Supervisor when requested;

(b) maintain open, honest and timely communications with any other regulatory body to which it is accountable; and

(c) have in place appropriate controls to ensure the accuracy and timeliness of any information it provides to the Supervisor and any other regulatory body to which the insurer is accountable.

For the purposes of this paragraph, “Supervisor” includes any officer of the Insurance and Pensions Authority.

20. REFERENCES

In the CGC, reference to any paragraph includes all of its sub-paragraphs.

21. INTERPRETATION

In the CGC —

“the Act” means the Insurance Act 2008;

“actuary” has the same meaning as given in Section 54 of the Act;

“adequate financial resources”, in respect of an insurer, refers to the requirement for the insurer to maintain adequate financial resources to meet its liabilities that might reasonably be expected to arise out of the risks to which it is exposed;

“annual accounts” has the same meaning as given in Section 54 of the Act;

“asset-liability management”, in relation to an insurer and the risks to which it is exposed, refers to the practice of managing the insurer so that the decisions and actions taken with respect to its assets and liabilities are coordinated to minimise risks corresponding to mismatches between those assets and liabilities;

“the board”, in relation to an insurer, means the board of directors of the insurer or its equivalent governing body;

31

“business plans”, in relation to an insurer, refer to the financial projections and underlying principal assumptions in respect of the significant operations of the insurer;

“the CGC” means these Guidance Notes, titled the Corporate Governance Code of Practice for Insurers;

“company”, where appearing, has the same meaning as given in Section 54 of the Act, and also includes any unincorporated body of persons as the context may require;

“the constitutional documents” of an insurer are its memorandum and articles of association, or their equivalent;

“corporate governance” is as referred to in paragraph 1.1 and applies to any corporate or unincorporated insurer;

“derivative” means a financial asset or liability whose value depends on, or is derived from, other underlying factors, including, but not limited to —

(a) assets;

(b) liabilities;

(c) interest rates;

(d) currency exchange rates; or

(e) indices,

and includes, but is not limited to, forwards, futures, options, warrants, swaps, and other financial instruments that have the economic effect of a derivative;

“external auditor”, in respect of an insurer, means the auditor of the insurer appointed pursuant to Sections 15 and 29 of the Act;

“front office”, in relation to an insurer, refers to those functions of the insurer that come in direct contact with its policyholders;

“group”, in relation to an insurer, means the insurer, any other company which is its holding company or subsidiary and any other company which is a subsidiary of that holding company;

“holding company” has the same meaning as in Section 1 of the Companies Act 1974 or Section 220 of the Companies Act 2006, as the context requires;

“independent non-executive director”, in relation to an insurer, means a director of the insurer who is not an employee of the insurer or associated with the insurer in any way other than as a non-executive director, and whose benefit from the insurer

32

and its group is nothing other than the remuneration openly attributed to that position;

“insurance” has the same meaning as given in Section 54 of the Act;

“insurance business” has the same meaning as given in Section 54 of the Act;

“insurance manager” has the same meaning as given in Section 54 of the Act;

“insurer” means a person to whom the CGC applies in accordance with paragraph 3.1;

“internal audit function”, in relation to an insurer, may also be taken to mean an equivalent process and reference to internal audit function shall be construed accordingly;

“long-term business” has the same meaning as given in Regulation 3 of the Insurance Regulations 1986.

“member policyholder”, in relation to an insurer that is a mutual or equivalent, is a person who is a mutual member (or equivalent) of the insurer who is also insured by the insurer (either directly or indirectly by way of reinsurance);

“non-life insurance business” means all insurance business other than long-term business;

“outsourced”, in relation to an insurer, refers to where a function or activity of the insurer is performed by persons external to the insurer or persons external to the insurer but within the insurer’s group;

“outsourced provider”, in relation to an insurer, refers to a person external to the insurer or a person external to the insurer but within the insurer’s group that performs a function or activity of the insurer;

“participating policyholder”, in relation to an insurer, is a policyholder of the insurer whose policy with the insurer gives the policyholder a right to participate in (receive payment or other benefit from) the profits of the insurer;

“policyholder” has the same meaning as given in Section 54 of the Act and, where appearing, also includes prospective policyholders of the insurer as the context requires;

“provisions and reserves” —

(a) in respect of the non-life insurance business of an insurer, are amounts set aside as liabilities on the insurer’s balance sheet, or its equivalent primary financial statement, to meet its obligations arising out of its insurance contracts as well as related expenses; and

33

(a) in respect of the long-term business of an insurer, are amounts set aside to meet its obligations arising out of its long-term insurance contracts in accordance with the Insurance (Valuation of Long Term Liabilities) Regulations 2007;

“risk profile”, in relation to an insurer, means the particular range and significance of risks to which the insurer is exposed;

“risk tolerance”, in respect of an insurer, refers to the limits within which an insurer is willing to expose itself to risk; these limits may be —

(b) defined by the insurer as part of its risk strategy and policies; or

(c) imposed by external constraints including, but not limited to, legal and regulatory restrictions;

“senior management”, in relation to an insurer, means the insurer’s —

(a) chief executive;

(b) executive directors;

(c) managers as defined under Section 29(9) of the Act, including but not limited to, the insurer’s MLRO, deputy MLRO (where applicable) and company secretary;

(d) actuary;

(e) individual internal auditor or, if a function, the principal individual of that function reporting to the board of the insurer; and

(f) appointed insurance manager;

“senior manager” means a member of senior management;

“shareholders”, in relation to an insurer, refers to the owners of the insurer and include —

(a) the owners of its shares;

(b) its members (if the insurer is a mutual or similar);

(c) its member policyholders and participating policyholders; and

(d) partners (if the insurer is a partnership);

“stakeholder”, in relation to an insurer, means any person with a direct or indirect interest or involvement (a stake) in the insurer because that person can affect or be affected by the insurer’s actions, objectives and policies (an insurer’s stakeholders include, but are not limited to, its shareholders and other investors, policyholders,

34

creditors, employees, the general public, the Isle of Man Government and the Insurance and Pensions Authority);

“subsidiary” has the same meaning as given in Section 54 of the Act;

“the Supervisor” has the same meaning as given in Section 54 of the Act;

22. SCHEDULES

The Schedules listed below form part of the CGC and as such are binding guidance applicable in accordance with paragraph 3.3 of the CGC.

22.1 Schedule 1 – Risks

22.2 Schedule 2 – Directors’ Report on Corporate Governance

35

Paragraph 14.1(b)

SCHEDULE 1 – RISKS

This schedule contains risks common to many insurers.

An insurer shall apply the guidance within this Schedule as corresponding to risks relevant to the insurer.

The risks indicated in this Schedule are not intended to provide, and shall not be interpreted as providing, an exhaustive list.

The order in which the risks appear, or the extent of guidance given, in this Schedule does not attach any greater or lesser significance to any particular risk.

Underwriting risk

Underwriting risk, in relation to an insurer, refers to the risks arising out of its day to day insurance underwriting activities as well as risks associated with its outward reinsurance and any other risk transfer, mitigation or diversification mechanism relevant to its underwriting strategy.

In managing this risk an insurer shall apply the following guidance:

(a) An insurer shall have in place strategic underwriting and pricing policies based on sound methodology and reasonable assumptions that are approved and reviewed at appropriate intervals, and at least annually, by its board.

(b) An insurer shall evaluate prudently the risks it underwrites and establish and maintain an adequate level of premiums for those risks that will enable the insurer to meet all reasonably foreseeable claims and other obligations arising out of its underwriting activities, and related expenses.

(c) An insurer shall have adequate systems in place to control appropriately and effectively all of the claims and expenses referred to in paragraph (b) and those systems shall be monitored on an ongoing basis by its senior management and overseen adequately and effectively by its board.

(d) An insurer shall have a clear strategy to mitigate and diversify the underwriting risks to which it is exposed by defining limits on the amount of risk it retains, and (where applicable) taking out appropriate reinsurance cover or using other risk transfer arrangements consistent with it maintaining adequate financial resources. This strategy shall be an integral

36

part of the insurer’s underwriting policy and shall be approved, monitored and reviewed at appropriate intervals, and at least annually, by its board.

(e) An insurer shall ensure its outwards reinsurance arrangements (where applicable) are adequate and that the claims held by the insurer against its reinsurers are recoverable; this includes —

(i) ensuring that its reinsurance programme is appropriate to its risk profile and provides coverage which, after taking into account the real transfer of risk, enables the insurer to maintain adequate financial resources; and

(ii) take all reasonable and practicable steps to ensure that the protection provided by its reinsurers is secure.

(f) In addition to paragraph (e)(i), an insurer shall ensure that any other risk transfer mechanism it uses provides adequate protection which, after taking into account the real transfer of risk, enables the insurer to maintain adequate financial resources.

(g) An insurer shall ensure that all of its risk transfer mechanisms are properly accounted for so that the insurer’s financial statements give a true and fair view of the insurer’s risk exposure.

Insurance provisions and reserves risk

For the avoidance of doubt, the following guidance in relation to insurance provisions and reserves risk is without prejudice to the Insurance (Valuation of Long Term Liabilities) Regulations 2007.

Insurance provisions and reserves risk, in relation to an insurer, refers to the possibility that the insurer’s provisions and reserves prove to be inadequate to encompass all of the insurer’s obligations arising out of its insurance contracts as well as related expenses.


(a) An insurer shall identify and quantify prudently its existing and anticipated obligations arising out of its insurance contracts as well as related expenses.

(b) An insurer shall, after making reasonable allowance for its corresponding reinsurance amounts recoverable, establish and maintain adequate provisions and reserves which are sufficient to meet the total cost of claims and other obligations of the insurer arising out of its insurance contracts, as well as related expenses, including all reasonably foreseeable —

37

(i) claims incurred, and claims not yet incurred, by the insurer; and

(ii) related administration expenses, policyholder dividends and bonuses, taxes, expenses arising in relation to embedded options, and any other attributable costs to the insurer.

(c) An insurer’s insurance provisions and reserves shall be based on —

(i) sound accounting and, where appropriate, actuarial principles that are appropriate for insurance companies and the types of business undertaken by the insurer;

(ii) reliable data; and

(iii) appropriate methods and assumptions for assessing on a reliable, objective, transparent and prudent basis, provisions and reserves for the types of business undertaken by the insurer.

(d) An insurer’s provisions and reserves, amongst other things, shall take into account the potential for unexpected or atypical claims occurrence and catastrophe events that might adversely affect the insurer. This includes, but is not limited to, where appropriate, undertaking regular stress testing for an appropriate range of adverse scenarios in order to assess the adequacy of its financial resources in case its provisions and reserves have to be increased.

Investment risk

Investment risk, in relation to an insurer, encompasses the various risks to which the insurer may be exposed in relation to its investment activities.


(a) An insurer shall have in place an overall strategic investment policy, approved and reviewed at appropriate intervals, and at least annually, by its board that addresses the following elements —

(i) the insurer’s risk profile;

(ii) the insurer’s asset-liability management policies (as applicable);

(iii) the insurer’s risk management policies (as applicable);

(iv) the determination of the strategic asset allocation, that is, the long-term asset mix over the main investment categories;

(v) the establishment of limits for the allocation by geographical area, markets, sectors, counterparties and currency;

38

(vi) the extent to which the holding of some types of assets is restricted or disallowed;

(vii) the conditions under which the insurer can pledge or lend assets;

(viii) limits of delegated authority to make or alter the insurer’s investments;

(ix) clear accountability in respect of all of its asset transactions and associated risks; and

(x) if the insurer is using or intending to use derivatives, an overall policy on their use.

(b) An insurer’s risk management systems shall cover the risks associated with its investment activities that might affect the coverage of its insurance provisions and reserves or maintaining adequate financial resources in respect of the risks to which it is exposed.

These investment risks may include, but are not limited to —

(i) credit risk;

(ii) market risk;

(iii) liquidity risk; and

(iv) custody risk.

These and other risks are described further in this schedule.

(c) An insurer shall have in place adequate internal controls to ensure that its assets are managed in accordance with its overall investment policy, as well as in compliance with applicable accounting requirements and with the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2. These controls shall ensure that investment procedures are documented and properly overseen. Where appropriate, the functions responsible for measuring, monitoring, settling and controlling asset transactions shall be separate from the insurer’s front office functions.

(d) The board of an insurer shall retain ultimate oversight of, and ensure clear management accountability for, the insurer’s investment policies and procedures.

(e) Any key staff involved with an insurer’s investment activities shall have the appropriate levels of skills, experience and integrity for their roles in respect of the insurer.

39

(f) An insurer shall have rigorous audit procedures that include full coverage of its investment activities to ensure the timely identification of internal control weaknesses and operating system deficiencies. If the audit is performed internally it shall be independent of the function being reviewed.

(g) An insurer shall have in place an effective asset-liability management system, including, policies and procedures to ensure on an ongoing basis that its investment activities and asset positions are appropriate to its risk and liability profiles. The insurer shall take due account in its risk management system of the risks associated with mismatches between its assets and liabilities.

(h) An insurer shall have in place contingency plans to mitigate the effects of deteriorating investment conditions.

Derivative risk

Derivative risk, in relation to an insurer, refers to the risks to which the insurer may be exposed in relation to its use of derivatives.


(a) The board of an insurer that uses, or intends to use, derivatives shall —

(i) collectively have sufficient expertise and understanding of the important issues relating to the use of derivatives to oversee adequately and effectively their use in respect of the insurer;

(ii) ensure that all individuals conducting and monitoring the derivatives activities of the insurer are suitably qualified and competent for such roles;

(iii) ensure that the insurer has appropriate arrangements in place to verify pricing of its derivatives independently if not quoted on a recognised exchange;

(iv) ensure that the insurer has in place officers and employees with appropriate skills to effectively vet models used by its front office (as applicable) and to price the instruments used, the board shall also ensure that that pricing follows market convention and that such functions are separate from the insurer’s front office; and

(v) ensure that the insurer has in place risk management and internal controls, personnel and audit systems consistent with paragraphs a (iv) and (b) to (e).

40

(b) An insurer using, or intending to use, derivatives shall have in place an appropriate policy for their use that shall be approved and reviewed at appropriate intervals, and at least annually, by its board. This policy shall be consistent with the insurer’s activities, its overall strategic investment policy, asset-liability management strategy and its risk tolerance limits. This policy shall address at least the following elements —

(i) the purposes for which derivatives can be used;

(ii) the establishment of appropriately structured exposure limits for derivatives taking into account the purpose of their use and their associated risks;

(iii) restrictions on the holding of certain types of derivatives; and

(iv) appropriate divisions of responsibility and framework of accountability for derivatives transactions.

(c) An insurer using, or intending to use, derivatives shall ensure its risk management system encompasses its risks from derivatives activities so that the risks arising from all derivatives transactions undertaken by the insurer can be —

(i) analysed and monitored individually and in aggregate; and

(ii) monitored and managed in an integrated manner with similar risks arising from non-derivatives activities so that exposures can be regularly assessed on a consolidated basis.

(d) An insurer using, or intending to use, derivatives shall have in place adequate internal controls to ensure that derivatives activities are properly overseen and that transactions have been entered into only in accordance with the insurer’s established policies and procedures and with the legal and regulatory requirements applicable to the insurer as identified in accordance with paragraph 5.2. These controls shall ensure appropriate segregation between those who measure, monitor, settle and control derivatives and those who initiate transactions.

(e) An insurer using, or intending to use, derivatives shall have in place rigorous internal audit procedures that include coverage of its derivatives activities to ensure the timely identification of internal control weaknesses and operating system deficiencies. If such audit is performed internally it should be independent of the function being reviewed.

41

Market risk

Market risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer arising from movements in the level or volatility of market prices and rates. Primarily, this takes the form of changes in the value of the insurer’s assets and liabilities, both on- and off-balance sheet, whose value may be so affected.

The significance of market risk to the insurer is limited to the extent to which an adverse movement in the value of its assets (as a consequence of market movements of financial variables including but not limited to interest rates, foreign exchange rates, equity and other asset prices) is not offset by a corresponding movement in the value of its liabilities, and vice versa.

Market risk encompasses general market risk (on all investments) and specific market risk (on each investment).

Market risk includes the insurer’s exposure to —

(a) equity and other asset risk – the risk of losses resulting from movements in market values of equities and other assets;

(b) interest rate risk – the risk of losses resulting from movements in interest rates;

(c) currency risk – the risk of losses resulting from movements in exchange rates; and

(d) underlying risk – the risk of losses arising from the exposure of derivatives to movements in the price of the underlying components from which their value is derived; this risk is increased where the derivatives it uses are leveraged, as a small movement in the underlying value can cause a large difference in the value of the derivative in such cases.

Credit risk

Credit risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer resulting from the failure by a person to honour an obligation, whether on- or off-balance sheet, to the insurer.

Credit risk includes the insurer’s exposure to —

(a) default (counterparty) risk – the risk that an insurer will not receive the cash flows or assets to which it is entitled, or receipt is delayed or is received only in part, because the party from whom the cash flow or asset is owed defaults on that obligation;

42

(b) downgrade risk – the risk that changes in the probability of a future default by an obligor will adversely affect the present value of the contract with the obligor today; and

(c) concentration risk – the risk of the insurer’s increased exposure to losses due to concentration of its credit exposures, including but not limited to exposures in a geographical area, economic sector, or with a single counterparty or connected parties.

Liquidity risk

Liquidity risk, in relation to an insurer, refers to the possibility that the insurer, though it may be solvent, has insufficient liquid assets to meet its obligations as they fall due.

Liquidity risk is often a potential additional factor linked to other risks.

Liquidity risk includes, but is not limited to, the insurer’s exposure to problems including but not limited to —

(a) mismatches between the size and timing of cash flows of the insurer’s assets and liabilities;

(b) affiliated investment risk – the risk that an investment by the insurer in a member of the insurer’s group or other associate of the insurer might be difficult to sell, or greater credit risk is accepted by the insurer in relation to such counterparties, or that affiliates of the insurer might create a drain on the financial or operating resources of the insurer;

(c) funding risk – the risk that the insurer will not be able to obtain sufficient outside financial support when its assets are illiquid and it needs additional liquid assets;

(d) liquidation value risk – the risk that unexpected timing or amounts of cash flows needed may require the liquidation of assets when market conditions could result in loss of realised value;

(e) unexpected increase in liability cash flows;

(f) unexpected reduction in asset cash flows;

(g) contractual and other constraints;

(h) policyholder actions;

(i) negative publicity; and

(j) external factors, including, but not limited to, deterioration in the economy, abnormally volatile or stressed markets or political and legal risk.

43

Operational risk

Operational risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer resulting from disruptions, errors, omissions or other failures in its systems, people or operations.

Group risk

Group risk includes, amongst other things, exposure to the risks inherent in intra-group transactions and arrangements, including but not limited to loans and other outstanding balances and guarantees.

Business market and environment risk

Business market and environment risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer resulting from external threats. Adverse business conditions can arise from various sources or combination of sources including but not limited to —

(a) political, legislative, economic, sociological and technological factors; and

(b) policyholders, service providers, key business counterparties, competitors.

Business planning risk

Business planning risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer resulting from its use of inappropriate, imprudent or otherwise flawed assumptions when pricing its insurance policies, and planning and forecasting in respect of its business activities.

Information technology and communication technology risk

Information technology and communication technology risk, in relation to an insurer, refer to the possibility of an adverse impact on the insurer resulting from failure or interruption in operation of its information technology and communication technology systems.

Business continuity and disaster risks

Business continuity and disaster risks, in relation to an insurer, refer to the possibility of an adverse impact on the insurer resulting from its business being interrupted.

44

Legal and compliance risk

Legal risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer resulting from the legal action of others, or hindrances in its enforcing a contract with another party.

Compliance risk, in relation to an insurer refers to the possibility of an adverse impact on the insurer resulting from possible violations or non-conformance with the legal and regulatory requirements applicable to it.

Crime and fraud risk

Crime and fraud risk, in relation to an insurer, refers to the possibility of the insurer (including, but not limited to, its directors, senior managers and other officers, employees and representatives) being involved in criminal or civil wrongdoing.

Reputational risk

Reputational risk, in relation to an insurer, refers to the possibility of an adverse impact on the insurer or its stakeholders due to disrepute caused by the business activities or conduct of the insurer or its directors, senior managers or its other officers and employees.

45

Paragraph 4

SCHEDULE 2

DIRECTORS’ REPORT ON CORPORATE GOVERNANCE

To the Supervisor

____________________________________________________________________

(State the name of the company for which this certification is given (the “Company”)

We declare, having had due regard for the nature, scale and complexity of the Company and its business and the risks to which it is exposed, that during the financial period ended (INSERT DATE) and during the subsequent period up to the date of signing of this statement that:

1. the Company has applied the CGC in accordance with its requirements (except as specified in the attached report)1

2. the Company is able to demonstrate the basis of its application of the CGC to the Supervisor upon request (except as specified in the attached report).

; and

Signed on behalf of the board on (INSERT DATE) by:

________________ ________________

Director Director

The report referred to above shall include—

(a) reference to any instances where the insurer has been unable to apply the CGC;

(b) the reasons why the Company has been unable to apply the CGC as referred to in paragraph (a); and

(c) actions proposed or taken, including relevant timeframes, to address any matters referred to in paragraph (a).

1 Delete as appropriate

Date post:	02-Jul-2018
Category:	Documents
Upload:	phamdan
View:	217 times
Download:	0 times

Isle of Man Insurance and Pensions Authority · Isle of Man . Insurance and Pensions Authority ....

Documents